Acceptable Use Policy

This Acceptable Use Policy ("AUP") governs your use of the Goodspeed platform and any applications you build, generate, deploy, or distribute using Goodspeed (collectively, the "Service"). The AUP is part of and incorporated into the Terms of Service. Violation of this AUP is a material breach of those Terms and may result in suspension or termination of your account, removal of generated content, takedown of subdomains we have provisioned for you, refusal of refunds, referral to law enforcement, and reporting to applicable third-party stores (Apple, Google, GitHub).

You are responsible for every application, prompt, attachment, and piece of content you submit to Goodspeed, and for every application you ship, distribute, or operate using outputs from Goodspeed, even when an underlying AI model generated some or all of it.

1. Prohibited Content and Conduct

You will not use the Service, and you will not build, deploy, or distribute any application using the Service, that does or attempts to do any of the following:

1.1 Illegal Activity

• Violate any applicable law, regulation, court order, or other legal mandate.
• Facilitate or encourage activity that is illegal in the user's jurisdiction or in the United States.
• Engage in fraud, market manipulation, money laundering, terrorist financing, or other financial crimes.
• Violate trade-sanctions or export-control laws, including but not limited to those administered by the US Office of Foreign Assets Control (OFAC).

1.2 Harmful Content

• Sexually exploit, abuse, or endanger minors, including any content that depicts, describes, or solicits CSAM (child sexual abuse material).
• Promote, glorify, or incite violence, self-harm, suicide, eating disorders, or terrorism.
• Promote hatred or violence against an individual or group based on race, ethnicity, national origin, religion, sex, sexual orientation, gender identity, disability, age, veteran status, or any other protected class.
• Harass, bully, stalk, threaten, defame, or impersonate any person or entity.
• Disclose another person's private information (doxxing) without their consent.
• Produce non-consensual intimate imagery or deepfakes that purport to depict a real person without their explicit consent.

1.3 Infringement and IP Theft

• Infringe any third party's intellectual-property right, including copyright, trademark, patent, trade secret, or right of publicity.
• Use the Service to reproduce, distribute, or perform copyrighted works without authorization (including code, art, video, music, fonts, datasets, and APIs).
• Misappropriate trade secrets or confidential information.
• Use the Service to clone or imitate the brand identity, product features, or distinguishing characteristics of a third party in a manner that is likely to confuse consumers.

1.4 Deception, Fraud, and Misrepresentation

• Build or distribute applications that scam users, defraud users, or otherwise extract money or value through deception.
• Make false or misleading claims about your product, your company, or any third party.
• Operate phishing pages, fake login pages, scam landing pages, or "look-alike" sites.
• Operate paid review schemes, fake-review schemes, fake-engagement services, or any service that creates artificial social proof.
• Use the Service to misrepresent the source or authenticity of communications (including by spoofing emails, SMS, or callerID).

1.5 Spam and Abusive Outreach

• Send unsolicited commercial email, SMS, push notifications, or other messages in violation of CAN-SPAM, the TCPA, GDPR/PECR, the Canadian Anti-Spam Legislation (CASL), or any equivalent law.
• Build any application that performs bulk outreach without the recipient's prior express consent.
• Build any application that scrapes, harvests, or collects email addresses, phone numbers, or other contact information without authorization.

1.6 Malware and Disruptive Code

• Generate, deploy, or distribute malware, viruses, worms, ransomware, trojans, spyware, adware, cryptominers, rootkits, keyloggers, or any other code intended to cause harm or unauthorized access.
• Build offensive-security tools (port scanners, exploit kits, credential stuffers, password sprayers) without verifiable authorization from the target and applicable bug-bounty terms.
• Generate or distribute "jailbreaks" or rooting tools for devices, operating systems, or accounts you do not own.

1.7 Privacy Violations

• Collect, process, or store personal information about end users in violation of applicable law (GDPR, CCPA, COPPA, HIPAA, GLBA, or any other privacy law).
• Collect protected health information (PHI) covered by HIPAA, including via applications built with the Service, unless you have implemented your own HIPAA-compliant infrastructure separate from Goodspeed (Goodspeed is not a HIPAA business associate).
• Collect cardholder data subject to PCI-DSS outside of Stripe or another PCI-DSS-compliant processor.
• Track users via cross-site or cross-app identifiers without disclosure and consent where required.

1.8 Adult Content, Regulated Industries, and High-Risk Use Cases

The Service is not approved for, and may not be used for:

• Adult content (pornography, sexual services, sexually explicit material).
• Gambling, sports betting, lotteries, daily-fantasy-sports games, or other regulated gaming activities.
• Firearms, ammunition, explosives, or weapons sales or services.
• Recreational drugs, prescription pharmaceuticals, or controlled substances.
• Cryptocurrency exchanges, custodians, ICOs, token sales, or other regulated financial activity.
• Credit reporting, debt collection, employment screening, or tenant screening covered by the Fair Credit Reporting Act (FCRA).
• Insurance underwriting or claims adjudication.
• Healthcare diagnosis, medical-device function, or clinical decision support.
• Legal advice, tax advice, or financial advice to consumers.
• Critical infrastructure, public-safety operations, or any system whose failure could result in death, personal injury, or environmental harm.

