Narion Research Technologies is an individual business and sole proprietorship owned and operated by its founder, conducting business under the trade name "Narion Research Technologies" in accordance with the laws of the Republic of India. Narion develops, operates, and maintains a proprietary quantitative market intelligence and analytics platform designed to serve the financial research and analytics community. Narion is not a company, corporation, or registered legal entity, and all obligations arising under this Policy are the direct obligations of the individual Proprietor in their personal capacity.

The primary purpose of this Acceptable Use Policy is to establish a clear, comprehensive, and legally enforceable framework governing the standards of conduct expected of all persons and entities accessing and using the Platform. This Policy is designed to accomplish the following objectives:

• Platform Integrity: To protect the technical integrity, operational reliability, and continuous availability of the Platform and its underlying infrastructure, data pipelines, and computational systems against unauthorized access, abuse, exploitation, and deliberate or negligent interference;
• Intellectual Property Protection: To safeguard Narion's substantial investment in the development of proprietary algorithms, statistical models, data structures, methodologies, and analytical frameworks that constitute the Platform's core intellectual property and competitive value;
• Data Protection and Confidentiality: To ensure that all data, outputs, and information accessible through the Platform are handled in accordance with the applicable contractual, statutory, and regulatory obligations governing data protection, confidentiality, and intellectual property rights;
• Legal Compliance: To ensure that the Platform is used exclusively in conformity with all applicable laws, regulations, regulatory directives, and professional standards, and to prevent the Platform from being used as an instrument for the commission of any unlawful act;
• User Community Protection: To maintain a Platform environment in which all authorized Users can access and utilize the Platform without disruption, degradation, or harm caused by the misconduct of other Users;
• Enforcement Framework: To provide a clearly articulated framework of prohibited conduct and corresponding consequences that Narion may invoke in the event of Policy violations, thereby ensuring consistent, proportionate, and legally defensible enforcement.

This Policy applies in its entirety, without limitation or exception, to:

• All natural persons accessing or using the Platform in any capacity, including individual subscribers, enterprise subscribers, institutional clients, trial account holders, beta testers, and any other category of registered or unregistered User;
• All legal entities and organizations accessing the Platform through their authorized personnel, agents, contractors, or representatives;
• All means of access to the Platform, including through Narion's web-based interface, mobile-based interface, API endpoints, data export functions, third-party integrations, and any other access mechanism;
• All activities conducted in connection with the Platform, whether those activities occur on or off the Platform itself, provided that they relate to or have material consequences for the Platform, its data, or Narion's proprietary systems;
• All persons granted temporary, trial, complimentary, or otherwise non-standard access to the Platform, who are bound by this Policy to the same extent as paying subscribers.

This Policy must be read alongside and interpreted consistently with the following documents, all of which are incorporated by reference:

• Terms of Service: The primary contractual instrument governing the legal relationship between Narion and the User. Both instruments apply cumulatively, with the ToS prevailing in the event of inconsistency;
• Privacy Policy: Governing the collection, processing, storage, and disclosure of personal data;
• API Usage Policy: Setting out specific additional obligations applicable to programmatic access through Narion's APIs;
• Subscription and Billing Policy: Governing the commercial terms of access, including the scope of data and feature access available at each subscription tier.

For the purposes of this Policy, the following terms bear the meanings ascribed to them below, in addition to and consistently with the definitions set forth in the Terms of Service:

In this Policy: (a) the singular includes the plural and vice versa; (b) references to any statute include amendments and re-enactments; (c) headings are for convenience only; (d) "including" means "including without limitation"; (e) "directly or indirectly" means whether through the User's own actions or through the facilitation, enablement, procurement, or authorization of any third party's actions; and (f) the word "shall" denotes a mandatory obligation.

