You and your users are prohibited from reselling, reverse engineering, or misusing the service in ways that harm Duo's platform or other users, including sending spam, transmitting malware, or attempting unauthorized access.
This analysis describes what Duo Security's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Violations of acceptable use restrictions are likely to constitute material breaches triggering the 30-day cure or termination provisions, and the broad scope of the restrictions means that even inadvertent misuse by an employee could create agreement risk.
Your organization is responsible for ensuring all employees and administrators comply with these restrictions, and a violation by any user under your account could trigger a breach of the agreement and potential service termination.
How other platforms handle this
Your use of certain Services may also be subject to acceptable use policies, available at xfinity.com/policies. For example, our Acceptable Use for Xfinity Internet Policy is available at xfinity.com/Corporate/Customers/Policies/HighSpeedInternetAUP.
You may not use the Service in a manner that violates any applicable laws or regulations, interferes with or disrupts AT&T's network, harms other users, or in ways that AT&T determines in its sole discretion are excessive, abusive, or otherwise inconsistent with AT&T's network management practices.
You may not access or use, or help another person to access or use our Services in any of the following circumstances: In violation of any applicable law or regulation. To develop products or services that compete with our Services, including to develop or train any artificial intelligence, machine ...
Monitoring
Duo Security has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"Customer shall not, and shall not permit any User or third party to: (a) license, sublicense, sell, resell, transfer, assign, distribute or otherwise commercially exploit or make available to any third party the Services; (b) modify or make derivative works based upon the Services; (c) reverse engineer or access the Services in order to build a competitive product or service; (d) use the Services to send spam or otherwise duplicative or unsolicited messages; (e) use the Services to send or store infringing, obscene, threatening, libelous, or otherwise unlawful or tortious material; (f) use the Services to store or transmit Malicious Code; (g) interfere with or disrupt the integrity or performance of the Services or the data contained therein; or (h) attempt to gain unauthorized access to the Services or their related systems or networks.— Excerpt from Duo Security's Duo Terms of Service
(1) REGULATORY LANDSCAPE: Acceptable use provisions interact with the Computer Fraud and Abuse Act in the U.S. with respect to unauthorized access restrictions. Clauses prohibiting transmission of illegal content may engage various federal and state laws depending on the nature of the content. (2) GOVERNANCE EXPOSURE: Low to Medium. The restrictions are standard and the primary governance risk is ensuring that all administrators and users are made aware of and trained on these obligations, as the customer bears responsibility for all activity under the account. (3) JURISDICTION FLAGS: The prohibition on transmitting unlawful material may have different implications in different jurisdictions depending on local definitions of unlawful content. (4) CONTRACT AND VENDOR IMPLICATIONS: Acceptable use policies should be incorporated into customer IT policies and employee agreements to create an enforceable downstream obligation on users consistent with the customer's contractual obligations to Duo. (5) COMPLIANCE CONSIDERATIONS: IT security teams should implement technical controls that reduce the risk of malicious code transmission or unauthorized access attempts through Duo-protected systems, as such incidents could constitute agreement violations regardless of customer intent.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Violations of acceptable use restrictions are likely to constitute material breaches triggering the 30-day cure or termination provisions, and the broad scope of the restrictions means that even inadvertent misuse by an employee could create agreement risk.
Your organization is responsible for ensuring all employees and administrators comply with these restrictions, and a violation by any user under your account could trigger a breach of the agreement and potential service termination.
ConductAtlas has identified this type of provision across 14 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Duo Security.