1. Overview

This Acceptable Use Policy ("AUP") governs your use of the QuantaSeal platform, APIs, SDKs, CLI, and all related services (collectively, the "Services"). By accessing or using the Services, you agree to comply with this AUP. This AUP supplements the Terms of Service.

2. Permitted Uses

You may use the Services to:

Encrypt, decrypt, sign, and verify data for legitimate business purposes using QuantaSeal's post-quantum cryptographic capabilities
Store and manage credentials, API keys, certificates, and other secrets in the QuantaVault
Proxy and transform API requests between your systems and authorised third-party integrations
Access compliance reports, audit logs, and security analytics related to your own tenant
Build applications, integrations, and automations using the QuantaSeal SDKs and APIs for your own internal use or for your customers (subject to plan limits)
Use the Quanta Copilot AI assistant to query and operate your QuantaSeal tenant (Professional plan and above)

3. Prohibited Uses

You must not use the Services:

Illegal activities

To encrypt, store, or transmit data in violation of any applicable law, regulation, or court order
To engage in money laundering, terrorist financing, fraud, or other financial crimes
To process data in violation of GDPR, HIPAA, PCI DSS, or other applicable data protection laws

Malicious use

To create, store, distribute, or facilitate malware, ransomware, spyware, or other malicious code
To conduct denial-of-service attacks against QuantaSeal or any third party
To exploit or attempt to exploit security vulnerabilities in QuantaSeal or third-party systems
To use automated tools to scrape, harvest, or extract data from the Services beyond normal API use

Platform abuse

To exceed your plan's rate limits or integration limits intentionally or repeatedly
To share API keys or credentials with unauthorised users or organisations
To reverse-engineer, decompile, or disassemble the Services
To resell access to the Services without entering into a White Label agreement
To use the Services to benchmark against or train AI models that compete with QuantaSeal

Prohibited data

To process data related to child sexual abuse material (CSAM) - any such use will be reported to law enforcement immediately
To encrypt or vault data that you do not have the right to process
To use the Vault or proxy to facilitate export-controlled transactions without required licences

4. Content Standards

All data submitted to the Services must comply with these standards:

You must have the legal right to submit, process, and store the data
You are responsible for ensuring data subjects have given appropriate consent where required
You must not submit data that includes third-party intellectual property without authorisation
Integration configurations and webhook payloads must not contain malicious scripts or injection payloads

5. Security Requirements

You are responsible for the security of your account:

Keep your API keys, JWT tokens, and credentials confidential - do not commit them to public source code repositories
Enable MFA for all administrative accounts (strongly recommended; required for Enterprise plan)
Immediately rotate credentials if you suspect a compromise and notify security@quantaseal.io
Do not use the Services to store plaintext credentials that can be encrypted - use the QuantaVault for all secrets
Follow the principle of least privilege when configuring integration allowed operations

6. Enforcement

QuantaSeal reserves the right, but is not obligated, to investigate violations of this AUP. On detection of a violation, QuantaSeal may, in its sole discretion:

Suspend access to the Services pending investigation
Terminate the account without refund
Report violations to law enforcement or regulatory authorities
Pursue civil or criminal legal remedies

QuantaSeal will make reasonable efforts to notify customers before suspension unless doing so would (a) prevent us from investigating the suspected violation, (b) risk harm to third parties, or (c) be required by law.

7. Reporting Violations

To report suspected AUP violations or security concerns:

AUP violations

abuse@quantaseal.io

Security vulnerabilities

Responsible disclosure program →

Questions about this policy? Contact legal@quantaseal.io. QuantaSeal reserves the right to update this AUP at any time. Continued use of the Services after changes are posted constitutes acceptance.

2. Permitted Uses

You may use the Services to:

Encrypt, decrypt, sign, and verify data for legitimate business purposes using QuantaSeal's post-quantum cryptographic capabilities

Store and manage credentials, API keys, certificates, and other secrets in the QuantaVault

Proxy and transform API requests between your systems and authorised third-party integrations

Access compliance reports, audit logs, and security analytics related to your own tenant

Build applications, integrations, and automations using the QuantaSeal SDKs and APIs for your own internal use or for your customers (subject to plan limits)

Use the Quanta Copilot AI assistant to query and operate your QuantaSeal tenant (Professional plan and above)

3. Prohibited Uses

You must not use the Services:

Illegal activities

To encrypt, store, or transmit data in violation of any applicable law, regulation, or court order
To engage in money laundering, terrorist financing, fraud, or other financial crimes
To process data in violation of GDPR, HIPAA, PCI DSS, or other applicable data protection laws

Malicious use

To create, store, distribute, or facilitate malware, ransomware, spyware, or other malicious code
To conduct denial-of-service attacks against QuantaSeal or any third party
To exploit or attempt to exploit security vulnerabilities in QuantaSeal or third-party systems
To use automated tools to scrape, harvest, or extract data from the Services beyond normal API use

Platform abuse

To exceed your plan's rate limits or integration limits intentionally or repeatedly
To share API keys or credentials with unauthorised users or organisations
To reverse-engineer, decompile, or disassemble the Services
To resell access to the Services without entering into a White Label agreement
To use the Services to benchmark against or train AI models that compete with QuantaSeal

Prohibited data

To process data related to child sexual abuse material (CSAM) - any such use will be reported to law enforcement immediately
To encrypt or vault data that you do not have the right to process
To use the Vault or proxy to facilitate export-controlled transactions without required licences

4. Content Standards

All data submitted to the Services must comply with these standards:

You must have the legal right to submit, process, and store the data

You are responsible for ensuring data subjects have given appropriate consent where required

You must not submit data that includes third-party intellectual property without authorisation

Integration configurations and webhook payloads must not contain malicious scripts or injection payloads

5. Security Requirements

You are responsible for the security of your account:

Keep your API keys, JWT tokens, and credentials confidential - do not commit them to public source code repositories

Enable MFA for all administrative accounts (strongly recommended; required for Enterprise plan)

Immediately rotate credentials if you suspect a compromise and notify security@quantaseal.io

Do not use the Services to store plaintext credentials that can be encrypted - use the QuantaVault for all secrets

Follow the principle of least privilege when configuring integration allowed operations

6. Enforcement

QuantaSeal reserves the right, but is not obligated, to investigate violations of this AUP. On detection of a violation, QuantaSeal may, in its sole discretion:

Suspend access to the Services pending investigation

Terminate the account without refund

Report violations to law enforcement or regulatory authorities

Pursue civil or criminal legal remedies