SanctiKey

Legal

Acceptable Use Policy

SanctiKey, LLC · Last Updated: July 3, 2026 · Effective Date: May 23, 2026

1. Purpose

This Acceptable Use Policy ("AUP") defines the mandatory rules and restrictions governing access to and use of the SanctiKey managed cryptographic infrastructure platform, hosted key management services, and programmer APIs (collectively, the "Service") provided by SanctiKey, LLC ("SanctiKey").

This AUP is fully integrated into and forms an essential part of SanctiKey's Terms of Service or other principal agreement governing access to the Service (the "Agreement"). Compliance with this AUP is required to maintain active platform access.

SanctiKey reserves the right to investigate any suspected violation and to take any action deemed appropriate, including throttling, suspension, termination, and referral to law enforcement.

2. Eligibility and Authorization

You may only use the Service if you:

  • Are at least 18 years of age
  • Have the legal authority to enter into binding agreements on behalf of yourself or your organization
  • Are located within the United States
  • Are not subject to United States export restrictions, sanctions, or equivalent restrictions under the laws of your jurisdiction
  • Are not listed on any United States government list of prohibited or restricted parties, including the OFAC Specially Designated Nationals list

3. Platform Security and Infrastructure Integrity

You shall not use the Service, nor attempt to manipulate its underlying infrastructure, in any way that compromises platform security or exhausts shared resources. Prohibited actions include:

  • Volumetric Abuse: Initiating programmatic API queries, automated connection threads, or request bursts that purposefully bypass, circumvent, or violate the technical rate limits defined in the Service documentation
  • Infrastructure Attacks: Launching or facilitating denial of service attacks, automated fuzzing routines, or traffic patterns designed to degrade platform performance or induce outages affecting other customers
  • Vulnerability Probing: Scanning, testing, or probing the security boundaries, network infrastructure, or authentication layers of the Service without obtaining explicit prior written authorization from SanctiKey
  • Reverse Engineering: Attempting to decompile, reverse-engineer, extract, or structurally map the source code, key isolation architecture, cryptographic implementations, or proprietary components of the Service

4. Export Control and Economic Sanctions

The Service involves industrial-grade cryptographic technology strictly regulated under United States and international law. You agree not to access, deploy, or use the Service in a manner that violates:

  • U.S. Export Administration Regulations (EAR): Directly or indirectly exporting, re-exporting, or transferring SanctiKey’s cryptographic services, software components, or API endpoints to restricted destinations or foreign entities without proper governmental authorization
  • Economic Sanctions: Allowing the Service to be accessed or used by individuals or entities located within countries or territories subject to comprehensive U.S. embargoes, including Cuba, Iran, North Korea, Syria, and the Crimea, Donetsk, and Luhansk regions of Ukraine
  • Restricted Parties: Permitting platform access to any entity or individual listed on United States government screening lists, including the Department of Commerce’s Denied Persons List or Entity List, and the Department of the Treasury’s Specially Designated Nationals (SDN) List

5. Cryptographic Integrity and Prohibited Use Cases

SanctiKey does not retain or inspect the content of API payloads processed through the Service. To maintain platform legality and protect the integrity of the Service, you are strictly prohibited from using SanctiKey's cryptographic functions to process, protect, or facilitate:

