1. Prohibited activity
You may not use, help others use, or attempt to use a VuNova service for:
- Phishing or impersonation: collecting credentials or payment details deceptively; copying a trusted brand or login; misleading a person about origin, destination, ownership, or purpose.
- Malware or compromise: distributing malicious code, exploit kits, unwanted software, ransomware, botnet commands, credential lists, or instructions primarily intended to compromise systems.
- Spam and manipulation: unsolicited bulk messaging, fake engagement, referral abuse, review manipulation, address harvesting, or automation that violates recipient or platform rules.
- Dangerous links and redirects: hiding a harmful destination, redirect chains designed to evade scanners, domain fronting, cloaking different content from reviewers, or rotating destinations after approval.
- Exploitation or abuse: child sexual abuse material, grooming, non-consensual intimate imagery, trafficking, credible threats, targeted harassment, doxxing, or content that facilitates real-world violence.
- Fraud and unlawful trade: scams, stolen goods, unauthorized financial services, evasion of sanctions, counterfeit documents, or deceptive investment and giveaway schemes.
- Privacy violations: unlawful surveillance, tracking without required notice or consent, sale of unlawfully obtained personal data, or publishing highly sensitive personal data without a lawful basis.
- Intellectual-property abuse: piracy, counterfeit distribution, license-key theft, or content that infringes copyright, trademark, or other rights.
- Security and resource abuse: unauthorized scanning, denial-of-service, password attacks, bypassing access controls, quota evasion, cryptomining, excessive automated load, or interference with another tenant.
2. Additional rules for links, files, AI, and APIs
Do not use links or QR codes to disguise a destination or defeat reputation systems. The visible description, preview, domain, and final destination must not materially mislead a reasonable visitor. A destination that becomes unsafe may be disabled even if it was safe when created.
Files and generated outputs must be lawful and safe to process. AI features may not be used to automate fraud, credential theft, malware, exploitation, or high-impact decisions without appropriate human review and legal authority.
API users must honor documented rate limits, identify integrations accurately, secure keys, and promptly revoke exposed credentials. Creating multiple accounts, tenants, domains, or network identities to bypass enforcement is prohibited.
3. Detection and proportionate enforcement
VuNova may use automated signals and human review to assess URLs, files, metadata, reports, unusual traffic, account relationships, and public reputation feeds. Automated detection is a signal, not a promise that content is safe.
Depending on severity and confidence, we may warn, require verification, reduce reach, block an action or destination, quarantine content, revoke keys or sessions, limit an account, preserve evidence, suspend service, terminate access, or notify providers and authorities when legally required or necessary to prevent harm.
Urgent, credible threats and clear phishing or malware may be blocked without advance notice. For lower-risk issues, we aim to give notice and a chance to correct the problem. Attempts to evade a restriction are treated as an additional violation.
4. Reporting abuse and appeals
Report suspected phishing, malware, impersonation, illegal content, or other abuse through the tracked contact form using “Abuse report” as the project. Include the exact URL, what happened, when you observed it, and non-sensitive supporting evidence. Do not submit passwords, full card data, malware binaries, or illegal imagery through the form.
If your content or account was restricted, use the same form with “Moderation appeal.” Identify the affected account or URL and explain why the decision may be mistaken or what you corrected. A reviewer who was not the original reporter will assess the available context where practical.
Good-faith security research should minimize access to personal data and harm, stop after confirming the issue, avoid persistence or extortion, and report privately. This policy does not authorize testing systems you do not own or exempt conduct prohibited by law.
5. Customer responsibility
You are responsible for users, integrations, domains, destinations, and content under your account. Use role-based access, two-factor authentication, separate API keys, least privilege, destination monitoring, and prompt offboarding. Notify VuNova if an account or domain is compromised.
This policy is part of the Terms of Service. Product-specific rules may be stricter where necessary for safety, provider requirements, or law.