NodeFox logoNodeFox

Last updated: April 8, 2026

NODEFOX ACCEPTABLE USE POLICY

Version 1.0 | Effective Date: April 8, 2026 | Last Updated: April 8, 2026

Beta Status Notice: NodeFox is currently provided in beta. Features, behavior, documentation, and controls may change without notice. You must independently validate suitability for your use case and maintain your own safeguards.

IMPORTANT NOTICE

THIS ACCEPTABLE USE POLICY ("AUP" OR "POLICY") DESCRIBES THE RULES AND RESTRICTIONS GOVERNING YOUR USE OF THE NODEFOX PLATFORM, SERVICES, APPLICATION, WEBSITE, APIS, AND RELATED OFFERINGS (COLLECTIVELY, THE "SERVICES") PROVIDED BY NODEFOX LLC ("NODEFOX," "COMPANY," "WE," "US," OR "OUR").

THIS POLICY IS PART OF, AND INCORPORATED INTO, OUR TERMS OF SERVICE AT HTTPS://WWW.NODEFOX.AI/TERMS. BY USING THE SERVICES, YOU AGREE TO COMPLY WITH THIS POLICY. VIOLATION MAY RESULT IN IMMEDIATE SUSPENSION OR TERMINATION WITHOUT NOTICE OR REFUND.

YOU ARE RESPONSIBLE FOR ALL USE OF THE SERVICES UNDER YOUR ACCOUNT, INCLUDING ALL WORKFLOWS, AI FEATURES, AUTONOMOUS ACTIONS, OUTPUTS, INTEGRATIONS, OUTBOUND REQUESTS, AND CODE YOU CREATE OR CONFIGURE — WHETHER INTENTIONAL, ACCIDENTAL, OR CAUSED BY AI VARIABILITY.

THE SERVICES ARE IN BETA. THIS POLICY MAY BE UPDATED WITHOUT NOTICE AS THE SERVICES EVOLVE.

THIS POLICY GOVERNS CONDUCT. ALL LIABILITY, WARRANTY, AND INDEMNIFICATION MATTERS ARE GOVERNED EXCLUSIVELY BY THE TERMS OF SERVICE.

KEY POINTS SUMMARY

This summary is for convenience only, is non-exhaustive, does not create obligations, and does not limit NodeFox's enforcement discretion. The full Policy below controls.

TopicSummary
General RuleUse the Services lawfully, ethically, and in compliance with this Policy
Illegal ActivitiesNo use for any illegal purpose
Harmful ContentNo harmful, abusive, or dangerous content
AI RestrictionsNo AI use for deception, manipulation, harm, jailbreaking, or safety bypass
Autonomous ActionsYou are responsible for all actions your Workflows take
SecurityNo hacking, SSRF, scanning, unauthorized access, or circumvention
Secrets & CredentialsNo hardcoded secrets in shared artifacts; rotate on exposure
Cost & LoopsYou must implement caps, timeouts, and circuit breakers
MarketplaceNo malware, backdoors, exfiltration, or embedded secrets
IPRespect intellectual property rights
System IntegrityNo interference, resource abuse, or sandbox evasion
Export ControlsComply with U.S. export and sanctions laws
EnforcementDiscretionary; may be immediate without notice, cure period, or appeal
ReportingReport violations to abuse@nodefox.ai

PART I: INTRODUCTION AND SCOPE

SECTION 1. PURPOSE AND SCOPE

1.1 Purpose. This Policy establishes rules for acceptable use of the Services. It is intended to promote the protection of NodeFox, users, and the public from harmful conduct, but does not guarantee any particular outcome. NodeFox may deem new abusive patterns violations at any time.

1.2 Scope. This Policy applies to all use of the Services, including: the Site (https://www.nodefox.ai); the platform and web application; the desktop App (if available); APIs and developer tools; the Marketplace; all Workflows, automations, integrations, and outbound requests; all content you upload, create, generate, share, or export; all AI-generated Networks, DSL, Suggest outputs, and code; all Execution Logs, Workspaces, shared links, templates, and Marketplace submissions; and all communications through the Services.

1.3 Who Is Bound. All users: individual, organizational (including Authorized Users), Marketplace Contributors and Purchasers, API users, trial/free tier users, enterprise customers, and any person or entity using the Services.

1.4 Beta Status. The Services are in beta. All prohibitions and requirements apply with equal force to beta and experimental features. Beta increases risk of unexpected outputs, actions, and costs.

1.5 Age Requirement. The Services are for users 18+. By using the Services, you represent you are at least 18.

1.6 Relationship to Terms of Service. This Policy is incorporated into the Terms of Service. Capitalized terms not defined here have TOS meanings. In conflict, the TOS controls unless this Policy is explicitly stricter. This Policy governs conduct only. Liability, disclaimers, indemnification, and warranties are governed exclusively by the TOS.

1.7 Relationship to Other Policies. Read with: Terms of Service; Privacy Policy; Cookie Policy; EULA; and DPA (where applicable).

1.8 Scope of Prohibited Content. All prohibitions in this Policy apply not only to Outputs and generated content, but equally to node configurations, prompts, DSL, templates, schemas, Marketplace listings, comments, variable names, logs, metadata, Workspace names, share links, and any other material within the Services.