  • Malware and Cyberweapons: Obfuscating, encrypting, or key-protecting malicious software, ransomware, command-and-control frameworks, spyware, keyloggers, or any malicious code of any kind
  • Financial Crime: Facilitating money laundering, darknet marketplace transactions, fraud, wire fraud, extortion, or circumvention of legal financial reporting requirements
  • Stolen or Exfiltrated Data: Encrypting or managing datasets known to have been acquired through unauthorized access, data breaches, or digital theft
  • Stalkerware and Covert Surveillance: Protecting or transmitting data collected from individuals without their knowledge and consent, or facilitating any form of covert surveillance or intimate partner monitoring
  • Child Exploitation: Processing, storing, or transmitting child sexual abuse material or any content that sexually exploits or endangers minors. SanctiKey will report known or suspected instances to the National Center for Missing and Exploited Children (NCMEC) and appropriate law enforcement.
  • Weapons Systems: Providing cryptographic infrastructure for weapons systems, autonomous lethal systems, or chemical, biological, radiological, or nuclear weapons programs
  • Identity Theft and Fraud: Protecting or transmitting stolen personal identity data, impersonation assets, or materials used to defraud individuals or organizations
  • Harassment and Abuse: Encrypting or transmitting communications that constitute bullying, harassment, threats, or targeted abuse of any individual or group
  • Illegal Activity: Processing any payload whose primary purpose is to facilitate activity that violates applicable local, state, or federal law
  • Regulated Workloads Without Written Agreement: Using the Service for workloads subject to sector-specific regulatory regimes that impose obligations on service providers, including protected health information under HIPAA, criminal justice information under the CJIS Security Policy, and technical data controlled under ITAR, absent a separate written agreement with SanctiKey expressly covering that regime. The Service is offered under the click-through Terms of Service only; no such agreement exists unless separately executed.

6. Additional Prohibited Conduct

The following are prohibited regardless of the content of API payloads:

  • Cryptocurrency Mining: Using SanctiKey’s infrastructure for cryptocurrency mining, proof-of-work computation, or blockchain validation operations
  • Unauthorized Data Collection: Using the Service to process data obtained through unauthorized access to third-party systems or to facilitate scraping or harvesting of personal data without authorization
  • Intellectual Property Infringement: Using the Service to store, transmit, or protect content that infringes any third-party patent, copyright, trademark, or trade secret
  • Competitive Intelligence: Accessing the Service for the primary purpose of building a competing product or reverse-engineering SanctiKey’s proprietary architecture
  • Account Misuse: Sharing account credentials or API tokens with unauthorized parties, creating accounts under false pretenses, or using another customer’s account without authorization

7. Monitoring and Enforcement

7.1 Monitoring Scope

SanctiKey does not monitor, decrypt, or inspect the plaintext content of Customer data or API payloads. SanctiKey continuously monitors network traffic metrics, connection telemetry, API call volumes, and infrastructure health to detect platform abuse, enforce rate limits, and protect the integrity of the Service for all customers.

7.2 Enforcement Actions

If SanctiKey identifies activity violating this AUP, SanctiKey reserves the right to take immediate defensive action without prior notice. Actions may include:

  • Throttling: Restricting API bandwidth and request limits on the offending account
  • Suspension: Temporarily blocking all access tokens, console access, and API credentials associated with the account
  • Termination: Permanently revoking the subscription and purging associated metadata
  • Legal Referral: Reporting the violation to applicable law enforcement or regulatory authorities and pursuing all available legal remedies

SanctiKey shall incur no liability to Customer for service interruptions resulting from enforcement actions taken under this Section in response to AUP violations.

7.3 Reporting Violations

If you believe another user is violating this AUP, report it to abuse@sanctikey.com. All reports are investigated promptly and in confidence.

8. Responsible Disclosure

If you discover a security vulnerability in the Service, report it to security@sanctikey.com before public disclosure. Reporting, scope, safe harbor protections, and disclosure timelines are governed by SanctiKey's Vulnerability Disclosure Policy. Security research conducted in good faith within that policy's scope is authorized and is not a violation of Section 3.

9. Policy Updates

SanctiKey may update this AUP at any time to reflect evolving compliance requirements, regulatory changes, or platform expansion. Material changes will be communicated by email to the address associated with your account and by updating the "Last Updated" date. Your continued use of the Service after the effective date of any update constitutes acceptance of the revised AUP.

10. Contact

SanctiKey, LLC
Abuse and Policy: abuse@sanctikey.com
Security Disclosures: security@sanctikey.com
Legal: legal@sanctikey.com

This Acceptable Use Policy is effective as of the date listed above and supersedes all prior versions.