This policy explains how Token.AI expects customers to use the model gateway, API keys, automation tooling, and related services. It is designed to protect customers, model providers, payment partners, and the broader internet from abuse.
Prohibited Uses
- Attempting to bypass provider, regional, payment, rate-limit, or safety restrictions.
- Selling, renting, sharing, or brokering account access, API keys, or model access in a way that violates applicable provider terms.
- Generating malware, credential theft, phishing, spam, deceptive impersonation, or unauthorized surveillance workflows.
- Processing regulated personal data or sensitive production data without appropriate authorization, notice, and security controls.
- Using automation to overload the service, evade limits, scrape unrelated systems, or interfere with other customers.
- Misrepresenting Token.AI as the owner, official reseller, or exclusive provider of a third-party model unless a separate written agreement says so.
Required Safeguards
- Projects should use separate API keys for development, staging, and production.
- Production projects should configure model allowlists, budget thresholds, and rate limits.
- Debug logging should be enabled only when needed and should have a visible retention period.
- Teams are responsible for reviewing upstream model terms before enabling a model channel for regulated workloads.
Enforcement
If we detect or reasonably suspect misuse, we may take action to protect the service and affected parties, including:
- Request more information from the account owner.
- Throttle, suspend, or disable a project, model, or account.
- Block traffic patterns that appear abusive or unsafe.
- Preserve event records when needed for fraud, security, abuse, or legal review.
Reporting Abuse
Report phishing, spam, malware, account misuse, or policy violations to [email protected]. Include request IDs, timestamps, affected endpoints, and any relevant account details when possible.