SECTION 2. DEFINITIONS

"Abuse" — any use violating this Policy, the TOS, applicable law, or others' rights. "Account" — your NodeFox user account. "AI Features" — any AI, ML, LLM, NLP, or automated capabilities accessible through the Services, whether via third-party providers (using your API keys) or NodeFox directly (including the Suggest feature, DSL generation, AI-generated Networks, code completion, and any future NodeFox model hosting). "API" — NodeFox application programming interfaces. "Authorized Users" — individuals authorized under an organization's Account. "Autonomous Actions" — actions taken by Workflows without human approval for each individual action. "Content" — any data, text, images, audio, video, code, files, or other materials. "Execution Logs" — records of Workflow execution including times, status, errors, and metadata. "Harmful Content" — Content that is dangerous, abusive, violent, threatening, harassing, defamatory, discriminatory, or otherwise harmful. "Input Data" — data you submit to AI Features for processing. "Integration Credentials" — API keys, OAuth tokens, access tokens, refresh tokens, passwords, private keys, or other credentials for third-party integrations. "Malicious Code" — viruses, worms, Trojans, ransomware, spyware, adware, rootkits, keyloggers, or other harmful software. "Marketplace" — the NodeFox marketplace. "Marketplace Content" — templates, workflows, custom nodes, and other content on the Marketplace. "Outputs" — results, data, content, or materials generated by or through the Services. "Restricted Party Lists" — OFAC SDN List, OFAC SSI List, BIS Entity/Denied/Unverified Lists, State Department Debarred Parties List, and similar lists maintained by the EU, UK, UN, or other relevant authorities, as updated from time to time. "Runaway Execution" — uncontrolled loops, recursive self-invocation, fan-out storms, retry storms, or other patterns that consume disproportionate resources or generate uncontrolled costs. "Services" — all websites, software, applications, APIs, platforms, tools, Marketplace, and related offerings provided by NodeFox. "Third-Party Services" — third-party websites, platforms, APIs, AI providers, or services you access through the Services. "User Content" — any content, data, workflows, files, configurations, or materials you create, upload, submit, or generate. "Workflow" — any automated process, sequence, logic flow, node configuration, trigger, action, network, or orchestration created using the Services. "Workspace" — your virtual environment for managing Workflows and configurations.

PART II: GENERAL STANDARDS AND USER RESPONSIBILITIES

SECTION 3. ACCEPTABLE USE PRINCIPLES

3.1 You must use the Services only for lawful purposes in compliance with all applicable laws and this Policy. 3.2 You must use the Services honestly and not engage in fraud, deception, or misrepresentation. 3.3 You must respect the rights, privacy, and dignity of others. 3.4 You must comply with the terms of all Third-Party Services you connect. 3.5 You must not rely on the Services for production, mission-critical, regulated, or high-stakes purposes without appropriate independent safeguards. The Services may be unavailable, unstable, or produce inaccurate results. 3.6 You must not rely on NodeFox's enforcement of this Policy as a security or compliance control. NodeFox is not obligated to detect or prevent violations by any user.

SECTION 4. YOUR RESPONSIBILITIES

4.1 General. You are solely responsible for: all activity under your Account; all User Content; all Workflows and their actions (including Autonomous Actions); all Outputs; compliance with this Policy and applicable law; and all consequences of your use.

4.2 Workflow Responsibility. You are responsible for all actions taken by Workflows, even if autonomous, unexpected, unintended, or caused by AI variability, bugs, timeouts, partial failures, or model hallucination. You must design, test, and monitor Workflows. NodeFox has no duty to review, detect misconfiguration, insecure design, or cost exposure.

4.3 AI Feature Responsibility. AI Features (including Suggest, DSL generation, and AI-generated Networks) produce non-validated Outputs. You are the designer-of-record. You must review and validate all AI Outputs before use. NodeFox has no duty to warn about insecure, costly, or incorrect suggestions.

4.4 Cost Controls. You are responsible for implementing cost controls: spend caps, budgets, max iterations, timeouts, backoff, circuit breakers, and alerts. AI provider fees accrue under your API keys, including during Runaway Executions. NodeFox is not responsible for costs incurred.

4.5 Secrets and Sensitive Data. You must not embed Integration Credentials, API keys, passwords, tokens, secrets, sensitive personal data, or confidential information in plaintext node fields, prompts, code nodes, comments, variable names, Workflow names, logs, templates, Marketplace assets, exports, shared links, screenshots, or support communications. You must rotate credentials immediately upon suspected exposure. NodeFox has no duty to detect or redact secrets.

4.6 Sharing and Export Hygiene. Before sharing Workspaces, Networks, logs, exports, or Marketplace submissions externally, you must sanitize and redact all secrets, sensitive data, and third-party personal information. NodeFox is not responsible for user-caused disclosure.

4.7 Human Oversight. Where you automate decisions affecting individuals, you must implement appropriate human oversight, review, and verification. AI Outputs are tools, not automated decisions by NodeFox about anyone.

4.8 Backup Responsibility. You are solely responsible for backups. NodeFox does not guarantee data persistence or recovery.

4.9 Organizational Responsibility. Organizations are responsible for: Authorized User compliance; access controls and offboarding; training; monitoring; and corrective action. You may not delegate compliance responsibility.

4.10 High-Risk Irreversible Actions. For Workflows capable of irreversible impact (bulk deletion, credential rotation, payout initiation, mass messaging, external writes), you must implement at least one safeguard: approval gate, dry-run mode, limit/threshold check, or human confirmation step. This is your duty; NodeFox has no duty to enforce.

PART III: PROHIBITED USES

SECTION 5. ABSOLUTE PROHIBITIONS

5.1 The following are absolutely prohibited. You may not use the Services:

(a) To violate any applicable law, regulation, or legal obligation; (b) To infringe intellectual property rights; (c) To violate privacy or data protection rights; (d) To harm, threaten, harass, abuse, stalk, or discriminate; (e) To engage in fraud, deception, or misrepresentation; (f) To distribute Malicious Code; (g) To interfere with or disrupt the Services or infrastructure; (h) To gain unauthorized access to systems, data, or accounts; (i) To circumvent security measures, safety controls, rate limits, execution caps, sandbox controls, kill switches, monitoring, or any other restrictions; (j) To resell, redistribute, sublicense, or broker access to the Services, Accounts, Workspaces, share links, Marketplace Content, or integrations without an express Enterprise Reseller Agreement; (k) To compete with NodeFox using insights gained from the Services; (l) To violate Third-Party Service terms; (m) To operate a "Shadow SaaS," API arbitrage business, or "Automation-as-a-Service" offering wrapping NodeFox Workflows for third-party sale without express written authorization; (n) To operate as a general-purpose proxy, VPN, tunneling relay, traffic laundering layer, anonymization bridge, open network relay, CORS-bypass mechanism, or command-and-control channel; (o) To conduct cryptomining, cryptographic hashing, proof-of-work calculations, or distributed compute rental of any kind; (p) To instruct, aid, abet, or facilitate any of the above; or (q) To accomplish indirectly what is prohibited directly.

