gpubox.ai

Legal

Acceptable Use Policy

Effective 7 May 2026.

This Acceptable Use Policy ("AUP") sets out what you must not do with the GPUBox Service. It supplements our Terms of Service. Breach of this AUP is material breach of the Terms.

1. Illegal content and conduct

You must not use the Service to generate, store, request, or distribute:

  • child sexual abuse material (CSAM); any sexual content involving minors; sexualised depictions of fictional minors;
  • content that incites or facilitates terrorism or violent extremism;
  • content that promotes or facilitates serious self-harm or suicide;
  • content that incites violence, harassment, or unlawful discrimination against an individual or a protected group;
  • content designed to commit fraud, identity theft, phishing, financial-market manipulation, tax evasion, or money laundering;
  • content that infringes a third party's intellectual property (including unlicensed copies of copyrighted works) or violates confidentiality / trade-secret obligations;
  • malware, exploits, or instructions whose primary purpose is to compromise systems you do not have authorisation over;
  • any content that breaches applicable law in the United Kingdom or the jurisdiction you are operating from.

2. Privacy and personal data

  • Do not submit special-category personal data (UK GDPR Art. 9), criminal-offence data (Art. 10), children's personal data, biometric data used for unique identification, or PCI cardholder data, unless we have separately and expressly agreed to support that processing in writing.
  • Do not use the Service to surveil or profile individuals without a lawful basis or to make significant decisions affecting them without appropriate human review.
  • You must have lawful authority for any personal data you transmit and you must give the data subjects the notices required by law.

3. Service abuse

You must not:

  • attempt to circumvent rate limits, billing, the per-call cap, or any other technical limit;
  • share API keys outside your tenant or resell access without our written agreement;
  • probe, scan, or load-test the Service beyond your normal use, or in a manner that materially degrades the Service for other customers;
  • attempt to reverse-engineer, decompile, or extract the model weights or other proprietary configuration we use to provide the Service;
  • use the Service to train a competing AI model on outputs we generate.

4. No cryptocurrency mining or reward-generating blockchain compute

The Service is sold for AI inference, training, and adjacent research workloads. It is not sold for cryptocurrency mining or for the workloads defined as Reward-Generating Blockchain Compute below. The defined term in Section 4.1 controls; any general framing in this paragraph is illustrative only. The prohibition in this Section is a fundamental basis on which we accept your business.

4.1 Defined: Reward-Generating Blockchain Compute

"Reward-Generating Blockchain Compute" ("RGBC") means any of the following when carried out for the purpose of earning, mining, or claiming cryptocurrency, tokens, block rewards, transaction fees, or other on-chain economic incentives:

  • cryptocurrency mining (proof-of-work or any successor scheme);
  • operation of a proof-of-stake validator, sequencer, or any node that earns block rewards or transaction fees;
  • participation in a mining pool or staking pool;
  • running mining software including, by way of example only, xmrig, t-rex, lolMiner, NBMiner, PhoenixMiner, BzMiner, gminer, srbminer, teamredminer, NiceHash, Kryptex, or any successor or fork; or
  • any other compute pattern the substantive purpose of which is to earn on-chain rewards.

You must not use the Service to carry out RGBC.

4.2 Permitted research and adjacent workloads

The following are not RGBC and are permitted:

  • on-chain data analysis, indexing, or machine learning over public ledger data;
  • zero-knowledge proof generation (including zk-SNARKs, zk-STARKs, Halo2, validity-proof circuits) carried out for application, rollup, privacy, or model-integrity purposes, where the customer is not earning on-chain rewards from that compute;
  • security research that involves running mining or botnet binaries inside an isolated sandbox to study their behaviour, provided no rewards are claimed;
  • academic study of mining or consensus algorithms, blockchain protocol reverse-engineering for security or interoperability research, and operation of non-reward-generating nodes (including testnets) for development.

If you are unsure whether your workload falls inside this carve-out, contact us in advance at [email protected]. Where we confirm a workload is permitted in writing, that confirmation is based on the facts you fully and accurately disclosed to us at the time, and we will not later treat that workload as RGBC absent material change to those facts or to the workload.

