RedRadar Technologies Acceptable Use Policy

---

Last updated: April 2026

This Acceptable Use Policy ("AUP") sets out the conduct expected of clients, authorized users, and other parties who access or use the RedRadar platform, including the VAULT collection engine, and any related services (together, the "Services"), provided by RedRadar Technologies Ltd. ("RedRadar," "we," "us," "our").

The AUP applies to every client and every authorized user, regardless of jurisdiction, in addition to the terms of any Master Services Agreement or other contract under which the Services are provided. Where a contract addresses the same conduct, the contract governs as between RedRadar and the client; this AUP defines the minimum baseline.

If you do not agree to comply with this AUP, you may not access or use the Services.

The Services are provided to support legitimate intelligence, security, defense, and research activities of governments, defense and security organizations, and selected enterprises operating in alignment with such missions.

Permitted use includes, without limitation:

• Open-source intelligence collection, analysis, and reporting in support of national security, defense, counterintelligence, force protection, and similar mandates.
• Threat assessment, exposure monitoring, and pattern-of-life analysis directed at adversary infrastructure, entities, and personnel where the activity falls within the user's lawful authority.
• Research and policy work conducted by authorized analysts.
• Any other use expressly authorized in a written agreement with us.

You must not use the Services, attempt to use the Services, or permit any third party to use the Services for any of the following purposes.

You must not use the Services to target, profile, surveil, harass, intimidate, doxx, or otherwise act against an individual on the basis of their:

• Race, ethnicity, national origin, or immigration status.
• Religion or absence of religion.
• Sexual orientation, gender identity, or gender expression.
• Lawful political opinion or political affiliation.
• Lawful trade union, professional, or civic activity.
• Lawful journalistic, academic, or research activity.
• Lawful protest or peaceful dissent.

This restriction applies regardless of whether the conduct is otherwise permitted in your jurisdiction.

You must not use the Services to identify, monitor, profile, or develop targeting packages on journalists, human rights defenders, civil society organizations, opposition political figures, or others engaged in lawful civic activity, in any country, regardless of the user's home jurisdiction.

You must not use the Services to plan, support, or facilitate:

• Acts of violence in violation of applicable law, including domestic and international humanitarian law.
• Extrajudicial detention, rendition, or similar conduct that violates applicable law.
• Acts intended to coerce, intimidate, or punish individuals for lawful conduct.

You must not use the Services in any manner that violates:

• Export control laws and regulations of Israel, the United States, the European Union, the United Kingdom, or other applicable jurisdictions.
• Sanctions regimes administered by the foregoing or by the United Nations.
• Any other applicable law, regulation, or court order.

You must not provide access to the Services to, or use the Services on behalf of, any party listed on a sanctions or denied-parties list applicable to you or to us.

You must not, without our prior written consent:

• Resell, sublicense, or redistribute the Services or their output (unless approved by RedRadar in a written form).
• Provide access to the Services to any third party that is not an authorized user under your agreement with us.
• Use the Services to provide commercial services to third parties.
• Aggregate, repackage, or republish data accessed through the Services for sale or distribution.

You must not:

• Attempt to gain unauthorized access to the Services, to other clients' environments, or to underlying infrastructure.
• Probe, scan, or test the vulnerability of the Services except under an authorization we have provided in writing.
• Introduce malware, exploits, or unauthorized automation into the Services.
• Reverse-engineer, decompile, or disassemble the Services, except as required by applicable law.
• Use the Services to develop a competing product.
• Use the Services or any of their output to train automated systems, machine learning models, or large language models.
• Circumvent or attempt to circumvent any access control, audit log, rate limit, or use restriction.

You must not misrepresent your identity, your organization, your jurisdiction, your intended use case, or the parties on whose behalf you are using the Services. Material misrepresentation in onboarding or in use is itself a breach of this AUP.

Each client is responsible for:

• The conduct of every authorized user it permits to access the Services.
• Maintaining the security and confidentiality of access credentials.
• Promptly revoking access for any individual who is no longer authorized.
• Notifying us promptly if it becomes aware of any actual or suspected breach of this AUP, of unauthorized access, or of misuse of the Services.
• Compliance with all laws applicable to its use of the Services, including data protection, export control, and sector-specific regulation.

The use of the Services by a client's authorized users in violation of this AUP is treated as a breach by the client.

If you become aware of conduct that violates this AUP — by another user, another client, or any third party — please report it to us.

For broader concerns relating to misuse of our products in the context of human rights, see our Human Rights Statement and write to us.

We treat reports confidentially and will not retaliate against anyone who raises a concern in good faith.

We may, at our discretion and in addition to any rights we have under the relevant contract:

• Investigate suspected violations, including by reviewing logs and auditing client use to the extent permitted by the contract and applicable law.
• Suspend access to the Services, in whole or in part, while an investigation is underway.
• Require corrective action by the client.
• Terminate the relevant agreement, with the consequences described in that agreement.
• Cooperate with law enforcement, regulators, or oversight bodies where appropriate.
• Make a public statement about a termination or suspension where we determine that doing so is appropriate and lawful.

We are not obligated to monitor client activity for AUP compliance, but we reserve the right to do so where the contract permits and where we consider it appropriate. A client's failure to enforce this AUP within its own organization does not relieve the client of liability for breaches.

We may update this AUP from time to time to reflect changes in our practices, in legal or regulatory requirements, or in the nature of the Services. The "Last updated" date at the top of this page reflects the most recent change. Material changes will be communicated to active clients through the contractual channel specified in the relevant agreement.

Continued use of the Services after a change has been notified constitutes acceptance of the updated AUP.

This AUP should be read together with:

• The Privacy Statement
• The Human Rights Statement
• The Cookie Statement
• The Master Services Agreement or other contract under which you access the Services

In the event of a conflict between this AUP and the relevant contract, the contract governs as between us and the client. In the event of a conflict between this AUP and applicable law, applicable law governs.