Acceptable Use Policy

    Effective: 2026-04-20

    This Acceptable Use Policy ("AUP") describes content and conduct that is not allowed on the Unshift Studio at https://studio.unshift.ai or on websites hosted on Unshift infrastructure (collectively, the "Services"). This AUP is part of the Terms of Service; a violation of the AUP is a violation of the Terms.

    We enforce this policy because we have to. We rely on shared infrastructure (Cloudflare, Supabase, OpenAI, Anthropic, AWS, Stripe), each of which has its own acceptable-use rules; our entire operation is at risk if a single user pushes our IP ranges, accounts, or domains onto a blocklist.

    1. Prohibited content

    You may not use the Services to generate, host, or distribute content that:

    1.1 Is illegal in the United States, the European Union, the United Kingdom, or the user's jurisdiction

    • Child sexual abuse material (CSAM) or any depiction that sexualizes minors. Zero tolerance. We report to NCMEC and law enforcement.
    • Content that solicits, facilitates, or coordinates the sexual exploitation, trafficking, or grooming of minors.
    • Content that solicits or coordinates serious physical harm against identifiable people or property.
    • Content that infringes copyright, trademark, trade secret, or other intellectual property rights you do not own or are not licensed to use.
    • Content that violates a person's right of publicity or privacy, including non-consensual intimate imagery (sometimes called "revenge porn").
    • Defamatory content presented as fact.
    • Content that violates US export controls, OFAC sanctions, EU sanctions, or UK sanctions.

    1.2 Promotes harm

    • Weapons: detailed instructions for synthesizing chemical, biological, radiological, or nuclear weapons; functional firearm 3D-printable schematics; instructions for circumventing safety locks on commercially regulated firearms.
    • Self-harm and suicide content presented in a way that glorifies, encourages, or instructs.
    • Pro-eating-disorder ("pro-ana", "pro-mia") content.
    • Content that encourages dangerous activities targeted at minors (challenges, dares with foreseeable bodily harm).

    1.3 Is sexual content involving real, identifiable people without consent

    • AI-generated nude or sexual imagery depicting an identifiable real person who has not consented to that depiction.
    • "Deepfake" sexual content of any kind targeting real people.

    Note: lawful adult content with consenting adult performers is not prohibited, but is subject to §2 below.

    1.4 Is hateful or harassing

    • Content that incites violence or makes credible threats against people based on race, ethnicity, national origin, religion, sex, gender identity, sexual orientation, disability, or serious disease.
    • Targeted harassment, doxxing, or coordinated brigading against an individual.

    1.5 Is fraudulent or deceptive

    • Phishing pages or sites that impersonate real services to steal credentials or payment information.
    • Pages designed to install malware, drive-by-download exploits, browser hijackers, or unwanted software.
    • Pages that misrepresent affiliation with a real brand, government agency, or public figure.
    • Fake job postings used to harvest personal data.
    • Cryptocurrency wallet drainers, fake airdrops, fake exchange interfaces, or "rug-pull" landing pages.
    • Pump-and-dump or unregistered-securities promotional pages.
    • Sites that solicit donations under false pretenses.

    1.6 Is spam or low-value mass content

    • Sites that exist primarily to manipulate search engine rankings (link farms, doorway pages, content scraped from other sites at scale).
    • Sites that send unsolicited bulk email or SMS using contact data harvested from the Service.
    • Sites that auto-generate hundreds or thousands of near-duplicate pages with no editorial purpose. (Lawful programmatic content, like a real e-commerce catalog or location pages for a multi-location business, is fine.)

    1.7 Is regulated content without proper authorization

    • Online pharmacies selling prescription medication without a verifiable license.
    • Gambling, sports betting, lottery, or casino sites without a license valid in every jurisdiction the site is accessible from.
    • Cannabis, kratom, or other controlled-substance sales operations.
    • Firearms or ammunition sales without compliance with federal, state, and local licensing.
    • Securities offerings, investment advice, or money transmission without applicable registrations.

    If your use case is in a regulated industry, you can probably still use the Services to build a brochure or marketing site about your business. The AUP forbids using the Services to operate unlicensed transactional infrastructure.

    2. Adult content (lawful, consenting adults)

    Lawful adult content is not prohibited but requires:

    1. All depicted performers must be 18+ and have consented to the depiction.
    2. The site must implement an effective age-verification step before any explicit content is shown (a self-attest checkbox is not sufficient in jurisdictions that require third-party verification, including parts of the EU and several US states).
    3. The site must not be promoted to or accessible by minors.
    4. You must comply with Section 2257 record-keeping requirements (US 18 USC 2257) where applicable.
    5. AI-generated adult imagery may not depict any real, identifiable person without that person's documented consent.

