Acceptable Use Policy

You may not use the Service to:

• Violate any applicable law, regulation, or third-party rights
• Engage in illegal activities including unauthorized access to computer systems
• Distribute malware, viruses, or other harmful code
• Harass, abuse, threaten, or intimidate any person
• Transmit spam, unsolicited communications, or phishing content
• Impersonate any person or entity, or misrepresent your affiliation
• Infringe on intellectual property rights of HexaClaw or any third party
• Use the Service on systems you do not own or have authorization to manage

The following activities are strictly prohibited and may result in immediate termination:

• Reverse engineering Guardian for bypass: Analyzing, decompiling, or reverse engineering Guardian security rules, heuristics, or ML models for the purpose of creating tools, techniques, or skills that evade detection
• Poisoning threat data: Submitting false, misleading, or manipulated data to the Guardian Cloud API with the intent to degrade detection accuracy or trigger false positives
• Extracting the skill database: Systematically scraping, copying, or extracting the curated skill database, Guardian rule sets, or threat intelligence data for redistribution or commercial use
• Credential sharing: Sharing account credentials, API keys, pairing codes, or subscription access with unauthorized users or across organizational boundaries beyond your license scope
• Rate limit abuse: Circumventing, manipulating, or attempting to bypass rate limits, usage quotas, or tier restrictions through technical means including but not limited to multiple accounts, request manipulation, or API abuse
• Creating malicious skills: Developing or distributing skills that contain malicious payloads, prompt injections, credential harvesting, or data exfiltration capabilities
• Infrastructure abuse: Using HexaClaw infrastructure to proxy traffic for unauthorized third parties, conduct denial-of-service attacks, or establish persistent unauthorized connections

The following activities related to the Cloud API Platform are prohibited:

• Credit manipulation: Exploiting billing logic, replay attacks, or manipulating token counts to avoid or reduce credit charges
• API key sharing: Sharing, reselling, or distributing your HexaClaw API keys to third parties outside your organization
• Provider terms violation: Using the Cloud API Platform to circumvent Third-Party Provider acceptable use policies or terms of service
• Harmful content generation: Using image generation, text generation, or other AI services to create content that is illegal, sexually exploitative of minors, promotes violence, or violates applicable law
• Browser automation abuse: Using browser automation sessions for credential stuffing, scraping protected content, conducting attacks against third-party websites, or any activity that violates the Browserbase acceptable use policy
• Competitive extraction: Systematically querying the Cloud API Platform to benchmark, replicate, or reverse engineer Third-Party Provider model capabilities for the purpose of building a competing service
• BYOK misuse: Using the Bring Your Own Key feature to route traffic through HexaClaw in violation of your own Third-Party Provider agreement, or using BYOK to obscure the origin of prohibited requests

To ensure service quality for all users, the following fair use guidelines apply:

• Cloud API Platform usage must stay within your plan's rate limits: Trial (30 requests/min, 500/day, 3 concurrent), Pro (60 requests/min, 2,000/day, 5 concurrent), Max (120 requests/min, 10,000/day, 10 concurrent). Enterprise limits are set per agreement.
• Daily spending caps apply per tier: Trial (200 credits), Pro (500 credits), Max (1,500 credits). These caps protect against runaway usage.
• Browser automation sessions are intended for interactive web tasks, not as a general-purpose proxy or tunnel
• Automated or scripted access to the Service must comply with documented API guidelines
• Bulk operations that degrade service for other users may be throttled or suspended

We support good-faith security research. If you discover a vulnerability in HexaClaw:

• Report it through our Vulnerability Disclosure Program
• Do not exploit vulnerabilities beyond what is necessary to demonstrate the issue
• Do not access, modify, or delete other users' data
• Allow reasonable time for remediation before public disclosure

Good-faith security research conducted in accordance with our Security & Vulnerability Disclosure page is exempt from the prohibitions in Section 3, provided it is reported responsibly.

Violations of this AUP may result in enforcement actions at our discretion, following a graduated approach:

1. Warning: Written notice of the violation with a request to cease the prohibited activity. A reasonable timeframe for compliance will be provided.
2. Suspension: Temporary suspension of account access or specific features. You will be notified of the duration and conditions for reinstatement.
3. Termination: Permanent termination of your account and license. Applies to severe or repeated violations, or activities that pose immediate risk to other users or our infrastructure.

We reserve the right to skip steps in this process for severe violations that pose immediate risk, including but not limited to: distribution of malware, active exploitation of vulnerabilities, or credential harvesting.

Terminated accounts are not eligible for refunds except as required by applicable law.