Acceptable Use Policy
Permitted Uses
✓ What You Can Do
- Deploy KovaShield honeypots on servers, domains, and infrastructure you own or are explicitly authorized to protect
- Log, fingerprint, and analyze threat actors who interact with your honeypot endpoints
- Report malicious IPs to AbuseIPDB and other threat intelligence platforms using KovaShield's built-in tools
- Use KovaShield evidence packages to support law enforcement reports and insurance claims related to attacks on your systems
- Block, tarpit, and redirect malicious traffic on your own infrastructure
- Use KovaShield as part of a SIEM, SOC, or broader security architecture on systems you control
- Share threat intelligence data from your deployment with your own security team or trusted partners
Prohibited Uses
✗ What You Cannot Do
- Unauthorized monitoring — Do not deploy KovaShield on systems you do not own or have explicit written authorization to monitor. This includes cloud environments, shared hosting, or employer systems without HR/legal sign-off.
- Offensive operations — KovaShield may not be used to launch attacks, port scans, or intrusion attempts against third parties. Active counterattacks ("hack back") are illegal and prohibited.
- Entrapment or setup — You may not use KovaShield to lure individuals into interacting with fake systems for the purpose of filing false criminal complaints.
- Springboard attacks — You may not allow or facilitate attackers using your KovaShield honeypots as a relay or proxy to attack third parties. Honeypots must be network-isolated.
- Data harvesting — Credentials and personal data captured by KovaShield may only be used for documenting unauthorized access to your systems. You may not use this data to access third-party accounts, sell it, or share it outside of law enforcement contexts.
- False reporting — Filing false law enforcement reports or submitting fabricated evidence packages is a crime and will result in immediate account termination and cooperation with authorities.
- Competitor intelligence — You may not use KovaShield to monitor competitors' systems or gather business intelligence through unauthorized access.
- Employee surveillance without disclosure — If deploying KovaShield in a workplace environment, you must comply with all applicable employee monitoring disclosure requirements in your jurisdiction.
- HIPAA/PCI environments without compliance review — Do not deploy KovaShield in environments handling protected health information (PHI) or cardholder data without first ensuring compliance with HIPAA and PCI-DSS requirements.
Network Isolation Requirement
All KovaShield honeypot deployments must maintain strict network segmentation. Honeypot endpoints must not have routing access to:
- Your production databases or application servers
- Internal network resources
- The open internet (outbound), unless explicitly required for deception purposes and properly contained
TNZ is not liable for damages caused by insufficient network isolation. If you are unsure how to properly isolate your honeypots, contact support@kovashield.com before deployment.
Evidence Integrity
KovaShield automatically generates cryptographically sealed evidence packages. You must not:
- Alter, tamper with, or attempt to modify sealed evidence packages
- Present altered evidence to law enforcement or in legal proceedings
- Misrepresent the source, context, or meaning of evidence packages
Tampering with digital evidence is a federal crime under 18 U.S.C. § 1519.
Reporting Violations
If you believe someone is using KovaShield in violation of this policy or to target your systems, please report it immediately to abuse@kovashield.com. Include as much detail as possible — we take abuse reports seriously and will investigate within 24 hours.
Consequences of Violations
Violations of this policy may result in:
- Immediate account suspension or termination without refund
- Reporting to relevant law enforcement agencies
- Civil liability for damages caused to third parties
- Cooperation with law enforcement investigations against you
Questions
If you're unsure whether a specific use case is permitted, email us at legal@kovashield.com before proceeding. We'd rather answer a question than terminate an account.