Will you tell my regulator, insurer, or the press?

No. Nothing leaves this channel without your explicit consent. We don't notify regulators, file insurance claims, or speak to media on your behalf.

Are you law enforcement?

No. We are a private incident-response practice. We don't share details with law enforcement unless you instruct us to.

How much does this cost?

Triage is free. After we understand the situation, we quote a fixed scope. Most engagements are completed for a single defined fee, paid on completion.

What should I do right now, before opening the channel?

Don't power off affected machines, don't wipe or reinstall, don't reply to the attacker, don't change passwords company-wide yet. Open the channel first; we'll guide the next 30 minutes.

How fast do you respond?

Median first response is under 5 minutes during active hours. If we're momentarily offline, an alert reaches a responder's phone immediately.

Legal · 05

Acceptable Use Policy

Last updated · 30 May 2026

This Acceptable Use Policy ("AUP") sets out what the Hackastra incident response service may and may not be used for. It applies to every visitor and client of Hackastra Infosec FZ-LLC ("Hackastra"). By opening a channel or engaging Hackastra, you agree to comply with this AUP.

1. Permitted use

You may use Hackastra to:

Respond to a cyber incident affecting systems, accounts, or data that you own or are duly authorised to investigate.
Seek triage and guidance on suspected intrusions, data leaks, ransomware, impersonation, or digital extortion targeting you, your family, your customers, or your organisation.
Engage Hackastra to perform forensic trace analysis, take-down coordination, or remediation work within an agreed scope.
Communicate confidentially with a Hackastra responder using an alias.

2. Prohibited use

You must not use Hackastra to:

Commit, plan, attempt, or facilitate any act that is unlawful under the laws of the United Arab Emirates or any other jurisdiction with which the conduct has a substantial connection.
Attack, intrude into, exfiltrate from, or interfere with systems, networks, accounts, devices, or data that you do not own or are not authorised to test.
Coordinate or commission "hack-back" or retaliatory actions against any party.
Solicit Hackastra to develop, sell, or deploy malware, exploits, stalkerware, or surveillance tooling against third parties.
Use the service to harass, stalk, dox, defame, threaten, or harm any person.
Use the service to launder funds, transfer proceeds of crime, evade sanctions, or finance prohibited activity.
Destroy, conceal, or tamper with evidence that you are obliged to preserve.
Impersonate another person, company, or counsel.
Reverse engineer, scrape, or systematically harvest content from hackastra.com beyond ordinary use.
Disrupt, overload, or attempt to compromise the integrity of the channel or the operator console.

3. Sensitive data in the channel

For your own protection, you must not share the following in the channel:

Credentials, passwords, API keys, private keys, seed phrases, or session tokens.
Live personally identifiable information of third parties (names, IDs, payment card numbers, full health records, etc.) unless and until your responder confirms a secure channel.
Material that is protected by legal privilege without first considering privilege implications.

A responder will, where useful, move the conversation to an out-of-band, end-to-end encrypted channel before reviewing such material.

4. Vulnerability information

If your incident involves vulnerabilities in third-party software or services, you must not use Hackastra to broker, sell, or exploit those vulnerabilities. We will, where appropriate, assist with responsible disclosure to the relevant vendor or coordinator.

5. Compliance with law

You are responsible for your own compliance with applicable laws, including UAE Federal Decree-Law No. 34 of 2021 on Combating Rumours and Cybercrimes, the UAE PDPL, and any sector-specific obligations applicable to your business. Hackastra may decline or terminate any engagement where compliance is in doubt.

6. Enforcement

Hackastra may, at its sole discretion and without prior notice:

Suspend or close any channel.
Terminate any engagement.
Decline to issue or honour an engagement letter.
Preserve relevant communications where we reasonably suspect a breach of this AUP, including for the purpose of cooperating with a valid order of a competent authority.

Where the law obliges us to report particular conduct, we will do so. Where it does not, we will not.

7. Reporting abuse

If you believe someone is misusing the Hackastra service, please email legal@hackastra.com with as much detail as you can safely share.

8. Changes

We may update this AUP from time to time. Changes will be reflected on this page with a revised effective date.