Acceptable Use Policy

Effective: 2026-05-02 · Last updated: 2026-05-02

Don't. Do not use OffCoder to build malware, generate CSAM or content that sexualizes minors, harass or surveil specific people, build weapons or illegal-substance instructions, abuse our infrastructure, infringe third-party intellectual property, or evade safety filters. Violations result in immediate suspension or termination, content removal, and where appropriate referral to law enforcement.

1. Application

This Acceptable Use Policy (the "AUP") supplements and is incorporated into our Terms of Service. It applies to every aspect of your use of the OffCoder Service ("Service"), whether through the App, the Website, our APIs, or our hosted-service URLs. Definitions used in the Terms apply here.

2. Prohibited content and prohibited uses

You must not use the Service, and must not attempt to use the Service, to do any of the following — whether directly, by assisting another person, by training a model, by automating a workflow, or otherwise. This list is illustrative, not exhaustive.

2.1 Illegal activity, in any jurisdiction relevant to you or your subjects

• Generate, store, distribute, or solicit Child Sexual Abuse Material (CSAM), or any content that sexualizes minors. This is an absolute, no-exceptions prohibition.
• Generate or facilitate child grooming content, predatory communications targeting minors, or material intended to lure minors.
• Generate code, instructions, or design for the manufacture, modification, or use of weapons of mass destruction (chemical, biological, radiological, nuclear), explosive devices including improvised explosive devices, untraceable / "ghost" firearms, or any device whose primary purpose is to inflict mass casualties.
• Generate synthesis routes, precursor pathways, or production guides for illegal drugs (including methamphetamine, cocaine, heroin, fentanyl, MDMA, LSD) or scheduled controlled substances in your jurisdiction.
• Engage in human trafficking, forced labour, or any conduct prohibited under the Bharatiya Nyaya Sanhita 2023 (which replaced the Indian Penal Code with effect from 1 July 2024) or the criminal law of your jurisdiction.

2.2 Malicious software and security harms

• Generate, develop, or distribute malware: viruses, worms, trojans, rootkits, backdoors, ransomware, keyloggers, infostealers, credential stealers, RATs (remote-access trojans), or botnet code.
• Generate or distribute exploits targeting known or zero-day vulnerabilities, except for legitimate, authorized security research conducted under a written engagement that you can produce on request.
• Build phishing kits, smishing kits, fake login pages, or any tool whose primary purpose is to obtain authentication credentials by deception.
• Build tools to evade endpoint-detection-and-response (EDR), antivirus, sandbox-detection, or other security controls of systems you do not own.
• Conduct unauthorized access, port scanning, vulnerability probing, or denial-of-service attacks against systems you are not authorized to test.

2.3 Surveillance, stalking, and privacy invasion

• Build tools or write code to track, locate, monitor, or surveil specific individuals — including current or former intimate partners, family members, employees, or any person who has not given informed consent.
• Install or generate code to install spyware, stalkerware, or commercial-grade surveillance tooling on devices you do not own.
• Scrape or aggregate personal data of individuals from public sources for the purpose of doxxing, harassment, or unsolicited contact.
• Generate, distribute, or attempt to identify a person from non-consensual intimate imagery, deepfake imagery, or audio impersonations.

2.4 Harassment, hate, and abusive content

• Generate content that incites violence against, or that dehumanizes, individuals or groups on the basis of race, ethnicity, religion, caste, gender, sexual orientation, disability, or other protected characteristic.
• Generate or distribute content intended to harass, threaten, defame, or intimidate a specific person.
• Impersonate a real person, organization, or government entity in a manner likely to deceive, defraud, or cause reputational harm.

2.5 Fraud, deception, market manipulation

• Generate fraudulent documents (forged invoices, false IDs, fake academic credentials, fake medical or government certifications).
• Generate code or content for the purpose of academic dishonesty, exam cheating, or misrepresenting authorship.
• Generate disinformation campaigns, election-interference material, mass-targeted propaganda, or coordinated inauthentic-behaviour playbooks.
• Engage in market manipulation, pump-and-dump schemes, or insider-trading enablement.
• Generate content for the purpose of circumventing the safety, acceptable-use, or usage policies of the AI providers we route to, including: Anthropic's Usage Policies, OpenAI's Usage Policies, Google's Generative AI Prohibited Use Policy, and OpenRouter's Terms.

2.6 Intellectual-property and platform-rights violations

• Reproduce, distribute, or generate code, text, images, or other content that infringes a third party's copyright, trade-mark, patent, trade-secret, or other IP right.
• Strip, modify, or circumvent technical protection measures (TPMs), DRM, license keys, or copy-protection mechanisms.
• Generate code that defeats anti-cheat or anti-piracy measures of products you do not own.

