Acceptable Use Policy (AUP)

Version: 1.0

Last updated: 26 Jan 2026

Applies to: the Arrowdot platform, APIs, SDKs, CLI, and apps published under arrowdot.app

Abuse: [email protected]

Vulnerabilities: [email protected]

1. Use rules

You will comply with law and these rules.

You are responsible for your account, your users, your published apps, and your model/API keys and storage you connect.

2. Prohibited content

Do not upload, generate, or publish content that is:

  • Illegal or rights-infringing, including unlicensed copyrighted works, counterfeit goods, or others’ confidential data.
  • Exploitative or harmful, including child sexual abuse material, non-consensual intimate imagery, trafficking, threats, or harassment.
  • Inciting violence, terrorism, or hate.
  • Malware, spyware, or code intended to damage or subvert systems.
  • Deceptive deepfakes that impersonate a person or brand without consent or a clear label.

3. Prohibited activities

You may not:

  • Attack or probe others’ systems; attempt to bypass auth or rate limits.
  • Interfere with or overload the service; scrape at scale without written permission.
  • Reverse engineer or attempt to extract platform source or model weights.
  • Use the service for high-risk operations where failure could lead to death or injury.
  • Use to violate others’ privacy, monitor individuals without consent, or collect personal data without a lawful basis and notice.
  • Use the service to build a competing hosted service that replicates core functionality in a confusing way.

4. Models, providers, and BYO keys

If you connect third-party model or API keys, you must follow those providers’ terms and policies.

If you pass personal data to models, you must have a lawful basis and provide required notices to end users.

We may block unsafe prompts, outputs, or provider routes to protect users and the service.

5. Publishing on arrowdot.app

Public projects are opt-in. If you make one public, do not include secrets or personal data.

If your app collects end-user data, you are the controller. Provide your own privacy notice and consent mechanism.

6. Enforcement

We may remove or restrict content, suspend accounts, or disable published apps that breach this AUP or create risk. For escalation, email [email protected].

7. Security research

Good-faith security research is welcome. Do not access customer data, degrade service, or exploit beyond proof. Report promptly to [email protected]. We will not pursue legal action for good-faith, compliant testing.