This policy defines the boundaries of permitted use of SPCTR and its infrastructure, including the spctrmail.com email masking service. Violations may result in immediate account termination and referral to law enforcement.
1. Purpose and Scope
This Acceptable Use Policy ("AUP") establishes the rules governing how users may use the SPCTR application and associated infrastructure operated by Bruiser CyberSec LLC. This AUP is incorporated by reference into the SPCTR Terms of Service and applies to all users, including those in Guest mode, Free, Plus, Pro, and Admin tiers.
The infrastructure covered by this AUP includes: the SPCTR web application and PWA; the spctrmail.com email alias and forwarding infrastructure; Netlify serverless functions; Supabase data storage; and any API endpoints or services operated by the Company in connection with SPCTR.
2. Permitted Uses
SPCTR is intended exclusively for lawful personal privacy and security use, including:
- Storing and managing your own passwords and credentials.
- Managing TOTP second-factor authentication secrets for your own accounts.
- Creating email mask aliases to protect your real email address when signing up for online services, with forwarding to your own email address.
- Checking whether your own passwords appear in known breach datasets, using the k-anonymity breach check feature.
- Generating strong random passwords for personal use.
- Syncing your own encrypted vault data across your own devices (Pro/Admin).
3. Prohibited Uses — General
The following uses of the SPCTR service are strictly prohibited:
- Unlawful activity: Using the Service to commit, facilitate, or conceal any activity that violates applicable local, state, federal, or international law.
- Unauthorized access: Using SPCTR to store credentials for accounts, systems, or data that you are not authorized to access.
- Malware storage: Storing or transmitting malware, ransomware, spyware, exploit code, or any other malicious software through the Service.
- Account abuse: Creating multiple accounts to circumvent tier limits, referral program restrictions, or rate-limiting controls.
- Credential stuffing: Using SPCTR-generated passwords or vault data in automated credential-stuffing or brute-force attacks against any system.
- Impersonation: Using SPCTR features (including email masks) to impersonate another individual, organization, or entity.
- Interference: Interfering with, disrupting, or attempting to gain unauthorized access to the Service, its servers, or related networks.
4. Prohibited Uses — Email Masking Service
The spctrmail.com email masking infrastructure is provided for legitimate personal privacy use only. The following uses are expressly prohibited:
- Spam and bulk messaging: Using a mask address to send, relay, or receive unsolicited bulk commercial email (spam).
- Phishing and fraud: Using mask addresses in phishing attacks, social engineering campaigns, account takeover attempts, or any form of online fraud.
- Malware distribution: Using mask addresses to distribute malware, ransomware, or malicious links.
- Harassment and abuse: Using mask addresses to harass, threaten, stalk, or abuse any individual.
- CAN-SPAM and anti-spam law violations: Using the email infrastructure in any manner that violates the CAN-SPAM Act, CASL, or any other applicable anti-spam regulation.
- Third-party forwarding abuse: Configuring mask forward addresses to relay mail to any address other than one you own and control.
- Circumventing email bans: Using mask addresses to re-register for services from which you have been banned or blocked.
- High-volume relay: Using mask addresses as part of any mass-mailing operation, marketing campaign, or automated email workflow.
The Company monitors aggregate usage patterns on the spctrmail.com domain for abuse indicators. Individual email content is not read by the Company; however, if a mask address is reported or detected as a source of abuse, we reserve the right to deactivate it immediately and terminate the associated account.
5. Breach Check Feature — Responsible Use
The breach check feature queries the HaveIBeenPwned API using k-anonymity. The following uses of this feature are prohibited:
- Automated or scripted batch querying of the HIBP API through SPCTR at a rate that exceeds fair personal use.
- Using the breach check feature to harvest breach data for commercial or research purposes without proper authorization from HIBP.
- Attempting to reconstruct breach databases or identify specific breach victims using results obtained through the Service.
6. Content and Data Standards
Data stored in the SPCTR vault is encrypted and inaccessible to the Company. However, you agree that the data you store does not include or relate to:
- Credentials for systems that you do not have authorization to access.
- Credentials used in connection with any criminal enterprise or illegal activity.
- Child sexual abuse material (CSAM) or any content illegal under applicable law.
7. Enforcement
We reserve the right — but not the obligation — to investigate any suspected violation of this AUP. Upon finding a violation, we may take any of the following actions at our sole discretion:
- Issue a warning to the account holder.
- Temporarily suspend access to specific features (e.g., email masking).
- Deactivate one or more email mask addresses.
- Suspend or permanently terminate the account.
- Remove or disable access to any content associated with the account.
- Report the activity to law enforcement, regulatory authorities, or affected third parties.
8. Reporting Violations
If you become aware of any use of SPCTR or spctrmail.com in violation of this AUP, please report it to [email protected]. Include as much detail as possible, including the nature of the violation, relevant email addresses or mask identifiers, and any supporting evidence.
9. Amendments
We may update this AUP at any time to reflect changes in our services, applicable law, or industry standards. We will notify registered users of material changes at least 14 days in advance via the email address on file.
10. Contact
Bruiser CyberSec LLC
Email: [email protected]