Legal

Acceptable Use Policy

Last updated: 1 May 2026

1. Purpose

This Acceptable Use Policy (“AUP”) sets out the rules for using MPIT PTY LTD’s website, services, deliverables, training material, lab environments, and any tools or content we provide. It is part of our Terms of Service and applies to clients, end users, partners, and visitors.

2. General principles

  • Use our services lawfully and in good faith.
  • Respect the rights, privacy, and property of others.
  • Do not use our services to harm, defraud, or deceive.

3. Prohibited activities

You must not, and must not permit anyone to:

  • Breach any applicable law, regulation, court order, or third-party right.
  • Use deliverables, tools, or training material to attack, disrupt, or gain unauthorised access to systems, networks, or data you are not authorised to test.
  • Develop, distribute, or operate malicious code intended to cause harm in unauthorised contexts.
  • Carry out denial-of-service or stress testing against assets you do not own or are not contractually authorised to test.
  • Attempt to circumvent licence terms, security controls, or rate limits in our services.
  • Reverse engineer, copy, or republish our proprietary tools, reports, or methodologies except as expressly permitted.
  • Upload, send, or store content that is unlawful, infringing, defamatory, obscene, or otherwise objectionable.
  • Send spam or unsolicited bulk communications via systems we host or operate for you.
  • Mine cryptocurrency or run high-resource workloads on infrastructure provided for unrelated purposes.
  • Misrepresent your identity, authority, or affiliation when engaging us.

4. Security-specific rules

Our offensive security work is conducted strictly under written authorisation. Detailed Rules of Engagement are set out in our Responsible Disclosure & Rules of Engagement document, which forms part of this AUP for any security engagement.

You must not request, suggest, or solicit work that would require us to:

  • Test or attack assets you do not have full authority over.
  • Develop tooling intended for use against unauthorised targets.
  • Suppress logs, evade lawful monitoring, or interfere with active investigations.
  • Acquire, hold, or transfer credentials, exploits, or data obtained illegally.

5. Lab and CTF environments

Lab and capture-the-flag environments we provide are sandboxes for learning and research. Within those sandboxes you may use techniques that would not be acceptable on production systems. Outside those sandboxes, those same techniques may be illegal — do not transfer them to systems you are not authorised to test.

6. AI and automated tools

If we provide AI-assisted tools or use them in delivering services, you must not rely on their output as legal, medical, or other professional advice, and must not use them to generate content that violates this AUP.

7. Reporting and enforcement

To report misuse, suspected security incidents, or content concerns, email info@mpit.com.au. We may suspend or terminate access for breach of this AUP, and may report serious breaches to law enforcement.

8. Changes

We may update this AUP from time to time. Changes take effect on publication.

Related documents

Terms of Service Privacy Policy Cookie Policy Disclaimer Responsible Disclosure