Acceptable Use Policy

1. Prohibited content

You may not use ChiefLab to generate, store, publish, or send:

• Illegal content under any applicable jurisdiction — including child sexual abuse material, terrorist content, or content inciting imminent violence.
• Malware, exploits, or code intended to compromise systems or steal credentials.
• Content that infringes copyrights, trademarks, patents, or trade secrets you do not have license to use.
• Defamatory statements about identifiable persons or businesses, harassment targeting a named individual, or threats of violence.
• Knowingly false claims that could cause material harm — financial fraud, public-health misinformation, election manipulation, deceptive medical / legal / professional advice.
• Deepfakes or other synthetic-media content depicting real people without their consent.

2. Prohibited purposes

You may not use ChiefLab to:

• Send unsolicited bulk outbound where applicable law requires consent — CAN-SPAM (US), CASL (Canada), PECR + UK GDPR (UK), GDPR + ePrivacy (EU), PDPA + Spam Control Act (Singapore). Compliance is your obligation; we provide the tool.
• Run outbound against harvested lists — emails scraped without consent, contact lists purchased without verified provenance, leaked databases.
• Impersonate real persons, real companies, or government agencies. Brand-personification content must be clearly attributed to your brand, not posed as a third party.
• Phish or socially engineer people who have not transacted with you.
• Generate content designed to manipulate elections, public-health discourse, financial markets, or other regulated domains.
• Circumvent rate limits, abuse signup endpoints, or use multiple accounts to exceed plan caps.

3. Platform compliance — your responsibility

LinkedIn, X / Twitter, Threads, Instagram, Facebook, Bluesky, TikTok, Discord, and every email provider operate under their own Terms of Service governing automated posting, automated replies, automated DMs, automated connection requests, and the use of OAuth tokens by third-party tools.

You are responsible for ensuring your use of ChiefLab connectors complies with the platform ToS of each platform you publish to. We do not independently verify your compliance.

In particular: automated DM responses (even to your own DMs) may violate platform ToS regardless of OAuth scope. The ChiefLab connector approval gate puts you in the loop on every action; using the approval gate as a rubber stamp does not shift the platform-ToS obligation back to us. The gate is a tool for you to comply, not a substitute for compliance.

4. Rate and volume limits

Default rate limit is 60 API calls / minute per workspace. The signup endpoint is rate-limited at 5 calls / IP / hour. These limits protect everyone using the service; do not try to circumvent them with multiple workspaces or IP rotation.

High-volume outbound (more than 10,000 sends / month) requires Enterprise tier with custom limits and dedicated capacity. Contact hi@chieflab.io before scaling outbound.

5. Reporting

• Abuse reports (someone is using ChiefLab against you): hi@chieflab.io.
• Security vulnerabilities: security@chieflab.io; full policy at /security.
• Legal requests (law enforcement, subpoenas): legal@chieflab.io. We respond to validly served, lawful requests and will challenge overbroad or improper ones.

6. Enforcement

We may suspend or terminate access to workspaces that violate this AUP. Where reasonable, we give notice and an opportunity to cure. We suspend immediately, without prior notice, for:

• Content harmful to people (CSAM, threats of violence, harassment of identifiable individuals).
• Active malware distribution or active phishing campaigns.
• Conduct that creates an imminent legal risk to ChiefLab or other customers.

Disputes about enforcement decisions: legal@chieflab.io.

7. Changes

We will give 30 days notice of material changes via email and a banner in /app. This page tracks the last-updated date.