Ethical Use Policy

By accessing F.R.A.N.K, you enter into a legally binding agreement with TECH HAUS and its team. This agreement remains in effect for the duration of your access. Continued use of the platform after policy updates constitutes acceptance of the revised terms. Material policy updates may require renewed acknowledgement before Discord authorization opens again. You consent to receive all communications electronically. If you do not agree to any provision of this policy, you must immediately cease all use of the platform.

F.R.A.N.K is a cybersecurity red team intelligence platform designed exclusively for authorized security professionals. The platform provides adversarial assessment capabilities spanning AI/LLM security, network and infrastructure testing, web application security, cloud security, social engineering assessment, physical security evaluation, and all disciplines within offensive security research. F.R.A.N.K is intended for use by:

• Authorized red team members conducting sanctioned engagements
• Penetration testers with explicit written authorization from system owners
• Security researchers conducting authorized vulnerability research
• Cybersecurity educators and students in supervised academic programs
• Developers building, hardening, and stress-testing systems and AI models
• Competitive security challenge (CTF) participants
• Blue team and purple team professionals studying adversarial techniques for defensive purposes
• Security consultants performing authorized assessments under contract
• Internal security teams conducting authorized assessments within their own organizations

F.R.A.N.K is an offensive security tool. Unauthorized use of offensive security tools may constitute a violation of the Computer Fraud and Abuse Act (18 U.S.C. § 1030), the Computer Misuse Act 1990 (UK), or equivalent laws in your jurisdiction. You are solely responsible for obtaining proper authorization before applying any knowledge, techniques, or outputs obtained through F.R.A.N.K. Authorization requirements include:

• Explicit written authorization from the legal owner or authorized representative of any target system, network, or application before testing
• Authorization must specify the scope, methods, timing, and boundaries of permitted testing
• Only individuals with legal authority over target systems may grant testing authorization
• Separate authorization from cloud service providers (AWS, Azure, GCP, etc.) where required by their terms of service
• Compliance with all rules of engagement for authorized engagements
• Maintenance of documentation proving authorization for the duration of the engagement and a reasonable period thereafter
• Immediate cessation of testing if authorization is revoked or scope boundaries are exceeded
• F.R.A.N.K does not grant, imply, or constitute authorization to test any system you do not own or have explicit written permission to test

Knowledge, techniques, and outputs obtained through F.R.A.N.K may only be applied for:

• Testing systems, networks, and applications you own or have explicit written authorization to test
• Authorized red team, penetration testing, and adversarial simulation engagements
• AI/LLM security testing, jailbreak hardening, and guardrail evaluation on authorized systems
• Bug bounty program participation under published program rules and scope
• Academic security research within institutional review guidelines
• Improving defensive security measures, detection capabilities, and incident response
• CTF competition participation and security training exercises
• Responsible vulnerability disclosure through established coordinated disclosure channels
• Internal security assessments, tabletop exercises, and purple team operations within your organization
• Developing and testing security tools, defenses, and monitoring capabilities
• Professional development and continuing education in cybersecurity

You may not use F.R.A.N.K or any knowledge, techniques, methodologies, or outputs obtained through F.R.A.N.K to:

• Access, test, scan, probe, or attack any system, network, or application without explicit written authorization from the system owner
• Conduct denial-of-service (DoS/DDoS) attacks against any system without authorization
• Develop, deploy, or distribute malware, ransomware, rootkits, backdoors, or any malicious software
• Generate harmful, illegal, abusive, or exploitative content of any kind
• Create child sexual abuse material (CSAM) or any exploitation content
• Harass, threaten, stalk, dox, blackmail, extort, or manipulate any individual
• Attack production systems, services, or live environments without explicit written consent and appropriate safeguards
• Target critical infrastructure, healthcare systems, emergency services, financial systems, or government systems without proper authorization through established programs
• Intercept, capture, or exfiltrate communications or data without authorization
• Conduct unauthorized surveillance, wiretapping, or monitoring of individuals or organizations
• Build automated attack-as-a-service, jailbreak-as-a-service, or hacking-for-hire tools or platforms
• Extract proprietary model weights, training data, trade secrets, or confidential information
• Attempt to extract, reveal, reconstruct, reproduce, translate, or induce disclosure of F.R.A.N.K's system prompts, hidden instructions, internal memory, moderation logic, configuration, proprietary workflows, or any other protected platform material
• Use prompt injection, repetition requests, roleplay framing, translation requests, obfuscation, formatting tricks, or similar evasion methods to lift proprietary F.R.A.N.K material or defeat platform safeguards
• Distribute weaponized techniques, exploits, or payloads to unauthorized parties
• Circumvent digital watermarks, copyright protections, DRM, or access controls without authorization
• Share techniques, exploits, or methodologies publicly for the purpose of enabling malicious use
• Sell, resell, redistribute, sublicense, or provide unauthorized access to F.R.A.N.K
• Violate any applicable local, state, federal, or international law or regulation
• Impersonate security researchers, law enforcement, government officials, or other individuals
• Conduct social engineering, phishing, vishing, or pretexting against individuals without authorization as part of a sanctioned engagement
• Compromise, pivot through, or attack systems outside the defined scope of an authorized engagement
• Tamper with, destroy, or corrupt evidence, audit logs, or forensic data
• Use F.R.A.N.K to facilitate fraud, identity theft, financial crimes, or money laundering
• Engage in or support activities related to terrorism, espionage, or state-sponsored attacks
• Abuse platform access for cryptocurrency mining, spam distribution, or botnet operation