5.2 These prohibitions apply regardless of intent, perceived legitimacy, or any purported authorization. Labeling conduct as "research," "educational," "demo," "pen test," or "red team" does not create a safe harbor unless you hold express written authorization from NodeFox.

SECTION 6. ILLEGAL ACTIVITIES

6.1 Criminal Activity. You may not use the Services to plan, facilitate, or engage in criminal activity, including: violent crimes; financial crimes (fraud, embezzlement, money laundering, tax evasion, bribery, insider trading, structuring, chargeback abuse, dark-pattern billing); drug crimes; weapons crimes (including WMD); trafficking (human, sex, forced labor, smuggling); child exploitation (CSAM — absolutely prohibited including synthetic/AI-generated depictions); cybercrime (hacking, identity theft, phishing, credential stuffing, brute-forcing); theft; sanctions evasion; or any other criminal conduct.

6.2 Regulatory Violations. You may not violate: securities laws; export controls and sanctions; AML/KYC requirements; data protection and privacy laws; consumer protection laws; healthcare regulations; financial services regulations; telecommunications regulations; or any other applicable regulatory requirements.

6.3 Algorithmic Pricing. You may not build, deploy, or operate automated systems facilitating price coordination, stabilization, fixing, or collusion among competitors, regardless of whether explicit communication occurs.

SECTION 7. HARMFUL CONTENT

You may not use the Services to create, store, distribute, or promote content that: promotes or incites violence; provides dangerous instructions (weapons, explosives, poisons, drugs); facilitates self-harm; endangers, exploits, or sexualizes children; promotes terrorism; incites hatred based on protected characteristics; is gratuitously violent or disturbing; constitutes non-consensual intimate imagery (including AI-generated); constitutes "digital undressing"; or is otherwise illegal. CSAM (including synthetic/AI-generated) is absolutely prohibited with zero tolerance.

Contextual Exception. Limited exceptions may apply for legitimate educational, documentary, scientific, artistic, or journalistic purposes where: content is not gratuitous; serves a legitimate purpose; includes appropriate context; complies with law; and does not violate other provisions.

SECTION 8. HARASSMENT, ABUSE, AND SURVEILLANCE

8.1 Harassment. You may not harass, bully, intimidate, stalk, or target individuals, including via: repeated unwanted contact; threats; doxxing (including via Workflow automation); coordinated campaigns; report brigading; pile-ons; or any conduct intended to harass.

8.2 Surveillance and Stalking. You may not use the Services for: stalkerware; covert monitoring; doxxing-as-a-service; location tracking without consent; covert audio/video capture; stealth logging; credential interception; "employee surveillance" tools deployed covertly; building dossiers, enriching profiles, inferring sensitive traits, or aggregating personal data from multiple sources for surveillance or targeting; or re-identification/deanonymization pipelines.

8.3 Impersonation. You may not impersonate individuals for harassment, defamation, or harm, or create unauthorized voice clones/deepfakes of individuals without explicit written consent.

SECTION 9. FRAUD, DECEPTION, AND MANIPULATION

9.1 Fraud. You may not engage in or facilitate fraud, including: financial fraud/scams; identity fraud; credit card/wire/insurance/securities/healthcare fraud; document fraud (fake IDs, financial statements, tax documents, legal notices, invoices, collection letters); or any scheme to defraud.

9.2 Deception. You may not deceive or mislead, including via: fake identities/personas; disinformation; impersonation; fake reviews/testimonials/endorsements/engagement; market manipulation; phishing/social engineering; scaled spear-phishing (AI-powered personalized deceptive communications at scale); or dark patterns (UI deception, consent harvesting, misleading OAuth flows, fake notices/invoices).

9.3 Synthetic Media. AI-generated media must be clearly disclosed as synthetic. You may not present synthetic content as authentic. You may not use AI Features to systematically rewrite, paraphrase, or obfuscate scraped copyrighted material to evade plagiarism detection or copyright enforcement ("data laundering").

9.4 Impersonation of Officials. You may not impersonate public officials, government agencies, or generate content falsely appearing to be official government or legal communications.

9.5 Election and Civic Integrity. You may not conduct mass political persuasion/manipulation campaigns, coordinated inauthentic behavior, voter suppression, or election disinformation at scale.

9.6 Automated Legal Harassment. You may not use the Services to generate or submit bulk automated legal claims, mass DMCA takedowns, programmatic regulatory complaints (e.g., mass GDPR/DSAR requests), or mass arbitration filings against third parties.

SECTION 10. PRIVACY VIOLATIONS

10.1 You may not violate others' privacy, including via: collecting personal information without consent or lawful basis; unauthorized surveillance/tracking/monitoring; intercepting communications; accessing private accounts/systems; doxxing; scraping personal data without authorization; building personal information databases without consent; collecting data from children; wiretapping or MITM interception of traffic between third-party systems; or violating data protection laws.

10.2 Sensitive Data. You may not collect, process, or expose sensitive personal information without proper authorization, consent, and safeguards. You must comply with all applicable data protection laws.

10.3 Re-identification. You may not attempt to re-identify anonymized data, deanonymize individuals, or derive personal information from aggregated or anonymized datasets.

10.4 Data Transformation for Evasion. You may not transform sensitive data into embeddings, vectors, hashes, or derived formats to evade regulatory obligations.

