Acceptable Use Policy
Last updated: April 20, 2026
SquareBreach is built for legitimate security research, fraud prevention and incident response. This policy keeps the platform safe for everyone.
Permitted use
- Verifying whether your own accounts, your employer’s accounts, or your customers’ accounts (with their consent) appear in known data breaches.
- Threat-intelligence research, dark-web monitoring and incident response.
- Red team / pentest engagements where you have written authorisation from the asset owner.
- Anti-fraud, KYC and AML investigations performed by authorised personnel.
- Academic and journalistic research where the public-interest justification can be substantiated.
Prohibited use
You must not use SquareBreach to:
- Stalk, harass, dox, blackmail or threaten any individual.
- Take over, log in to, or attempt to access an account that you do not own or have explicit authorisation for.
- Sell, redistribute, repackage or resell raw query results to third parties without a separate commercial agreement with SquareBreach.
- Bulk-scrape the API beyond your purchased credits or attempt to evade rate limits, credit consumption or caching policies.
- Use the service in any country or jurisdiction subject to a comprehensive trade embargo (currently: Cuba, Iran, North Korea, Syria and the Crimea, DNR and LNR regions of Ukraine).
- Process personal data of EU residents without a lawful basis under the GDPR.
- Attack the SquareBreach infrastructure (DDoS, exploitation attempts, credential stuffing) or its subprocessors.
Reporting abuse
If you observe abuse of the service or have a security concern, report it to abuse@squarebreach.com. We respond to credible reports within 1 business day.
Enforcement
Violations may result in immediate suspension or termination of your account, forfeiture of unused credits, and notification of relevant law-enforcement authorities. We reserve the right to refuse service at our discretion.