Acceptable Use Policy
GABFORGE UNLIMITED. Hosted at gabforge.ai/legal/acceptable-use.
1. At a glance
| Question | Answer |
|---|---|
| What can I use GabForge for? | Any lawful purpose. Building a business, learning, writing, coding, research, creative work, hosting a blog/site, whatever. |
| What will get my account banned? | Using GabForge to harm people (§3). The list is specific, not open-ended. |
| If I use my own API key (BYOK), do your rules still apply? | The AI provider's rules also apply. You're bound by both. §5. |
If I build a subsite on .live, am I responsible for visitors' content? |
Yes — you host it, you moderate it. §6. |
| If I self-host the OSS CMS, can you still ban me? | We have no access to your server. We enforce nothing there. Community norms apply. §7. |
| What happens if I violate this policy? | Depending on severity: warning → temporary suspension → permanent termination → report to law enforcement. §8. |
| How do I report someone else's violation? | [email protected] (24–48h initial response). §10. |
2. Permitted uses
You may use GabForge for any lawful purpose. Common ones:
- Personal productivity, writing, summarisation, research, learning
- Business operations (invoicing, marketing, sales, support, content, analytics)
- Software development — code generation, debugging, review, documentation, testing
- Data analysis, document processing, transcription
- Creative work — design ideation, music / image / video prototyping, storywriting
- Education — tutoring, coursework, academic research
- Running a website or blog on
gabforge.live - Building applications against our API (within your tier's rate limits)
- Self-hosting the OSS CMS and adapting it to your needs
Our Free tier is a genuine covenant — no hidden gotchas, no crippled functionality, no dark-pattern upgrades. The contractual scope of "Free stays Free" lives in Terms_of_Service §6.1 (with About §3 as the plain-English summary).
3. Prohibited uses
You must not use GabForge (hosted or self-hosted where we can observe it) to do any of the following. The list is intentionally specific — we don't want a vague "misuse" clause we can hide behind.
3.1 Harm to people
- Generate, distribute, or solicit child sexual abuse material (CSAM) in any form. This is criminal and reported to authorities.
- Generate content that promotes or facilitates self-harm or suicide, or targets an individual with content likely to cause severe psychological harm.
- Generate targeted harassment of a specific person, including stalking content, doxxing, or coordinated pile-on campaigns.
- Generate content that sexualises real identifiable persons without consent, including deepfake intimate imagery.
- Generate incitement to violence against a person or group, including hate speech that calls for physical harm.
3.2 Fraud and deception
- Generate phishing messages, fake login pages, or credential-harvesting content.
- Impersonate a real person or organisation in a way likely to deceive a reasonable recipient. Parody / satire with clear markers is fine.
- Generate fraudulent documents — fake IDs, fake degree certificates, fake invoices, fake academic papers presented as authentic.
- Run astroturfing or coordinated inauthentic behaviour — mass-generated content presented as organic to manipulate public opinion.
3.3 Illegal activity
- Facilitate the sale or distribution of controlled substances, illegal firearms, or stolen data / credentials.
- Facilitate money laundering, sanctions evasion, or tax fraud.
- Generate content that infringes a third party's copyright, trademark, or other IP in a way you would not be entitled to produce manually. (AI doesn't grant new IP rights you didn't already have.)
- Generate content that violates privacy laws applicable to you or your target — including processing personal data without a lawful basis.
3.4 Security / platform abuse
- Circumvent authentication, rate limiting, content filters, or quota systems we deploy.
- Run automated scrapers or bots against our web surfaces beyond the allowances of our published API.
- Attempt to extract, distill, or reverse-engineer our proprietary model weights. (Exception: models we release under open-source licences on
gabforge.org— you can do anything the licence permits.) - Upload malware, exploits, or files designed to damage our or others' infrastructure.
- Share your login credentials or API keys with unauthorised parties. Each account is for one natural person (team / enterprise seats are separately authorised under the subscription contract).
- Send unsolicited bulk communication (spam email, SMS, messaging) composed with GabForge.
3.5 Autonomous / agent-specific risks
- Use GabForge agents or API to take irreversible real-world actions (money transfer, legal commitments, account deletion) without informed human review — at minimum for high-impact actions.
- Deploy agents that operate at a cadence or scale that could reasonably be called "automated abuse" against third-party services.
- Use AI outputs to cause physical harm via connected systems (CNC machines, IoT, robotics) without appropriate safety interlocks. This is your liability, but we still prohibit it.
3.6 Weapons and dual-use
- Generate detailed instructions for building or acquiring weapons capable of mass casualty — chemical, biological, radiological, nuclear, or explosive.
- Generate exploit code or cyber-weapons where the intended use is unlawful (security research with disclosure intent is allowed; see §4).
3.7 Context-specific limits
- On
gabforge.livesubsites served to the public: content hosted there is subject to the same rules as listed above, plus the additional guardrails in ../Strategy/User_Subsite_Guardrails. - On API integrations: you must clearly disclose AI-generated output to your end users where the law or the provider requires, and implement content moderation appropriate to your use case.
4. Security research — explicitly allowed
If you are performing good-faith security research:
- Testing for vulnerabilities on surfaces you control (your own subsite, your own OSS install, your own BYOK configuration) is allowed without prior notice.
