Acceptable Use Policy

What Cordon is

Cordon analyses your own trade-compliance control stack to find structural coverage gaps — the gaps that exist between controls, not within any single control, and that single-point audit tools cannot detect. The engine examines how your rules compose as a system, and surfaces combinations where the rule set does not collectively prevent an outcome you would want it to prevent.

Concretely: Cordon analyses your export-control, sanctions, rules-of-origin, and customs rule set (for example, your UK export-control regime, your OFSI sanctions screening, your HMRC obligations, your EU dual-use compliance, your US BIS / OFAC exposure) and identifies coverage gaps that emerge from how controls interact. It is a defender-side structural audit tool for internal trade-compliance and GRC teams. Every finding is paired with a remediation — the purpose is to close the gap, not to take advantage of it.

What Cordon is not

To prevent misunderstanding:

• Cordon is not a sanctions-screening or named-party-screening service. It does not replace OFSI, EU, or OFAC list checks; it analyses the structure of the controls the Customer has in place around those lists.
• It is not a customs-broker service. HS classification, licensing decisions, and final clearance remain the responsibility of the Customer and its qualified customs advisors.
• It is not a due-diligence tool for third-party counterparties. It is not designed for, and must not be used for, analysing the trade-compliance posture of entities the Customer does not own, operate, or have express written authorisation to assess.
• It is not a substitute for legal, regulatory, or compliance advice. Findings are structural observations about the rule set as submitted. Decisions about remediation, disclosure, and regulatory engagement remain the responsibility of the Customer and the Customer's qualified advisors.

Who is authorised to use Cordon

Cordon is licensed for use by the internal trade-compliance, export-control, sanctions, or GRC team of the Customer organisation (as defined in the Terms of Service), and by authorised individuals (employees, contractors, secondees, agency workers) acting on the Customer's behalf.

Cordon is not authorised for use by:

• External parties analysing third-party systems without express written authorisation from the system owner (for example: trade-compliance consultancies acting on a client engagement outside a written mandate, external auditors analysing an audit target, due-diligence providers analysing counterparties);
• Parties conducting competitive intelligence against entities they do not own or operate;
• Parties conducting analysis of rule sets, controls, or frameworks the Customer does not own or have express authorisation to assess.

Customers acting as trade-compliance consultancies or advisors may use Cordon on behalf of their own clients only where they have express written authorisation from the client to perform structural analysis of the client's own rule set, and that authorisation is available on request.

Prohibited uses

Use of Cordon for any of the following is prohibited and constitutes a material breach of the Terms of Service:

1. Unauthorised third-party analysis. Submitting, for structural analysis, rule sets, controls, or frameworks that the Customer does not own, operate, or have express written authorisation to assess.
2. Facilitation of trade offences. Using Findings to plan, prepare, or facilitate any act that would constitute an offence under applicable trade law — including, without limitation: breach of UK trade sanctions administered by OFSI, breach of export controls administered by HMRC or the Export Control Joint Unit, breach of EU dual-use regulation or sanctions regimes, breach of US export control or re-export obligations administered by BIS or OFAC, breach of customs or rules-of-origin obligations, or any other trade-related offence under the laws applicable to the Customer or the counterparty.
3. Competitive intelligence. Using Cordon to derive structural understanding of a competitor's, supplier's, or counterparty's trade-compliance posture for commercial advantage, except where the Customer owns or operates the relevant rule set or has express authorisation to assess it.
4. Preparation of third-party system circumvention. Using Cordon, or information derived from Cordon, to identify coverage gaps in third-party trade-compliance systems with the intent of exploiting, circumventing, or otherwise taking advantage of those gaps.
5. Circumventing Cordon's authorisation controls. Sharing credentials, bypassing the authorisation attestation at rule-set ingestion, creating accounts under false organisational identity, or otherwise defeating the product's identity and scope controls.
6. Resale or sublicensing. Making Cordon, its Findings, or information derived from Cordon available to any third party outside the terms of the Customer's licence.

Misuse reporting

If you believe that a Cordon user is using the product in breach of this policy or the Terms of Service, or if you are a third party affected by such use, please report the concern to:

security@ianura.com

Please include, so far as you are able:

• a description of the conduct you believe to be in breach;
• any evidence available (screenshots, timestamps, account identifiers);
• the context in which you became aware of the conduct (for example, as a party affected by it, as an observer of public information, or through another route);
• your identity and contact details (where you are content to provide them), or an indication that you wish to report anonymously.

Response timeline

Ianura commits to the following response timeline for misuse reports:

• Within five (5) business days of receipt: acknowledge the report, confirm the channel of further correspondence, and indicate whether further information is required to proceed.
• Investigation: Ianura will investigate the report in good faith, proportionate to the seriousness of the allegation. The investigation may involve account review, usage-log inspection, and direct correspondence with the reported party.
• Within thirty (30) business days of receipt: respond to the reporter with the outcome of the investigation, including (to the extent consistent with law and with the privacy of the reported party) what action has been taken.

Where the report concerns conduct that may constitute a criminal offence or a serious regulatory breach — including a credible report of sanctions-evasion activity, export-control breach, or customs fraud — Ianura may extend the investigation timeline where necessary, and may notify OFSI, HMRC, the ECJU, or any other relevant competent authority, in each case consistent with the reporting-rights provisions of the Terms of Service.

Consequences of confirmed misuse

Where Ianura confirms that a customer has used Cordon in breach of this policy or the Terms of Service, Ianura may, depending on the seriousness of the breach:

• issue a written warning requiring remediation within a specified period;
• suspend the customer's access pending remediation;
• revoke the customer's licence and terminate the subscription (in accordance with the Terms of Service); and
• where the breach involves unlawful activity, notify the relevant competent authority in accordance with the Terms of Service.

Repeat or serious breaches result in immediate licence revocation without refund.

Updates to this policy

This policy may be updated from time to time. The version published on this site at any given time is the operative version. Material updates will be notified to customers by email, in accordance with the variation procedure in the Terms of Service.

A version history of material changes to this policy is maintained at /acceptable-use/history. Previous versions are archived and accessible.

Contact

• Misuse reports: security@ianura.com
• General queries: legal@ianura.com