Acceptable Use Policy
VectorFlow Cloud is shared infrastructure. The rules below exist to keep the Service safe and reliable for every customer. Violating any of them is a material breach of the Terms of Service and can result in suspension or termination of your account.
1. Things you must not do
- Unlawful activity. Use the Service to commit, facilitate, or conceal any activity that is unlawful under the laws of England and Wales, the EU, or any jurisdiction whose users you target.
- Abuse of others’ data.Process, transmit, or store personal data through the Service in a way that violates GDPR / UK GDPR, CCPA, or other applicable data-protection law — including processing without a lawful basis, processing children’s data without parental consent, or selling personal data the data subject did not authorise you to sell.
- Security violations. Probe, scan, or test the vulnerability of any VectorFlow system or network without prior written authorisation from security@vectorflow.sh. Bypass or attempt to bypass any of the boundaries documented in the Trust & Security overview. Reverse-engineer the Service for any purpose other than interoperability where applicable law allows it.
- Capacity abuse. Use the Service in a way that consumes capacity disproportionate to your plan tier with intent to circumvent the published limits, run cryptocurrency mining, or stage denial-of-service amplification.
- Service-on-service. Resell the Service or a substantial portion of it under your own brand without a written reseller agreement.
- Hate speech, harassment, exploitation.Build pipelines whose deliberate purpose is to enable hate speech, threats, harassment, child exploitation, or the non-consensual sexualisation of any person.
- Malware distribution.Use the Service to distribute malware, scareware, ransomware, command-and- control traffic, or any payload whose intended effect is to compromise a third party’s system.
- Bypass of access controls. Share or otherwise widen access beyond the seat / role grants you have from VectorFlow. Each user must use their own account.
- Impersonation.Misrepresent your affiliation with another person or organisation to VectorFlow, including creating signup accounts on a domain you do not control with intent to bind that domain’s organisation.
- Volumetric high-risk content.Use the Service for HIPAA-covered health data, payment-card data outside Stripe’s scope, or classified government data, unless we have signed a specific data-handling addendum with you that authorises that category.
2. Things you must do
- Disclose security issues responsibly. If you discover a vulnerability in the Service, report it to security@vectorflow.sh before any public disclosure. We will acknowledge within 2 business days and keep you in the loop on remediation.
- Keep your account secure.Enable WebAuthn or TOTP, store backup codes offline, rotate API keys at least annually, and review your org’s OrgMember list quarterly.
- Respect rate limits. The Service exposes published per-tier limits on agents, pipelines, and events; automated callers must implement exponential backoff on 429 responses.
- Tell us about export-control sensitivities.If you are subject to export-control regimes (e.g. ITAR, EAR, EU dual-use) that interact with the data you process through the Service, contact us before signing up so we can confirm the deployment region works for you.
3. Reports of abuse
If you believe a VectorFlow Cloud customer is using the Service in violation of this AUP, email abuse@vectorflow.sh with as much detail as you can share. We triage abuse reports within 1 business day. Reports submitted in good faith do not count against the reporter’s account.
4. Consequences
We may, on notice where practical and without notice where the risk is active:
- Suspend the offending pipelines or agents.
- Suspend the offending user or organization.
- Terminate the agreement with the offending organization per the termination clauses in the Terms.
- Cooperate with law-enforcement requests where we are legally required to do so.
We will tell you which clause you are alleged to have breached, and (where the breach allows time for it) give you an opportunity to cure within 30 days before terminating.
5. Contact
Abuse reports: abuse@vectorflow.sh
Security disclosures: security@vectorflow.sh
General queries: trust@vectorflow.sh