- Reporting vulnerabilities in GabForge's own infrastructure is encouraged; email
[email protected]per our security disclosure policy in Contact_Support §7. - Safe-harbor applies to disclosure made in good faith and within our disclosure policy — we will not pursue legal action under CFAA / ITA / equivalent laws against researchers who follow our rules.
What's not allowed under the research banner: exfiltrating other users' data, denial-of-service testing without coordination, or disclosing findings publicly before we've had a reasonable fix window (usually 90 days).
5. Bring Your Own Key (BYOK) — dual-governance
When you use GabForge with your own AI provider's API key (BYOK):
- Our AUP still applies to your GabForge use (orchestration, storage of prompts in session, plugin actions triggered).
- The provider's AUP also applies to any prompt / completion that passes through their API — OpenAI, Anthropic, Google, Mistral, Groq, DeepSeek, xAI, Cohere, Together, OpenRouter each have their own terms.
- A violation of the provider's AUP may get your key revoked or your provider account banned. That's between you and them — we forward requests, we don't vet them.
- We log that a request occurred (for your own visibility in your workspace billing view), but we do not log the prompt content of BYOK requests by default. See Privacy_Policy §4 for detail.
You are responsible for reading and complying with your chosen provider's policies. Links are maintained in your workspace BYOK settings page.
6. .live subsite owners — you are a hoster
If you run a website on gabforge.live (whether your own subdomain or a custom domain pointed at our hosting):
- Content posted by your visitors (comments, form submissions, uploaded media) — you are the first-line moderator. Our platform provides automated pre-screening and abuse detection; final moderation and takedown responsibility rests with you.
- Per-subsite guardrails (size limits, first-party-only Blocks, no user-installed extensions) are listed in ../Strategy/User_Subsite_Guardrails.
- GabForge retains the right to suspend any subsite that persistently hosts prohibited content, even if the subsite owner did not author it. We follow DMCA-style notice-and-takedown for copyright; for other violations we attempt to contact the owner before suspension.
Think of gabforge.live like WordPress.com: you own your site, you're responsible for its content, we provide the hosting and enforce platform-level rules.
7. Self-hosted OSS CMS — community norms only
You may download and self-host the GabForge OSS CMS (gabforge.org) on your own infrastructure. On your own server:
- We have no visibility into what you do. We enforce nothing.
- Community norms apply — the
gabforge.orgcommunity may shun or bar bad actors from contributing or from using community resources, but that's social enforcement, not platform enforcement. - Applicable law applies to you as the operator.
- Third-party extensions you install are community-curated and not reviewed by us. You accept their risk.
If you run an OSS install and someone reports abusive content hosted there, contact us only if the abuse is of a GabForge trademark or legal notice — otherwise the dispute is between the reporter and you.
8. Enforcement and appeals
If we believe you've violated this policy, one of the following happens, proportionate to severity:
| Severity | First response |
|---|---|
| Minor (suspected spam, rate-limit breach, unclear intent) | Warning message in-product; request to cease. |
| Moderate (ongoing policy breach, no immediate harm) | 72-hour account suspension; explanation sent by email; you can respond before restoration. |
| Severe (harassment, fraud, CSAM indicators, security attack) | Immediate suspension; investigation; possible permanent termination; no refund for terminations under §3.1 / §3.3 / §3.6. |
| Criminal | Law-enforcement report; account preserved for legal hold per their request. |
8.1 Appeals
If your account is suspended or terminated and you believe it's in error:
- Reply to the email notice, or email
[email protected]with the subject line "AUP appeal — [your account email]". - We acknowledge within 2 business days and aim to resolve within 10 business days.
- For India users, the Interim Grievance Officer provides statutory resolution within 15 calendar days per IT Rules 2021 §3(2). See Contact_Support §6.
8.2 Transparency
We do not publish a routine transparency report at our current scale. If we receive a government order or law-enforcement request that materially affects a user, we notify the user unless legally prohibited, and we report aggregate numbers once we cross the IT Rules SSMI threshold (5 million India users).
9. Changes to this policy
We update this AUP when:
- The law changes (e.g., new DPDP rules, new EU DSA obligations, new state-level AI laws).
- Our product scope changes (new surface that introduces new abuse vectors).
- We identify a gap in the prohibited-uses list.
Material changes trigger:
- Update to this canonical file in the same commit as the implementing change.
- Email notice to all signed-in users 30 days before the change takes effect (shorter for safety-critical changes; we'll explain why).
- Changelog entry at the bottom.
Continued use after the effective date constitutes acceptance.
10. Reporting a violation
If you see content or behaviour on a GabForge surface that violates this policy:
- Email:
[email protected](primary), orabuse@on the TLD where you saw it - Include: URL or identifier of the content, a description of the violation, any context you can share, and your preferred contact channel
- Anonymous reports are accepted but we can't follow up with you
Response targets:
- Automated acknowledgement: immediate
- Human triage: 24–48 business hours
- Decision: 5 business days for routine, 24 hours for CSAM / imminent-harm
Do not retaliate against the alleged violator; let us handle it.
11. Changes in this document vs. in the ToS
Some items in §3 are also listed in Terms_of_Service. Where language differs, the ToS governs as the enforceable contract; this AUP is the plain-English operational companion. In practice we'll keep both in sync.