This Acceptable Use Policy ("AUP") applies to every use of the Blockchain0x service. It is binding on:

• Workspace owners who create or manage a Blockchain0x account, including the legal entity if applicable.
• Users and team members invited to a workspace.
• AI agents operated through any account on the Service, including agents you operate on behalf of end users.
• End users of products you build that are powered by Blockchain0x infrastructure, to the extent your product surfaces Blockchain0x-paid actions to them.

The workspace owner is responsible for ensuring all of the above comply with this AUP, including agents that are technically autonomous. "I didn't tell my agent to do that" is not an excuse - configure spend policies and counterparty controls appropriately.

You and your agents must not use the Service to engage in any of the following financial activities:

• Fraud and theft. Misrepresenting goods or services, taking payment without intent to deliver, identity theft, account-takeover-driven payments, invoice fraud, business-email-compromise payouts, or romance/relationship-driven scams.
• Money laundering. Structuring transactions to evade reporting thresholds, layering through multiple wallets to obscure source, integration of illicit proceeds into legitimate flows, or mixing services intended to break the traceability of funds.
• Terror financing. Paying, fundraising for, or facilitating payments to any designated terrorist organisation or any group whose payments would constitute terror financing under applicable law.
• Sanctions evasion. Routing payments to, from, or for the benefit of any sanctioned person, entity, or jurisdiction (UN, US OFAC, EU, UK, India, or other applicable sanctions regimes).
• Ransomware payouts. Paying ransom to attackers as a service or marketplace facilitator. Affected victims should consult law enforcement; we cannot serve as a payment rail for ransom infrastructure.
• Market manipulation. Wash trading, pump-and-dump schemes, spoofing, layering, or other manipulation in any market accessed via or paid for via the Service.
• Unlicensed financial services. Operating an unlicensed money-transmission, exchange, custody, or banking service through the Service.
• Gambling outside lawful jurisdictions. Processing payments to or from gambling, lottery, or similar operations not licensed in the buyer's and the operator's jurisdictions.

You and your agents must not use the Service to pay for, sell, distribute, or facilitate any of:

• Child sexual abuse material (CSAM) in any form, or any content sexualising minors. Zero tolerance; we will report to NCMEC and equivalent authorities.
• Non-consensual intimate imagery or content that exposes a person's intimate parts without their consent.
• Content that incites or facilitates violence, including terrorism, hate crimes, or genocide.
• Targeted harassment, doxxing, or stalking of any person.
• Hate speech targeting protected classes (race, ethnicity, religion, national origin, gender, sexual orientation, disability, etc).
• Controlled substances regulated where the buyer or the seller is located, including unlawful narcotics and prescription medication sold without authorisation.
• Weapons, weapon components, and ammunition sold without applicable licences or shipped to jurisdictions where their possession is unlawful.
• Human trafficking, forced labour, or smuggling-related goods or services.
• Stolen or hacked goods, services, or accounts, including stolen credentials, exfiltrated data, or unauthorised access to systems.
• Counterfeit, infringing, or pirated goods or content, including counterfeit pharmaceuticals.

You and your agents must not:

• Attempt to bypass authentication, authorisation, rate limits, spend policies, allowlists, audit logs, or any other access or safety control we operate.
• Run denial-of-service attacks, mass scraping, or load designed to degrade the Service for others.
• Reverse-engineer, decompile, or extract source code from the Service, except where local law expressly permits and only to the minimum extent required.
• Probe, scan, or test the vulnerability of the Service outside of the documented bug-bounty program at /security. Out-of-scope security testing is treated as unauthorised access.
• Use credentials that are not yours, including shared API keys obtained from another customer, leaked secrets, or test keys belonging to someone else.
• Re-sell, sublicense, or white-label the Service without a separate written agreement.
• Use the Service to build a competing service, train a derivative product on our public output, or extract our APIs for the purpose of cloning them.
• Misrepresent your identity, the identity of your agent, your organisation, your jurisdiction, or the nature of your use case during signup, verification, or sanctions screening.

AI agents introduce a class of behaviours that warrant explicit prohibition. Your agent must not:

• Initiate payments without proper authority. Every payment your agent makes must be inside the spend policy you configured. Disabling the policy, raising its limits from inside the agent's code, or routing around it through a different account is a violation.
• Pay attacker-controlled wallets under prompt injection. If your spend policy allows wide counterparty surfaces, that is your choice; we strongly recommend allowlists where the agent's payee set is finite. Repeated prompt-injected payment redirection without operational response (no incident review, no policy tightening) constitutes negligent operation.
• Coordinate with other agents to circumvent each-agent caps. Splitting a payment across many agents to evade per-agent ceilings is treated as a single violation by the workspace owner.
• Impersonate another named agent or claim verification badges the agent did not earn.
• Generate content for fraud at scale, including phishing pages, fake product listings, or impersonation of a real person or company designed to extract money.
• Pay for or generate disinformation campaigns, including coordinated inauthentic behaviour on public platforms.

The Blockchain0x identity layer (public agent profile, verification badges, transaction history) exists so that counterparties can trust agents they have not transacted with before. Misuse of this layer is treated seriously. You must not:

• Apply for or display verification badges using credentials, domains, or GitHub organisations you do not control.
• Publish false claims on an agent's public profile about its purpose, ownership, certifications, or compliance status.
• Operate multiple agents under different identities to obscure that they are operated by the same workspace owner, when doing so would create a misleading impression to counterparties.
• Use the badge system to suggest endorsements or affiliations that do not exist.

If you observe a Blockchain0x customer or agent violating this AUP, report it:

• General abuse: [email protected]
• CSAM, terror financing, or imminent harm: [email protected] with "URGENT" in the subject; we triage urgent reports within four hours during the working week. For CSAM we will also coordinate with NCMEC; for terror financing we will coordinate with applicable authorities.
• Sanctions concerns: [email protected]
• Security vulnerabilities: see /security for the responsible-disclosure path.

Provide as much specificity as possible: agent slug or workspace ID if known, the URLs or wallet addresses involved, screenshots, and the time of the observed behaviour. We do not publicly identify reporters without their consent.

If we determine that an account, agent, or workspace owner has violated this AUP, we may take any combination of the following actions, at our sole discretion and without prior notice where appropriate:

• Warning and required remediation within a stated deadline for first-time or minor violations.
• Tightening of the offending agent's spend policy, including emergency policy injection to halt outflows pending review.
• Suspension of the agent, the workspace, or the account.
• Permanent termination of the account and forfeiture of any prepaid balance.
• Blacklisting of the customer's payment methods and identifying information from future signups.
• Reporting to law enforcement, regulators, or relevant industry bodies where required by law or where the activity is serious enough to warrant it.

For violations involving CSAM, terror financing, sanctions evasion, or active fraud, we will move directly to termination and external reporting; intermediate steps do not apply.

If your account is suspended or terminated and you believe the action was based on a factual mistake, you may appeal by emailing [email protected] within 30 days of the action. Include your workspace ID, the nature of the dispute, and any evidence relevant to the review.

We review appeals within 10 business days. Decisions on appeal are final. We do not reinstate accounts terminated for CSAM, terror financing, sanctions evasion, or repeated severe violations.

Questions about this Acceptable Use Policy, including borderline use cases you want to clear before building:

General: [email protected]

Abuse reports: [email protected]

Appeals: [email protected]