Acceptable Use Policy

Kuzy is a desktop coding agent for macOS and Windows, with optional hosted services for account, billing, model routing, collaboration, and task history. Because Kuzy can read project context, call tools, browse documentation, and generate or modify code, users must keep their use lawful, authorised, and safe.

This policy applies to the Kuzy app, website, hosted gateway, APIs, support channels, and any feature that connects Kuzy to third-party systems through MCP, OAuth, API keys, or other integrations. Users may not use Kuzy to do something indirectly that this policy prohibits directly.

Defensive security research, vulnerability reproduction, code audit, log analysis, malware understanding, and incident response are allowed when the user has permission to work on the target system or is operating inside a lawful sandbox.

When using Kuzy for security work, users should keep scopes documented, avoid real third-party targets unless authorised, not exfiltrate data, and not turn proof-of-concept code into operational abuse tooling.

Kuzy must not be used for:

• CSAM or sexual content involving minors.
• Credential theft, phishing, account takeover, unauthorised scanning, exploit deployment, persistence, evasion, botnets, data exfiltration, or instructions that materially enable those activities.
• Malware or harmful code whose primary purpose is unauthorised access, stealth, destructive behaviour, ransomware, spyware, credential harvesting, or bypassing security controls.
• Fraud, scams, impersonation, forged documents, payment fraud, synthetic identity abuse, fake reviews, market manipulation, or deceptive activity.
• Privacy violations, doxxing, stalking, restricted personal-data scraping, or non-consensual intimate content.
• Harassment, threats, intimidation, or coordinated abuse.
• Operational instructions for biological, chemical, radiological, nuclear, explosive, or other weapons designed to cause mass harm.
• Election and civic manipulation, coordinated inauthentic behaviour, voter suppression, deceptive political impersonation, or deepfake content presented as authentic.
• Spam, unsolicited messaging, platform rule evasion, fake accounts, rate-limit evasion, or abusive proxy traffic.
• Sanctions or illegal trade violations.

Kuzy is not a professional adviser and is not designed to make final decisions in regulated domains. Kuzy must not be used as the sole basis for legal, medical, financial, employment, credit, housing, insurance, immigration, criminal justice, or other high-impact decisions affecting a person's rights or access to essential services.

Users are responsible for human review, domain expert review, required notices, consents, records, and compliance controls when using generated code or analysis in a regulated environment.

Users must not:

• Bypass billing, usage limits, safety controls, abuse monitoring, or access restrictions.
• Resell, sublicense, or make Kuzy available as a public proxy without written permission.
• Reverse engineer proprietary service internals except where law expressly permits.
• Overload the service, run denial-of-service activity, or interfere with other users.
• Misrepresent Kuzy output as independently verified or human-authored where that would be deceptive.

Report policy violations, abuse, or safety concerns to abuse@kuzy.ai. For security vulnerabilities, contact security@kuzy.ai.

Kuzy may investigate suspected violations and take proportionate action, including warnings, temporary restrictions, disabling integrations, suspension, termination, content removal, record preservation, or reports to payment partners and authorities where required by law.

Severe abuse, including CSAM, credential theft, malware deployment, fraud, sanctions evasion, or attempts to harm Kuzy infrastructure, may result in immediate suspension without prior notice.