Acceptable Use Policy

Last Update: February 3rd, 2026

Introduction

This Acceptable Use Policy (“AUP”) applies to your use of Serus and any related websites, applications, APIs, integrations, and services (collectively, the “Services”).

Serus is operated by ANON AI Labs, Inc., a Delaware corporation (United States) (“ANON,” “Serus,” “we,” “us,” or “our”). By using the Services, you agree to comply with this AUP. This AUP is incorporated into and forms part of our Terms of Service.

If you violate this AUP, we may suspend or terminate your access to the Services, and we may take other actions as permitted under our Terms and applicable law.

Incorporation

This Acceptable Use Policy is incorporated by reference into our Terms of Service and any separate written agreement (such as an order form, master services agreement, or enterprise agreement) governing your use of the Services. In the event of a conflict, the applicable separate written agreement will control only to the extent of the conflict, and this Acceptable Use Policy will otherwise remain in effect.

1. Purpose of this policy

Serus provides privacy and security tools intended to help users understand and reduce their digital exposure. This AUP exists to ensure the Services are used lawfully, ethically, and safely, and to protect users and third parties from harm.

This AUP applies to all interactions with the Services, including but not limited to OSINT searches, monitoring, removal requests, viewing breach-related information, and any API or white-label use.

2. Sensitive Information

Certain features may allow you to view unredacted sensitive information, such as exposed passwords, authentication tokens, financial identifiers, or similar high-risk data (“Sensitive Information”). To access Sensitive Information, you may be required to actively confirm (for example, by checking a box in the app) that you are authorized and that you will comply with our Terms of Service and this Acceptable Use Policy.

You may access and use Sensitive Information only for lawful and authorized security and privacy purposes, such as securing your own accounts or accounts you are authorized to manage, and only within the scope of that authorization. You must not use Sensitive Information to access any account, system, network, or data that you do not own or have explicit authorization to access.

You must not share, publish, sell, or distribute Sensitive Information to any third party, except on a strict need-to-know basis as necessary to secure an account you are authorized to manage (for example, sharing with your organization’s security team). You must store Sensitive Information securely and only for as long as reasonably necessary.

We may restrict, monitor, suspend, or terminate access to Sensitive Information if we reasonably believe your access or use violates this AUP, our Terms, or applicable law. We do not guarantee the accuracy, completeness, or continued availability of any Sensitive Information or third-party sources.

3. Acceptable use

You may use the Services to:

•

Conduct OSINT searches for lawful purposes (e.g., privacy protection, security awareness, and risk assessment).

•

Monitor personal data (e.g., emails, phone numbers, passwords) to detect exposures or breaches, in compliance with applicable law.

•

Submit removal requests to reduce your online footprint, using accurate and lawful information and only where you have the right to request removal.

•

View unredacted information (such as breach indicators or exposed passwords) only for lawful purposes, such as securing your own accounts or accounts you are authorized to manage.

•

Use the Services for personal or business purposes as permitted by your agreement with us and our Terms.

OSINT and data sources clarification:

Serus does not provide results from a proprietary database of personal information and does not disclose information from other customers’ accounts. OSINT results are generated from publicly available sources on the surface web and/or from third-party data sources (including breach or dark web datasets) that we do not own or control. We do not guarantee the accuracy, completeness, or continued availability of OSINT results or any third-party sources.

4. Prohibited use

To keep Serus safe and lawful, you agree not to use the Services to:

Illegal activity and unauthorized access

•

Hack, phish, stalk, dox, harass, threaten, or harm others.

•

Access, attempt to access, or assist others in accessing accounts, systems, or networks without authorization.

•

Circumvent security or authentication measures, or probe/scan our systems in a way that could compromise security.

•

Attempt to log in to any account using credentials obtained through the Services without explicit authorization from the account owner.

Misuse of breach data or credentials

•

Unlawfully obtain, buy, sell, trade, distribute, or misuse personal data, credentials, or breach data.

