Acceptable Use Policy

This Acceptable Use Policy (“AUP”) defines the rules for responsible use of the FixedCostAgents platform (operated by FixedCostAgents.com, LLC). It is incorporated by reference into our Terms of Service. All customers, portal users, and assistants operating on the platform must comply with this policy.

FixedCostAgents is a shared infrastructure platform. Your conduct affects the security, performance, and reliability of the Service for all customers. This policy exists to protect everyone on the platform while giving you broad freedom to use your AI assistants productively.

You may not use the Service, directly or through your AI assistants, for any of the following purposes:

2.1 Illegal Activity

• Any activity that violates applicable local, state, national, or international law or regulation
• Fraud, phishing, identity theft, financial scams, or deceptive schemes
• Distribution of child sexual abuse material (CSAM) or exploitation of minors in any form
• Trafficking in illegal goods, services, or substances
• Money laundering or terrorist financing

2.2 Harm to Others

• Harassment, bullying, stalking, intimidation, or threats of violence against any person
• Generating or distributing non-consensual intimate imagery
• Impersonating real individuals without their explicit consent, including public figures, to deceive others
• Coordinated inauthentic behavior, including operating bot networks to manipulate public discourse
• Generating disinformation or synthetic media designed to mislead, manipulate elections, or undermine public trust

2.3 Spam and Unsolicited Communications

• Sending unsolicited bulk messages via any messaging platform (email, SMS, WhatsApp, Telegram, Slack, Discord, or any other channel)
• Automated mass outreach that violates the terms of service of the underlying messaging platform
• Using assistants to scrape contact information for spam purposes
• Creating multiple accounts to circumvent rate limits or enforcement actions

2.4 Infrastructure Abuse

• Attempting to escape the container sandbox, access other customers' data or containers, or perform lateral movement within the platform infrastructure
• Cryptomining, cryptocurrency operations, or any resource-intensive computation unrelated to the Service's intended purpose
• Running denial-of-service (DoS) attacks or participating in distributed denial-of-service (DDoS) attacks against any target, including our own infrastructure
• Attempting to bypass egress filtering, rate limits, or other security controls (including DNS tunneling, domain fronting, or traffic obfuscation)
• Scanning, probing, or exploiting vulnerabilities in the platform or other customers' deployments without prior written authorization from FixedCostAgents
• Using the Service as a proxy, VPN, or relay to obscure the origin of network traffic
• Storing or transmitting malware, viruses, ransomware, or other malicious code

2.5 Intellectual Property Violations

• Using the Service to infringe on copyrights, trademarks, patents, or other intellectual property rights of third parties
• Operating assistants that systematically scrape, copy, or redistribute copyrighted content without authorization
• Using the Service to circumvent digital rights management (DRM) or other access controls

DMCA Notices: If you believe that content on the platform infringes your copyright, you may submit a notice under the Digital Millennium Copyright Act (DMCA) to our designated agent at support@fixedcostagents.com with the subject line “DMCA Notice.” Your notice must include: (a) identification of the copyrighted work claimed to be infringed; (b) identification of the material that is claimed to be infringing and its location on the platform; (c) your contact information; (d) a statement that you have a good-faith belief that use of the material is not authorized by the copyright owner; and (e) a statement, under penalty of perjury, that the information in the notice is accurate and that you are authorized to act on behalf of the copyright owner. We will respond to valid DMCA notices in accordance with the DMCA and may remove or disable access to the allegedly infringing material.

