Skip to main content

Acceptable Use Policy

Effective date: April 15, 2026
Last updated: April 15, 2026

This Acceptable Use Policy ("AUP") governs your use of SigmaShake services, including the ssg CLI, the Rules Hub, the SigmaShake API, and all web properties. By using our services, you agree to this AUP.

1. Permitted Uses

You may use SigmaShake to:

  • Govern and audit AI agent tool calls in your own development environment
  • Install, create, and manage governance rules for your personal or organizational use
  • Publish rulesets to the Hub that comply with the Hub Content Policy (Section 4)
  • Integrate SigmaShake into your organization's toolchain and CI/CD pipelines

2. Prohibited Uses

You may not use SigmaShake to:

2.1 Security and Integrity

  • Attempt to circumvent, bypass, or reverse-engineer SigmaShake's rule evaluation engine or license enforcement
  • Probe, scan, or test SigmaShake infrastructure for vulnerabilities without our written permission (see our security disclosure policy)
  • Inject malicious rulesets designed to exfiltrate data, disable security controls, or harm other users
  • Use SigmaShake to surveil individuals without their knowledge or consent

2.2 Abuse and Overload

  • Deliberately overwhelm SigmaShake infrastructure with automated, excessive, or malicious requests
  • Share or resell API credentials or session tokens
  • Use automated tooling to scrape or bulk-download Hub rulesets beyond normal usage

2.3 Content

  • Publish rulesets containing malware, backdoors, or code designed to harm systems
  • Publish rulesets that violate intellectual property rights
  • Submit false, misleading, or deceptive rule descriptions on the Hub
  • Use SigmaShake in violation of any applicable laws or regulations
  • Use SigmaShake to process data in ways that violate our DPA or Privacy Policy
  • Use SigmaShake to discriminate against individuals based on protected characteristics

3. Rate Limits and Fair Use

Starter (Free): 5,000 tool evaluations per day. Exceeded requests return a 429 Too Many Requests response.

Pro: Unlimited evaluations. Sustained automated abuse (>100 req/sec continuous) may result in temporary rate limiting.

Enterprise: Negotiated SLA. Contact sales@sigmashake.com.

4. Hub Content Policy

Rulesets published to the SigmaShake Hub must:

  • Perform the function described in their metadata
  • Not contain executable code, only SigmaShake DSL rule declarations
  • Not be designed to break or disable other security tools
  • Include a valid license declaration

We reserve the right to remove any ruleset that violates this policy. See Ruleset Policies for the takedown process.

5. Enforcement

We may, at our discretion and without prior notice:

  • Suspend or terminate access for accounts that violate this AUP
  • Remove content that violates this AUP from the Hub
  • Report illegal activity to appropriate law enforcement

For violations that do not pose immediate harm, we will typically notify the account holder and allow 5 business days to remediate before suspension.

6. Reporting Violations

To report an AUP violation: abuse@sigmashake.com
To report a security vulnerability: see our security disclosure policy

7. Changes

We may update this AUP to reflect new features or legal requirements. Material changes will be announced at least 14 days in advance via the Trust Center. Continued use after changes takes effect constitutes acceptance.