Acceptable Use Policy

Last updated: April 30, 2026

1. Scope & Incorporation

[ This policy applies to every customer and every API key. Incorporated by reference into the Terms of Service; a violation of this AUP is a breach of the ToS. ]

2. Prohibited Uses

[ Illegal activity, content infringing third-party rights, malware distribution, impersonation, fraud, harassment, content that violates export controls or sanctions law, and any use that would cause Tandom to violate its own subprocessor agreements (Vercel, Supabase, Anthropic, Stripe). ]

3. Abuse, Rate Limits & Resource Hoarding

[ No scraping past published rate limits, no scripting to evade per-key quotas (sock-puppet keys, rotating IPs to multiply free-tier limits, fan-out across burner accounts), no resource-exhaustion attacks. Tandom may suspend keys exhibiting abuse patterns without prior notice when the abuse is active. ]

4. AI & Prompt-Injection Restrictions

[ No prompt-injection attempts against AI-backed endpoints (HTS classification, AD/CVD scope analysis, document extraction). No attempts to extract system prompts, exfiltrate model weights, or jailbreak Tandom's AI guardrails. No use of Tandom's AI outputs to train competing models without a separate written agreement. ]

5. Reselling & Redistribution

[ Tandom outputs may be embedded in customer products and shown to the customer's end users; outputs may not be repackaged as a standalone duty-data service or competing API without a separate reseller agreement. Forwarding API responses verbatim to a third-party calculator product is reselling. ]

6. Reverse Engineering & Security Testing

[ No reverse engineering, decompilation, or attempts to derive the source code of the service. Authorized security testing welcome under a coordinated disclosure program (contact security@tandom.ai); unauthorized testing against production is a violation. ]

7. Data Use & Re-Identification

[ No attempts to re-identify pseudonymized or aggregated data. No combining Tandom outputs with other sources to derive sensitive personal data about individuals. ]

8. Reporting Violations

[ How customers and third parties can report suspected abuse. Email + dashboard channel. Response SLA expectations. ]

9. Enforcement & Consequences

[ Tiered response: warning -> key suspension -> account termination -> legal action. Tandom's right to suspend immediately when abuse is active and ongoing. Appeals process. ]

10. Changes to This Policy

[ How material changes are communicated and the effective-date handling. Continued use after the effective date is acceptance. ]

11. Contact

[ Email for AUP questions and abuse reports. Mailing address. ]

Report abuse or ask a question? Email hello@tandom.ai.