2.7 Service abuse

• Use the Service to host content used by you primarily for cryptocurrency mining, file sharing of pirated content, command-and-control infrastructure, ad-click fraud, or proxy / VPN services.
• Run sustained workloads that materially exceed the documented limits of your plan or that consume resources disproportionate to your tier.
• Programmatically create accounts, share credentials, or evade rate limits, IP bans, or feature gates.
• Attempt to exfiltrate other users' data, credentials, prompts, projects, or any artefacts from our infrastructure.
• Reverse engineer or attempt to derive the source code of the Service except where applicable law permits and after written notice to us.
• Use the Service to (a) benchmark the Service for the purpose of building or marketing a directly competing product, (b) train a competing AI model on outputs systematically extracted from the Service, or (c) replicate the Service's distinctive workflows or interfaces for the purpose of building a directly competing product. This restriction targets behaviour aimed at producing a market competitor; ordinary use of the Service for your own software development — including developing software that may incidentally compete with us in some unrelated market — is not restricted by this clause.
• Use the Service in violation of the rate limits, prompt-content policies, or output-handling rules of any AI provider you have selected (Anthropic, OpenAI, Google, OpenRouter), or to circumvent their safety filters.

2.8 Spam and unsolicited messaging

• Generate spam, bulk unsolicited commercial communications, SEO-spam content farms, or AI-generated content explicitly designed to mislead search engines.
• Send unsolicited messages from infrastructure deployed via our Service in violation of applicable anti-spam and consent law, including the US CAN-SPAM Act 2003, the EU ePrivacy Directive (Article 13) and GDPR consent requirements, India's Telecom Regulatory Authority of India (Telecom Commercial Communications Customer Preference) Regulations 2018 governing unsolicited commercial communications, and the consent obligations under DPDPA.

3. AI policy compliance

The Service is subject to Google Play's AI-Generated Content policy for distribution on Google Play, and — to the extent we ship to iOS — to the Apple App Store Review Guidelines §1.2 (User-Generated Content) and §5.1 (Privacy). To meet those policies, we operate (a) a pre-LLM input filter and (b) a post-LLM output scanner that block requests and responses falling within the prohibited categories above. Attempts to evade these filters — through obfuscation, rephrasing, social engineering, jailbreak prompts, prompt-injection chains, or any technique whose effect is to extract policy-violating output — themselves constitute a violation of this AUP and grounds for immediate termination.

Every AI output in the Service carries a flag/report mechanism. Use it. Reports help us improve our filters, action genuine harms, and demonstrate compliance to platforms and regulators.

4. Lawful security research

We support legitimate, authorized security research. The use cases below are NOT restricted by this AUP, provided the conditions are met:

• Vulnerability research conducted under a written engagement, bug-bounty program, or coordinated-disclosure agreement that authorizes the work, AND that targets only systems within the agreed scope.
• Public bug-bounty programs operated on platforms such as HackerOne, Bugcrowd, or Intigriti, where the target is the program owner's stated scope and you act within that scope; no further written authorization from us is required for activity within those scopes.
• Educational study of malware behaviour in an isolated lab, where the artifacts are not distributed to third parties.
• Red-team exercises conducted with documented client authorization, where the target system is owned or controlled by your client.

If we have reason to question whether a specific use is legitimate research, we may ask you to produce the engagement letter, the bug-bounty acceptance, or other written authorization (for public bounty programs, a link to the in-scope program page is sufficient). Refusal to produce, or refusal to scope your activity to authorized targets, will be treated as a violation.

5. Age-gating

The Service is for users aged 18 and over. This 18+ floor is consistent across our Terms of Service §1–§2, this AUP, and our Privacy Policy §11; it applies regardless of whether your jurisdiction sets a lower digital-consent age (e.g. 13 under COPPA in the United States, 16 under Article 8 GDPR in the EEA / UK). You must not use the Service to develop or operate features primarily directed at children under 18 without our prior written consent and your independent compliance with applicable child-safety law (including, where relevant, COPPA, the EU Audiovisual Media Services Directive, and the Indian DPDPA child-data provisions).

6. Reporting violations

If you become aware of conduct that violates this AUP, report it:

• Inside the App, use the flag/report button on any AI output (preferred for AI-generated content).
• By email: trust@offcoder.com (or legal@offcoder.com for issues requiring escalation).
• For DMCA notices specifically, see our DMCA Policy.

Where the violation involves an immediate risk to life, public safety, or critical infrastructure, contact local emergency services first; then report to us.

7. Enforcement

We may at our sole reasonable discretion take any of the following actions in response to a suspected or confirmed violation: warn the user, restrict feature access, suspend the account, terminate the account, remove the offending content from our infrastructure, retain evidence (including the prompts, outputs, project files, and metadata associated with the violation) for the duration of the investigation, refund or refuse to refund as appropriate per our Refund Policy, and report to law-enforcement, the AI provider whose policies were also violated, or other relevant parties. Evidence retained for an investigation under this Section is processed in accordance with the retention rules in Privacy Policy §9 once the investigation closes; where the evidence is needed for an open law-enforcement matter, court order, or preservation request, it is retained until that matter concludes and is then deleted in accordance with §9.

For severe violations (e.g. CSAM, weapons of mass destruction, credible threats of violence) we will act without prior warning and will preserve and produce records to law-enforcement to the extent required by law.

You waive any claim against us arising from a good-faith enforcement action under this AUP.

8. Changes to this AUP

We may update this AUP. The current version is always the version posted at this URL. Material changes adverse to users will be notified by email at least 14 days before they take effect.

9. Contact

trust@offcoder.com for AUP questions and reports.