Linxus Infotech
Sign in Start free scan
Legal

Acceptable Use Policy

Last updated: June 11, 2026 · Effective: June 11, 2026 · Version 3.0 · Applies to linxusinfotech.com and infrasync.app

This Acceptable Use Policy ("AUP") defines prohibited and acceptable uses of InfraSync.

1. Purpose & scope

This Acceptable Use Policy ("AUP") defines prohibited and acceptable uses of InfraSync (infrasync.app). By using InfraSync, you agree to comply with this AUP in addition to our Terms & Conditions and Privacy Policy.

Company information:
Linxus Infotech Private Limited
G.NO.215, Dongargaon (Shev), Phulambri,
Aurangabad, Maharashtra 431111, India

Contact: legal@linxusinfotech.com · +91 8828 757 008

This AUP is effective immediately upon your first use of InfraSync.

2. Permitted uses

2.1 Legitimate infrastructure management

You may use InfraSync for:

Your own cloud accounts

  • Scanning AWS/GCP/Azure accounts you own or manage
  • Generating Terraform code for authorized infrastructure
  • Migrating ClickOps resources to Infrastructure as Code (IaC)
  • Managing cloud resources for which you have proper authorization

Professional services

  • DevOps consulting for clients (with written authorization)
  • Managed service providers (MSPs) managing client infrastructure
  • Enterprise internal use across multiple business units
  • System integrators building solutions for customers

Educational & development

  • Learning Terraform and IaC best practices
  • Training team members on infrastructure automation
  • Academic research and study (with proper disclosure)
  • Testing in non-production environments
  • Proof-of-concept implementations

Business operations

  • Disaster recovery planning and documentation
  • Compliance auditing and reporting
  • Cost optimization analysis
  • Infrastructure documentation

3. Prohibited activities

3.1 Unauthorized access & credential abuse

Scanning unauthorized cloud accounts. You may NOT:

  • Scan cloud accounts you do not own, manage, or have authorization to access
  • Use stolen, leaked, or otherwise unauthorized AWS/GCP/Azure credentials
  • Access client infrastructure without explicit written authorization
  • Scan competitor infrastructure for intelligence gathering or industrial espionage
  • Use credentials found on public repositories (GitHub, pastebin, etc.)

Example violation: Using AWS credentials discovered on a public GitHub repository to scan someone else's infrastructure. Consequence: Immediate account termination + reporting to law enforcement + civil action.

Credential sharing & account abuse. You may NOT:

  • Share your InfraSync account credentials with others
  • Use shared or generic credentials for team access (use proper team plans)
  • Allow unauthorized individuals to access your account
  • Sell, trade, or transfer account access to third parties

Example violation: A DevOps team shares one Pro account login among 5 engineers to avoid paying for multiple seats. Consequence: Account suspension + forced upgrade to appropriate plan or termination.

Credential harvesting & phishing. You may NOT:

  • Use InfraSync to collect or harvest cloud credentials from targets
  • Create fake accounts or phishing schemes to obtain credentials
  • Social engineer individuals to provide their cloud access keys
  • Impersonate InfraSync support to request user credentials

Example violation: Sending emails claiming to be "InfraSync Support" requesting users to verify their AWS keys. Consequence: Account termination + police report + criminal investigation + civil lawsuit.

3.2 Security testing & exploitation

Unauthorized security testing. You may NOT:

  • Perform penetration testing on InfraSync infrastructure without written permission
  • Conduct vulnerability scanning or security assessments
  • Attempt to breach, bypass, or test security controls
  • Launch SQL injection, XSS, or other attack attempts
  • Probe for weaknesses in authentication or authorization

Authorized security research. If you discover a vulnerability, please report it responsibly to security@linxusinfotech.com with the subject "Security Vulnerability Report - Responsible Disclosure". Do NOT exploit, share publicly, or disclose before we patch. We have a responsible disclosure program and may offer recognition.

Reverse engineering & IP theft. You may NOT:

  • Decompile, disassemble, or reverse-engineer InfraSync software
  • Extract our algorithms, business logic, or proprietary methods
  • Scrape UI or API responses for competitive intelligence
  • Create copycat or competing services based on our technology
  • Reproduce our Terraform generation patterns in competing products

3.3 Service abuse and resource manipulation

You may NOT:

  • create excessive numbers of scans, schedules, or organizations with the intent of degrading the Service for other customers;
  • circumvent plan limits (resource counts, concurrent scans, region counts, account counts) through scripting, multiple accounts, or organization manipulation;
  • use the Service as a proxy for arbitrary AWS API calls unrelated to scanning;
  • upload arbitrary content into our S3 buckets or storage beyond what the Service writes on your behalf.

