Legal · Acceptable Use
Acceptable Use Policy
1About This Policy
This Acceptable Use Policy ("Policy") explains how the Master Netflow Security Platform (the "Platform"), operated by Master Netflow Inc. ("Master Netflow," "we," "us," or "our"), may and may not be used. It applies to everyone who uses the Platform — Client Organizations, their administrators, and employee Users.
Our aim is simple: keep the Platform safe, lawful, and effective for security awareness — without getting in the way of the legitimate training and investigation work it is built for. This Policy works alongside our Terms of Service and Privacy Policy; where this Policy and the Terms overlap, the Terms govern. For a plain-language view of how we protect your data, see our Trust Center.
2What the Platform Is For
Master Netflow is built to help organizations strengthen their people against cyber threats. The following uses are fully supported and encouraged:
- Phishing and ransomware simulations — running simulated, educational attack scenarios against your own organization’s enrolled employees to build awareness.
- Security awareness training — delivering training modules, assessments, certificates, and interactive challenges to your workforce.
- Threat investigation and analysis — using the platform’s investigation and analysis features (such as reviewing reported items and checking suspicious links, emails, or files) for legitimate security purposes.
- Internal enterprise training programs — administering company-wide or department-level security programs, tracking progress, and reporting on human risk.
In short: if you are using Master Netflow to educate and protect your own people, you are using it exactly as intended.
3Running Simulations Responsibly
Simulations are powerful training tools, so a few clear rules keep them lawful and ethical:
- Simulations may only target your own enrolled employees, within your own organization’s environment.
- You must have the authority to test your workforce, and you are responsible for meeting any workplace notice, consent, or labour requirements that apply to you.
- Simulated content is for education and assessment — not to harass, single out, or penalise individuals.
- You may not use simulation or analysis features to test, target, or probe people or systems outside your organization without their authorization.
Using simulation features against people or organizations you do not have permission to test is a serious violation of this Policy and may also break the law.
4What’s Not Allowed
To keep the Platform trustworthy for everyone, you must not:
- Conduct real attacks. Use the Platform to carry out actual phishing, malware, ransomware, or any other malicious campaign against real targets.
- Upload or share illegal or harmful content. This includes unlawful, infringing, deceptive, or malicious material, or live malware intended to cause harm.
- Attack the Platform itself. Attempt to exploit, bypass, disable, or probe the Platform’s security, access controls, or other customers’ environments.
- Scrape or overload the system. Use automated tools to harvest data, or abuse, flood, or interfere with the Platform’s features, interfaces, or availability.
- Impersonate or misuse others. Impersonate another person, organization, or Master Netflow, or attempt to access accounts, data, or tenants that are not yours.
- Resell or misrepresent. Resell, sublicense, or present the Platform as your own except as your agreement expressly permits.
5Protecting Accounts & the Platform
Security is a shared responsibility. You agree to:
- Keep your credentials confidential, not share accounts, and use the security features available to you.
- Use the Platform’s features and any APIs only as documented and intended, and respect the technical limits that keep the service reliable for everyone.
- Promptly tell us if you discover a vulnerability or suspect unauthorized access — see Reporting Misuse.
Good-faith security research is welcome through our responsible disclosure process; testing that degrades the service or reaches other users’ data is not.
6Respecting Other Organizations & People
Master Netflow serves many organizations side by side, and you must respect that separation. Do not attempt to view, access, or interfere with another organization’s data, users, or activity, and do not use the Platform to harass, deceive, or harm anyone outside your authorized training program.
7Content Standards
You are responsible for the content you upload, create, or send through the Platform — including custom training material, simulation templates, and employee data. That content must be lawful, must not infringe anyone’s rights, and must be appropriate for a workplace security program. We may remove content that violates this Policy.
8Enforcement
We aim to be reasonable, and most issues are resolved with a quick conversation. That said, protecting our customers comes first. If we believe this Policy has been violated, we may — depending on the severity — warn you, restrict or suspend access to affected features, suspend the account, or terminate it.
Where misuse is serious, unlawful, or puts other customers at risk, we may act immediately and without prior notice, and we may preserve and share relevant information with law enforcement where required. Account termination is handled in line with our Terms of Service.
9Reporting Misuse
If you see misuse of the Platform, or believe you have found a security vulnerability, please tell us:
- Security issues and vulnerabilities — security@masternetflow.com
- Policy questions or other concerns — legal@masternetflow.com
We read every report and respond promptly.
10Changes & Contact
We may update this Policy from time to time as the Platform and the threat landscape evolve. When we make material changes, we will update the “Last updated” date above. Continued use of the Platform after a change means you accept the updated Policy.
Questions? Contact us at legal@masternetflow.com.