Acceptable Use Policy
Effective June 12, 2026 · Last updated June 12, 2026
Short version: don't use Escalation Host to host illegal content, abuse other people, send spam, mine crypto, run malware C2, or anything else that gets a hosting company in trouble. Your AI agent's actions count as yours. We will suspend an account for AUP violations.
This Acceptable Use Policy ("AUP") applies to every user of Escalation Host and to every AI agent operating on a user\'s account. The AUP is incorporated into the Terms of Service by reference. Violating the AUP is a material breach of the Terms and may result in suspension or termination.
1. Prohibited content
You will not use the service to host, store, transmit, or process content that:
- Is illegal under the laws of the United States or the user\'s jurisdiction
- Constitutes child sexual abuse material (CSAM) — this is reported to NCMEC and law enforcement; zero tolerance, no warning
- Promotes, incites, or instructs in violence against individuals or groups; threatens specific persons; or constitutes credible threats of physical harm
- Infringes the intellectual property or publicity rights of others (see also the DMCA Policy)
- Is defamatory, libelous, or fraudulent
- Violates the privacy of others — non-consensual intimate imagery, doxxing, stalkerware
- Engages in or facilitates human trafficking, sexual exploitation, or child endangerment
- Sells, advertises, or solicits illegal goods or services
- Constitutes pirated software, ROMs, or copyrighted media without authorization
2. Prohibited activities
You will not, and will not authorize any AI agent or third party to:
- Send unsolicited bulk email (spam), SMS spam, or violate CAN-SPAM, CASL, or similar anti-spam laws
- Run phishing infrastructure, fake-login pages, or credential-harvesting services
- Host or distribute malware, ransomware, exploit kits, or attack tooling intended for unauthorized access
- Operate command-and-control (C2) infrastructure for botnets or malware networks
- Mine cryptocurrency (proof-of-work or proof-of-stake) on the runtime — the workload is misaligned with our pricing model and disrupts other tenants
- Perform large-scale unauthenticated scraping that violates target sites\' terms or rate-limits
- Launch denial-of-service attacks (DDoS, application-layer DoS) against any party from the service
- Conduct unauthorized penetration testing, vulnerability scanning, or red-team operations against systems you don\'t own or have explicit written authorization to test (your own apps on the platform are fine; see §4)
- Use the service to circumvent rate limits, abuse mechanics, or filtering on other platforms
- Resell the service as your own without an explicit reseller agreement with us
3. AI agent–specific limits
The product is specifically designed for AI agents to operate accounts. Even so:
- The user remains responsible for what their authorized agent does. Configure scopes and approval gates to reflect your actual trust level.
- Agents must respect platform rate limits. Repeated automated retry storms that exhaust shared resources may be rate-limited or briefly suspended without notice; we\'ll restore access and notify the user.
- Do not use Escalation Host as a relay to circumvent another service\'s rate limits, terms, or geofencing.
- Do not authorize an agent to take actions you do not understand or do not want — that\'s what scopes and approval gates are for.
- Agents using the access-request / magic-link recovery flow must accurately self-identify in the
reason field. Impersonating a different agent or vendor is a violation.
4. Security testing of your own apps
You may security-test apps you control on the platform — fuzz them, scan them, run authenticated penetration tests against them. You may not:
- Test or attack platform infrastructure (the K8s control plane, the runtime images, our admin/operator surfaces, our internal APIs)
- Test or attack other tenants\' workloads or accounts
- Send us novel exploit traffic against the platform without our explicit pre-authorization — coordinate with
[email protected]
Vulnerability reports against the platform itself: [email protected]. We do not currently run a paid bug bounty but acknowledge good-faith reporters in writing.
5. Resource limits + fair use
- Each plan has documented CPU + memory limits per container (see /api/agent/service-catalog).
- Sustained 100% CPU saturation for hours/days is not a workload pattern this product is priced for. We will reach out before taking action.
- Tarball uploads are capped at 500 MiB per deploy.
- The platform\'s storage tier (
/app) is 2 GiB per container. Long-term backups belong on external object storage; /data is for runtime state with platform-managed backup.
- We may impose temporary rate limits on the API to protect shared infrastructure. Permanent limits are communicated in advance.
6. Enforcement
For most AUP violations we will:
- Contact the account email with a description of the issue and a reasonable remediation window (typically 24–72 hours)
- If unaddressed, suspend the relevant app or the account
- For repeat or severe violations, terminate the account per the Terms
For clear and immediate violations (CSAM, active attack traffic, credible threats, sanctioned-party usage), we will act first and notify after. We comply with valid legal process and may preserve, disclose, or remove content as required by law.
7. Reporting abuse
To report abuse of the platform: [email protected]. Include the URL, the nature of the abuse, and evidence (screenshots, headers). We acknowledge reports within one business day and investigate.
8. Changes
Material updates to this AUP are noticed by email at least 30 days in advance. Non-material updates (clarifications, typo fixes) take effect on posting.