Acceptable Use Policy

Main

CodeHalo

ACCEPTABLE USE POLICY 

Effective Date: May 15, 2026

1. PURPOSE AND SCOPE

This Acceptable Use Policy ("AUP") governs the use of the CodeHalo automated code security analysis platform, including the website at codehalo.io, APIs, integrations, and related services (collectively, the "Service"), operated by CodeHalo ("CodeHalo," "we," "our," or "us").

This AUP is incorporated by reference into the CodeHalo Terms and Conditions ("Terms") and Privacy Policy. Capitalised terms used but not defined in this AUP have the meanings given to them in the Terms.

By accessing or using the Service, you agree to comply with this AUP. If you are using the Service on behalf of an organisation, you accept this AUP on behalf of that organisation and represent that you have authority to do so.

This AUP applies to all Users, including individual developers, Business Users, automated systems, and any third party accessing the Service through an integration or API.

2. CORE PRINCIPLES

CodeHalo's Service is designed to help developers and organisations identify and remediate security vulnerabilities in code they own or are authorised to analyse. All use of the Service must be consistent with the following core principles:

Authorisation — Users may only submit code and repositories they own or have explicit legal authorisation to analyse.

Integrity — Users must not attempt to manipulate, circumvent, or abuse the Service or its outputs.

Respect — Users must not use the Service in ways that harm other users, third parties, or CodeHalo's infrastructure.

Legality — All use of the Service must comply with applicable laws and regulations in the User's jurisdiction and in any jurisdiction where the submitted code or data originates.

Proportionality — Users must not use the Service in a manner that disproportionately burdens CodeHalo's infrastructure or degrades the experience of other users.

3. PERMITTED USES

The Service may be used for the following purposes, subject to these Terms, this AUP, and applicable law:

analysing source code, repositories, and software projects that the User owns or is explicitly authorised to analyse;

identifying security vulnerabilities, misconfigurations, and code quality issues in the User's own software;

integrating the Service into development workflows, including version control systems and, where supported, CI/CD pipelines, for the purpose of ongoing security monitoring of the User's own codebase;

using Reports generated by the Service for internal security review, compliance, audit, and remediation purposes as permitted under the Terms;

accessing the Service via the API for automated analysis of the User's own repositories, subject to the automated use conditions in Section 6; and

evaluating the Service using the User's own non-production code during a trial or evaluation period.

4. PROHIBITED USES

The following uses of the Service are strictly prohibited. Users must not, directly or indirectly:

4.1 Unauthorised Scanning

Submit, upload, or analyse any code, repository, or software that the User does not own or does not have explicit written authorisation to analyse, including:

code belonging to third parties without their consent, proprietary code obtained through unauthorised access, code subject to confidentiality obligations owed to another party, or open source code where the applicable licence or project terms prohibit third-party security scanning without authorisation.

4.2 Malicious or Harmful Use

Use the Service to develop, test, improve, or deploy:

malware, ransomware, spyware, or any software designed to cause harm, exploits, attack tools, or software designed to compromise systems the User does not own or is not authorised to test, tools designed to circumvent authentication, access controls, or security measures, or any software whose primary design purpose is to cause damage, disruption, or unauthorised access to systems or data.

4.3 Prohibited Data Submission

Submit to the Service any data that includes:

protected health information ("PHI") as defined under applicable law, including HIPAA, classified government or national security information, export-controlled materials or technology subject to export control restrictions, payment card data governed by PCI-DSS, biometric data, or any other category of data whose submission to a third-party platform is prohibited or restricted by applicable law or regulation.

4.4 Circumvention and Abuse

Attempt to circumvent, reverse engineer, decompile, disassemble, or replicate the Service, the Halo Score methodology, or any underlying analytical framework;

submit code or repositories specifically designed to manipulate, game, or produce artificially favourable outputs from the Service, including for the purpose of triggering refunds under Section 9.2 of the Terms;

use the Service to benchmark, evaluate, or build a competing product or service;

access the Service through automated means in a manner that violates Section 6 of this AUP; or

create multiple accounts to circumvent usage limits, suspension, or termination decisions.

4.5 Interference with the Service

Take any action that:

imposes a disproportionate or unreasonable load on CodeHalo's infrastructure, introduces malicious code, viruses, or harmful content into the Service, interferes with or disrupts the integrity or performance of the Service or data contained therein, attempts to gain unauthorised access to the Service, its associated systems, or the data of other users, or conducts denial-of-service attacks or similar disruptive activities against CodeHalo or its infrastructure.

4.6 Misrepresentation and Fraud

Impersonate any person or entity, or misrepresent your identity, affiliation, or authorisation when using the Service;

submit false or misleading information to CodeHalo, including in connection with account registration, support requests, or refund claims;

or use the Service to facilitate fraudulent activity.

4.7 Unlawful Use

Use the Service in violation of any applicable law or regulation, including data protection laws, intellectual property laws, export control laws, anti-corruption laws, and cybersecurity regulations;

use the Service to facilitate, enable, or conceal any criminal activity; or

use the Service to process, store, or transmit any content that is illegal in the User's jurisdiction or in any jurisdiction in which the relevant code or data originates.

4.8 Resale and Redistribution

Resell, sublicense, redistribute, or otherwise make the Service available to third parties without CodeHalo's prior written consent;

use outputs of the Service — including Reports, Halo Scores, and findings — for commercial resale or redistribution to third parties except as expressly permitted under the Terms; or

offer any service that commercially repackages or passes through the Service's outputs to end customers without a separate written agreement with CodeHalo.

