This site uses cookies for analytics and to improve your experience. By clicking Accept, you consent to our use of cookies. Learn more in our privacy policy.

Acceptable Use Policy – World Risk Register & API

Overview and Purpose 

This Acceptable Use Policy governs your access to and use of Sibylline Ltd’s World Risk Register (WRR) services, including the ASTRA (together referred to as the “Services”). The Services provide geopolitical intelligence, strategic advisory, and risk assessment tools to help decision-makers mitigate risk and identify opportunities in their business and operational environments.

This Policy is designed to ensure thorough use of our services and by accessing or using our services, you agree to comply with this policy. 

Scope

This policy applies to all employees, WRR users and ASTRA users. 

Authorised Access and Account Security 

User Accounts 

  • Access to the Services is limited to authorised users within your organisation as specified in your subscription agreement. 
  • A standard subscription accommodates up to 15 users. Any significant increase in user numbers may incur additional charges. 
  • Each user must have unique login credentials and these must not be shared. 
  • Your organisation is responsible for all activities that occur under your users’ accounts. 

Account Security 

  • You are responsible for maintaining the confidentiality of your login credentials. 
  • You must immediately notify Sibylline of any unauthorised use of your account or any other security breach that involves IP relating to Sibylline. 
  • You must ensure that all users log out at the end of each session. 
  • Passwords should be strong and regularly updated in accordance with your organisation’s security policies. 

Permitted Use Internal Business Use 

The services and all content therein are provided for your organisation’s internal business use only. Each user may use the Services to:  

  • Assess geopolitical, cyber, hazards and health factors of countries. 
  • Identify trends and associated risks. 
  • Protect assets, personnel, and reputation from security threats. 
  • Forecast trends that could impact your organisation. 
  • Assess supply chain risks and regulatory environments. 

 
Analysis and Reporting 

You may incorporate insights from the Services into internal reports, briefings, and presentations provided that Sibylline is appropriately credited. 

Analytical outputs based on the Services must be used solely for the benefit of your organisation and its internal decision-making processes. 

Prohibited Use 

The following activities are strictly prohibited: 

Unauthorised Access and Security Violations  

  • Attempting to gain unauthorised access to the Services or related systems. 
  • Testing the vulnerability of the system or network. 
  • Circumventing authentication or security measures. 
  • Using automated tools, scripts, bots, or crawlers to access the Services. 

Content Restrictions 

  • Redistributing, selling, licensing, or otherwise making available any content from the Services to third parties without prior written consent from Sibylline. 
  • Systematically downloading, storing, or archiving substantial portions of the content. 
  • Removing proprietary notices or labels from the content. 
  • Creating derivative works based on the Services without authorization. 

 API Use and Rate Limits 

If you have access to the ASTRA API:  

  • Standard API access is limited to 2,000 calls per day (every 24 hours)  
  • Bulk data extraction should be scheduled during off-peak hours  
  • API credentials must be securely stored, never embedded in client-side code, and never shared 
  • API calls must comply with technical restrictions and data format requirements 
  • Each API request should include your organisation’s API key in the authentication header 
  • Caching of API responses is encouraged to minimise redundant calls 

Intellectual Property 

 Ownership 

All content, data, analyses, forecasts, risk scores, and other materials provided through the Services are owned by Sibylline and are protected by intellectual property laws. 

Your subscription grants you a non-exclusive, non-transferable licence to use the Services for the duration of your subscription. 

No ownership rights are transferred to you or your organisation through your use of the Services. 

Any improvements or suggestions you provide regarding the Services may be incorporated by Sibylline without any obligation of compensation. 

Permitted Citations 

You may cite limited portions of the content in internal communications, provided that you:  

  • Accurately credit Sibylline as the source. 
  • Do not alter the meaning or context of the cited material. 
  • Limit citations to what is reasonably necessary for your legitimate business purposes. 

External Communications 

You may not cite Sibylline analyses in external communications, press releases, or public documents without prior written approval. 

Requests for permission to cite Sibylline in external materials must be submitted at least 5 business days in advance. 

Derivative Works 

Reports combining Sibylline intelligence with other sources must be for internal use only. Risk models incorporating ASTRA scores must clearly indicate that Sibylline data forms only part of the assessment. Additionally, you may not create commercial products or services that incorporate or are derived from the Services. 