All use of the Platform is governed by the following foundational principles, which inform the interpretation and application of every provision of this Policy:

Subject to the User's subscription tier, strict compliance with this Policy, and full compliance with the Terms of Service, the Platform is made available for the following Authorised Purposes:

• Quantitative Market Research: Use of the Platform's analytical outputs, data feeds, and visualization tools to conduct proprietary quantitative research into financial market microstructure, order flow dynamics, liquidity patterns, and related phenomena, for the User's own internal research objectives;
• Internal Business Intelligence: Use of Platform outputs to inform the User's own internal business, risk management, trading strategy, or investment research decisions, provided that such use remains entirely internal and does not involve onward disclosure to third parties;
• Back-Testing and Strategy Development: Use of Platform data and analytical outputs to develop, test, validate, and refine proprietary trading strategies, quantitative models, or analytical frameworks for the User's internal use;
• Educational and Analytical Study: Use of the Platform for personal, non-commercial educational study of quantitative finance, market microstructure, or related disciplines, within the scope of any educational subscription tier offered by Narion;
• Integration and Tooling for Internal Use: Development of internal scripts, tools, dashboards, or applications that consume the Platform's API outputs for the User's own internal use, strictly within the authorized rate limits and API usage restrictions applicable to the User's subscription tier.

All use of the Platform is subject to the following conditions, which apply implicitly and without need for express reference in any specific authorization:

• The User must at all times remain within the data access limits, API rate limits, feature scope, and seat or account limits applicable to their subscription tier;
• The User must not use any Authorised Purpose as a pretext for activities that are prohibited under this Policy or the Terms of Service;
• The User must maintain all required consents, licenses, and regulatory approvals necessary for their intended use of the Platform in their jurisdiction;
• Any use of Platform outputs in connection with decisions that affect third parties must be conducted with appropriate professional diligence, and Narion expressly disclaims all liability for the consequences of such decisions.

The User shall not, directly or indirectly, access, attempt to access, or facilitate access to any part of the Platform to which the User has not been explicitly and validly authorized under their subscription agreement. Specifically prohibited:

• Accessing any portion of the Platform using credentials that do not belong to the User, obtained by any means including theft, phishing, or social engineering;
• Accessing features, data tiers, API endpoints, or administrative interfaces outside the scope of the User's subscription tier, even where such access may be technically achievable due to a Platform misconfiguration or vulnerability;
• Using a trial account, free tier, or promotional access to consume resources, data, or functionality designated for paid subscription tiers;
• Gaining or attempting to gain access to the accounts, dashboards, data, or sessions of other Users, regardless of the technical method employed;
• Using automated or manual techniques to probe, map, enumerate, or catalogue the Platform's architecture, endpoints, data structures, or access controls beyond the User's legitimate operational needs.

• Exploiting any known or unknown vulnerability in the Platform's code, authentication systems, API logic, or data validation mechanisms to obtain unauthorized access, data, or privileges;
• Conducting or facilitating any security research against the Platform, including penetration testing, fuzzing, or vulnerability scanning, without Narion's express prior written authorization;
• Using knowledge of a vulnerability to access data or functionality beyond the User's authorization, even where the User intends to report the vulnerability (responsible disclosure must follow the process described in Article XII);
• Retaining, exploiting, sharing, or disclosing details of any discovered vulnerability to any third party without Narion's prior written consent.

The User shall not circumvent, disable, override, undermine, or otherwise interfere with any of the following security and access control mechanisms:

• Authentication systems, including password validation, multi-factor authentication, session management, and token-based authentication;
• Encryption mechanisms protecting data in transit or at rest, including any attempt to intercept, decrypt, or modify encrypted communications;
• Rate-limiting and throttling systems designed to prevent abuse of the Platform's computational resources and data access infrastructure;
• IP-based access controls, geographic restrictions, or subscription-tier gating mechanisms;
• Content Security Policies, CORS restrictions, and other browser and application-level security controls;
• Anti-scraping measures, CAPTCHA systems, bot detection mechanisms, and other User verification controls.

The User shall not share, transfer, sell, lend, or otherwise make available to any third party the User's account credentials, API keys, authentication tokens, or any other access mechanism associated with the User's account, except where Narion has expressly authorized multi-seat or enterprise access under the User's subscription tier. Each individual accessing the Platform must use credentials assigned specifically to them.

