Overview
This Acceptable Use Policy ("AUP") describes what you may and may not do on the Nebula Deck platform. It applies to all use of your workspace, worker containers, browser sessions, and connected channels.
The goal is straightforward: use the Service for legitimate work, don't harm others, don't abuse the infrastructure. We keep this policy as short and clear as possible so there's no ambiguity about where the lines are.
This AUP is part of our Terms of Service.
Prohibited content
You may not use the Service to create, store, process, or distribute:
Any content that sexually exploits or endangers minors. This is reported to law enforcement immediately. No warnings, no second chances.
Viruses, trojans, ransomware, vulnerability exploits, phishing kits, or tools designed to compromise systems you do not own or have authorization to test.
Content targeting individuals with threats, doxxing, stalking, or sustained harassment.
Using connected channels to send unsolicited bulk messages, automated engagement farming, or deceptive commercial communications.
Content designed to deceive, defraud, or impersonate individuals or organizations.
Content subject to legal restrictions (controlled substances, weapons manufacturing instructions, regulated financial services) without applicable licenses or authorization.
Prohibited activities
You may not:
Attempt to access other tenants' workspaces, probe the host system, escalate privileges beyond your container, exploit vulnerabilities in the Service, or interfere with other users' access to the platform.
Attempt to escape your container sandbox, access the Docker socket, modify the host filesystem, or bypass resource limits set by the platform.
Share your workspace credentials with unauthorized users, attempt to access another tenant's credential vault, or attempt to intercept or extract credentials passed to worker containers.
Resell, sublicense, or provide access to your workspace as a service to third parties without our written agreement. You may use the workspace for client work, but you may not multi-tenant your own container.
Use scripts, bots, or automated tools to interact with the platform's management interfaces (dashboard, API) in a way that degrades service for other users.
If you discover a security vulnerability in the Service, please report it to [email protected] rather than exploiting it. We appreciate responsible disclosure and will not take enforcement action against good-faith security research that follows responsible disclosure practices.
Compute usage
Your workspace and worker containers are for AI assistant and development tasks. You may not use them for:
Running any proof-of-work mining software or similar sustained computation.
Using your workspace to host websites, databases, game servers, or services unrelated to the AI workspace functionality.
Running network scans, port scanners, DDoS tools, or any traffic directed at systems you do not own or have authorization to test.
Running CPU or memory-intensive processes unrelated to AI tasks that degrade performance for other tenants on shared infrastructure.
We set resource limits per workspace and worker container. If your usage consistently hits these limits in ways that affect other tenants, we may contact you to discuss your needs or suggest a different tier.
Channel conduct
When you connect messaging platforms (Telegram, Discord, WhatsApp, Slack, etc.) to your workspace, your AI assistant interacts with others on those platforms. You are responsible for:
Ensuring your bot's behavior complies with the terms of service of each connected platform. If a platform bans your bot for policy violations, that is your responsibility.
Making it reasonably clear to people interacting with your bot that they are communicating with an AI, where required by applicable law or platform policy.
Configuring appropriate DM policies, group policies, and allowlists. An open bot that responds to everyone on a public platform is your responsibility to moderate.
LLM provider compliance
Because you bring your own API keys, you have a direct relationship with your LLM providers. You are responsible for complying with each provider's usage policies. Common restrictions include prohibitions on generating certain types of harmful content, usage limits, and data handling requirements.
If an LLM provider revokes your API key or restricts your access due to policy violations, that is between you and the provider. We are not responsible for resolving disputes with your LLM providers.
Reporting violations
If you believe another user is violating this AUP, or if you encounter a Nebula Deck-powered bot that is behaving harmfully on a messaging platform, report it to [email protected] with as much detail as possible.
We investigate all credible reports and take action as described below.
Enforcement
When we identify a violation, our response is proportional to the severity:
For first-time, non-severe violations. We will explain the issue and ask you to correct it.
For repeated violations or significant policy breaches. Your workspace is paused and you have an opportunity to respond before we make a final decision.
For severe violations (child exploitation material, active attacks on infrastructure, criminal activity). Immediate, without prior warning. Data is deleted.
We will always attempt to contact you before taking action, except where immediate action is necessary to protect other users, our infrastructure, or to comply with legal obligations.