1. Authorized use
SOCPilot is licensed for security operations: triaging alerts, investigating incidents, recommending response actions, and producing audit-ready records for systems and accounts the customer is authorized to monitor.
2. Prohibited use
- Investigating, monitoring or attacking systems the customer does not own or have written authorization to monitor.
- Bypassing access controls, scraping the product, or attempting to extract another tenant's data.
- Uploading content that is unlawful, infringing, defamatory, or that contains malware intended to harm third parties.
- Using SOCPilot to surveil individuals outside the scope of an authorized security program.
- Reverse engineering, model extraction, or training competing models on SOCPilot output.
3. Integration scopes
Integrations must be configured with the minimum scopes needed for the connected use case. Granting standing write access to systems that do not require it is discouraged and may be restricted by workspace policy.
4. Automated response
SOCPilot does not execute containment or identity actions without a named human approval. Customers may not bypass the human-approval gate by automating approvals through external systems in a way that defeats the intent of the control.
5. Reporting abuse
Suspected misuse? Email security@socpilot.co with the workspace, time window and a description of the activity.
6. Enforcement
Violations may result in workspace suspension, integration revocation, or contract termination. We coordinate with law enforcement where required by valid legal process.
7. Contact
legal@socpilot.co · SOCPilot, INC · 2075 Kenmore Ave, Buffalo, NY 14207