    We may require you to move adult content to the Business plan, where we can provide stronger isolation, dedicated egress, and a separate set of subprocessor agreements.

    3. Prohibited conduct

    You may not use the Services to:

    3.1 Compromise or burden the Service

    • Probe, scan, or test the vulnerability of the Service or any third-party system using the Service, except via our published bug bounty channel (security@unshift.ai).
    • Bypass, disable, or interfere with security or rate-limiting features.
    • Use credentials that are not yours, share account credentials, or sell access to your account.
    • Generate traffic that is intended to consume disproportionate compute, bandwidth, or AI credits in a way not aligned with the Service's intended use (resource exhaustion attacks, prompt injection at scale, automated cycling through credit-pack purchases on stolen cards).

    3.2 Build a competing product on the platform

    • Use the Services or AI Output to train, evaluate, or fine-tune a model intended to compete with Unshift's website-generation features.
    • Reverse-engineer prompts, system instructions, or agent workflows to replicate them in a competing product.
    • Resell access to the Service in white-label form without a written reseller agreement with us.

    3.3 Misuse AI features

    • Submit prompts designed to produce content prohibited under §1.
    • Submit prompts designed to extract system prompts, exfiltrate other users' data, or otherwise jailbreak the AI.
    • Pass through AI requests as a proxy for unrelated workloads (using the Studio as a generic LLM API).

    3.4 Misuse hosting and email features

    • Operate open mail relays, anonymous proxies, VPN exits, or Tor exits on hosted infrastructure.
    • Operate cryptocurrency mining, distributed compute (BOINC-style), or background workloads not tied to serving the website.
    • Operate command-and-control infrastructure for any malware, botnet, or unauthorized remote-access tool.
    • Operate file lockers, paid-download "warez" portals, or piracy-aggregation sites.

    3.5 Send unsolicited communications

    • Use any contact-form or email-capture functionality to send unsolicited bulk email, SMS, or messaging in violation of CAN-SPAM, CASL, GDPR, ePrivacy, or any other anti-spam law.
    • Sell or share contact lists harvested from your sites without an applicable lawful basis.

    3.6 Misrepresent the Service

    • Falsely claim Unshift endorses, certifies, sponsors, or is otherwise affiliated with you, your site, or your project.
    • Use Unshift trademarks, logos, or brand assets in ways the Brand Guidelines do not authorize.

    4. Children's sites

    Sites directed to children under 13 (US) or under 16 (EU) trigger COPPA, GDPR-K, or both. You may not use the Services to operate a site primarily directed to children under those ages without:

    1. Implementing verifiable parental consent before collecting any personal information from a child.
    2. Posting a children's privacy notice that meets COPPA's content requirements.
    3. Limiting data collection to what is reasonably necessary.
    4. Informing us at compliance@unshift.ai before launch so we can confirm our subprocessor agreements support COPPA-compliant operation.

    We may decline to host a children-directed site if our infrastructure cannot support the required compliance posture.

    5. Reporting violations

    To report content or conduct that violates this AUP:

    We acknowledge reports within 2 business days and act on confirmed violations promptly.

    6. Enforcement

    If we determine you have violated this AUP, we may, at our discretion:

    1. Warn you and require remediation within a stated period.
    2. Restrict specific features (for example, disable AI generation while keeping the site published).
    3. Take down the offending content or page.
    4. Suspend the affected site.
    5. Terminate the entire account.
    6. Forfeit unused credits and refuse refunds for the remaining subscription period.
    7. Report you to law enforcement, NCMEC, the relevant trademark or copyright owner, your payment-card network, or any other appropriate party.

    For severe violations (CSAM, credible threats of violence, large-scale phishing, malware distribution), we act immediately without prior warning.

    For ambiguous cases, we attempt to contact the account owner at the email on file before taking destructive action, and we keep a log of enforcement decisions for our own audit purposes.

    7. Appeals

    If you believe a takedown or suspension was wrong, reply to the enforcement notice within 30 days with your reasoning and any supporting evidence. We re-review and respond within 10 business days. Decisions on appeal are final, except where law provides otherwise (for example, the EU Digital Services Act's out-of-court dispute settlement mechanism for users in the EU).

    8. Changes

    We may update this AUP. The current version always lives at https://unshift.ai/acceptable-use. Material changes are emailed to active customers at least 14 days before taking effect.

    9. Contact