The User shall not impersonate Narion, any Narion employee or officer, any other User of the Platform, or any other person or entity in any communication, transaction, or interaction connected to the Platform, including email communications, support requests, API calls, or any other form of contact with Narion or other Users. Any attempt to misrepresent one's identity in connection with the Platform constitutes a material breach of this Policy.

The Platform and all of its constituent elements represent the exclusive proprietary intellectual property of Narion. The User shall not, directly or indirectly, engage in any of the following activities:

• Reverse Engineering: Any deliberate attempt to derive, reconstruct, replicate, or infer the internal logic, source code, algorithmic design, model architecture, or computational methodology of the Platform through analysis of its outputs, behavior, interface, API responses, or any other observable characteristic;
• Decompilation and Disassembly: Any attempt to decompile, disassemble, decode, or otherwise convert any component of the Platform from its compiled, encoded, or obfuscated form into a human-readable or interpretable form;
• Source Code Extraction: Any attempt to access, extract, copy, or reproduce the Platform's source code, configuration files, schema definitions, or other implementation-level artifacts, whether through technical exploitation, social engineering, unauthorized internal access, or any other means;
• Probing for Internal Logic: Any systematic, repeated, or structured querying of the Platform designed to probe, map, or characterize the internal logic, decision boundaries, sensitivity characteristics, or output distributions of Narion's proprietary models;
• Behavioral Cloning: The use of Platform outputs — whether individually or in bulk — to train, fine-tune, validate, calibrate, or otherwise inform any machine learning model, statistical model, or analytical system with the intent or reasonably foreseeable effect of replicating the Platform's predictive, classificatory, or analytical capabilities.

• Engage in any systematic analysis of Platform outputs designed to infer, approximate, or reconstruct the parameters, weights, thresholds, or decision rules of Narion's underlying models;
• Use statistical techniques, differential analysis, or adversarial probing to characterize the Platform's model behavior in sufficient detail to enable replication or approximation of that behavior;
• Publish, present, or otherwise communicate to any third party any analysis, characterization, or documentation of the Platform's algorithmic behavior, output patterns, or model architecture;
• Share any derived understanding of the Platform's internal logic with any person who is developing or seeking to develop a competing product or service.

• Using the Platform's methodological approach as a template, blueprint, or reference architecture for the development of a competing analytical system;
• Using the Platform's demonstrated capabilities to set performance benchmarks or design targets for a competing product or research initiative;
• Incorporating detailed knowledge of the Platform's analytical approach into patent applications, academic publications, or commercial product documentation in a manner that could enable third parties to replicate Narion's methods.

Narion recognizes the value of responsible security research in identifying and remediating security vulnerabilities. The prohibitions on probing and vulnerability exploration set out in Article IV do not preclude good-faith security research conducted strictly in accordance with Narion's Responsible Disclosure Policy (RDP), published on Narion's website. Researchers who identify potential security vulnerabilities are encouraged to report them to security@narionresearch.com before any public disclosure. Narion commits to acknowledging all such reports, investigating them promptly, and working cooperatively with researchers who comply with the RDP.

The User shall not use any automated tool, script, or method to extract, copy, harvest, or collect data from the Platform in volumes or at speeds that exceed what is reasonably necessary for the User's legitimate Internal Use within their subscription tier. The following specific forms of data extraction are categorically prohibited:

• Web Scraping: Use of any automated script, bot, crawler, spider, headless browser, or similar tool to extract data from any web-based interface of the Platform, where such extraction is not conducted through Narion's officially supported and authorized API;
• Bulk API Harvesting: Use of authorized API access to systematically retrieve, accumulate, and store the entire corpus of Platform data available to the User's tier, for any purpose other than genuine real-time or near-real-time Internal Use;
• Screen Scraping and Visual Extraction: Use of optical character recognition, screenshot automation, video capture, or any other technique to extract data from visual representations of Platform outputs in a manner that circumvents normal data access channels;
• Cross-Account Aggregation: Use of multiple accounts, API keys, or access credentials in coordination to aggregate data across access tiers, circumvent rate limits, or compile a dataset that no single account would be authorized to assemble;
• Dataset Mirroring: Creation of any copy, mirror, or replica of the Platform's datasets, data feeds, or historical data archives, whether in whole or in part, for any purpose other than transient caching necessary for the User's immediate operational requirements.