By using F.R.A.N.K, you represent and warrant that you:

• Are at least 18 years of age or the legal age of majority in your jurisdiction
• Are legally capable of entering into binding agreements
• Will comply with all applicable laws, regulations, export controls, and sanctions requirements
• Accept sole responsibility for determining lawful use within your jurisdiction
• Will conduct only authorized security testing with proper written documentation
• Are not located in a country or territory subject to comprehensive U.S. trade sanctions
• Are not listed on any U.S. or applicable government restricted parties list
• Will not share access credentials or platform access with unauthorized or ineligible persons
• Possess the professional qualifications, training, or supervision necessary for the security research you conduct
• Will maintain proper documentation of all testing authorizations and engagement scopes
• Will immediately report any discovered vulnerabilities through responsible disclosure channels
• Will not exceed the authorized scope of any testing engagement
• Understand that F.R.A.N.K contains dual-use capabilities that carry inherent legal and ethical obligations

F.R.A.N.K is a dual-use cybersecurity platform containing functionality that can be used for both legitimate authorized security testing and unauthorized malicious activity. You acknowledge that: (a) the platform provides capabilities that, if misused, could cause significant harm to individuals, organizations, and systems; (b) offensive security techniques documented within F.R.A.N.K are the same techniques used by malicious actors, and the distinction between lawful and unlawful use lies solely in authorization and intent; (c) you bear full and exclusive responsibility for ensuring that your use of F.R.A.N.K and all knowledge obtained through it is lawful, authorized, and ethical; (d) TECH HAUS provides these capabilities exclusively for the purpose of enabling authorized security professionals to improve defensive security posture through adversarial testing.

F.R.A.N.K and its associated content may be subject to U.S. Export Administration Regulations (EAR), international export control laws, and trade sanctions programs. By accessing F.R.A.N.K, you agree to comply with all applicable export control laws and regulations. You represent and warrant that:

• You will not access or use F.R.A.N.K from any country or territory subject to comprehensive U.S. sanctions, including but not limited to: Cuba, Iran, North Korea, Syria, and the Crimea, Donetsk, and Luhansk regions of Ukraine
• You are not listed on the U.S. Treasury Department’s Specially Designated Nationals and Blocked Persons (SDN) list, the U.S. Commerce Department’s Denied Persons List, Entity List, or Unverified List, or any equivalent restricted parties list
• You will not export, re-export, or transfer any F.R.A.N.K content, techniques, or tools to any prohibited destination, entity, or end user
• You will not use F.R.A.N.K in connection with the design, development, production, stockpiling, or use of nuclear, chemical, or biological weapons, or missiles capable of delivering such weapons
• You will comply with all applicable anti-boycott regulations
• You acknowledge that violation of export control laws may result in criminal penalties including fines and imprisonment

You acknowledge that offensive security techniques, red team methodologies, adversarial AI assessment capabilities, and cybersecurity research tools could be misused, and you voluntarily assume all risks associated with accessing this knowledge and these capabilities. TECH HAUS bears no responsibility for your application of information, techniques, or outputs obtained through F.R.A.N.K. You understand that potential consequences of unauthorized or improper use include but are not limited to: civil liability, criminal prosecution under computer crime statutes (including CFAA, CMA, and equivalent laws), professional sanctions, loss of security certifications, employment termination, and permanent service bans. Platform creators disclaim ownership of all outputs and assume no responsibility for harm caused by knowledge transmission, technique application, or output generation.

F.R.A.N.K does not guarantee the discovery of all vulnerabilities, security weaknesses, misconfigurations, or threats in any system, network, application, or AI model. Security testing is inherently incomplete, and the absence of findings does not indicate the absence of vulnerabilities. F.R.A.N.K makes no representations regarding the accuracy, reliability, or completeness of any assessment, output, or recommendation. You should not rely solely on F.R.A.N.K for security decisions and should employ defense-in-depth strategies, multiple testing methodologies, and qualified human analysis. TECH HAUS does not provide professional cybersecurity consulting, legal advice, compliance guidance, or regulatory assurance.