2.6 Regulated Industries Without Compliance

• Processing protected health information (PHI) subject to HIPAA without a Business Associate Agreement (the Service is not currently HIPAA-compliant)
• Processing payment card data subject to PCI DSS through the platform (use Stripe or a PCI-compliant processor directly)
• Automated decision-making in high-stakes domains (employment, credit, housing, criminal justice) without appropriate human oversight and compliance with applicable regulations
• Deploying assistants in contexts where children under 13 may interact with them without complying with the Children's Online Privacy Protection Act (COPPA), including obtaining verifiable parental consent where required. If you deploy assistants in settings accessible to minors (such as family messaging groups or customer-facing channels), you are responsible for ensuring compliance with all applicable child privacy laws

2.7 Unauthorized Use of Third-Party Personal Information

You may only use the Service to process the personally identifiable information (PII) of individuals who have a direct relationship with you or your business. Permitted uses include:

• Your own employees, contractors, or team members
• Your customers, clients, or business contacts
• Household members and family (e.g., coordinating schedules, meal planning, shared shopping lists)
• Individuals who have explicitly consented to your assistant acting on information about them

You may not use the Service to collect, aggregate, store, or act upon the personal information of individuals who have no relationship with you or your organization. Specifically prohibited:

• Surveillance, monitoring, or tracking of individuals without their knowledge or consent
• Compiling dossiers, profiles, or intelligence on unaffiliated third parties
• Scraping or aggregating personal information from social media, public records, or other sources about people who are not your customers, employees, or contacts
• Using assistants to contact, research, or gather information about individuals for purposes of harassment, intimidation, or unwanted attention (see also Section 2.2)

Legitimate business research exception: Nothing in this section prohibits reasonable business research activities such as reviewing publicly available business information about prospective clients or partners, researching companies (not individuals) for sales or partnership purposes, or monitoring publicly available information relevant to your industry. The prohibition targets surveillance, profiling, and data aggregation about individuals who have no relationship with you — not ordinary business intelligence about companies and markets.

In short: your assistant should work with the people in your world — your team, your customers, your family. It should not be used to investigate, surveil, or build profiles on people who have no connection to you or your business.

Each tier includes generous rate limits designed to support productive use:

Graceful degradation, never hard blocking: When you exceed a rate limit, you will experience increased latency (your requests are queued rather than rejected). We never hard-block access to the AI inference service. There are no overage charges — all tiers are fixed monthly pricing.

Fair use principle: Rate limits exist to ensure fair access for all customers sharing the inference infrastructure. Sustained, intentional attempts to monopolize shared resources beyond your tier's allocation may be treated as an AUP violation. Normal burst usage during productive work is expected and welcome.

You are responsible for all content processed by, generated by, stored in, or transmitted through your AI assistants. You must not use the Service to process, generate, or store content that:

• Constitutes or promotes child sexual abuse material in any form
• Contains detailed instructions for creating weapons of mass destruction (biological, chemical, nuclear, radiological)
• Promotes terrorism, violent extremism, or provides material support to designated terrorist organizations
• Contains non-consensual intimate imagery of real individuals
• Is designed to generate malware, exploits, or tools for unauthorized access to computer systems

We do not proactively monitor the content of your conversations or assistant outputs. However, if we become aware of content that violates this policy (through automated abuse detection signals, reports from messaging platforms, or other means), we will take enforcement action as described in Section 7.

While we provide extensive security infrastructure (container isolation, encryption, outbound traffic filtering, network isolation), you share responsibility for the security of your account:

• Credential security: Keep your portal login credentials, BYOK API keys, and webhook bearer tokens confidential. Do not share them in public repositories, chat channels, or unencrypted communications.
• Key rotation: Rotate compromised BYOK credentials immediately through the customer portal. Notify us at support@fixedcostagents.com if you suspect unauthorized access to your account.
• Assistant supervision: Monitor your assistants' behavior, especially when deploying new skills or configurations. You are responsible for the actions your assistants take on your behalf across connected messaging platforms and integrations.
• Responsible disclosure: If you discover a security vulnerability in the platform, report it to support@fixedcostagents.com rather than exploiting it. Do not access other customers' data or systems as part of any security testing without our written authorization.

