What you can — and can't — do with our shared spaces.

This policy applies to customer employees and contractors granted access to Avalon-controlled engagement environments, to public visitors using avalonweb.services and its resource downloads, and to anyone Avalon authorizes to use its name, brand, or partner badges.

When the engagement Master Services Agreement, Statement of Work, or customer security policy conflicts with this AUP, the customer-specific document governs the engagement.

• Access the resources, environments, and deliverables you have been explicitly invited to, for the purpose of the active engagement.
• Download published Avalon resources (workbooks, reference architectures, checklists) for internal review and use within your organization.
• Quote Avalon resources with attribution. If you'd like to republish more than a short excerpt, email sales@avalonweb.services for a license.

You may not:

• Access accounts, environments, repositories, or data you have not been explicitly granted access to.
• Attempt to circumvent identity, access, encryption, or audit controls — including by sharing your credentials with another person, by using another user's session, or by extracting tokens for use outside the sanctioned tooling.
• Run security testing, vulnerability scans, brute-force tools, automated load tests, or red-team operations against Avalon-controlled resources without prior written authorization. Authorized testing belongs on the Security page.
• Upload, host, or transmit unlawful content, malware, discriminatory material, content that violates third-party intellectual-property rights, or sensitive personal data outside the categories the engagement explicitly contemplates.
• Use Avalon resources to develop a directly competing offering, or to scrape, retrain, or fine-tune third-party machine learning models, without a separate written license.
• Misrepresent your affiliation with Avalon, use Avalon's name or partner badges outside the context Avalon has authorized, or imply a relationship that does not exist.
• Interfere with, degrade, or attempt to deny service to other engagement participants, Avalon staff, or platform vendors Avalon relies on.

Report suspected AUP violations to security@avalonweb.services. We triage AUP reports the same way we triage security reports: acknowledgment within one business day, action plan within five.

Avalon may, in its reasonable discretion, suspend or revoke access to engagement resources, remove offending content, refuse continued use of public resources, and — in the case of a customer engagement — escalate to the customer security and legal contacts named in the Statement of Work. Where the activity is unlawful, Avalon may report it to the appropriate authority and cooperate with their investigation.

Material AUP violations may be grounds for termination of the engagement under the Master Services Agreement, without affecting any other remedy available to Avalon at law or in equity.