4.3 Other high-abuse compute

You must not use the Service to:

  • obtain unauthorised access to, or test the security of, any system you are not authorised to access;
  • conduct credential stuffing, password cracking, or hash cracking against accounts or systems you do not own or are not contracted to test;
  • create, host, distribute, or operate malware, ransomware, or command-and-control infrastructure for any botnet;
  • source, amplify, or coordinate denial-of-service or distributed-denial-of-service attacks; or
  • circumvent any technical access control of the Service or of a third-party system.

4.4 Detection

We may use technical signals to identify suspected breach of this Section, including (without limitation) GPU operation fingerprints and kernel patterns, power-draw signatures, sustained network-egress patterns, and outbound connections to endpoints associated with mining pools or known malicious infrastructure. Our use of these signals is for the purpose of enforcing this AUP and protecting the Service. Nothing in this Section requires us to monitor any tenant continuously, and nothing in this Section limits our ability to investigate a suspected security incident with the scope reasonably required.

4.5 Suspension and termination

Where we have reasonable grounds to suspect breach of this Section we may suspend your tenant or specific API keys immediately. We will notify you of the suspension and of the signals that gave rise to it, and you will have a reasonable opportunity to respond, except where notification is prohibited by law or where we reasonably believe that delaying or limiting notification is necessary to protect the Service, other customers, an ongoing investigation, or the integrity of our detection methods. If on investigation we are reasonably satisfied that you have carried out RGBC or material high-abuse compute, we may terminate your account immediately and revoke all API keys, without further cure period. For the purposes of this Section, "material" means high-abuse compute that is serious, sustained, repeated, conducted at scale, or that creates risk to the Service, to other customers, or to third parties. An isolated incident may still be material where it is serious or creates such risk; only isolated, non-serious, and de-minimis incidents are addressed under Section 6 (Enforcement) instead. Termination under this Section does not waive any other right or remedy.

4.6 Costs and credits on confirmed breach

If we confirm RGBC or material high-abuse compute on your tenant, you will reimburse us for our reasonable investigation and remediation costs and for any actual loss we suffer as a result of the breach. Any unused prepaid credit balance on the tenant at the date of confirmed breach will be applied first against those costs and losses, and the residual balance will be refunded to you at your written request unless withholding is required by law or by our anti-fraud or sanctions obligations. We will not separately confiscate credits as a penalty.

4.7 Reporting

We may report unlawful conduct to law enforcement or to a regulator where we reasonably believe disclosure is necessary and lawful. We may also disclose to a third party where we reasonably believe that party is affected and that disclosure is necessary to mitigate harm or to comply with law. We will limit the information disclosed to what is reasonably required.

5. AI-specific rules

  • Do not represent AI-generated content as authored by a real identifiable person without their consent.
  • Do not generate content designed to impersonate, defame, or deceive a specific real person, brand, or institution into believing the content is genuine.
  • Do not use the Service to generate non-consensual sexual imagery, deepfakes designed to harass, or AI-generated voice clones of real people without their consent.
  • High-risk professional applications (medical diagnosis, legal advice given to consumers, safety-critical systems, autonomous financial trading at scale) require a written agreement with us before deployment.

6. Enforcement

We may, at our discretion: warn you; require you to remove or stop producing the offending content; rate-limit or suspend your tenant; revoke API keys without refund; terminate your account; report unlawful content to law enforcement or the relevant regulator.

We do not actively read your inputs and outputs. We do reserve the right to inspect a sample of traffic where we have a reasonable belief of AUP breach, and to investigate any abuse report. Where we do so, we will act with the minimum scope necessary.

7. Reporting violations

If you believe content generated through GPUBox violates this AUP or the law, contact us at [email protected] with the request id (in the response headers) and a description of the issue. We will investigate and respond promptly.

8. Changes

We will post material changes to this AUP with at least 14 days' notice on this page. Continued use after the effective date constitutes acceptance.