10.5 Facial Recognition. You may not scrape facial images for facial recognition databases without proper authorization and legal basis.

SECTION 11. INTELLECTUAL PROPERTY

11.1 You may not infringe copyrights, trademarks, patents, or trade secrets. You may not circumvent DRM. You may not reverse engineer, decompile, or derive source code, algorithms, models, or proprietary architecture from the Services. You may not benchmark, analyze, or test the Services for competitive purposes without express written approval. You may not use the Services to develop competing products. You may not remove or alter proprietary notices. You may not exploit NodeFox's geographic infrastructure to bypass DRM, region-locks, or location-based restrictions ("geo-hopping").

11.2 Repeat intellectual property infringement may result in Account termination.

SECTION 12. SECURITY VIOLATIONS

12.1 Unauthorized Access. You may not access systems, networks, accounts, or data without authorization, including: hacking; exploiting vulnerabilities; bypassing authentication; privilege escalation; accessing other users' Accounts or Workspaces; accessing NodeFox internal systems; biometric authentication spoofing (using AI voice cloning, synthetic video, or similar to bypass voice/facial/liveness detection); or credential replay, session hijacking, or token laundering.

12.2 Security Circumvention. You may not circumvent, disable, or interfere with security features, including: access controls; encryption; rate limiting; abuse prevention; monitoring/logging; license verification; stop/pause mechanisms; kill switches; containment protocols; sandbox controls; or any other safety systems.

12.3 SSRF and Internal Network Probing. You may not use Workflows, Code Nodes, webhooks, fetch nodes, or integrations to: execute Server-Side Request Forgery (SSRF); access loopback addresses (127.0.0.1), link-local ranges (169.254.x.x), RFC1918 private ranges, cloud metadata endpoints (169.254.169.254), internal DNS, or private services; conduct port scanning, service enumeration, subdomain probing, or vulnerability scanning against any target (internal or external); or use NodeFox infrastructure as a staging ground for network reconnaissance.

12.4 Credential Abuse. You may not steal, phish, harvest, or misuse credentials, including: phishing flows, OAuth consent manipulation, token capture, session cookie harvesting; prompting others (or AI) to reveal keys/secrets; credential stuffing, password brute-forcing, dictionary attacks, or automated token guessing; or embedding credentials in shared templates/Marketplace Content.

12.5 Security Testing. You may not conduct security testing (penetration testing, vulnerability scanning, load testing, stress testing, soak testing, or automated profiling of capacity/rate-limit thresholds/safety boundaries) against the Services or connected systems without NodeFox's prior express written authorization from security@nodefox.ai. No safe harbor exists for unauthorized testing regardless of intent.

12.6 Sandbox Evasion. You may not attempt to break out of, evade, or compromise the WebAssembly (WASM) runtime, Web Worker sandboxes, or virtualized environments. Any attempt to achieve arbitrary code execution outside the intended boundaries of a Code Node is strictly prohibited.

12.7 Obfuscation for Filter Evasion. You may not use encryption, Base64 encoding, language translation pivoting, multi-step ciphering, or dynamic payload deciphering to evade safety filters, content moderation, or scanning by NodeFox or Third-Party AI Providers.

SECTION 13. SYSTEM INTEGRITY AND RESOURCE ABUSE

13.1 Interference. You may not interfere with or disrupt the Services, including via: denial-of-service attacks; overwhelming systems; introducing Malicious Code; corrupting data; disrupting service for others; HTTP floods or DDoS attacks against third-party targets via Workflows/webhooks; or database connection exhaustion, artificial transaction locks, or "noisy neighbor" attacks.

13.2 Runaway Execution. You may not create Workflows or code that trigger or are reasonably likely to cause: infinite loops, recursive self-invocation, uncontrolled retries, fan-out storms, fork bombs, or other Runaway Execution patterns — regardless of whether intentional or the result of negligent configuration. You may not design workloads primarily to consume resources or generate model/API spend.

13.3 Circumventing Limits. You may not circumvent usage limits via: multiple Accounts; manipulating metrics; exploiting bugs; misrepresenting usage; bypassing rate limits, subscription limits, or payment obligations; or distributed evasion (multi-account, key rotation, proxying).

13.4 Compute Abuse. NodeFox is designed for workflow orchestration and API integration. You may not use Code Nodes, Web Workers, or execution environments for prolonged compute-heavy tasks unrelated to orchestration, including: software compilation (CI/CD), 3D rendering, video transcoding, or massive parallel calculations. You may not use the Services as a general-purpose file hosting service, CDN, or media streaming server.

13.5 Civic Resource Hoarding. You may not automate the rapid booking, scalping, or hoarding of scarce public or civic resources (government appointments, visa slots, park reservations) or programmatic flooding of government comment portals.

13.6 Self-Replicating Agents. You may not configure Workflows to self-replicate, programmatically spawn child Workflows, or generate "Agentic Swarms" that geometrically expand resource consumption without explicit human-initiated approval for each new instance.

SECTION 14. SPAM AND UNSOLICITED COMMUNICATIONS

14.1 You may not send or facilitate spam, including: unsolicited bulk email/SMS/messages; robocalls; chain letters; fake engagement; duplicate/keyword-stuffed content at scale; link schemes; engagement manipulation; or "warming" abuse.

14.2 Compliance. If Workflows send messages, you must: maintain consent, opt-out handling, suppression lists, and lawful basis; comply with CAN-SPAM, CASL, GDPR, TCPA, and similar laws; use accurate headers and valid unsubscribe mechanisms; and not use purchased, scraped, or laundered lists.

14.3 Disclaimer. NodeFox is not responsible for deliverability, blacklisting, or third-party provider enforcement actions.

SECTION 15. MALWARE, SUPPLY-CHAIN, AND MALICIOUS CODE

15.1 You may not create, store, distribute, or deploy: malware of any kind (viruses, worms, Trojans, ransomware, spyware, rootkits, keyloggers, botnets, cryptominers); exploit code, shellcode, phishing kits, or attack tools; or command-and-control infrastructure.