The User's access to Platform data and outputs confers a limited, personal, internal-use-only right. The User shall not:

• Sell, license, sublicense, lease, exchange, or otherwise transfer Platform data or outputs to any third party, whether for monetary consideration, non-monetary consideration, or gratuitously;
• Provide Platform data or outputs as an input, component, feature, or product to any third-party commercial service, subscription product, SaaS platform, data vendor, consulting service, or advisory service;
• Share, disclose, or communicate Platform data or outputs to any person outside the User's own organization;
• Create, operate, or contribute to any public API, public dashboard, public data feed, open data project, or any other mechanism through which Platform data or outputs are made accessible to persons who have not entered into a direct subscription agreement with Narion;
• Embed Platform data or outputs into any publicly accessible website, application, publication, research report, or social media content, except where Narion has specifically authorized such use in writing.

The User shall not use Platform data or outputs, in whole or in part, as a foundation, component, or ingredient in the creation of any product, service, or offering that is then commercialized, distributed, or made available to third parties, including but not limited to:

• Research reports, data products, or analytics services sold or distributed to clients or subscribers;
• Trading signals, strategy products, or quantitative research subscriptions derived from or informed by Platform outputs;
• Machine learning training datasets, benchmark datasets, or evaluation corpora compiled from Platform data;
• Academic or commercial publications that reproduce or are substantially informed by Platform data, beyond what is permitted by any applicable academic fair use doctrine, and without Narion's prior written consent.

The User agrees to consume Platform data in a manner that is proportionate to genuine operational needs. Narion reserves the right to monitor data consumption patterns and to limit, throttle, or suspend access where the volume or nature of the User's data consumption deviates materially from what is consistent with legitimate Internal Use within the User's subscription tier, even where such consumption does not technically violate a specified rate limit.

The User shall not, without Narion's express prior written consent:

• Use the Platform or any Platform outputs as a reference benchmark, performance baseline, evaluation standard, or comparative metric in any report, presentation, publication, or communication directed at or intended for third parties;
• Design or conduct any structured evaluation study, comparative performance test, or head-to-head competition involving the Platform and any competing product, service, or methodology, whether published publicly or shared with third parties;
• Publish or communicate any statistical characterization of the Platform's predictive accuracy, signal performance, reliability, or comparative advantages or limitations, whether derived from the User's own observations or from the Platform's own disclosed performance metrics;
• Present findings derived from Platform usage in any conference, seminar, webinar, or professional forum in a manner that describes, evaluates, or publicly characterizes the Platform's performance.

The User shall not publish, broadcast, post, cite, or otherwise make publicly available any specific metric, classification, probability estimate, score, signal, output, or derived result generated by the Platform, in a form that:

• Attributes the output directly or indirectly to Narion's Platform, in any forum or medium accessible to persons who are not authorized Users;
• Could enable a third party to evaluate, reverse-engineer, or draw conclusions about the Platform's analytical methodology, model architecture, or predictive capabilities;
• Could be used by a competitor to assess the Platform's commercial value, performance standards, or operational characteristics;
• Constitutes an unsolicited or unauthorized endorsement or criticism of the Platform's outputs in a professional or public context.

• Using the Platform as a data source, reference standard, or performance target for a competing quantitative analytics system;
• Using knowledge of the Platform's product design, user interface, feature set, data structures, or API architecture to inform the design of a competing product;
• Using Platform access to recruit, identify, or approach Narion's other Users as prospective customers for a competing service;
• Using Platform data outputs to train, calibrate, or validate any machine learning model intended for deployment in a competing commercial context.

