Acceptable Use Policy

This Acceptable Use Policy (“AUP”) applies to all use of Hilla — the web app, the CLI, the MCP server, the API, and any public share links you create. It supplements the Terms of Service.

Violating this AUP is a material breach of the Terms. Hilla may suspend or terminate access for any account that violates it, including downstream end users of customers who resell or embed Hilla.

You may not use Hilla to plan, generate, store, or distribute content that is unlawful, fraudulent, sexually explicit involving minors, glorifies real-world violence, or promotes self-harm.

You may not use AI features to generate disinformation campaigns, deepfake materials of real people without consent, political microtargeting at scale, or content that impersonates a real individual in a misleading way.

Hate speech, harassment, doxxing, and credible threats against individuals or groups are not allowed in board content, comments, or AI prompts.

No automated abuse — credential stuffing, brute force, scraping at high volume, or attempts to enumerate users, boards, or share links.

No probing or scanning of Hilla infrastructure outside the published security disclosure scope.

No reverse engineering of the AI proxy, no extraction of model weights or system prompts, no attempts to bypass per-account rate limits or credit metering.

No use of Hilla to operate or coordinate denial-of-service attacks, botnets, ransomware, or other unauthorized intrusions.

AI outputs are generated assistance, not professional advice. You are responsible for reviewing them before acting — particularly in legal, medical, financial, safety, or hiring contexts.

Do not submit other people’s confidential or regulated data to the AI proxy without a lawful basis. Do not submit data you would not be comfortable seeing logged for short-term abuse review.

Do not attempt jailbreaks, prompt injection chains, or other manipulation designed to make Hilla’s AI produce content that violates this AUP.

Public share links may be revoked at any time. You are responsible for what you publish via a share link, including board content, comments, and any embedded assets.

Inviting collaborators or end users into a workspace makes you responsible for their conduct on that workspace under this AUP.

Do not use share links or workspace embeds to redistribute copyrighted material you don’t have rights to.

When you connect Hilla to a third-party service (Linear, GitHub, Stripe, Vercel, etc.) you authorize Hilla to access only the scopes you grant. Do not store unrelated third-party data through Hilla widgets to avoid that service’s own usage limits.

MCP clients you authorize speak with the same permissions as your account. Treat the MCP authorization token as a credential. Revoke it from account settings if a client device is compromised.

Report abuse, illegal content, or security issues to abuse@hilla.ai. Include the share link, board ID, or account email where applicable.

Security vulnerabilities have a separate channel: security@hilla.ai. See /security for the disclosure policy.

Hilla investigates reports and takes the minimum action necessary — typically content removal or share-link revocation first, then account suspension, then termination for repeated or serious violations.

We may report unlawful activity to the appropriate authorities. We may preserve content as required by legal process.

We update this AUP as new abuse patterns emerge. Material changes are announced in the changelog and via in-product notice. Continued use after a change constitutes acceptance.