15.2 Supply-Chain Attacks. You may not publish to the Marketplace or share: code containing backdoors, logic bombs, hidden triggers, delayed-activation payloads, obfuscated payloads, or persistence mechanisms; code using dynamic evaluation (eval(), new Function()) or runtime network requests designed to secretly fetch unverified remote payloads; templates designed to exfiltrate data/secrets or silently expand scopes/permissions; or assets containing undisclosed "phone-home" endpoints or telemetry beacons.

15.3 Dead Man's Switches. You may not operate Workflows as "dead man's switch" mechanisms, automated data-dump tools, or programmatic extortion tools designed to release sensitive or illegally obtained information upon failure of a trigger condition.

PART IV: AI FEATURES

SECTION 16. AI GENERAL PRINCIPLES

16.1 AI Features include Suggest, DSL generation, AI-generated Networks, code completion, third-party AI integrations, and any future NodeFox AI capabilities. All AI Outputs are non-validated tools; you are the designer-of-record.

16.2 You must: review and validate AI Outputs before use or deployment; disclose AI involvement where required by law or expected by reasonable users; comply with Third-Party AI Provider terms; and not rely on AI for critical decisions without qualified human oversight.

16.3 NodeFox provides no professional advice (medical, legal, financial, tax, or engineering) through AI Features and provides no compliance assurance regarding AI Outputs.

SECTION 17. AI PROHIBITED USES

17.1 In addition to all general prohibitions, you may not use AI Features for:

(a) Deception and Manipulation: deepfakes to deceive; impersonation; fake news/disinformation; manipulating public opinion; social engineering; subliminal or manipulative techniques distorting behavior; scaled spear-phishing; or fraud.

(b) Harmful Content Generation: violence; harassment; discrimination; child exploitation; self-harm; terrorism; or any Harmful Content.

(c) Privacy Violations: generating content violating privacy; synthetic content featuring real individuals without consent; facilitating surveillance; or building dossiers/enrichment pipelines.

(d) Security Threats: generating malware, exploit code, hacking tools, phishing content; credential stuffing scripts; or scanning/exfiltration automation.

(e) Circumvention: using AI to generate content that would be prohibited if created directly; using prompts to bypass AI safety measures; manipulating AI to produce prohibited outputs; or using multi-run iterative probing to refine jailbreaks.

(f) Undisclosed AI Interaction: deploying AI interacting with external parties without disclosing its non-human identity where required by law or expected by reasonable users.

(g) Parasocial and Psychological Services: deploying AI as unlicensed therapists, counselors, crisis tools, or highly persuasive romantic companions where such systems could cause psychological harm or fail to escalate emergencies.

SECTION 18. AI MODEL AND SAFETY PROTECTIONS

18.1 Jailbreaking. You may not generate, refine, test, or distribute jailbreaks, adversarial prompts, prompt injections, or Workflows designed to bypass model safety mechanisms, content policies, or alignment measures.

18.2 Model Extraction. You may not perform model extraction, inference extraction, cloning, reconstruction, weight extraction, system prompt extraction, tool schema extraction, or internal routing logic extraction.

18.3 Workspace Poisoning. You may not embed adversarial instructions, hidden commands, or jailbreaks into node titles, descriptions, variable names, JSON configurations, or Marketplace Content intended to hijack or manipulate the Suggest, generation, or chat features of other users.

18.4 Data Poisoning. You may not inject corrupted/malicious data into downstream systems; intentionally degrade model behavior via poisoned prompts/templates/Marketplace Content; or seed hidden instructions to hijack tools/workflows.

18.5 Adversarial Inputs. You may not generate inputs intended to compromise, mislead, or degrade ML models, or aggregate/iterate on outputs to infer restricted, proprietary, or confidential information.

18.6 Watermark Evasion. You may not remove, obscure, strip, or evade watermarking, provenance markers, Content Credentials (C2PA), or AI-generated content disclosures.

18.7 Competitive Training. You may not use the Services to train, fine-tune, distill, or develop competing ML models without express written permission.

18.8 Harmful Datasets. You may not create datasets for training models that produce harmful, biased, discriminatory, or unlawful outputs.

18.9 MCP Abuse. You may not use the Model Context Protocol, custom gateway scripts, or external AI connections to proxy malicious traffic, mask attack origins, or access third-party systems without authorization.

SECTION 19. AI AUTOMATION RESTRICTIONS

19.1 Required Controls. For automated AI Workflows, you must implement: spend caps; max iterations and timeouts; backoff and circuit breakers for repeated failures; output validation before side-effect actions (writes, emails, deletes, payments); and error handling for failures and unexpected results. These are your duties; NodeFox has no duty to enforce.

19.2 Prohibited Automations. You may not create automated AI Workflows to: generate spam at scale; conduct harassment; create disinformation; circumvent safety measures through automation; or violate Third-Party AI Provider terms.

19.3 Self-Modifying Workflows. You may not configure Workflows that self-modify to increase privileges, expand scopes, broaden data access, or propagate across Workspaces/organizations without explicit user authorization for each escalation.

19.4 Third-Party AI Compliance. You must comply with each provider's terms. Providers may suspend your keys/accounts, change pricing, or take legal action. NodeFox is not responsible for any third-party provider actions, outages, enforcement, or policy changes.

PART V: WORKFLOW AND INTEGRATION RESTRICTIONS

SECTION 20. WORKFLOW RESTRICTIONS

20.1 All Workflows must comply with this Policy, the TOS, and applicable law.

20.2 Autonomous Actions. You are fully responsible for all Autonomous Actions, regardless of intent, expectation, or cause. Stop/pause may not be immediate; in-flight third-party actions may complete. Workflows may retry or duplicate; you are responsible for idempotency.

