// legal

Acceptable Use Policy

Trinetra teaches real offensive- and defensive-security skills. This policy sets the ethical and legal boundaries for using them. By using the platform you attest that you will only apply these techniques lawfully and with authorisation.

Last updated:

This Acceptable Use Policy ("AUP") is part of our Terms of Service and applies to everyone who uses Trinetra Cyber Defense, operated by TRINETRA CYBER DEFENSE PRIVATE LIMITED. The skills taught here are powerful and, if misused, illegal. Read this policy carefully — your use of the platform is conditional on following it.

Purpose & scope

Trinetra exists to develop cybersecurity skills for lawful, professional, and educational purposes: learning, practising, and demonstrating defensive and offensive techniques in a controlled, isolated environment. This AUP applies to all features — challenges, labs, the AI mentor, leagues, and community.

Authorised-use attestation

By using Trinetra you attest that:
  • You will use the techniques learned here only for educational purposes and only against systems you own or have explicit written authorisation to test.
  • You will never use these techniques to access, disrupt, damage, or exfiltrate data from systems, networks, or accounts without authorisation.
  • You accept full legal responsibility for any misuse of the knowledge or tools obtained through the platform.
  • You are at least 16 years old (and have parental/guardian consent if under the age of majority).

You confirm this attestation when you create your account, and it continues to apply for as long as you use the Service.

Permitted use

  • Solving challenges and running exploits inside Trinetra's provided lab environments.
  • Practising on systems you own, or on third-party systems for which you hold a valid, written engagement or authorisation.
  • Studying, analysing, and discussing techniques for defensive and research purposes.

Prohibited conduct

You must not:

  • Attack, scan, or attempt to gain unauthorised access to any system, network, account, or data that you do not own and are not authorised to test — including Trinetra's own infrastructure and other users.
  • Use the platform, labs, or learned techniques to commit, facilitate, or plan any crime, fraud, harassment, stalking, doxxing, or unauthorised surveillance.
  • Develop or distribute malware, ransomware, or exploits intended for real-world harm, or use the platform to stage, host, or proxy attacks against third parties.
  • Exfiltrate, sell, or publish flags, challenge solutions, or other users' data.
  • Circumvent security, sandboxing, resource limits, or rate limits; attempt to escape lab containers; or interfere with the integrity or availability of the Service.
  • Violate any applicable law, export-control restriction, or third-party rights.

Lab & infrastructure rules

Lab containers are isolated, ephemeral, and provided for single-user training. Targets within a lab are intentionally vulnerable fixtures — they are the only systems you are authorised to attack on the platform. You must not pivot from a lab to attack Trinetra's hosting environment, other tenants, the public internet, or any out-of-scope address. We monitor for abuse and may terminate sessions, throttle, or suspend accounts that breach these rules.

Malware & dangerous code

Some exercises involve analysing or writing malicious code for learning. Any such code must remain within the lab sandbox. You must not weaponise, deploy, or distribute it outside the platform, and you must not upload live malware, illegal content, or third-party intellectual property you have no right to use.

Your legal responsibility

Unauthorised access to or interference with computer systems is a serious criminal offence — for example under the Information Technology Act, 2000 in India, and under equivalent laws such as the Computer Fraud and Abuse Act in the United States and the Computer Misuse Act in the United Kingdom. Trinetra provides education only; you alone are responsible for how you apply what you learn. If in doubt about whether an activity is authorised, do not do it.

Reporting abuse & vulnerability disclosure

If you discover a genuine security vulnerability in Trinetra itself (not within an intentionally vulnerable lab fixture), please report it responsibly to security@trinetracyberdefense.com (or info@trinetracyberdefense.com) and give us reasonable time to remediate before any disclosure. Do not access other users' data while testing. To report abuse of the platform by another user, contact the same address.

Enforcement

We may investigate suspected violations and take any action we deem appropriate, including warning, throttling, suspending or terminating accounts, removing content, and cooperating with law enforcement and regulators. Serious violations may be reported to the relevant authorities. Termination for breach does not entitle you to a refund.

Contact

Questions about this policy? Contact TRINETRA CYBER DEFENSE PRIVATE LIMITED at info@trinetracyberdefense.com.