Authorized Use Policy

You are responsible for authorization. Before testing, confirm that you own the target or have explicit permission, understand the approved scope, and follow all applicable rules and laws.

Permitted use

xLimit may be used for lawful activities such as:

• Testing systems you own.
• Authorized penetration tests and security assessments.
• Bug bounty or vulnerability-disclosure work performed within published scope and rules.
• Defensive analysis, incident response, education, labs, and controlled research.
• Preparing remediation guidance and responsible reports.

Prohibited use

You may not use xLimit to:

• Access, test, scan, exploit, or interfere with systems without authorization.
• Deploy malware, ransomware, destructive payloads, or persistence mechanisms against others.
• Steal credentials, tokens, personal data, trade secrets, or other protected information.
• Conduct phishing, fraud, extortion, harassment, surveillance, or privacy violations.
• Disrupt services, evade law enforcement, conceal unlawful activity, or cause harm.
• Exceed the scope, rate limits, methods, or data-handling rules of an authorized engagement.

Researcher responsibilities

You must maintain evidence of authorization, minimize impact, protect collected data, stop when scope or safety is uncertain, and report findings through the proper channel. AI-assisted suggestions must be reviewed before use.

Enforcement

xLimit may restrict or terminate access, revoke tokens, preserve relevant records, or report activity when reasonably necessary to prevent harm, enforce policy, or comply with law. Suspected misuse may be reported to [email protected].