Acceptable Use Policy

Effective 2026-04-16. Applies to every UncommonClaw workspace.

UncommonClaw provides AI helpers that can send messages, browse the web, and run tools on behalf of our customers. This policy describes what you must not use the platform for. We enforce this policy automatically and through manual review. Violations can result in immediate workspace suspension and account termination.

Prohibited uses

You may not use UncommonClaw, directly or indirectly, to:

Send unsolicited bulk messages (spam) by email, SMS, WhatsApp, Slack, Discord, or any other channel.
Conduct denial-of-service, flooding, or coordinated overload attacks against any system, including our own.
Distribute malware, ransomware, phishing payloads, or credential-stealing code.
Perform credential stuffing, password spraying, brute-force auth attempts, or account takeover.
Scrape or harvest personal data in violation of applicable law, a site's terms of service, or anti-scraping controls.
Impersonate other people or organisations in a way that is deceptive, fraudulent, or intended to harm.
Generate, store, or distribute child sexual abuse material (CSAM), non-consensual intimate imagery, or content that sexualises minors.
Produce content that incites violence, targets protected groups, or facilitates real-world harm.
Run cryptocurrency mining, token-farming, or any activity whose primary purpose is to consume our compute.
Generate fraudulent invoices, fake reviews, deepfakes, or synthetic media intended to deceive.
Bypass our rate limits, content filters, blocklists, or other technical controls.
Use the platform to commit, plan, or advise on any other illegal activity under the laws of Canada, the United States, the EU, or the jurisdiction where you operate.

What we do to enforce it

Per-workspace rate limits on messages, web requests, and channel sends.
Outbound content moderation on messages sent through connected channels.
Domain and IP blocklists to prevent SSRF, spam, and known malicious destinations.
An outbound audit log retained for at least 90 days that records every external action a helper takes.
A workspace suspension kill switch we can invoke instantly on abuse reports or automated signals.
Email-verified signups with payment verification on paid tiers, to deter anonymous abuse.

Reporting abuse

If you believe a UncommonClaw workspace or helper is being used in violation of this policy, email abuse@uncommonclaw.com or submit a report at POST /api/abuse. Critical reports (CSAM, active attacks, imminent harm) trigger automatic suspension pending review. We aim to respond within one business day; CSAM reports within hours.

Your obligations

Keep your workspace credentials and API keys secret. If you think a key is compromised, rotate it immediately from your settings page.
Only grant your helpers access to data and services you are authorised to use. If a helper sends email on your behalf, you are the sender of record and are legally responsible for the contents.
Do not install third-party skills you have not audited. Skills can grant helpers the ability to run shell commands, fetch URLs, and send messages.
Cooperate with our security team when we request information about your workspace's activity.

Changes to this policy

We may update this policy to reflect new abuse patterns or legal requirements. Material changes are announced by email to workspace owners at least 14 days before they take effect. Continued use of the platform after that date constitutes acceptance of the revised policy.