Acceptable Use Policy

This Acceptable Use Policy ("AUP") applies to all users of the services provided by Isorun BV ("Isorun", "we", "us"). This AUP is incorporated by reference into our Terms of Service — violations of this AUP are also violations of those Terms.

1. Prohibited Activities

You must not use Isorun sandboxes for any of the following:

Cryptocurrency & Mining

• Mining cryptocurrency (including proof-of-work, proof-of-stake farming, or any blockchain consensus mechanism)
• Running blockchain validators or nodes for financial gain

Attacks & Abuse

• Distributed denial-of-service (DDoS) attacks or participation in botnets
• Port scanning, vulnerability scanning, or penetration testing of third-party systems without authorization
• Brute-force attacks against any system (including Isorun's own infrastructure)
• Sending spam, phishing emails, or unsolicited communications

Malware & Exploitation

• Creating, distributing, or hosting malware, ransomware, or exploit kits
• Hosting command-and-control (C2) infrastructure
• Attempting to escape sandbox isolation or access host systems

Illegal Content

• Child sexual abuse material (CSAM) or any content that exploits minors
• Content that violates applicable laws, including copyright infringement at scale
• Facilitating illegal drug trafficking, weapons sales, or human trafficking

Resource Abuse

• Creating sandboxes with the sole purpose of consuming resources without productive use
• Circumventing rate limits, billing, or usage restrictions
• Reselling sandbox access without authorization
• Creating multiple accounts to circumvent free-tier limits, evade suspensions, or fragment usage across identities

AI-Specific Prohibited Uses

Isorun is designed for AI agents and AI-generated code. The following AI use cases are prohibited:

• Developing, training, running, or distributing AI systems intended to design, synthesise, or aid the production of biological, chemical, nuclear, or radiological (CBRN) weapons, or any other weapons capable of mass casualties
• Generating, modifying, or distributing non-consensual intimate imagery, including AI-generated content depicting real or apparently real persons
• Generating or sexualising imagery of minors in any form, whether photorealistic, illustrated, or stylised (this is in addition to and overlaps with the CSAM prohibition above)
• Conducting mass surveillance, untargeted facial recognition, social scoring, or biometric categorisation of individuals in violation of applicable law (including the EU AI Act)
• Generating coordinated disinformation, election manipulation content, automated harassment campaigns, or impersonation intended to defraud or deceive
• Bypassing safety measures, content policies, or trust-and-safety controls of other AI services or platforms
• Training AI models on personal data without a lawful basis under GDPR or equivalent law, or on copyrighted material without authorisation where such training is not permitted by law

2. Network Usage

• Sandboxes must not be used as proxies, VPNs, or Tor exit nodes
• Outbound traffic must comply with the network policies configured for your sandbox
• Excessive bandwidth consumption (beyond what is reasonable for your use case) may be throttled

3. Fair Use

Our pricing assumes typical sandbox usage patterns. If your usage materially exceeds typical patterns — sustained high resource consumption, very long-running sandboxes, or unusual API call volumes — we may contact you to discuss a custom plan. We will provide at least seven days' notice before any enforcement action and work in good faith to find a mutually acceptable solution.

4. Security Research and Safe Harbor

Isorun welcomes good-faith security research. If you discover a vulnerability in our systems, please report it to security@isorun.ai. Our full Vulnerability Disclosure Policy describes scope, in-scope and out-of-scope targets, and reporting expectations.

Safe harbor. Isorun will not initiate legal action against, or support legal action by third parties against, security researchers who:

• make a good-faith effort to comply with this AUP and our Vulnerability Disclosure Policy;
• report findings to security@isorun.ai before any public disclosure and allow at least 90 days for remediation (or such longer period as is reasonable for the severity of the issue);
• do not access, modify, exfiltrate, or delete data belonging to other users beyond the minimum necessary to demonstrate the vulnerability;
• do not degrade availability of the Services for other users (no DoS, no resource exhaustion, no destructive testing);
• limit testing to their own accounts and sandboxes; and
• do not violate applicable law in the course of their research.

Research that meets these conditions is authorised activity and is not a violation of this AUP or our Terms of Service. Research that does not meet these conditions — including unauthorised testing of third-party systems hosted on Isorun, exploitation beyond proof of concept, or public disclosure before remediation — is not protected.

5. Enforcement

Violations of this AUP may result in:

1. Warning: We will notify you and request remediation.
2. Suspension: Temporary suspension of your account while we investigate.
3. Termination: Permanent account closure for severe or repeated violations.

We may report illegal activities to law enforcement. For cryptocurrency mining and DDoS, termination is immediate without warning.

6. Reporting Abuse

To report abuse or AUP violations, contact abuse@isorun.ai.

7. Changes

We may update this AUP from time to time. Changes are effective upon posting to this page. Material changes will be communicated via email or dashboard notification.

8. Contact

Isorun BV
Email: abuse@isorun.ai
Netherlands