•

Use breach-related information to attempt logins, account takeovers, credential stuffing, or any form of unauthorized access.

Abuse of removal workflows

•

Submit false, misleading, fraudulent, or malicious removal requests.

•

Submit removal requests targeting third parties where you do not have legal authority, consent, or another lawful basis to do so.

•

Submit abusive, harassing, frivolous, or high-volume requests intended to disrupt third parties or damage relationships.

Data misuse and privacy violations

•

Use information obtained through the Services to violate privacy, publicity, or other rights of any person.

•

Disclose unredacted sensitive information (including passwords or private identifiers) in violation of law or third-party rights.

Platform abuse

•

Overload, disrupt, scrape, or reverse engineer the Services, or attempt to bypass rate limits.

•

Perform denial-of-service attacks, spam, automated abuse, or use bots in a manner that degrades the Services.

•

Introduce malware, spyware, or malicious code, or use the Services to distribute such software.

Intellectual property

•

Copy, modify, distribute, sell, or lease any part of the Services except as expressly permitted by our Terms.

•

Use our trademarks or branding in a misleading manner.

Eligibility decisions

•

Use the Services (including OSINT results, monitoring results, or removal-related outputs) to make decisions about an individual’s eligibility for employment, housing, credit, insurance, education, tenancy, or similar determinations, including as defined under the Fair Credit Reporting Act (“FCRA”) or similar laws, or otherwise in any manner prohibited by the Terms of Service.

Export Controls and Sanctions

You may not use the Services if (a) you are located in, ordinarily resident in, or organized under the laws of any jurisdiction subject to comprehensive sanctions or embargoes (including those administered by the U.S. Department of the Treasury’s Office of Foreign Assets Control (“OFAC”)), or (b) you are listed on, or are owned or controlled by a person listed on, any U.S. or other applicable restricted or denied-party list. You agree to comply with all applicable export control and sanctions laws and regulations in connection with your use of the Services.

5. Your responsibilities

You are responsible for your use of the Services and for compliance with all applicable laws.

If you submit or process personal data through the Services (including data relating to third parties), you agree that you will:

•

Ensure you have a lawful basis for processing such data (e.g., consent, legitimate interest, contractual necessity), as required by applicable privacy laws.

•

Use the Services and any outputs only for lawful and authorized purposes.

•

Keep access credentials secure (including API keys) and promptly notify us if you suspect unauthorized use of your account.

•

Provide accurate information when submitting removal requests so we can act on your instructions.

For more information on how we handle personal data, please review our Privacy Policy and, if applicable, our Data Processing Addendum (DPA).

5.1 Authority and Verification

You represent and warrant that you have the legal right and authority to submit data to the Services and to submit removal requests on your own behalf or as an authorized agent for a third party. You agree to provide additional information or verification upon request (including identity or authorization documentation). We may refuse, restrict, or suspend requests we reasonably believe are unauthorized, inaccurate, abusive, fraudulent, or unlawful.

6. Enforcement

We may review usage patterns and investigate suspected violations of this AUP. If we believe you have violated this AUP, we may (at our discretion):

•

Issue a warning or request corrective action;

•

Restrict, suspend, or terminate your access to the Services;

•

Remove or disable content or requests associated with misuse; and/or

•

Report suspected illegal activity to law enforcement or other authorities when required or appropriate.

7. Reporting violations

If you believe someone is misusing Serus, please contact us at:

Email: support@serus.ai
Website: www.serus.ai/support

8. Updates to this policy

We may update this AUP to reflect changes in our Services or legal requirements. If we make material changes, we will provide notice through the Services or our website. Your continued use of the Services after an update means you accept the revised AUP.

9. Contact

For questions about this AUP, contact:
Support: support@serus.ai
Privacy/DPO: dpo@serus.ai

ANON AI Labs, Inc.
A Delaware corporation, United States