If you want to use the Service for any of the above, contact legal@goodspeed.app to discuss whether a custom agreement is possible. We may decline.

1.9 Abuse of the Platform

• Reverse-engineer, decompile, or attempt to extract the source code of the Service except as permitted by law.
• Attempt to bypass, circumvent, or interfere with rate limits, usage caps, billing, authentication, or content controls.
• Attempt to access another user's account, content, or generated applications without authorization.
• Use the Service to compete with Goodspeed, develop a substantially similar service, or train a model that competes with Goodspeed.
• Resell, sublicense, or lease the Service to third parties without our written consent. (This does not prohibit you from distributing applications you have generated; the prohibition is on reselling Goodspeed itself.)
• Exceed reasonable load on the Service through automated scripts, scrapers, or stress testing not coordinated with us.

1.10 AI-Specific Abuses

• Attempt to extract, copy, or reverse-engineer the underlying AI models or their weights.
• Attempt to "jailbreak" the Service's safety controls to produce prohibited content.
• Use the Service to mass-generate synthetic identities, fake accounts, or AI-generated content intended to deceive (including for opinion manipulation, election interference, or manufactured grassroots campaigns).
• Operate an autonomous agent that uses the Service to take actions in the world without human-in-the-loop supervision, where those actions could cause harm to others.

2. Your Applications

If you build an application using the Service and deploy it (whether on a Goodspeed-provisioned subdomain, the App Store, Google Play, or anywhere else):

• You remain solely responsible for the application: its compliance with law, its terms of service, its privacy policy, its security, its content, its conduct of business, and its support of end users.
• You will provide your own terms of service and privacy policy as required by law.
• You will obtain valid consents from your end users for any data collection or processing.
• You will not represent Goodspeed as the publisher, operator, or owner of your application.
• You will respond to lawful takedown demands (DMCA, GDPR erasure, etc.) directed to your application yourself.
• You will not direct end-user privacy requests to Goodspeed when those requests concern data held in your application; you are the controller of that data, and Goodspeed is at most a sub-processor for the infrastructure leg of it.

We may, at our discretion, take down a Goodspeed-provisioned subdomain or remove generated content from our infrastructure if we receive credible legal complaints or detect AUP violations. We will use reasonable efforts to notify you, except where doing so would be unlawful or counterproductive.

3. Reporting Violations

If you become aware of any violation of this AUP, report it to:

• General abuse and AUP violations: legal@goodspeed.app
• Security vulnerabilities: security@goodspeed.app
• Copyright infringement (DMCA notices): see Section 4
• Child sexual abuse material: report to the National Center for Missing & Exploited Children at https://report.cybertip.org/ and email legal@goodspeed.app with the report ID. We cooperate with law enforcement on every CSAM report.

4. DMCA Takedown

We respect intellectual-property rights. If you believe content on the Service infringes your copyright, send a notice meeting the Digital Millennium Copyright Act (17 U.S.C. § 512(c)(3)) requirements to our designated agent:

• Designated DMCA agent: Goodspeed Apps LLC, Attn: DMCA Agent, <company address to come>, legal@goodspeed.app

A valid notice must include:

1. A physical or electronic signature of the copyright owner or authorized agent;
2. Identification of the copyrighted work claimed to have been infringed;
3. Identification of the material on the Service that is claimed to be infringing and that we should remove, with sufficient detail to locate it (e.g., URL);
4. Your contact information (address, telephone, email);
5. A statement that you have a good-faith belief that the use is not authorized by the copyright owner, its agent, or the law;
6. A statement, under penalty of perjury, that the information is accurate and that you are authorized to act on behalf of the copyright owner.

We will respond to valid notices in accordance with the DMCA. We may, in appropriate circumstances, terminate the accounts of repeat infringers.

Counter-notices may be submitted in accordance with 17 U.S.C. § 512(g)(3).

5. Enforcement

We may investigate violations and take any action we believe appropriate, including:

• Issuing a warning.
• Suspending account access pending investigation.
• Terminating the account.
• Removing generated content or applications from our infrastructure.
• Withholding refunds for accounts terminated for material AUP violations.
• Cooperating with law enforcement, including in response to subpoenas, court orders, or imminent-risk requests.

We are not obligated to investigate every report, and our decisions are final. Enforcement of, or failure to enforce, this AUP in one instance is not a waiver of our right to enforce it in another.

6. Changes

We may update this AUP from time to time. We will post the updated AUP with an updated "Last Updated" date. Material changes will be communicated with at least 14 days' notice, except where shorter notice is required by law, urgent safety need, or to address ongoing harm.

7. Questions

Questions or interpretations of this AUP: legal@goodspeed.app