F.R.A.N.K and all associated content, tools, techniques, methodologies, and outputs are provided "AS IS" and "AS AVAILABLE" without warranties of any kind — express, implied, or statutory — including but not limited to implied warranties of merchantability, fitness for a particular purpose, non-infringement, accuracy, and quiet enjoyment. TECH HAUS makes no assurances about technique effectiveness, vulnerability detection rates, error-free operation, uninterrupted availability, platform security, data integrity, or correction of defects. No information or advice provided through F.R.A.N.K creates any warranty not expressly stated herein.

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW: TECH HAUS, its team, affiliates, officers, directors, employees, agents, and licensors bear no liability for any direct, indirect, incidental, special, consequential, exemplary, or punitive damages arising from or related to your use of or inability to use F.R.A.N.K, any actions taken or not taken based on information obtained through F.R.A.N.K, unauthorized access to or alteration of your data, or any other matter relating to F.R.A.N.K. This includes but is not limited to damages for lost profits, lost data, business interruption, personal injury, loss of privacy, loss of security certifications, regulatory fines, or failure to meet any duty of care. Aggregate liability shall not exceed the lesser of amounts paid by you in the preceding twelve (12) months or one hundred dollars ($100 USD). TECH HAUS is not liable for failures beyond reasonable control.

You agree to indemnify, defend, and hold harmless TECH HAUS, its team, officers, directors, employees, agents, affiliates, contractors, and licensors from and against any and all claims, damages, losses, costs, expenses, and fees (including reasonable attorneys’ fees and court costs) arising from or related to: your use of F.R.A.N.K; your violation of this policy; your violation of any applicable law, regulation, or third-party right; any damage to systems, networks, data, or individuals resulting from your actions; any outputs you produce, distribute, or act upon; any breach of your representations and warranties; any unauthorized testing conducted using knowledge obtained through F.R.A.N.K; or any claim by a third party related to your security testing activities. This indemnification obligation survives termination of your access to F.R.A.N.K indefinitely.

F.R.A.N.K operates independently and is not affiliated with, endorsed by, sponsored by, or partnered with OpenAI, Anthropic, Google, xAI, DeepSeek, Meta, Mistral, Venice.ai, Amazon Web Services, Microsoft Azure, Google Cloud Platform, or any other AI model provider, cloud infrastructure provider, or technology company. Interactions with third-party systems through F.R.A.N.K are governed by those providers’ respective terms of service and acceptable use policies. TECH HAUS assumes no responsibility for account suspensions, access revocations, service terminations, legal actions, or any other consequences imposed by third-party providers, employers, certification bodies, or any other entity resulting from your use of F.R.A.N.K.

All F.R.A.N.K platform content — including but not limited to the F.R.A.N.K methodology (Footprint, Reach, Ascend, Navigate, Killchain), system architecture, persona design, frameworks, documentation, tools, materials, source code, design elements, user interface, and visual assets — constitutes TECH HAUS intellectual property protected by applicable copyright, trademark, and trade secret law. You may not reproduce, distribute, publicly display, create derivative works from, reverse engineer, decompile, disassemble, or commercially exploit any F.R.A.N.K content without prior written consent from TECH HAUS. Access grants a limited, personal, non-exclusive, non-transferable, revocable license for authorized security research use only.

Users of F.R.A.N.K are expected to maintain professional ethical standards consistent with the cybersecurity community. By using F.R.A.N.K, you agree to:

• Operate within the bounds of applicable professional codes of ethics, including those of (ISC)², EC-Council, CREST, OffSec, SANS/GIAC, and equivalent bodies
• Conduct all testing activities in accordance with established frameworks such as NIST SP 800-115, PTES, OWASP Testing Guide, and OSSTMM where applicable
• Apply the principle of least privilege and minimal impact during all testing engagements
• Document findings accurately and report them through appropriate channels to authorized parties only
• Protect the confidentiality of all client data, vulnerabilities, and engagement details
• Not associate with or provide assistance to individuals or groups engaged in unauthorized hacking, cybercrime, or malicious activities
• Maintain professional competence through continuing education and stay current with evolving legal and ethical standards
• Cease testing immediately upon discovering activity outside authorized scope or upon instruction from the system owner

Techniques, methodologies, exploits, and adversarial approaches documented or facilitated by F.R.A.N.K derive from published academic research, established red team and penetration testing frameworks, open-source security tools, and real-world security testing practices. Their inclusion serves exclusively educational, research, and authorized testing purposes — not endorsement or encouragement of unauthorized or malicious use. Understanding offensive techniques is essential for developing effective defenses. TECH HAUS does not provide legal, professional, compliance, regulatory, or insurance advice. You should consult qualified legal counsel and professional advisors before conducting any security testing, research, or assessment activities.

