Acceptable Use Policy
This Acceptable Use Policy explains prohibited uses of WaverSec Protect, the website, APIs, and related services.
Search section titles and document text.
General rule
You may use WaverSec Protect only for lawful, authorized, and contractually permitted purposes. You may not use the service in a way that harms WaverSec, other customers, third parties, or the integrity of the service.
Illegal or abusive activity
You may not use the service to violate law, infringe rights, facilitate harassment, or support fraud, deception, or abuse.
- No unlawful interception, surveillance, discrimination, or employment-law violations.
- No processing of data without an appropriate legal basis or required internal authorization.
- No use of the service to facilitate phishing, impersonation, fraud, or deceptive conduct.
Messaging and content misuse
Because WaverSec Protect interacts with email workflows, you may not use the service to support spam, malware delivery, unauthorized bulk messaging, or deliberate circumvention of recipient or policy controls.
- No malware, ransomware, malicious attachments, or credential theft content.
- No use to help send spam or other abusive outbound campaigns.
- No use to evade customer, regulator, or employer policy obligations.
AI agents and email activity using MCP pre-send checks
AI clients and autonomous agents that connect to WaverSec Protect through the WaverSec MCP server are subject to this policy on the same terms as human users. The customer organization to which the bound seat belongs is responsible for the behavior of any AI client or agent operating under its MCP tokens.
Rate limits, abuse thresholds, and platform-integrity rules apply to MCP-originated traffic identically to traffic originated by humans through the Outlook add-in, the API, or the admin product. Operating an AI client or agent in a way that would violate this policy if performed by a human violates this policy.
- No use of AI-client email activity using MCP pre-send checks to circumvent recipient, policy, employer, or regulator controls.
- No use of AI-client email activity using MCP pre-send checks to support spam, harassment, fraud, deceptive conduct, or unauthorized bulk outreach.
- No use of AI-client email activity using MCP pre-send checks to exfiltrate data the operator is not authorized to share, including data surfaced from other connected tools; customers must configure AI clients to submit only message data and related context they are authorized to process and disclose to WaverSec for the scan.
- No sharing of MCP tokens across users or organizations, and no continued use of a token whose bound seat is no longer authorized.
Platform integrity
You may not probe, scan, exploit, overload, or interfere with the service except as expressly authorized by WaverSec in writing.
- No reverse engineering, scraping, vulnerability exploitation, or bypass of technical limits.
- No denial-of-service behavior, abusive automation, or excessive request volume outside expected product operation.
- No attempts to obtain unauthorized access to another customer environment, model configuration, or internal system.
Sanctions and export controls
You may not use the service in violation of export controls, trade sanctions, or similar restrictions. You are responsible for ensuring your own use complies with applicable restrictions and customer internal rules.
Enforcement
WaverSec may investigate suspected violations of this policy and may suspend, limit, or terminate access where reasonably necessary to protect the service, respond to abuse, or comply with law.
WaverSec may also preserve or disclose information relating to suspected misuse where legally required or reasonably necessary to protect rights, systems, or users.
Reporting concerns
If you become aware of misuse of WaverSec Protect, report it to info@latent-labs.io or support@waversec.com with as much detail as you can provide.