Skip to main content

Acceptable Use Policy

Effective: February 24, 2026Version 1.0

Overview

This Acceptable Use Policy (“AUP”) governs your use of the Ataraxia GRC platform and is incorporated into our Terms of Service. By using the Service, you agree to comply with this policy. Violations may result in immediate suspension or termination of your account.

Provide Accurate Information

You must provide truthful, accurate, and complete information when creating your account and throughout your use of the Service. This includes all assessment responses, implementation descriptions, and organizational data. Providing false or misleading information undermines the integrity of your compliance program and may expose you to legal liability.

Maintain Account Security

You are responsible for maintaining the security of your account. You must:

  • Use strong, unique passwords for all accounts
  • Enable multi-factor authentication (MFA) where available
  • Not share account credentials with unauthorized individuals
  • Report any suspected unauthorized access immediately

No False SPRS Submissions

You must not use the Service to submit false or knowingly inaccurate SPRS scores or compliance attestations to the Department of Defense or any government agency. Doing so may violate the False Claims Act (31 U.S.C. §3729–3733) and result in treble damages, civil penalties, and criminal prosecution.

No Facilitation of Fraud

You must not use the Service to facilitate fraud or violate the False Claims Act. This includes using the Service to create a false impression of compliance, generate misleading documentation, or misrepresent your organization’s cybersecurity posture to any third party.

No Malicious Content

You must not upload, transmit, or distribute malicious content through the Service, including viruses, malware, ransomware, or other harmful code. You must not attempt to compromise the security, integrity, or availability of the Service or its infrastructure.

No Reverse Engineering or Scraping

You must not reverse engineer, decompile, disassemble, or otherwise attempt to derive the source code of the Service. You must not scrape, harvest, or collect data from the Service through automated means without prior written consent. You must not resell, sublicense, or redistribute the Service or any part thereof.

No Unauthorized CUI Uploads

You must not upload actual Controlled Unclassified Information (CUI) to the Service without prior written authorization from Ataraxia GRC. The Service manages compliance metadata and documentation, not CUI itself. Uploading CUI without authorization may violate DFARS safeguarding requirements and expose your organization to compliance risk.

Comply with Applicable Laws

You must not use the Service in violation of any applicable law, regulation, or contractual obligation. This includes, but is not limited to, export control laws (EAR, ITAR), data protection laws, and applicable contractual requirements with the Department of Defense or prime contractors.

Enforcement

Violations of this Acceptable Use Policy may result in:

  • Warning notification
  • Temporary suspension of account access
  • Immediate termination of your account without refund
  • Reporting to appropriate law enforcement or regulatory authorities

Ataraxia GRC reserves the right to determine, in its sole discretion, whether conduct violates this policy. We will endeavor to provide notice before taking enforcement action, except where immediate action is necessary to protect the Service, other customers, or the public.

Contact

If you have questions about this Acceptable Use Policy, or wish to report a violation, contact us at legal@ataraxiagrc.com.