Octuo legal index

Octuo Acceptable Use Policy

Version: 1Effective: 2026-05-06Last updated: 2026-05-06

Octuo Acceptable Use Policy

This policy says what you may not do with Octuo. It is part of the Terms of Service. Violations may result in account suspension, credit forfeiture, refund denial, and reporting to law enforcement when required.

You may not use Octuo to:

1. Break the law

  • Violate any applicable law in your jurisdiction or ours (United States).
  • Infringe intellectual property rights.
  • Distribute or solicit child sexual abuse material — we report any such content to NCMEC and cooperate with law enforcement.
  • Promote, plan, or facilitate violence, terrorism, or hate-based harassment.
  • Engage in financial fraud, tax evasion, or money laundering.
  • Sell controlled substances, firearms, or other regulated goods without lawful authorization.

2. Harm others

  • Generate, share, or distribute targeted harassment, threats, doxing, or non-consensual intimate imagery.
  • Create deepfake or impersonating content of real people without consent.
  • Use AI features to generate disinformation campaigns or coordinated inauthentic behavior.
  • Attempt to identify or contact users you do not know.

3. Compromise the Service or other users

  • Probe, scan, or test the vulnerability of any system or network without authorization. (Responsible disclosure of security vulnerabilities is welcome — see Security Disclosure below.)
  • Distribute malware, phishing pages, or stolen credentials via Octuo.
  • Use Octuo to attack or DDoS third parties.
  • Bypass rate limits, quotas, captchas, or other access controls.
  • Reverse-engineer the Service except where law allows it.
  • Scrape, harvest, or systematically extract data not made available to you through the documented API.
  • Resell, rent, or lease Octuo access without our written agreement.

4. Defraud the billing system

  • Use stolen payment methods.
  • Initiate chargebacks for legitimate charges (do not abuse chargeback as a refund mechanism — see Refund Policy for the legitimate refund path).
  • Create multiple accounts to circumvent free-tier limits.
  • Impersonate Tutuo, Octuo, or our staff in any communications.

5. Misuse AI capabilities

  • Generate content designed to mislead about the source (e.g., false authorship of academic / professional work in contexts where authorship is required to be the human's own).
  • Generate content that violates third-party AI providers' usage policies (we forward prompts to OpenAI / Anthropic / Google and their policies bind you transitively; see AI Disclosure).
  • Use the agent's capabilities (file access, vault access, multi-device control) to violate any of the above on someone else's device or data.

6. Misuse the vault

  • Store credentials that you do not lawfully possess.
  • Store credentials in a way that violates your employer's, customer's, or third party's policy.
  • Rely on the vault as a single point of credential storage without external backup (this is also a Service-quality recommendation — see Beta Notice §4).

Beta-specific consequences

During the public beta, we may also:

  • Forfeit credits associated with violating accounts.
  • Decline to issue refunds where the billing path was abused.
  • Apply stricter rate limits to accounts flagged by automated abuse detection.
  • Suspend without notice in cases of active abuse where notification would interfere with response.

Reporting violations

Email trust@tutuo.ai with:

  • The user / account / content URL involved.
  • A short description of what you observed.
  • Any evidence (screenshots, message excerpts) that does not itself violate the AUP to share.

We aim to acknowledge within 2 business days during beta.

Security disclosure

If you discover a security vulnerability, do not test it against other users' accounts. Email security@tutuo.ai with a description and reproduction steps. We commit to:

  • Acknowledge within 5 business days.
  • Not pursue legal action against good-faith disclosures that follow responsible disclosure norms (no data exfiltration, no PII access beyond what's needed to demonstrate, no public disclosure before fix).
  • Recognize you in our security acknowledgments page if you wish.

Enforcement

We investigate suspected violations. We may:

  • Send a warning.
  • Restrict specific features (e.g., disable agent capabilities).
  • Suspend the account temporarily.
  • Terminate the account permanently.
  • Refer the matter to law enforcement.

We make these decisions case-by-case based on severity, intent, and prior conduct. We do not commit to a specific procedure during beta; we will be reasonable.

Changes

We may update this policy. Changes are posted with an updated last_updated date. Substantive changes (broadening prohibited conduct in a way that affects existing legitimate use) follow the notice procedure in Terms of Service §16.

Contact

Topic Email
Report a violation trust@tutuo.ai
Security disclosure security@tutuo.ai
Question about this policy support@tutuo.ai