Acceptable Use Policy

Effective Date: March 1, 2026 | Version 1.0 | Last Updated: March 2026

This Acceptable Use Policy ("Policy") governs the use of the Varanic platform and all associated services, APIs, and documentation (collectively, the "Service") provided by Varanic LLC ("Varanic," "we," "us," or "our"). By accessing or using the Service, you ("Customer," "you," or "your") agree to comply with this Policy. This Policy supplements our Terms of Service and is incorporated therein by reference.

1. Introduction

Varanic provides an AI-powered financial monitoring and credit analysis platform designed for private equity firms, private credit funds, and institutional investors. This Policy establishes the acceptable and prohibited uses of the Service to ensure a secure, reliable, and compliant experience for all users.

All users of the Service, including administrators, authorized team members, and any individual accessing the platform on behalf of a customer organization, are expected to adhere to this Policy at all times. Violation of this Policy may result in suspension or termination of access to the Service.

2. Permitted Use

The Service is intended for legitimate business purposes within the scope of financial analysis and portfolio management. Permitted uses of the Service include:

Counterparty Financial Monitoring: Tracking and analyzing the financial health and creditworthiness of counterparties, borrowers, and portfolio companies.
Credit Analysis: Performing credit assessments, financial statement spreading, ratio analysis, and trend evaluation using the platform's analytical tools.
Portfolio Management: Managing and organizing counterparty data, configuring monitoring alerts, and maintaining portfolio-level oversight and reporting.
Regulatory Compliance: Utilizing the platform to support compliance obligations, including covenant monitoring, financial reporting, and audit trail maintenance.
Reporting: Generating reports, exporting data, and sharing analyses with authorized internal stakeholders for legitimate business decision-making.

3. Prohibited Activities

The following activities are strictly prohibited when using the Service. This list is not exhaustive, and Varanic reserves the right to determine whether any particular use violates this Policy:

Unauthorized Access and Security Testing

Attempting to gain unauthorized access to any portion of the Service, other user accounts, computer systems, or networks connected to the Service.
Conducting penetration testing, vulnerability scanning, or security assessments of the Service without prior written authorization from Varanic. Authorized security researchers should contact [email protected] to coordinate responsible testing.

Credential Sharing and Unauthorized Users

Sharing login credentials, API keys, session tokens, or authentication codes with unauthorized individuals.
Allowing access to the Service by individuals who are not authorized under your organization's subscription agreement.
Creating accounts for individuals who are not authorized to access the Service on behalf of your organization.

Malicious Content

Uploading, transmitting, or introducing any malware, viruses, trojans, worms, ransomware, spyware, or other malicious code or software.
Uploading or executing unauthorized scripts, bots, or automated programs that may compromise the integrity or security of the Service.

Circumventing Security Controls

Bypassing, disabling, or attempting to circumvent any security measures, including multi-factor authentication, rate limiting, access restrictions, or session controls.
Interfering with or attempting to defeat authentication mechanisms, encryption, or access control systems.

Unauthorized Data Collection

Scraping, crawling, or using automated means to extract data from the Service beyond the scope of authorized API access and established rate limits.
Reverse engineering, decompiling, disassembling, or otherwise attempting to derive the source code, algorithms, or data structures of the Service.
Systematically downloading or extracting data in a manner that exceeds normal usage patterns or authorized API limits.

Illegal and Unauthorized Use

Using the Service for any purpose that violates applicable local, state, national, or international laws or regulations.
Processing data through the platform for which you do not have proper authorization, consent, or legal basis.
Using the Service to facilitate fraud, money laundering, insider trading, or any other unlawful financial activity.

Identity Misrepresentation

Misrepresenting your identity, organizational affiliation, or authorization level when accessing or using the Service.
Impersonating other users, administrators, or Varanic personnel.

Service Interference

Taking any action that imposes an unreasonable or disproportionately large load on the Service's infrastructure.
Interfering with the availability, performance, or proper functioning of the Service for other users.
Attempting to deny service or degrade performance of the platform through volumetric attacks, resource exhaustion, or other means.

4. Data Responsibilities

Customers are responsible for the accuracy, legality, and appropriateness of all data uploaded to or processed through the Service. Specifically:

You represent and warrant that you have all necessary rights, permissions, and authorizations to upload and process any financial data submitted to the platform.
You shall ensure that the use of any third-party data processed through the Service complies with all applicable licensing agreements, data use restrictions, and intellectual property rights.
You shall not upload personal data of individuals to the platform unless you have obtained the appropriate consent or have a lawful basis for processing in accordance with applicable data protection laws.
You are responsible for maintaining the confidentiality and integrity of data exported from the platform and for ensuring that such data is shared only with authorized recipients.

5. Account Security

Users are responsible for maintaining the security of their accounts and must adhere to the following requirements:

Strong Passwords: Maintain passwords that comply with the platform's password policy, including minimum length and complexity requirements. Passwords must not be reused across services.
Multi-Factor Authentication: Enable and maintain multi-factor authentication (MFA) on all accounts. MFA must not be disabled without administrator authorization.
Incident Reporting: Report any suspected account compromise, unauthorized access, or security incident to [email protected] immediately upon discovery.
API Key Protection: API keys and authentication tokens must be stored securely, rotated periodically, and never embedded in client-side code, public repositories, or shared documents.
Session Management: Log out of the platform when not in active use, particularly on shared or public devices. Do not share active sessions with other users.

6. Monitoring and Enforcement

Varanic monitors usage patterns and system activity for security purposes and to ensure compliance with this Policy. Monitoring activities include:

Rate Limiting: Automated enforcement of API and endpoint rate limits to prevent abuse and ensure fair resource allocation across all customers.
Anomaly Detection: Monitoring for unusual access patterns, authentication anomalies, and suspicious activities that may indicate a security threat or policy violation.
Audit Logging: Comprehensive logging of user actions, system events, and administrative activities for security investigation and compliance purposes.

Violations of this Policy may result in the following enforcement actions, at the sole discretion of Varanic:

A written warning notifying the customer of the violation and requesting immediate corrective action.
Temporary suspension of the offending user's account or the customer's access to the Service pending investigation.
Permanent termination of the customer's subscription and access to the Service.
Referral to appropriate law enforcement authorities where the violation involves illegal activity.

Varanic will make reasonable efforts to notify the customer of any enforcement action prior to or concurrently with the action being taken, except where immediate action is required to protect the security or integrity of the Service.

7. Reporting Violations

If you become aware of any violation of this Policy, or if you observe any activity that you believe may constitute a security threat or abuse of the Service, please report it promptly:

Security and Compliance Team

Varanic LLC

Email: [email protected]

All reports will be reviewed and investigated in a timely manner. Varanic will take appropriate action to address confirmed violations and will provide updates to the reporting party where appropriate and permissible. Good-faith reporting of violations will not result in adverse action against the reporting individual.

8. Changes to This Policy

Varanic reserves the right to modify, amend, or update this Policy at any time. Material changes to this Policy will be communicated to customers with at least thirty (30) days' advance notice via email notification to the account administrator or through a prominent notice within the platform.

Your continued use of the Service following the effective date of any modifications to this Policy constitutes your acceptance of the revised terms. We encourage all users to review this Policy periodically to stay informed of any changes.

The current version of this Policy is always available at varanic.ai/acceptable-use.