Notwithstanding the restrictions set forth in this Article, the User may make general, non-specific reference to the existence of Narion's Platform as a tool used in the User's research process, provided that such reference: (a) does not disclose any specific metric, output, or performance characteristic of the Platform; (b) does not attribute any specific finding or result to the Platform's outputs; (c) does not constitute an evaluation, critique, or comparative assessment of the Platform; and (d) is limited to a brief, factual acknowledgement that the Platform was among the data tools employed in the research. Any use beyond this narrow exception requires Narion's express prior written authorization.

Where the User's subscription includes access to Narion's application programming interface (API), the following obligations apply:

• Rate Limit Compliance: The User shall not submit API requests at a volume or frequency that exceeds the rate limits applicable to the User's subscription tier. Rate limits are set at levels designed to ensure equitable Platform performance for all Users;
• Credential Confidentiality: API keys and authentication tokens are strictly personal and confidential. The User shall not embed API credentials in publicly accessible code repositories, share credentials with any third party, or deploy credentials in any environment without appropriate access controls;
• Authorized Endpoints Only: The User shall access only those API endpoints, data fields, and functional capabilities that are explicitly documented and available under the User's subscription tier;
• Non-Aggregation Across Accounts: The User shall not use multiple accounts, keys, or access points in coordination to aggregate data, circumvent rate limits, or access a combined volume of data that exceeds what any single authorized account may access.

• Deliberate or negligent generation of excessive request loads, including retry storms, runaway automation loops, or polling patterns that place unreasonable demand on Platform infrastructure;
• Systematic probing of the API response behavior through variations in request parameters designed to map or characterize the Platform's data model or undocumented behavioral characteristics;
• Intentional manipulation of request timing, sequencing, or structure to circumvent rate-limiting algorithms or detection mechanisms;
• Use of the API for any purpose that would reasonably be expected to degrade the quality or responsiveness of the Platform for other Users.

• Distributed Denial of Service (DDoS) attacks or any other form of volumetric, protocol, or application-layer attack designed to render the Platform unavailable or degraded;
• Any form of DNS poisoning, BGP hijacking, ARP spoofing, man-in-the-middle attack, or other network-level attack targeting Narion's infrastructure or communications;
• Targeted exploitation of third-party services, cloud providers, or content delivery networks used by Narion as part of the Platform's delivery infrastructure;
• Any technique designed to cause Platform servers, databases, or computational resources to allocate excessive resources in response to crafted inputs, including algorithmic complexity attacks, hash-flooding, XML bombs, or related techniques.

• Malware, viruses, worms, Trojan horses, ransomware, spyware, adware, rootkits, or any other form of malicious software or code;
• Logic bombs, time bombs, backdoors, or any mechanism designed to cause damage, unauthorized access, or disruption upon the occurrence of a specified event or condition;
• Exploits, shellcode, or payloads designed to take advantage of any vulnerability in the Platform or its underlying infrastructure;
• Any crafted input — whether in query parameters, API payloads, header fields, or any other input vector — designed to trigger unexpected behavior, error conditions, or security failures in the Platform.

The User is responsible for implementing appropriate technical practices to maintain the security of their API credentials, including: rotating API keys periodically and whenever there is any reason to suspect a key may have been compromised; storing API keys exclusively in server-side environments with appropriate access controls and not in client-side code, version control systems, or unencrypted configuration files; revoking and replacing any key that has been exposed, even if no actual unauthorized use is known to have occurred; and reporting any compromise or suspected compromise of API credentials to security@narionresearch.com without delay.

The User shall not use the Platform, directly or indirectly, for any purpose that is unlawful, fraudulent, deceptive, tortious, defamatory, or otherwise prohibited under applicable law in any jurisdiction relevant to the User's activities. This prohibition is comprehensive and absolute and applies regardless of whether the Platform's direct role in any unlawful activity is causal, facilitative, or merely incidental. The User assumes sole and exclusive legal responsibility for ensuring that all use of the Platform complies with all applicable laws in every jurisdiction applicable to the User's activities.