Security researcher safe harbor: We will not pursue legal action against security researchers who discover and report vulnerabilities in good faith, provided they: (a) do not access, modify, or delete other customers' data; (b) do not degrade the service for other customers; (c) make a good-faith effort to avoid privacy violations; (d) promptly report the vulnerability to us before disclosing it publicly; and (e) give us a reasonable period (at least 90 days) to address the vulnerability before any public disclosure. If you are conducting security research and are unsure whether your activity falls within this safe harbor, contact us at support@fixedcostagents.com before proceeding.

To protect the platform and all customers, we employ automated monitoring systems that detect potential policy violations. These systems analyze:

• Outbound message rates: Assistants exceeding normal messaging volumes trigger review (assistant flood protection: 20 messages/min per assistant per channel, with circuit breaker at 500/hr warning and 1,000/hr auto-pause)
• Spam pattern detection: Automated analysis of outbound message patterns for indicators of bulk unsolicited messaging
• Resource consumption anomalies: Unusual CPU, memory, network, or storage patterns that may indicate cryptocurrency mining, unauthorized computation, or container escape attempts
• Egress violations: Attempts to connect to unauthorized external endpoints are logged and flagged
• Container behavior: Suspicious syscall patterns, filesystem access outside permitted paths, and network namespace escape attempts

We do not routinely read the content of your conversations or assistant outputs. Automated monitoring focuses on behavioral signals (volume, patterns, resource consumption), not message content. Content review occurs only when automated systems flag a potential violation for manual review.

Law enforcement cooperation: We may disclose account information and content data to law enforcement authorities when required to do so by valid legal process (such as a subpoena, court order, or search warrant), or when we have a good-faith belief that disclosure is necessary to prevent imminent harm, protect the safety of any person, or report suspected criminal activity. We will notify you of law enforcement requests for your data unless we are legally prohibited from doing so (e.g., by a court-issued gag order or the terms of an applicable statute). For more information on how we handle law enforcement requests, see our Privacy Policy.

When we identify an AUP violation, we follow a graduated enforcement process. The severity of the violation determines the starting point:

Immediate action: For severe violations that pose an imminent threat to platform security, other customers, or public safety (including but not limited to CSAM, active container escape attempts, active DDoS participation, or distribution of malware), we may skip directly to suspension or termination without prior warning.

Billing during suspension: Subscription charges continue to accrue during any period of suspension as a data preservation fee — your data and account configuration are maintained so that service can be restored promptly once the violation is remediated. If your account is terminated, billing stops at the end of the current paid period in accordance with our Terms of Service. If a suspension is reversed because it was imposed in error or because an appeal under this section determines the enforcement action was unwarranted, we will credit your account for the full subscription amount accrued during the period of suspension.

Mandatory reporting: In accordance with 18 U.S.C. § 2258A, if we become aware of any apparent child sexual abuse material (CSAM) on the platform, we are required by law to report it to the National Center for Missing & Exploited Children (NCMEC). Such reports are made regardless of the enforcement stage and may include account information and relevant content as required by law. We will also cooperate with law enforcement investigations as described in Section 6.

Appeals: If you believe an enforcement action was taken in error, you may appeal by emailing support@fixedcostagents.com with the subject “AUP Appeal.” We will review your case and respond within 5 business days. Appealing a suspension does not automatically restore service during the review period.

Messaging platform enforcement: Third-party messaging platforms (Telegram, WhatsApp, Slack, Discord, etc.) enforce their own acceptable use policies independently. Violations of their policies may result in credential revocation or bans by those platforms, independent of any action we take.

If you become aware of activity on the platform that violates this AUP, please report it to:

Please include as much detail as possible, including any relevant timestamps, message content, or evidence of the violation. Reports are reviewed by our team and handled confidentially. We will not disclose the identity of reporters to the reported party.

We may update this AUP from time to time to address new threats, evolving best practices, or regulatory requirements. We will notify you of material changes by email and by posting a notice in the customer portal at least 30 days before the changes take effect.

Questions about this Acceptable Use Policy? Contact us: