Last updated: July 5, 2026
dontpoke.me exists to help people research and protect themselves — not to help anyone target, harass, or harm others. This policy is part of our Terms of Service and applies to everyone using the Service, including via the API and browser extension.
Prohibited Uses
You may not use dontpoke.me to:
- Harass, stalk, dox, or intimidate another person, including using breach-lookup or social-footprint results to locate, expose, or target someone against their will
- Facilitate illegal activity, including fraud, unauthorized account access, phishing, or identity theft
- Attempt to gain unauthorized access to systems, accounts, or data based on information obtained through our tools
- Circumvent rate limits or usage quotas through multiple accounts, automation, or other workarounds not permitted by your plan
- Scrape, bulk-export, or resell tool outputs or datasets beyond what your plan (including Business API access) explicitly permits
- Reverse engineer, decompile, or probe the Service's infrastructure beyond normal, intended use
- Submit malware, exploit code, or abusive payloads through any input field, API request, or file upload
- Impersonate another person or entity, or misrepresent your affiliation with dontpoke.me
Responsible Security Research
Our tools are built for defensive use: checking your own exposure, vetting a domain before you trust it, monitoring your own infrastructure. If you're a security researcher using dontpoke.me as part of a broader engagement, you're responsible for having proper authorization for any target system you're assessing independently of our tools — our tools only ever query public data sources (WHOIS/RDAP, public DNS, Certificate Transparency logs, published breach corpora) and never perform active exploitation.
API & Extension Use
Business API keys are for your own applications or internal tooling. Don't share a key across unrelated organizations, and don't build a public-facing product whose primary function is re-exposing our raw tool outputs. The LinkSlinger browser extension should only be configured with API keys you're authorized to use.
Enforcement
Violating this policy may result in a warning, rate-limiting, API key revocation, or account suspension/termination, depending on severity. We may report illegal activity (e.g. evidence of stalking, fraud, or CSAM-related activity) to law enforcement without prior notice.
We review reports on a case-by-case basis and try to be proportionate — a single odd search is not the same as a documented pattern of harassment.
Reporting Abuse
If you believe someone is using dontpoke.me to harass, stalk, or otherwise harm you or someone else, email [email protected] with as much detail as you can provide. We take these reports seriously and will investigate promptly.
Changes to This Policy
We may update this policy as the Service evolves. Material changes will be reflected in the "Last updated" date above, consistent with the notice process described in our Terms of Service.