Last updated: February 2026

Acceptable Use Policy

LeakJar provides tools exclusively for defensive security purposes. This policy defines how our services may and may not be used.

This policy is strictly enforced

Violations of this Acceptable Use Policy may result in immediate suspension or termination of your account, legal action, and reporting to relevant authorities.

Permitted Uses

LeakJar services are designed for and may only be used for the following legitimate, defensive security purposes:

Defensive Security Screening

Checking passwords submitted by your own users (at signup, login, or password reset) against known breached datasets to prevent the use of compromised credentials within your application.

Password Policy Enforcement

Integrating breach detection into your password policies to comply with NIST SP 800-63B, SOC 2, ISO 27001, or other security frameworks that recommend screening against known breached passwords.

Compliance & Audit

Using LeakJar's reporting and monitoring capabilities to demonstrate compliance with regulatory requirements and security standards related to credential hygiene.

Exposure Monitoring

Monitoring your organization's domains for credential exposure in data breaches to proactively protect your users and employees.

Prohibited Uses

The following uses of LeakJar services are strictly prohibited. Any attempt to use our services for these purposes will result in immediate action.

Credential Stuffing

Using LeakJar data or APIs to attempt unauthorized access to accounts on any service by testing breached credential pairs.

Unauthorized Access

Using our services to gain unauthorized access to any system, network, or account that you do not own or have explicit permission to test.

Offensive Security & Red Teaming

Using LeakJar services as part of offensive security operations, penetration testing against third-party systems without authorization, or any form of attack simulation without explicit written consent from the target organization.

Reselling or Redistributing Data

Reselling, sublicensing, or redistributing any data, results, or outputs obtained through LeakJar services to any third party.

Building Competing Services

Using LeakJar services to build, train, or improve a competing breached credential detection product or service.

Harassment or Doxxing

Using breach data to harass, threaten, blackmail, or expose individuals. This includes correlating breach data to identify or target specific individuals.

Bulk Data Extraction

Systematically querying our APIs to reconstruct, enumerate, or extract our underlying breached credential datasets.

Enforcement

LeakJar takes violations of this policy seriously. We actively monitor for abuse and investigate reports of policy violations.

Investigation

Upon becoming aware of a potential violation, LeakJar will investigate the matter. During investigation, we may suspend access to the Services as a precautionary measure.

Consequences

Depending on the severity and nature of the violation, consequences may include:

Written warning and required corrective action.
Temporary suspension of API access and account privileges.
Permanent termination of your account without refund.
Reporting to law enforcement or other relevant authorities.
Legal action to recover damages or enforce compliance.

Reporting Violations

If you become aware of any violation of this Acceptable Use Policy, we encourage you to report it immediately. Reports can be submitted to:

Email: abuse@leakjar.com
Security issues: security@leakjar.com

Please include as much detail as possible, including the nature of the violation, any supporting evidence, and the account or API key involved. All reports are treated confidentially.