3.4 Misuse of the GitHub App integration

If you install the InfraSync GitHub App, you may NOT:

  • install it on organizations you do not own or are not authorised to administer;
  • direct it to push Terraform code into repositories you do not have permission to write to;
  • use it to extract data from repositories beyond what is necessary for the integration to function;
  • share or expose the installation's access token to third parties.

3.5 Illegal, harmful, or infringing use

You may NOT use InfraSync to:

  • violate any applicable law (including the Information Technology Act, 2000, the Digital Personal Data Protection Act, 2023, export control laws, and sanctions);
  • infringe intellectual-property or privacy rights of others;
  • generate, host, or distribute malware, ransomware, or other malicious code;
  • support infrastructure used for unlawful gambling, illegal drugs, terrorism, weapons proliferation, human trafficking, or child sexual abuse material.

3.6 Spam and abusive communications

You may NOT:

  • use organization invites to send unsolicited bulk email;
  • invite people without a reasonable expectation that they want to collaborate on infrastructure with you;
  • impersonate any person or entity in your registration details, invites, or support correspondence.

3.7 Tampering with generated output

You may NOT:

  • misrepresent the provenance of code generated by InfraSync to third parties (for example, claiming our generated code is your original work for purposes of compliance audits where authorship matters);
  • strip licence headers or attribution required by the underlying open-source tools (notably Terraformer, HashiCorp Terraform providers, and similar).

3.8 Automated access

You may use legitimate, documented programmatic interfaces we provide. You may NOT:

  • scrape the InfraSync UI or undocumented endpoints;
  • operate bots, crawlers, or load generators against the Service except as we have expressly authorised in writing.

4. Customer authorization representations

By initiating a scan or connecting a cloud account, you represent and warrant that:

  • you own the connected cloud account, or you have explicit written authorization from the account owner to provide its credentials and to run scans on it;
  • the AWS credentials you have provided were lawfully obtained;
  • you have the authority to grant us the limited licence to use those credentials as described in our Terms and Privacy Policy;
  • where you are acting on behalf of a third party, you have the contractual basis to do so (for example, a signed engagement with the third party that covers infrastructure access).

5. Organization member responsibilities

Organization administrators are responsible for the activity of members they invite. If a member breaches this AUP, we may take action against that member, the organization, the inviting administrator, or the entire account, depending on the severity of the breach.

6. Enforcement

We may, at our reasonable discretion:

  • investigate suspected violations, including by reviewing audit-log entries and scan metadata in the affected organization;
  • warn the account owner and the organization administrators;
  • throttle, suspend, or restrict specific features (e.g. scans, scheduled scans, GitHub push);
  • suspend the account entirely, with or without prior notice depending on severity;
  • terminate the account for repeated or egregious violations;
  • refuse or reverse refunds where the violation is the reason for cancellation;
  • report to law-enforcement authorities and cooperate with lawful investigations;
  • preserve evidence relevant to the investigation, including by retaining audit-log entries beyond their normal 90-day window for the duration of the matter.

Where reasonably possible, we will notify the account owner before taking restrictive action. Where the violation poses an immediate security, legal, or financial risk, we may act first and notify afterwards.

7. Appeals

If you believe we have taken action against your account in error, you may appeal by emailing legal@linxusinfotech.com with subject "AUP Appeal". Include your organization ID and a brief description of why you believe the action was incorrect. We will respond within 7 business days.

8. Reporting violations

To report suspected AUP violations by another InfraSync user, contact abuse@linxusinfotech.com with as much detail as you can provide. We treat abuse reports as confidential to the extent permitted by law.

9. Cooperation with law enforcement

We cooperate with lawful requests from courts and law-enforcement agencies. Where law permits, we will notify the affected user before disclosing their data, unless we are prohibited from doing so or believe such notice would impede an investigation or risk harm to a person.

10. Relationship to other policies

This AUP is incorporated by reference into our Terms & Conditions and is supplementary to, not in lieu of, our Privacy Policy and Security & Data Protection Statement. If there is a conflict, the Terms & Conditions control.

11. Examples are illustrative, not exhaustive

The examples of prohibited conduct in this AUP are illustrative. We may treat conduct that violates the spirit of this AUP as a violation even if it is not specifically enumerated above.

12. Changes to this AUP

We may update this AUP from time to time to address new abuse patterns or regulatory requirements. The updated version will be posted on this page with a revised "Last Updated" date. For material changes, we will notify customers by email and an in-product notice.

13. Governing law

This AUP is governed by the laws of India and is subject to the dispute-resolution provisions of our Terms & Conditions.

14. Contact

General questions: legal@linxusinfotech.com
Report abuse: abuse@linxusinfotech.com
Security disclosures: security@linxusinfotech.com