The User shall not use the Platform or any Platform outputs in connection with any form of financial fraud or market manipulation. The following specific activities are categorically prohibited:

• Market Manipulation: Using Platform outputs as part of any scheme to artificially influence the price, supply, demand, or perceived quality of any financial instrument, commodity, cryptocurrency, or other traded asset, including through coordinated buying or selling, layering, spoofing, quote stuffing, wash trading, or pump-and-dump schemes;
• Insider Trading Facilitation: Using Platform data or outputs in combination with material non-public information to trade, or to advise, assist, or facilitate the trading of any financial instrument in violation of applicable securities laws governing insider trading;
• Front-Running: Using knowledge of other market participants' pending orders or activities, whether derived from Platform data or otherwise, to engage in front-running transactions in violation of applicable regulatory requirements;
• Fraud and Misrepresentation: Using Platform outputs as part of any scheme to deceive, defraud, or misrepresent the nature, performance, or characteristics of any investment product, service, or strategy to any third party;
• Unlicensed Advisory Services: Providing advice, recommendations, or trading signals derived from Platform outputs to third-party clients in any jurisdiction where the provision of such services requires a regulatory license, registration, or authorization that the User does not hold.

• Transacting in or facilitating transactions involving any financial instrument, asset, or payment on behalf of or for the benefit of any person or entity listed on any applicable sanctions list, including the OFAC SDN List, the UN Security Council sanctions list, or equivalent lists maintained by the Government of India, the European Union, or the United Kingdom;
• Providing any information, analytical service, or Platform access to any person or entity in a jurisdiction that is subject to comprehensive trade sanctions or financial embargoes;
• Using Platform data or outputs to facilitate, evaluate, structure, or execute any transaction that would be prohibited under applicable anti-money laundering (AML), counter-terrorism financing (CTF), or know-your-customer (KYC) requirements.

The User is solely responsible for ensuring that all use of the Platform complies with all applicable regulatory requirements in every jurisdiction relevant to the User's activities, including requirements governing: the receipt, processing, and use of financial market data and analytics under applicable securities and commodities regulations; the provision of investment research, market commentary, and analytical services under applicable financial services regulations; data protection and privacy obligations applicable to the User's own business operations; and anti-money laundering and counter-terrorism financing obligations applicable to the User's own business activities.

The User shall not use the Platform or any communication channel provided by Narion in connection with the Platform to engage in any form of harassment, intimidation, abuse, defamation, or threatening behavior directed at Narion's personnel, other Users, or any third party. The User shall engage with Narion's support, compliance, and administrative personnel in a respectful, professional, and good-faith manner at all times.

The security of the Platform depends not only on the technical measures implemented by Narion but also on the security practices adopted by each individual User. Each User bears a direct and non-delegable obligation to implement and maintain appropriate security practices in connection with their use of the Platform. The failure to maintain adequate security is itself a breach of this Policy, regardless of whether any actual harm results from such failure.

The User shall implement and maintain the following minimum account credential security standards:

• Password Strength: The User shall select a password that meets Narion's minimum password strength requirements and that is not reused from any other service or application;
• Password Confidentiality: The User shall not share, disclose, or otherwise make available their account password to any other person under any circumstances, including Narion's own support personnel (Narion will never request a User's password);
• Password Rotation: The User shall change their account password promptly if there is any reason to believe it may have been compromised, exposed, or guessed by an unauthorized party;
• Multi-Factor Authentication: The User is strongly encouraged to enroll in multi-factor authentication (MFA) where offered by the Platform and shall do so where Narion makes MFA mandatory for a particular subscription tier;
• Device Security: The User shall ensure that the devices from which they access the Platform are protected by appropriate security measures, including up-to-date operating system patches, reputable security software, and device-level authentication.

• Secure Storage: API keys and authentication tokens shall be stored exclusively in secure, server-side environments, in encrypted configuration stores or secrets management systems, and never in plaintext in version control systems, public code repositories, client-side code, or unencrypted configuration files;
• Principle of Least Privilege: Where the Platform offers API credentials with different permission scopes, the User shall use credentials with the minimum scope necessary for the User's intended integration;
• Credential Rotation: The User shall periodically rotate their API credentials in accordance with their own security policies and shall rotate credentials immediately upon any known or suspected exposure;
• Monitoring: The User shall monitor their own API usage for signs of unauthorized use, including by reviewing API usage logs and setting up appropriate alerting mechanisms.

