Acceptable Use Policy

1. Introduction

This Acceptable Use Policy ("AUP") governs your use of Kodus's services, platform, and communications tools. This policy is incorporated into and forms part of our Terms of Service.

By using our Services, you agree to comply with this AUP. You are responsible for ensuring that all users of your account, including employees, contractors, and agents, also comply with this policy.

This policy applies to all features of our Services, including but not limited to:

• The Kodus CLI and the agent's local tool execution (code edits, bash, git, file reads, AST, search);
• The relay backend and LLM routing layer;
• The web dashboard (account, billing, plans, session history, tokens);
• Skills and personas invoked via @-mentions;
• Hosted workspaces and project previews;
• Programmatic interfaces, webhooks, and integrations;
• All other platform features.

2. General Prohibited Activities

2.1 Illegal Activities

You may not use the Services to engage in, facilitate, or promote:

• Any activity that violates applicable local, state, national, or international laws or regulations;
• Fraud, financial crimes, or money laundering;
• Sale or promotion of illegal products or services;
• Intellectual property infringement (copyright, trademark, patent, trade secret);
• Identity theft or impersonation;
• Harassment, stalking, or threats;
• Exploitation of minors in any form;
• Human trafficking or exploitation;
• Terrorism or violent extremism;
• Any other criminal activity.

2.2 Harmful Activities

You may not use the Services to:

• Defame, abuse, harass, threaten, or intimidate any person;
• Discriminate based on race, ethnicity, religion, gender, sexual orientation, disability, or other protected characteristics;
• Promote hatred or violence against any group or individual;
• Disseminate malware, viruses, or other harmful code;
• Engage in phishing, spoofing, or other deceptive practices;
• Interfere with or disrupt the Services or other users' access;
• Compromise the security or integrity of any system or network.

2.3 Deceptive Practices

You may not:

• Misrepresent your identity or affiliation;
• Create fake accounts or personas;
• Make false or misleading claims about your products or services;
• Impersonate Kodus or any other company;
• Use deceptive tactics to collect personal information;
• Engage in bait-and-switch or other fraudulent marketing.

3. Agent-Specific Abuse Prohibitions

3.1 Malicious Code and Exploitation

You may not use the Services, or prompt the agent, to:

• Generate, compile, package, or distribute malware, ransomware, spyware, keyloggers, rootkits, botnet code, cryptojacking code, or any other malicious software;
• Develop or deliver exploits intended for use against third-party systems, networks, devices, or accounts that you are not authorized to test;
• Produce working proof-of-concept code for an undisclosed vulnerability in a third-party product for any purpose other than legitimate, authorized security research that you are able to evidence;
• Craft phishing pages, credential-harvesting sites, spoofed login UIs, or social-engineering content.

3.2 Unauthorized Access and Scraping

You may not use the Services to:

• Scan, probe, fuzz, or otherwise test the security of any system, network, or account without explicit written authorization from its owner;
• Access, modify, or exfiltrate data from systems you are not authorized to access;
• Scrape, crawl, or collect content from third-party services in violation of their terms of service, robots directives, or applicable law;
• Circumvent rate limits, CAPTCHAs, authentication systems, digital-rights management, or other access controls operated by any third party.

3.3 Prohibited AI-Generated Content

You may not use the Services, including through AI Model Providers, to generate, store, or transmit:

• Child sexual abuse material ("CSAM") or any content that sexualizes minors;
• Content that depicts or incites real-world violence against individuals or groups;
• Non-consensual intimate imagery or deepfakes intended to harass, defame, or defraud a specific individual;
• Content designed to mislead voters, manipulate elections, or impersonate public officials;
• Instructions for the synthesis of weapons capable of mass casualties (biological, chemical, nuclear, or radiological);
• Any content that violates applicable law or the acceptable-use policies of the AI Model Providers we route requests to.

3.4 Service Integrity

You may not:

• Attempt to circumvent rate limits, plan entitlements, token caps, or other usage controls;
• Use multiple accounts, shared accounts, or automated account creation to exceed plan limits;
• Use the Services to re-host, resell, proxy, or expose agent capacity as a competing or white-labeled AI coding service;
• Perform distributed-denial-of-service, brute-force, or other abusive load patterns against the relay or Dashboard.

4. Content Restrictions

4.1 Prohibited Content

You may not use the Services to create, store, transmit, or display content that:

• Is illegal or promotes illegal activity;
• Is obscene, pornographic, or sexually explicit;
• Depicts or exploits minors;
• Is defamatory, libelous, or slanderous;
• Infringes intellectual property rights;
• Contains viruses, malware, or harmful code;
• Promotes violence or terrorism;
• Is discriminatory or hateful;
• Is deceptive or fraudulent;
• Violates any person's privacy rights.

4.2 User-Generated Content

If your use of the Services involves collecting or processing content from third parties, you are responsible for:

• Obtaining necessary rights and consents;
• Ensuring content complies with this AUP;
• Moderating and removing violating content;
• Responding to complaints and removal requests.

5. Competitive and Commercial Restrictions

5.1 No Resale of Agent Capacity

You may not, without express written authorization from Kodus:

• Resell, relicense, or redistribute access to the Services or to the agent;
• Expose the agent as a hosted or white-labeled service to third parties;
• Use the Services to operate a competing AI coding agent, autonomous software-engineering platform, or IDE-integrated coding assistant;
• Share or multiplex a single user account among multiple end users in order to avoid paying per-seat or per-user fees.

