Security

Security is at the core of everything we build. We’re committed to safeguarding your data and infrastructure by investing in the necessary tools, training, and support. Learn more about how we bake security into our solutions and platform.

HashiCorp acceptable use policy

Last updated: 2023-07-26

This Acceptable Use Policy applies to Authorized Users of HashiCorp’s Cloud ServicesAuthorized Users and Cloud Services are defined in the HashiCorp Cloud Platform User Agreement. This policy may be updated by HashiCorp without notice and will be made available on the HashiCorp website. As a user of the Cloud Services, it is your responsibility to review this Policy from time to time for any changes as it creates a binding legal agreement between you and HashiCorp. Users of the Cloud Services and visitors to the HashiCorp websites agree to the latest version of this Policy.

HashiCorp reserves the right to review and monitor use of the Cloud Services to protect the availability and health of the platform.

Prohibited use

HashiCorp Cloud Services are not to be used in a manner that violates a HashiCorp policy or terms of use or violates the Acceptable Use Policy of an upstream cloud hosting provider.

HashiCorp Cloud Services are not to be used directly or indirectly to support any activity that falls within the following categories:

  1. Use directed toward illegal, unlawful, or fraudulent purposes; examples including but not limited to:

    • Activity associated with the collection, transfer, or storage of stolen material

    • Activity associated with payment or identity fraud

  2. Use that impacts other users’ enjoyment of Cloud Services

    • Excessive resource consumption

    • Bypassing account limitations

    • Use that damages, disables, exhausts, or impairs any system or resource responsible for the Cloud Services

  3. Use that violates the rights of others, such as privacy

    • Defame, abuse, harass, stalk, threaten or otherwise violate the legal rights of others

  4. Use that violates the intellectual property rights of others or infringes upon another’s copyright or trademark rights

  5. Messaging activity that violates the CAN-SPAM Act

    • Sending or facilitating the sending of unsolicited messages or “spam”

  6. Publish, post, upload, distribute, or disseminate any inappropriate, profane, defamatory, obscene, indecent, or unlawful topic, name, material or information, including information harmful to minors

  7. Use that incites, promotes, threatens, or actively encourages violence, terrorism, or other harm

  8. Activity that promotes child sexual exploitation or is involved in any way with CSAM or is involved with other abusive content that is harmful to minors

  9. Development, distribution, or other activities that support the proliferation of malicious software (malware); software intended to damage or exploit another party's computer or property

  10. Use that impersonates HashiCorp, third party affiliates/partners, or other individuals

    • Providing falsified personal information used for identification purposes - billing fraud, account creation identity fraud

    • Control of multiple user accounts that appear to belong to other individuals

    • Continued use of Cloud Services after account suspension

  11. Excessive creation of user accounts (bulk account creation) or account creation through automated techniques (bots)

  12. Use of Cloud Service systems or resources for cryptocurrency “mining”

  13. Use of Cloud Services in any way that supports phishing campaigns

  14. Use of Cloud Services for any form of a Denial-of-Service attack

  15. Use of network obfuscation methods such as Tor or proxies to mask use of Cloud Services

  16. Use of Cloud Services for content distribution through peer-to-peer networks (P2P)

  17. Excessive web scraping, web crawling, or other excessive Internet scanning campaigns

  18. Attempts to gain unauthorized access to other users’ accounts or Cloud Service systems or resources

    • User account takeover attempts, password mining, “credential stuffing”, etc.

    • Attempts to gain unauthorized access to any materials or information

  19. Activity intended to perform stress tests or significant load tests or other security tests against the Cloud Services without written consent from HashiCorp

  20. Disruptive activity directed toward systems supporting the Cloud Services or toward the hosting providers

  21. Activity that attempts to bypass or circumvent the pricing structure or licensing

Investigation and enforcement

HashiCorp may investigate any suspected violation of this Policy and disable or suspend user account access to the Cloud Services as necessary. Depending on the activity, appropriate legal action and escalation to law enforcement may occur.

Violations of this AUP may be reported to https://www.hashicorp.com/trust/security/abuse.