Acceptable Use

What SOCPilot may and may not be used for.

Last updated May 12, 2026

1. Authorized use

SOCPilot is licensed for security operations: triaging alerts, investigating incidents, recommending response actions, and producing audit-ready records for systems and accounts the customer is authorized to monitor.

2. Prohibited use

  • Investigating, monitoring or attacking systems the customer does not own or have written authorization to monitor.
  • Bypassing access controls, scraping the product, or attempting to extract another tenant's data.
  • Uploading content that is unlawful, infringing, defamatory, or that contains malware intended to harm third parties.
  • Using SOCPilot to surveil individuals outside the scope of an authorized security program.
  • Reverse engineering, model extraction, or training competing models on SOCPilot output.

3. Integration scopes

Integrations must be configured with the minimum scopes needed for the connected use case. Granting standing write access to systems that do not require it is discouraged and may be restricted by workspace policy.

4. Automated response

SOCPilot does not execute containment or identity actions without a named human approval. Customers may not bypass the human-approval gate by automating approvals through external systems in a way that defeats the intent of the control.

5. Reporting abuse

Suspected misuse? Email security@socpilot.co with the workspace, time window and a description of the activity.

6. Enforcement

Violations may result in workspace suspension, integration revocation, or contract termination. We coordinate with law enforcement where required by valid legal process.

7. Contact

legal@socpilot.co · SOCPilot, INC · 2075 Kenmore Ave, Buffalo, NY 14207