20.3 High-Risk Actions. Financial transactions, communications, data modifications, account actions, system commands, legally binding actions, and external API calls with side effects carry higher risk. For these, you must implement commercially reasonable, industry-standard safeguards. The determination and implementation are entirely your responsibility. NodeFox disclaims all liability for safeguard failures. You may not use the Services to execute binding legal contracts, financial obligations, or other legally significant transactions without human confirmation.

20.4 Prohibited Autonomous Actions. You may not create Workflows that autonomously: violate this Policy; harm individuals or organizations; engage in fraud; circumvent security; exceed authorized access; operate as extortion or "dead man's switch" mechanisms; engage in unconstrained economic transactions, "infinite bidding," or algorithmic market-cornering; or take any action you would be prohibited from taking manually.

SECTION 21. EXTERNAL INTEGRATIONS

21.1 You may only integrate with services you are authorized to use, with valid credentials, in compliance with their terms. You are responsible for all actions taken using credentials you provide.

21.2 Outbound Request Restrictions. You may not use outbound requests (fetch, webhooks, integrations) to: access internal/private networks, metadata endpoints, or localhost; conduct scanning, probing, or enumeration; execute HTTP floods or DDoS against any target; bypass CAPTCHAs, paywalls, authentication, robots.txt intent, or anti-bot measures; scrape data where terms prohibit it; or act on third-party accounts you don't own/control.

21.3 Credential Handling. You must use least-privilege token scopes. You may not connect stolen credentials or use OAuth scopes broader than necessary.

21.4 Infrastructure Impersonation. You may not spoof headers, domains, or senders to impersonate brands, vendors, or internal systems, or generate fake webhooks/callbacks intended to fool systems into trusting requests.

21.5 Domain Reputation. You may not use NodeFox-generated URLs, webhooks, or share links to host credential-harvesting forms, deceptive landing pages, or malware droppers. Exploiting NodeFox's domain reputation or SSL certificates to bypass security filters is prohibited.

SECTION 22. DATA PROCESSING

22.1 When Workflows process data, you must: comply with applicable laws; respect data subject rights; implement appropriate security; and not process beyond authorized purposes. You must comply with applicable data protection laws (GDPR, CCPA, etc.) for personal data processing.

22.2 You may not process regulated categories (PHI, PCI, children's data) through the Services unless separately contracted under an appropriate agreement. You assume full compliance responsibility.

PART VI: MARKETPLACE AND API

SECTION 23. MARKETPLACE

23.1 Contributor Responsibilities. Contributors must: ensure compliance with this Policy; accurately describe content; respect intellectual property; and not include Malicious Code, backdoors, embedded secrets, undisclosed phone-home endpoints, or hidden exfiltration logic. Contributors may provide support at their discretion; NodeFox is not responsible for contributor support.

23.2 Prohibited Marketplace Content. You may not publish: content violating this Policy; illegal content; Malicious Code; IP-infringing content; deceptive content; assets containing backdoors, hidden state, logic bombs, obfuscated payloads, or embedded credentials/tokens; assets enabling policy violations; or namespace-squatting/typosquatting registrations. NodeFox may remove or quarantine Marketplace Content without notice and has no duty to pre-screen, vet, or review.

23.3 Purchaser Responsibilities. You must use Marketplace Content in compliance with this Policy and license terms. You may not systematically scrape, harvest, clone, or bulk-download Marketplace Content.

SECTION 24. API USAGE

24.1 API use is subject to this Policy, the TOS, and any API-specific terms. You must use valid credentials, keep them secure, not share them, and rotate if compromised. Do not embed keys in client-side code or public repositories.

24.2 Restrictions. You may not: exceed rate limits or quotas; circumvent access restrictions; access unauthorized features; reverse engineer the Services; create competing products; or use APIs for scanning, probing, abuse, or kill-switch evasion. The prohibition on unauthorized automated access (bots, scrapers, crawlers) applies to non-API surfaces and undocumented endpoints; legitimate documented API use within limits is permitted.

PART VII: ACCOUNT SECURITY

SECTION 25. ACCOUNT REQUIREMENTS

25.1 You must: use strong unique passwords; enable MFA where available; keep credentials confidential; not share Account access; and change passwords if compromise is suspected. You may not share single-seat accounts, sell/transfer Accounts without written permission, access others' Accounts, or create accounts under false identities.

25.2 Burner Account Evasion. You may not register using disposable emails, temporary inboxes, rotating alias services, or automated account-creation scripts for the purpose of evading rate limits, resetting trials, or circumventing enforcement.

25.3 Terminated Account Recreation. You may not create a new Account after termination unless expressly authorized in writing.

25.4 You are responsible for all Account activity, including unauthorized access resulting from your failure to secure your Account. If compromised, immediately: change password; revoke sessions; review activity; rotate all Integration Credentials; and notify security@nodefox.ai.

PART VIII: PROFESSIONAL AND REGULATED USES

SECTION 26. PROFESSIONAL AND REGULATED USES

26.1 You may not use the Services for the following without appropriate professional oversight, required licenses, and full compliance with applicable regulations:

(a) Medical/health/clinical/pharmaceutical decision-making; (b) Legal advice or representation requiring licensed expertise; (c) Financial advising, investment management, lending, underwriting, credit decisioning, or algorithmic trading; (d) Tax advice requiring licensed expertise; (e) Safety-critical engineering; (f) Government, law enforcement, immigration, border control, surveillance, or justice-system applications; (g) Safety-critical systems (aviation, autonomous vehicles, medical devices, industrial controls, nuclear, emergency response, life-safety); (h) Employment, housing, credit, or insurance decisions affecting individuals; (i) Educational assessment materially affecting student outcomes; (j) Social scoring, trustworthiness evaluation, or assessment based on social behavior/personal characteristics; (k) Biometric categorization inferring protected characteristics; (l) Emotion inference in educational or workplace settings for evaluation; or (m) Psychological/parasocial services (unlicensed therapy, crisis intervention, romantic companions creating psychological reliance).

