Acceptable Use Policy

Status: Human-voice rewrite, pending counsel review. Document version: 2026.05.01 Last updated: 2026-05-01 Effective date: 2026-05-01

What this means in plain English: Use the Service for your own trading and learning. Do not resell our signals, share your account, scrape our data, attack our systems, or use us to commit fraud. Break the rules badly enough and we will close your account without a refund.

This Acceptable Use Policy is part of the Terms of Service. By using the Service, you agree to it.

The rule behind every rule below: do not use the Service to harm us, our subscribers, or anyone else.

1. Things you may not do

1.1. Reselling or redistributing what we make

Without our written permission, you may not:

• (a) Resell, sublicense, redistribute, mirror, or republish any part of the Service or any signal, scan, alert, research note, scorecard, chart, or analytic.
• (b) Run a paid Telegram, Discord, WhatsApp, or other channel that pipes our signals to others.
• (c) Use our signals to manage money for clients (regulated or not), beyond your own personal account.
• (d) Use our signals to feed a competing product, including a copy-trading leaderboard, a third-party feed, or an aggregated signal marketplace.

The licence to access is personal. See terms_of_service.md §5.

1.2. Reverse engineering and scraping

You may not:

• (a) Reverse-engineer, decompile, disassemble, or otherwise try to derive the source code or algorithms behind the Service, except to the extent the law expressly forbids us from restricting that activity.
• (b) Use scrapers, crawlers, robots, or other automated tools to extract data, except through our published API and within the rate limits we publish.
• (c) Bypass rate limits, API key controls, or any security measures.
• (d) Use multiple accounts to get around quotas or trial restrictions.
• (e) Inspect, copy, or distribute internal endpoints, hidden flags, debug pages, or admin-only views even if you find them.

1.3. Sharing your account

• (a) One person, one account.
• (b) Do not share your credentials with anyone, even close family.
• (c) If we detect shared use across IPs, devices, or geographies that are not consistent with one person, we may suspend the account. Repeated or egregious sharing leads to termination without a refund.

1.4. Fraud, manipulation, and other illegal use

You may not use the Service to:

• (a) Plan or commit market manipulation, including coordinated pump-and-dump activity.
• (b) Trade on material non-public information.
• (c) Launder funds or evade sanctions.
• (d) Evade tax, including knowingly mis-attributing trading results to a different jurisdiction.
• (e) Impersonate another person or entity.
• (f) Submit fraudulent payment, identity, or KYC documents.

1.5. Harm to the platform

You may not:

• (a) Probe, scan, or test the security of the Service, except through our coordinated-disclosure programme (see section 4).
• (b) Attempt denial-of-service, flooding, or resource-exhaustion attacks.
• (c) Submit malware, prompt-injection payloads designed to exfiltrate data, or content that exploits a vulnerability.
• (d) Use the Service to attack a third party.

1.6. Harm to other users

You may not:

• (a) Send unsolicited messages, harassment, or spam through any feature the Service offers (support, community boards if introduced, comments).
• (b) Post content that is unlawful, defamatory, infringing, harassing, threatening, or otherwise tortious.
• (c) Use the Service to defraud or deceive other users.

1.7. Misuse of our branding

You may not use the Ikaay Capital name, logo, trade dress, or any associated identifier to:

• (a) Imply endorsement, partnership, or licensing where none exists.
• (b) Promote a website, social account, or product that competes with the Service.
• (c) Register a domain name, social handle, or trademark in any country.

Fair-use references in commentary, criticism, and review (a screenshot in a tweet, for example) are fine.

2. API rules

• (a) Each API key is issued to one subscriber. Do not share or resell it.
• (b) Stay within published rate limits. Bursts above the limit are best-effort.
• (c) Do not use the API to mirror our signals into a third-party product, even one that is not paid for.
• (d) Cache responses for at least the published cache window. Do not poll faster.
• (e) Identify your client by setting a User-Agent header that includes your account email or organization. We use this to debug and to contact you about issues.
• (f) Webhook endpoints you supply must respond to a POST within 5 seconds and accept at least 1 retry.

3. What happens if you break the rules

If we believe you have breached this policy, we may:

• (a) Issue a written warning.
• (b) Throttle or suspend access while we investigate.
• (c) Revoke your API keys.
• (d) Terminate the account, with or without refund depending on how serious the breach is.
• (e) Report the conduct to a regulator, law enforcement, or affected third party where the law requires us to.

For accidental breaches (a misconfigured cron polling too fast, for example), we usually warn first. For deliberate breaches (reselling signals, fraudulent KYC), we usually terminate first.

4. Coordinated security disclosure

If you find a security vulnerability:

• (a) Do not exploit it beyond the minimum needed to confirm it.
• (b) Do not access another user's data.
• (c) Email security@ikaaycapital.com with a proof of concept.
• (d) Give us a reasonable time to fix it before public disclosure (we suggest 90 days, longer if the issue is severe).

In return, we will not pursue you under this policy or applicable computer-misuse laws for the responsible-disclosure activity. We may pay a bounty depending on severity.

5. Changes

We may update this policy. We will notify you by email at least 30 days before any material change takes effect.

Change log