Acceptable use

Kevora Acceptable Use Policy

This policy defines acceptable use for Kevora cybersecurity intelligence, monitoring, alerting, dashboards, and API features.

Last updated: April 29, 2026

Allowed Uses

  • Defensive security monitoring for systems you own or are authorized to monitor.
  • Internal IT operations, vulnerability management, compliance, and security research.
  • Reviewing public CVE, KEV, severity, enrichment, and related intelligence to prioritize remediation.
  • Configuring alerts and watchlists for authorized products, vendors, and environments.

Prohibited Uses

  • No illegal, harmful, fraudulent, deceptive, or abusive use.
  • No unauthorized scanning, probing, exploitation, intrusion, malware delivery, command-and-control activity, credential theft, phishing, spam, harassment, or doxxing.
  • No use of vulnerability intelligence to attack systems or help others attack systems.
  • No attempts to bypass authentication, authorization, rate limits, plan limits, API restrictions, session controls, logging, or other security controls.
  • No scraping, bulk extraction, abusive automation, or excessive requests except where explicitly allowed by the product or a written agreement.
  • No interference with service availability, data integrity, queues, workers, infrastructure, or other users.
  • No uploading, storing, transmitting, or linking malicious content if future product features support user uploads or stored files.

API And Automation

API keys and automation must be used only for authorized defensive workflows and within the applicable plan, rate-limit, and access rules. You may not share API keys publicly, resell access, or use automation to evade limits or degrade the service.

Responsible Use Of Vulnerability Intelligence

Kevora provides informational security intelligence. Users are responsible for validating findings, checking vendor advisories, coordinating remediation, and following applicable law and responsible disclosure practices.

Enforcement

Pulsebotics may investigate suspected misuse and may warn, throttle, suspend, or terminate accounts, API keys, workspaces, or access when needed to protect the service, users, third parties, or legal/security obligations. Pulsebotics may report activity to providers or authorities when legally required or when necessary to address credible abuse.