26.2 AI Governance Compliance. You may not use the Services for purposes prohibited or regulated as "high-risk" under applicable AI governance laws (including the EU AI Act, Colorado AI Act, Texas TRAIGA, and similar frameworks) without ensuring full compliance. You may not use the Services in any manner that would cause NodeFox to be classified as provider, manufacturer, or deployer of a High-Risk AI System without NodeFox's express written agreement.

26.3 Healthcare Licensing (California AB 489). You may not deploy AI systems that: use titles implying licensed healthcare professional status; fail to disclose AI interaction when communicating clinical information; or use marketing suggesting clinical authority without verifiable licensed human oversight.

26.4 Emergency Services. You may not use the Services to contact emergency services, make false emergency reports, or as a substitute for life-safety communication systems.

PART IX: EXPORT CONTROL AND SANCTIONS

SECTION 27. EXPORT AND SANCTIONS COMPLIANCE

27.1 The Services may be subject to U.S. export control and sanctions laws (EAR, ITAR, OFAC), EU, UK, and other applicable export regulations.

27.2 You may not export, re-export, or transfer the Services to: any country subject to comprehensive U.S. sanctions (as updated from time to time); any person or entity on Restricted Party Lists; any entity 50%+ owned by restricted persons; or any end-user who will utilize the Services for prohibited purposes (WMD, military in embargoed countries, human rights abuses, surveillance of dissidents/journalists).

27.3 By using the Services, you represent that: you are not located in sanctioned territories; you are not on any restricted party list; you will comply with all applicable export laws; and you will screen your own customers/partners.

27.4 Notify legal@nodefox.ai immediately if you become aware of any actual or potential export/sanctions violation or if you become subject to sanctions.

27.5 NodeFox may immediately suspend access without notice or liability for suspected violations. You agree to cooperate with any investigation. NodeFox does not provide export compliance legal advice; consult qualified counsel.

PART X: REGIONAL COMPLIANCE

SECTION 28. REGIONAL AND GLOBAL COMPLIANCE

28.1 General. This Policy applies globally. Where local law imposes stricter standards, you must comply. Where this Policy is stricter, you must comply with this Policy.

28.2 Disclaimer. The following are illustrative, high-level summaries only and do not constitute legal advice. NodeFox makes no representation these summaries are current or complete and assumes no obligation to update them. Your reliance on these summaries as a basis for regulatory compliance is strictly prohibited. Consult qualified local counsel.

28.3 Data Protection. You must comply with applicable data protection laws in your jurisdiction (including GDPR, UK GDPR, PIPEDA, LGPD, APPI, PIPA, PDPA, PIPL, DPDP Act, Privacy Act 1988, and others).

28.4 AI Governance. You must comply with applicable AI governance laws (EU AI Act, UK Online Safety Act, and similar frameworks) including prohibitions on manipulative/deceptive AI, social scoring, unauthorized biometric identification, and high-risk AI deployments.

28.5 Anti-Spam. You must comply with applicable anti-spam and electronic communications laws (CAN-SPAM, CASL, GDPR/ePrivacy, Spam Act 2003, TCPA, and similar).

28.6 Consumer Protection. You must comply with applicable consumer protection laws, including prohibitions on misleading conduct, unfair terms, and false advertising.

28.7 Content Restrictions. You are responsible for ensuring content complies with local restrictions. Content permissible in some jurisdictions may be prohibited in others.

28.8 China. The Services are not intended for use in the People's Republic of China (excluding Hong Kong, Macau, and Taiwan). Users accessing from China do so at their own risk and are solely responsible for compliance.

28.9 Sanctions-Affected Jurisdictions. The Services may not be available in jurisdictions subject to comprehensive sanctions. You are responsible for compliance.

PART XI: PLATFORM INTEGRITY

SECTION 29. PLATFORM INTEGRITY

29.1 You may not: disable, bypass, or interfere with emergency shutdown mechanisms, kill switches, containment protocols, or safety systems; interfere with or evade monitoring, moderation, content filtering, or auditing; coordinate multiple accounts, bot networks, or agent swarms for artificial amplification, metric manipulation, or scaled abuse; attempt to circumvent this Policy or TOS through technical means, creative interpretation, or otherwise; bypass privacy, data protection, or consent requirements; or attempt to restart, clone, or redistribute workloads to evade termination or throttling.

PART XII: ENFORCEMENT

SECTION 30. MONITORING AND ENFORCEMENT

30.1 NodeFox may, but has no obligation to, monitor use for compliance. We may use automated tools, manual review, or third-party services. NodeFox may use automated tools to detect abuse but has no obligation to detect, investigate, warn, provide reasons, or take any particular action.

30.2 We generally do not access substantive Workflow or Output content for monitoring. We may access content as necessary for: security; abuse prevention; legal compliance; support (when you contact us); platform integrity investigations; or as otherwise permitted in the Privacy Policy.

30.3 NodeFox may investigate suspected violations. During investigations, we may suspend access, review relevant data, and take other action. You must cooperate with reasonable investigation requests.

SECTION 31. CONSEQUENCES

31.1 Discretion. NodeFox has sole and absolute discretion to determine whether a violation has occurred and what consequences are appropriate. Our determinations are final.

31.2 Potential Consequences. Violations may result in: warning (discretionary, not required); content removal or disabling; feature restriction; Account suspension; Account termination; immediate freeze, withholding, or forfeiture of pending Marketplace payouts, revenue shares, or platform credits; reporting to law enforcement; legal action; cooperation with investigations; cost recovery for incident response and abuse handling; and any other action NodeFox deems appropriate.

31.3 No Process Guarantees. NodeFox is not required to provide warnings, cure periods, notice, reasons, or explanations before or after enforcement. Enforcement may be immediate.