The User shall notify Narion immediately upon becoming aware, or having reasonable grounds to suspect, that any of the following events have occurred:

• Unauthorized access to the User's account, including access through compromised credentials, session hijacking, or any other means;
• Compromise, exposure, or unauthorized disclosure of any API key, authentication token, or other access credential associated with the User's account;
• Attempted or successful intrusion into the User's systems in a manner that could have caused or did cause unauthorized access to Platform data or Narion's infrastructure;
• Discovery of any security vulnerability in the Platform, whether encountered accidentally or through authorized testing;
• Any other security incident that the User believes may have a material impact on the integrity or confidentiality of Platform data or Narion's systems.

The User acknowledges and agrees that: (a) all activity occurring through the User's account is the User's responsibility, regardless of whether such activity was authorized by the User; (b) Narion is not liable for any loss, damage, or harm suffered by the User or any third party as a result of the User's failure to maintain adequate account or API credential security; and (c) the User may be held liable for losses suffered by Narion or other Users that are caused or materially contributed to by the User's failure to comply with the security obligations set forth in this Article.

Narion reserves the right, and where necessary exercises the obligation, to monitor, log, analyze, and investigate activity on and through the Platform for the purposes of ensuring compliance with this Policy, detecting and responding to security threats, maintaining Platform integrity and availability, and fulfilling Narion's legal and regulatory obligations. Monitoring activities may include automated logging of all API requests, automated detection of usage patterns that deviate from established norms, manual review of usage logs by Narion's security or compliance personnel, analysis of Platform usage data at aggregate and individual account levels, and use of third-party security tools and threat intelligence feeds. The User acknowledges that such monitoring constitutes a necessary and proportionate measure to protect the legitimate interests of Narion and all Platform Users.

Where Narion has reasonable grounds to suspect that a User may have engaged in a Prohibited Activity, Narion may investigate the suspected violation by reviewing usage logs and account activity data, requesting the User to provide an explanation of specific usage patterns, engaging independent forensic or security experts, preserving evidence for potential use in legal proceedings, or coordinating with law enforcement agencies and regulatory authorities. During the pendency of an investigation, Narion may, at its sole discretion, place restrictions on the suspected account's access, reduce API rate limits, suspend specific features, or temporarily suspend access in its entirety.

The specific consequence or combination of consequences applied in any particular case shall be determined by Narion at its sole discretion, having regard to the nature, severity, duration, and impact of the violation, the User's compliance history, and any mitigating or aggravating circumstances:

To the fullest extent permitted by applicable law, Narion shall not be liable to the User for any loss, damage, or harm — including loss of business, loss of data, or reputational harm — arising from Narion's exercise of any enforcement right described in this Article, provided that such enforcement action was not manifestly disproportionate to the confirmed or suspected violation. Narion's good-faith exercise of monitoring, investigative, and enforcement rights does not constitute a breach of any contractual obligation owed to the User.

The User has a positive obligation under this Policy to report to Narion any known or suspected violation of this Policy by any other User or third party, where such violation comes to the User's attention in the course of using the Platform. This obligation extends to:

• Discovery of evidence that another User is engaged in scraping, unauthorized redistribution, or systematic extraction of Platform data;
• Discovery of evidence that credentials or access to the Platform have been compromised and are being used by unauthorized persons;
• Receipt of unsolicited offers to purchase or exchange Narion Platform data or outputs from persons who appear to be redistributing such data in violation of this Policy;
• Any other situation where the User has credible evidence of a material violation of this Policy by a third party.

All violation reports should be submitted to Narion at security@narionresearch.com. Reports may be submitted anonymously where the reporting User prefers not to be identified. Narion shall investigate all reports received in good faith and shall maintain appropriate confidentiality regarding the identity of the reporting User where requested.