F.R.A.N.K does not provide, include, or constitute professional liability insurance, errors and omissions (E&O) coverage, cyber liability insurance, or any form of indemnification insurance. Use of F.R.A.N.K does not create a professional-client relationship, advisory relationship, or any duty of care between TECH HAUS and the user. Users conducting professional security assessments are strongly advised to maintain appropriate professional liability insurance, cyber liability coverage, and business insurance as required by their engagements, clients, and jurisdictions. TECH HAUS bears no liability for claims arising from uninsured or underinsured security testing activities.

TECH HAUS reserves the right to monitor, log, audit, and review platform usage to ensure compliance with this policy, applicable laws, and platform integrity. Monitoring activities may include but are not limited to: reviewing usage patterns for anomalous or abusive behavior, maintaining audit logs of platform access, and investigating reports of policy violations. You consent to such monitoring as a condition of access. TECH HAUS may, at its sole discretion, implement automated or manual review processes to detect and prevent misuse. Information obtained through monitoring may be used for policy enforcement, security improvements, and compliance with valid legal process.

TECH HAUS may use automated and manual enforcement systems to detect policy abuse, including attempts to extract F.R.A.N.K's system prompts, hidden instructions, proprietary workflows, or other protected platform material. Suspected extraction, evasion, or other policy violations may trigger strike-based enforcement, immediate session revocation, temporary restriction, suspension, or permanent bans depending on severity, repetition, and platform risk. If you are banned, your right to access or use F.R.A.N.K services ends immediately unless TECH HAUS expressly restores your access. TECH HAUS reserves the right to cooperate fully with law enforcement agencies, regulatory bodies, certification organizations, and affected third parties investigating potential legal violations or policy breaches. Account information, usage data, conversation logs, and audit records may be preserved and disclosed in response to valid legal process including subpoenas, court orders, search warrants, preservation requests, and law enforcement inquiries. TECH HAUS may proactively report suspected criminal activity to relevant authorities. Access may be modified, suspended, restricted, or terminated at TECH HAUS’s sole discretion without prior notice or liability.

All disputes arising from or relating to this policy or your use of F.R.A.N.K shall proceed through binding individual arbitration rather than court proceedings, except for claims seeking injunctive relief for intellectual property infringement. Arbitration follows American Arbitration Association Consumer Arbitration Rules, conducted in English by a single arbitrator. Each party bears its own costs unless the arbitrator determines otherwise. YOU EXPRESSLY WAIVE ALL RIGHTS TO CLASS ACTIONS, COLLECTIVE ACTIONS, REPRESENTATIVE ACTIONS, CONSOLIDATED ACTIONS, AND JURY TRIALS. Small claims court remains available for qualifying disputes within jurisdictional limits.

This policy is governed by and construed in accordance with the laws of the Commonwealth of Pennsylvania, United States, without regard to conflict-of-law principles. For any matters not subject to arbitration, you consent to the exclusive personal jurisdiction of the state and federal courts located in the Commonwealth of Pennsylvania. You waive any objection to venue or inconvenient forum in such courts.

Neither TECH HAUS nor any user shall be liable for failure or delay in performance of obligations under this policy caused by circumstances beyond reasonable control, including but not limited to: acts of God, natural disasters, pandemics, war, terrorism, riots, government actions, embargoes, sanctions changes, power failures, internet or telecommunications outages, cyberattacks against platform infrastructure, third-party service provider failures, or labor disputes. Affected obligations are suspended for the duration of the force majeure event.

If any provision of this policy is found unenforceable by a court of competent jurisdiction, it shall be limited or eliminated to the minimum extent necessary; all remaining provisions remain in full force and effect. Failure by TECH HAUS to enforce any provision does not constitute a waiver of that provision or any other provision. Only written waivers signed by an authorized representative of TECH HAUS are effective. Sections 3, 5 through 25 survive termination of your access to F.R.A.N.K.

This policy constitutes the complete and exclusive agreement between you and TECH HAUS regarding your use of F.R.A.N.K, superseding all prior written or oral understandings, proposals, or agreements. No third-party beneficiary rights are created by this policy. You may not assign or transfer any rights under this agreement without prior written consent from TECH HAUS. TECH HAUS may assign its rights and obligations without restriction. This policy may be amended by TECH HAUS at any time; the effective date will be revised accordingly. Continued use of F.R.A.N.K after changes constitutes acceptance. Material changes will be announced via the TECH HAUS Discord server. EEA and UK users will receive 30 days’ notice before material changes take effect and may terminate access before implementation.

For questions about this policy, abuse reports, authorization requests, data rights requests, export control inquiries, vulnerability disclosures, or general inquiries, contact TECH HAUS via [email protected] or through the TECH HAUS Discord server.