31.4 Zero-Tolerance Violations. The following categories warrant immediate enforcement without notice or cure: CSAM; credible threats of violence; malware or credential theft; active exploitation or scanning; sanctions evasion; doxxing or stalkerware; and any conduct posing imminent risk to safety, security, or legal compliance.

31.5 Third-party providers may independently suspend keys/accounts, block IPs/domains, impose fees, or take legal action as a result of your violations. NodeFox has no responsibility for third-party enforcement consequences.

31.6 No Waiver. Failure to enforce in one instance does not waive enforcement in others.

SECTION 32. SUSPENSION AND TERMINATION

32.1 NodeFox may immediately suspend or terminate access without notice if we reasonably believe: you are violating this Policy; your use poses a security risk; your use may subject NodeFox to liability; your use violates law; your use threatens platform integrity; or suspension is required for legal compliance.

32.2 Upon termination: access ends; right to use ends; data may be deleted per our policies; you remain liable for prior violations. No refunds for termination due to violations unless required by law.

32.3 Reinstatement is at NodeFox's sole discretion with no obligation to explain, respond, or reinstate.

SECTION 33. RECONSIDERATION

33.1 If you believe enforcement was in error, you may request reconsideration at legal@nodefox.ai with "Reconsideration" in the subject.

33.2 NodeFox has no obligation to review, respond to, reverse, or explain any enforcement action. There are no guaranteed timelines. Any decision is final.

SECTION 34. REPORTING VIOLATIONS

34.1 Report violations to abuse@nodefox.ai. Include: description; account/identity if known; evidence; and date/time. Anonymous reports accepted.

34.2 Reports must be made in good faith. You may not: submit knowingly false reports; coordinate mass fraudulent reports ("report brigading"); weaponize reporting to harass competitors or coerce outcomes; or include secrets, credentials, or third-party confidential data in reports (sanitization duty).

34.3 Submitting a report does not create confidentiality obligations, a duty to investigate, a duty to respond, or a duty to disclose outcomes. NodeFox may share report content as needed for safety, legal, or investigation purposes.

34.4 NodeFox may take action to address retaliatory conduct reported in good faith, but has no duty to investigate or resolve retaliation claims.

SECTION 35. COOPERATION WITH AUTHORITIES

35.1 NodeFox may cooperate with law enforcement and regulatory authorities as required by law or as we deem necessary. We may disclose information about your use to comply with legal obligations, respond to lawful requests, or protect rights and safety. Where legally permitted, we may attempt to notify you, but have no obligation to do so. We may preserve data in response to legal requests.

PART XIII: CATCH-ALL AND AIDING PROHIBITIONS

SECTION 36. CATCH-ALL PROHIBITION

36.1 In addition to specific prohibitions, you may not use the Services for any purpose or activity that is harmful, malicious, abusive, deceptive, fraudulent, illegal, or detrimental to NodeFox, users, third parties, or the public interest — whether or not specifically enumerated.

36.2 The prohibited activities in this Policy are illustrative and non-exhaustive. NodeFox reserves the right to determine, in its sole and absolute discretion, whether any conduct constitutes a violation, including conduct not specifically listed and emerging threats.

36.3 "Harmful activities" include (without limitation): physical, psychological, financial, or reputational harm; exploitation of vulnerable populations; interference with systems or infrastructure; violation of rights or dignity; undermining public safety or democratic institutions; facilitating criminal activity; creating unreasonable risk; Runaway Execution causing excessive costs or resource consumption; and any conduct a reasonable person would consider harmful.

SECTION 37. PROHIBITION ON AIDING VIOLATIONS

37.1 You may not instruct, aid, abet, encourage, conspire with, procure, or facilitate any person or entity in any prohibited activity — directly or indirectly. You may not provide tools, code, scripts, workflows, templates, prompt libraries, Marketplace assets, or resources designed to facilitate violations. Any attempt to accomplish indirectly what is prohibited directly is itself a violation.

37.2 These prohibitions apply regardless of actual knowledge, provided a reasonable person would have reason to know or suspect the activity is prohibited.

37.3 If you instruct, aid, or facilitate a third party's violation, you are jointly and severally liable for resulting damages in addition to independent liability under this Section.

PART XIV: GENERAL PROVISIONS

SECTION 38. UPDATES

38.1 NodeFox may modify this Policy at any time. We may provide notice by posting the updated Policy, in-Service notice, email, or other means. Continued use constitutes acceptance to the extent permitted by law.

SECTION 39. CONTACT

PurposeContact
Abuse Reportsabuse@nodefox.ai
Security Issuessecurity@nodefox.ai
Privacyprivacy@nodefox.ai
Legal / Appealslegal@nodefox.ai
Supportsupport@nodefox.ai

Mailing: NodeFox LLC, PO Box 1667, Ross, CA 94957, United States

Listing contact addresses does not create response guarantees or service obligations beyond applicable law.

INTERPRETATION AND CONSTRUCTION

Interpretation. Prohibitions are interpreted broadly to effectuate their protective purpose. Examples are illustrative and non-exhaustive. No Waiver. Failure to enforce does not waive future enforcement. Severability. If any provision is invalid, the remainder continues in full force. Headings. For convenience only. Entire Agreement. This Policy, together with the TOS and incorporated policies, constitutes the entire agreement regarding acceptable use. Governing Law. This Policy is governed by the Terms of Service.

ACKNOWLEDGMENT

BY ACCESSING OR USING THE SERVICES, YOU ACKNOWLEDGE THAT YOU HAVE READ, UNDERSTOOD, AND AGREE TO THIS POLICY. VIOLATION MAY RESULT IN IMMEDIATE SUSPENSION OR TERMINATION WITHOUT NOTICE OR REFUND AND MAY SUBJECT YOU TO LEGAL LIABILITY.

END OF ACCEPTABLE USE POLICY

© 2025–2026 NodeFox LLC. All rights reserved.

NodeFox LLC | 2108 N St, Suite N, Sacramento, CA 95816, United States | https://www.nodefox.ai