Narion operates a Responsible Disclosure Policy (RDP) for the reporting of security vulnerabilities identified in the Platform. Researchers who discover potential vulnerabilities are protected from legal liability provided they:

• Report the vulnerability to Narion at security@narionresearch.com before any public disclosure, with sufficient technical detail to enable Narion to reproduce, investigate, and remediate the vulnerability;
• Do not exploit the vulnerability beyond what is strictly necessary to demonstrate its existence and assess its potential impact;
• Do not access, copy, modify, destroy, or disclose any data encountered during the course of the vulnerability investigation;
• Do not conduct any testing on live production systems without Narion's explicit prior written authorization;
• Provide Narion with a reasonable period of time — not less than ninety (90) calendar days from the date of initial report — to investigate and remediate the vulnerability before any public disclosure.

Narion commits to acknowledging receipt of all vulnerability reports within forty-eight (48) hours, to communicating with the researcher regarding the progress of investigation and remediation, and to providing appropriate recognition to researchers whose good-faith reports enable Narion to address material security vulnerabilities. Narion shall not initiate legal action against researchers who comply fully with the RDP.

Narion shall not retaliate against any User who, in good faith, reports a suspected violation of this Policy, submits a security vulnerability report under the RDP, or cooperates with Narion's investigation of a suspected violation. Narion recognizes that the willingness of Users to report potential violations and security issues contributes materially to the security and integrity of the Platform.

Narion reserves the right to amend, modify, supplement, or replace this Policy at any time, at its sole discretion, to reflect changes in Platform capabilities, applicable law, regulatory guidance, security threat landscape, or Narion's operational requirements. All modifications shall be effective from the date of publication on Narion's official website, unless a later effective date is specified.

Where a proposed modification constitutes a material change to this Policy — including any change that expands the categories of Prohibited Activities, increases the scope of enforcement rights, introduces new monitoring capabilities, or materially alters the User's obligations — Narion shall provide advance notice of not less than fourteen (14) calendar days before the modified Policy takes effect, by:

• Email notification to the registered account email address, describing the nature of the material changes in plain and accessible language;
• Prominent notice on the Platform's dashboard or relevant administrative pages;
• Where required by applicable law, an affirmative acceptance mechanism prior to continued Platform access under the modified Policy.

Where the User continues to access or use the Platform following publication of a modified Policy without objecting, such continued use constitutes acceptance of the modified Policy. Users who object to a material modification may terminate their subscription and cease use of the Platform in accordance with the Terms of Service.

This Policy is a component of and supplements the Terms of Service. The rights, obligations, and consequences described in this Policy are in addition to and not in lieu of those set forth in the Terms of Service. All enforcement rights available to Narion under the Terms of Service, including the right to terminate access for cause, the right to seek damages, and the right to seek injunctive relief, are preserved and apply cumulatively with the rights set out in this Policy.

If any provision of this Policy is held by a court of competent jurisdiction to be invalid, illegal, or unenforceable under applicable law, such provision shall be modified to the minimum extent necessary to make it valid, legal, and enforceable. The validity, legality, and enforceability of the remaining provisions of this Policy shall not be affected or impaired.

Any failure or delay by Narion in exercising any right, power, or remedy under this Policy shall not operate as a waiver of that right, power, or remedy. Narion's tolerance of any particular violation, or its decision not to enforce this Policy in any particular instance, shall not be construed as a waiver of Narion's right to enforce this Policy in any future instance, whether involving the same violation, the same User, or any other violation or User.

This Policy shall be governed by and construed in accordance with the laws of the Republic of India. All disputes arising out of or relating to this Policy shall be subject to the exclusive jurisdiction of the courts located in New Delhi, India, in accordance with the dispute resolution provisions of the Terms of Service.

This Policy, together with the Terms of Service and all incorporated policies, constitutes the complete and exclusive statement of the parties' agreement with respect to the acceptable use of the Platform and supersedes all prior discussions, representations, or agreements on that subject matter.

For questions regarding this Policy, suspected violations, security reports, or any other matter related to acceptable use of the Platform, the User may contact Narion through the following channels: