Sigvex

Acceptable Use Policy

Guidelines for responsible use of the Sigvex platform.

Effective Date: 2026-02-18 · Last Updated: 2026-02-18

1. Purpose

This Acceptable Use Policy ("AUP") supplements the Sigvex Terms of Service and sets out the rules governing your use of the Sigvex platform at sigvex.io, its APIs, and all related services (the "Service"). It applies to all users, whether on free or paid plans.

Sigvex provides smart contract decompilation, security analysis, vulnerability detection, exploit validation, and fuzzing tools. These are powerful capabilities designed for legitimate security research, auditing, and defensive purposes. This policy exists to ensure the Service is used responsibly and lawfully, protecting both our users and the broader blockchain ecosystem.

2. Permitted Use

The Service is intended for the following uses:

  • Security Auditing: Analysing smart contracts you own, have been authorised to audit, or that are part of a public bug bounty programme.
  • Security Research: Academic and independent research into smart contract vulnerabilities, decompilation techniques, and blockchain security, conducted in accordance with applicable laws and responsible disclosure practices.
  • Defensive Security: Identifying and remediating vulnerabilities in your own deployed contracts or those of your clients (with their authorisation).
  • Education and Training: Learning about smart contract security, reverse engineering, and vulnerability patterns using test contracts, testnet deployments, or publicly available educational resources.
  • Compliance and Due Diligence: Reviewing the security posture of smart contracts as part of investment due diligence, regulatory compliance, or risk assessment processes.
  • Development and Testing: Using analysis results to improve the security of smart contracts during development, including pre-deployment testing on testnets.

3. Prohibited Activities

You must not use the Service to engage in any of the following activities. This list is not exhaustive; we reserve the right to determine whether any conduct violates the spirit of this policy.

3.1 Exploitation and Harm

  • Exploiting vulnerabilities identified through the Service in live smart contracts without explicit written authorisation from the contract owner.
  • Using Analysis Output (vulnerability findings, exploit proofs-of-concept, decompiled source) to steal funds, manipulate markets, or cause financial loss to any party.
  • Front-running transactions or engaging in MEV (Maximal Extractable Value) extraction based on vulnerabilities identified through the Service.
  • Using the Service to identify vulnerabilities for the purpose of extortion, blackmail, or coercion.
  • Draining, re-entrancy attacking, or otherwise exploiting any contract based on Analysis Output.

3.2 Illegal Activity

  • Using the Service in any manner that violates applicable local, national, or international laws or regulations.
  • Using the Service to facilitate money laundering, terrorist financing, sanctions evasion, or other financial crimes.
  • Using the Service to reverse engineer or analyse contracts for the purpose of circumventing intellectual property protections in violation of applicable law.
  • Using the Service from or on behalf of any jurisdiction or party subject to trade sanctions.

3.3 Platform Abuse

  • Attempting to gain unauthorised access to other users' accounts, analysis results, or data.
  • Circumventing or attempting to circumvent rate limits, usage quotas, or access controls.
  • Performing denial-of-service attacks, load testing, or stress testing against the Service without prior written authorisation.
  • Scraping, crawling, or programmatically extracting content from the Service for purposes unrelated to legitimate security analysis.
  • Using the Service to develop, train, or improve a competing product or service.
  • Using Content, Analysis Output, documentation, or other materials from the Service to train, fine-tune, or ground any machine learning or AI system without our prior written consent.
  • Sharing, publishing, or embedding API keys in public repositories, client-side code, or any publicly accessible location.
  • Creating multiple accounts to circumvent usage limits, bans, or enforcement actions.

3.4 Content and Communication

  • Submitting content that is unlawful, defamatory, threatening, harassing, abusive, or harmful.
  • Impersonating any person or entity, or misrepresenting your affiliation with any person or entity.
  • Posting promotional material, spam, or commercial solicitations through the Service without our prior consent.

3.5 Reverse Engineering the Service

  • Reverse engineering, decompiling, disassembling, or otherwise attempting to derive the source code or algorithms of the Service itself (as distinct from using the Service to analyse third-party smart contracts).
  • Attempting to discover or reconstruct the detection heuristics, vulnerability patterns, or decompilation techniques used by the Service.

4. Responsible Disclosure Expectations

When you discover vulnerabilities in smart contracts through the Service, we strongly expect you to follow responsible disclosure practices:

  • Notify the affected contract owner or project team before any public disclosure.
  • Allow a reasonable remediation period (typically 90 days) before publishing details.
  • Do not exploit the vulnerability for personal gain or share it with parties who may exploit it.
  • If the contract is part of a bug bounty programme, follow that programme's rules.
  • If you cannot identify or contact the contract owner, consider notifying the relevant blockchain's security team or a trusted third-party coordinator.

For reporting vulnerabilities in the Sigvex platform itself, please see our Responsible Disclosure Policy.

5. API Usage Guidelines

In addition to the API Terms in our Terms of Service (Section 8), the following guidelines apply:

  • Rate Limits: Respect the documented rate limits for your plan tier. Implement exponential backoff when receiving rate-limit responses (HTTP 429).
  • Authentication: Each API request must include valid authentication credentials. Do not share API keys between organisations or use a single key across unrelated applications.
  • Error Handling: Do not retry failed requests aggressively. If a request fails with a server error (5xx), wait before retrying with increasing intervals.
  • User-Agent: Include a descriptive User-Agent header identifying your application or integration.
  • Caching: Cache analysis results where appropriate rather than making repeated identical requests.

6. Enforcement

Violations of this AUP may result in enforcement actions, which are applied at our discretion based on the severity, intent, and frequency of the violation:

Level Action Typical Triggers
Warning Written notification of the violation with a request to cease the activity. First-time minor violations, accidental rate-limit abuse, unintentional policy breaches.
Temporary Restriction Reduced access (lower rate limits, feature restrictions) for a defined period. Repeated minor violations after warning, moderate policy breaches.
Temporary Suspension Account access suspended for a defined period (typically 7-30 days). Serious violations, repeated breaches after restriction, attempted platform abuse.
Permanent Termination Account permanently terminated. All data deleted per our retention policy. Illegal activity, exploitation of live contracts, malicious intent, severe or repeated violations.

For severe violations (exploitation of live contracts, illegal activity, imminent harm), we may skip intermediate steps and proceed directly to suspension or termination. We may also report conduct to relevant law enforcement authorities where required or appropriate.

7. Appeals

If you believe an enforcement action was applied in error or wish to contest a decision, you may submit an appeal through our contact form within 30 days of the enforcement action. In your appeal, please include:

  • Your account identifier.
  • A description of the enforcement action you are contesting.
  • Your explanation of the circumstances, including any relevant context or evidence.

We will review appeals within 10 business days and communicate the outcome to you. Appeal decisions are final, though you may submit additional information for reconsideration if materially new evidence becomes available.

8. Reporting Violations

If you become aware of conduct by another user that violates this AUP, please report it through our contact form. Include as much detail as possible, including any evidence of the violation. Reports are handled confidentially, and we do not disclose the identity of the reporter to the subject of the report.

9. Changes to This Policy

We may update this AUP from time to time. When we make changes, we will update the "Last Updated" date and post the revised policy on the Service. Material changes will be communicated with at least 30 days' notice. Your continued use of the Service after changes take effect constitutes acceptance of the revised policy.

10. Relationship to Other Policies

This AUP is part of your agreement with Sigvex and should be read alongside:

In the event of a conflict between this AUP and the Terms of Service, the Terms of Service take precedence.

11. Contact Us

If you have questions about this Acceptable Use Policy or are unsure whether a particular use is permitted, please contact us before proceeding:

Contact Form