5.2 Competitive Scouting

You may not access the Services for the purpose of observational replication, logic mapping, benchmarking for public release, or feature scouting on behalf of a competing coding-agent product. This includes, without limitation, access by employees, consultants, or agents of Cursor, Windsurf, Cline, Aider, Devin, GitHub Copilot Workspace, Replit Agent, any Codex-based CLI, or any other competing terminal-based or IDE-integrated AI coding agent. Unauthorized competitive scouting is a material breach and triggers the liquidated-damages and Trade Secret remedies set out in the Terms of Service.

5.3 Legitimate Commercial Use

You may use the Services to produce software that you then distribute, sell, or deploy for commercial purposes, provided you hold an appropriate commercial subscription. Rules for commercial use are further described in the Commercial Use Policy. Individual and hobbyist use is addressed in the Consumer Use Policy.

6. Technical Restrictions

6.1 System Integrity

You may not:

• Attempt to gain unauthorized access to the Services or related systems;
• Probe, scan, or test the vulnerability of any system;
• Circumvent any security or authentication measures;
• Interfere with any user, host, or network;
• Introduce viruses, worms, or other malicious code;
• Use any device or software to interfere with the Services;
• Overload or attempt to crash the Services.

6.2 API and Automation

When using our APIs or automation features:

• Respect rate limits and usage restrictions;
• Do not scrape or harvest data beyond authorized purposes;
• Do not create accounts or send messages programmatically without authorization;
• Do not use bots or automated systems to circumvent restrictions;
• Implement proper error handling and backoff mechanisms;
• Comply with API terms of service.

6.3 Reverse Engineering

You may not:

• Reverse engineer, decompile, or disassemble the Services;
• Attempt to derive source code from the Services;
• Create derivative works based on the Services;
• Copy or imitate the Services' design, interface, or functionality;
• Remove or alter any proprietary notices or labels.

7. Data Protection Requirements

7.1 Data Handling

When processing personal data through the Services, you must:

• Collect data only for legitimate business purposes;
• Obtain appropriate consent where required;
• Provide clear privacy notices to data subjects;
• Implement appropriate security measures;
• Honor data subject rights requests;
• Not sell or share data in violation of privacy laws;
• Comply with data breach notification requirements.

7.2 Sensitive Data

You should not submit sensitive personal data through the Services unless strictly necessary for your development workload and permitted by applicable law. Sensitive categories include, without limitation:

• Protected health information;
• Payment card data;
• Children's personal information;
• Biometric identifiers;
• Precise geolocation data;
• Racial or ethnic origin;
• Political opinions or religious beliefs;
• Sexual orientation or gender identity.

Where you must use such data in development (for example, test fixtures), you should de-identify, minimize, or synthesize it before submitting to the agent.

7.3 Cross-Border Data Transfers

If you transfer data internationally, you must:

• Ensure adequate protection for transferred data;
• Use appropriate transfer mechanisms (SCCs, BCRs, etc.);
• Comply with data localization requirements where applicable;
• Notify data subjects of international transfers.

8. Industry-Specific Requirements

8.1 Regulated Data

You may not upload to the Services, or prompt the agent to process, any data whose handling requires a level of assurance exceeding what the Services provide unless you have executed a separate written agreement with Kodus covering such data. This includes, without limitation, protected health information subject to HIPAA, payment card primary account numbers subject to PCI-DSS, children's personal information subject to COPPA, and government-classified information.

8.2 Open-Source and Third-Party Licenses

When the agent introduces, pulls in, or copies code from an open-source or third-party library, you are responsible for complying with the applicable license, including attribution, copyleft, patent, and redistribution obligations. The agent's output is not a license to any third-party code.

8.3 Export Controls and Sanctions

You shall not use the Services, or permit the agent to produce cryptographic software or dual-use technology, in violation of applicable U.S. or other export-control or sanctions regimes, or on behalf of parties located in sanctioned jurisdictions.

9. Enforcement

9.1 Monitoring

We reserve the right to monitor use of the Services for compliance with this AUP. We may use automated tools, human review, and third-party services to detect violations.

9.2 Investigation

We may investigate suspected violations by:

• Reviewing account activity and content;
• Contacting you for information;
• Cooperating with law enforcement;
• Engaging third-party investigators.

9.3 Enforcement Actions

If we determine a violation has occurred, we may take any or all of the following actions:

• Warning: Issue a warning and require immediate remediation;
• Content Removal: Remove or disable access to violating content;
• Feature Restriction: Restrict access to certain features;
• Suspension: Suspend your account temporarily;
• Termination: Terminate your account permanently;
• Legal Action: Pursue legal remedies including damages;
• Reporting: Report violations to law enforcement or regulatory authorities.

9.4 No Refund for Violations

If your account is suspended or terminated due to AUP violations, you will not receive any refund of prepaid fees. You remain liable for all outstanding amounts and any damages caused by your violations.

10. Reporting Violations

10.1 How to Report

If you become aware of any violation of this AUP, please report it to us immediately:

• Email: abuse@kodus.ai
• Subject Line: "AUP Violation Report"

10.2 Information to Include

When reporting a violation, please include:

• Your contact information;
• Description of the violation;
• Evidence of the violation (screenshots, URLs, etc.);
• Identity of the violating account (if known);
• Date and time of the violation;
• Any other relevant information.

10.3 Response

We will review all reports and take appropriate action. Due to privacy considerations, we may not be able to share details of enforcement actions taken.

11. Changes to This Policy

We may update this Acceptable Use Policy from time to time. Material changes will be communicated through the Services or via email. Continued use of the Services after changes constitutes acceptance of the updated policy.