Data Protection and Confidentiality

Client Data  

  • Sibylline will process any personal data in accordance with applicable data protection laws. 
  • You agree not to upload or share sensitive personal data through the Services unless specifically agreed with Sibylline. 
  • Client search queries and usage patterns may be anonymised and aggregated for service improvement purposes. 

 
Confidentiality   

  • You will treat all information accessed through the Services as confidential. 
  • The Services and their content should not be discussed in public forums or social media. 
  • Intelligence reports and analyses should be classified as “Confidential” within your organisation’s information classification system. 

 
Data Localisation  

  • ASTRA platform data is hosted within the United Kingdom under GDPR regulations. 
  • For clients with specific regulatory requirements, special data handling arrangements can be discussed. 

Monitoring and Enforcement 

Usage Monitoring 

Sibylline reserves the right to monitor usage of the Services to ensure compliance with this Policy. We may collect and analyse metrics regarding your use of the Services for performance improvement and security purposes. 

Enforcement 

Sibylline reserves the right to investigate potential violations of this Policy. In the event of a violation, Sibylline may:  

  • Issue a warning. 
  • Temporarily suspend access to the Service. 
  • Permanently terminate access to the Services. 
  • Seek additional remedies as appropriate. 

 
In the event that Sibylline determines a violation of (or potential violation of) this Policy. the client will be notified via email.  Any termination of access (be it temporary or permanent) will not be subject to reimbursement for fees.   

Maintenance and Support 

Service Maintenance 

Sibylline may occasionally perform maintenance on the Services, which may cause temporary interruptions to accessibility. Where possible, planned maintenance will be communicated in advance. 

Technical Support 

Technical support is available during standard business hours (London time) via email. Support requests should be directed to your account manager,  the support channels specified in your subscription agreement or to support@sibylline.co.uk

Changes to this Policy 

Sibylline reserves the right to modify this Policy at any time. Material changes will be communicated to subscribers in advance of implementation. Continued use of the Services after such changes, constitutes acceptance of the modified Policy. 

Security Incident Reporting 

Users must promptly report any security incidents or suspected breaches related to the Services to Sibylline: 

  • Unauthorised access to the platform 
  • Credential compromise 
  • Unexpected system behaviour 
  • Suspected data leakage 
  • Evidence of attempted cyber attacks 

For urgent security matters, contact: tech@sibylline.co.uk    

Business Continuity 

Disaster Recovery 

Sibylline maintains a disaster recovery plan to ensure continuity of the Services. In the event of a major disruption, critical alerts will continue to be delivered via alternative channels. 

Service Level Commitments  

  • Standard platform availability: 99.5% (measured monthly, excluding scheduled maintenance). 
  • Maximum scheduled maintenance downtime: 8 hours per month. 
  • Critical security patches may be applied outside maintenance windows with minimal notice. 

  • Data Retention and Export 

Upon termination of your subscription, your user data will be retained for 30 days before deletion. Analytical content accessed during your subscription period cannot be accessed after termination.  

User Training and Access Management 

Client administrators must maintain an up-to-date list of authorised users. User access should be promptly revoked when employees leave the organisation or change roles, if you do not have the level of access to assign or deactivate accounts, you must notify your account manager. 

User accounts should be reviewed bi-annually to ensure only appropriate personnel maintain access. Privileged access should be limited to essential personnel only. 

Client can request changes to users t anytime by emailing their Client Support Manager directly, or by emailing clients@sibylline.co.uk

 Audit Rights 

 Compliance Verification 

Sibylline reserves the right to conduct periodic compliance reviews to ensure adherence to this Policy. With reasonable notice, Sibylline may request information about your usage patterns and implementation of the Services. 

Technical Audits 

For clients with API access, Sibylline may conduct technical audits of API usage. In the event of suspected misuse, Sibylline may request logs of API calls and evidence of secure implementation.

Remediation 

If audit findings reveal non-compliance, you will be provided with a remediation plan and 30 days to address issues. Failure to remediate significant compliance issues may result in service limitations or suspension as per Clause 8 

Contact Information 

If you have any questions about this policy or to report misuse, please contact:  

Sibylline Ltd 
329 China Works, London, SE1 7SJ 
+44 (0)20 3411 0697 
info@sibylline.co.uk  

Last Updated 11 July, 2025