5. RESPONSIBLE SUBMISSION STANDARDS

Users are responsible for the quality and appropriateness of code and repositories submitted to the Service. In particular:

5.1 Code Ownership Verification Prior to submitting any code for analysis, Users must verify that they hold the necessary rights, licences, or authorisations to submit that code to a third-party platform for processing.

5.2 Sensitive Data Screening Users must take reasonable steps to ensure that repositories submitted to the Service do not contain prohibited data categories as listed in Section 4.3. CodeHalo is not a data management or redaction platform and is not responsible for the presence of sensitive data within submitted code.

5.3 Accuracy of Information Users must not submit trivially empty, obfuscated, or otherwise unrepresentative repositories for the purpose of obtaining refunds or inflating scan metrics. Submissions should represent genuine codebases intended for security analysis.

6. AUTOMATED AND API USE

6.1 Permitted Automated Use Automated use of the Service, including via the CodeHalo API, is permitted for the purpose of analysing the User's own repositories as part of a legitimate development or security workflow. This includes planned integration with CI/CD pipeline environments, subject to any rate limits, usage policies, and technical specifications published by CodeHalo from time to time.

6.2 Conditions for Automated Use All automated use must:

be performed under a valid authenticated account, remain within any published rate limits and usage quotas, analyse only repositories the User owns or is authorised to submit, not be designed to circumvent metering, billing, or usage controls, and comply with all other provisions of this AUP and the Terms.

6.3 Bot and Scraping Prohibition Automated access to the Service for the purpose of scraping, harvesting, or extracting data from the Service — as opposed to performing legitimate Scans — is strictly prohibited. This includes extracting findings, scoring outputs, or platform data for the purpose of building a competing product or service.

6.4 Future CI/CD Integration CodeHalo intends to support direct integration with CI/CD pipeline environments in a future release. When such integration becomes available, additional technical and usage guidelines will be published. Users integrating via CI/CD must comply with those guidelines in addition to this AUP.

7. REPORTING VIOLATIONS

If you become aware of any use of the Service that you believe violates this AUP, or if you believe your code or intellectual property has been submitted to the Service without your authorisation, please report it to:

AUP / Trust & Safety Contact Email: contact@codehalo.io

CodeHalo will investigate all reports in good faith and take appropriate action. Where a report relates to potential unauthorised submission of third-party code, CodeHalo may suspend the relevant account pending investigation.

8. ENFORCEMENT

CodeHalo takes violations of this AUP seriously. We apply a tiered enforcement approach calibrated to the nature and severity of the violation:

8.1 Tier 1 — Written Warning For first-time or minor violations that do not pose immediate harm to other users, third parties, or CodeHalo's infrastructure, CodeHalo will issue a written warning to the User's registered email address. The warning will describe the nature of the alleged violation and the required corrective action. The User will be given a reasonable opportunity to respond and to remedy the violation before further action is taken.

8.2 Tier 2 — Temporary Suspension Where a violation is repeated, escalating, or poses a risk to the integrity of the Service or other users, CodeHalo may temporarily suspend the User's access to the Service pending investigation or remediation. During suspension, the User's account and any unused Scan Credits will be preserved unless the investigation reveals grounds for permanent termination.

8.3 Tier 3 — Permanent Termination For serious, wilful, or repeated violations — including but not limited to unauthorised scanning of third-party code, submission of malicious content, fraud, or any use of the Service to facilitate criminal activity — CodeHalo may permanently terminate the User's account without further warning. In cases of permanent termination for cause, no refund of unused Scan Credits or prepaid fees will be issued.

8.4 Immediate Action for Urgent Threats Notwithstanding the tiered approach above, CodeHalo reserves the right to take immediate action — including suspension or termination without prior warning — where a violation poses an immediate threat to the security, integrity, or availability of the Service, the data of other users, or third parties. CodeHalo will notify the affected User as soon as reasonably practicable following such action.

8.5 Appeals Users who believe a suspension or termination has been applied in error may submit a written appeal to contact@codehalo.io within 14 days of receiving notice of the enforcement action. CodeHalo will review the appeal and respond within 14 business days. During the appeal review period, suspension will remain in effect unless CodeHalo determines that interim reinstatement is appropriate.

8.6 Cooperation with Authorities CodeHalo reserves the right to report violations of applicable law — including unauthorised access to computer systems, submission of export-controlled materials, and other criminal conduct — to the relevant law enforcement or regulatory authorities.

9. CONSEQUENCES OF VIOLATION

In addition to enforcement actions under Section 8, Users who violate this AUP may be liable for:

damages caused to CodeHalo, other users, or third parties arising from the violation, costs incurred by CodeHalo in investigating and remediating the violation, and indemnification obligations as set out in Section 14 of the Terms and Conditions.

CodeHalo's exercise of its enforcement rights under this AUP does not limit any other rights or remedies available to CodeHalo under the Terms, applicable law, or equity.

10. UPDATES TO THIS AUP

CodeHalo may update this AUP from time to time to reflect changes to the Service, applicable law, or our operational practices. Updates will be posted on the website with a revised effective date.

For material changes, CodeHalo will provide at least 30 days' advance notice to registered Users via email, consistent with the Terms and Privacy Policy. Continued use of the Service after the effective date of any updated AUP constitutes acceptance of the revised terms.

11. RELATIONSHIP TO OTHER POLICIES

This AUP is part of CodeHalo's legal framework, which consists of:

the Terms and Conditions, the Privacy Policy, this Acceptable Use Policy, and any Data Processing Agreement entered into with a Business User.

In the event of any conflict between this AUP and the Terms and Conditions, the Terms and Conditions shall prevail.

12. CONTACT

For questions about this AUP, to report a violation, or to submit an appeals request, please contact:

Trust & Safety: contact@codehalo.io

[END OF ACCEPTABLE USE POLICY]