Acceptable Use Policy.

This Acceptable Use Policy ("AUP") sets out the activities prohibited on Atlas Cloud ("the Service") and on the public Atlas websites at useatlas.dev. It is part of the Terms of Service at useatlas.dev/terms and is incorporated by reference; capitalized terms not defined here have the meaning given in those Terms.

This AUP does not apply to the open-source Atlas distribution that you self-host. When you run Atlas in your own infrastructure under AGPL-3.0, your acceptable use is governed by the license, your own internal policies, and applicable law — Atlas DevHQ has no enforcement role.

If you discover a violation by another user, please report it to security@useatlas.dev with as much detail as you can share. We treat reports confidentially.

You agree not to use the Service to: (a) violate any applicable law, regulation, or court order, or any third party’s intellectual-property, privacy, publicity, or contract rights; (b) transmit, store, or generate malware, viruses, ransomware, exploits, command-and-control payloads, or any code intended to disable, surveil, or damage another system; (c) generate or distribute child sexual abuse material, content depicting non-consensual sexual conduct, or content that incites violence against a protected class; (d) conduct fraud, phishing, identity theft, or social-engineering campaigns against third parties; (e) circumvent export controls or sanctions, including by routing prompts on behalf of sanctioned persons or jurisdictions; (f) misrepresent the source of a query, prompt, or generated artifact in a way intended to deceive the recipient about its origin.

Atlas does not pre-screen Customer Data, prompts, or query results. Compliance with this Section is the Customer’s responsibility.

You are responsible for ensuring you have the legal right to submit any Customer Data (including warehouse contents that surface in query results) to the Service. This includes obtaining any required consents, providing required notices, and honoring any applicable contractual restrictions.

Special categories of personal data under GDPR Art. 9 (e.g. health, biometric, sexual-orientation, political-opinion data) and protected health information under HIPAA may not be submitted to the Service unless Customer has notified Atlas in writing in advance and the parties have signed appropriate supplementary terms.

You may not submit data that is, to your knowledge, unlawful for you to disclose — for example, data covered by an active legal hold belonging to a third party, or trade secrets that you do not have authorization to share with a processor.

Unauthorized security testing, vulnerability scanning, fuzzing, and probing of the Service is prohibited. This includes automated tooling pointed at app.useatlas.dev, api.useatlas.dev, the regional API endpoints, and any sub-domain of useatlas.dev.

Atlas welcomes coordinated security research. Email security@useatlas.dev with the scope of testing you want to conduct, the source IP ranges you’ll test from, and a window. We respond within five business days. Our published disclosure policy is at www.useatlas.dev/.well-known/security.txt (RFC 9116).

Findings reported in good faith under this Section, and within an authorized scope, will not be the basis of any legal action by Atlas. Atlas does not currently operate a paid bug-bounty program.

Atlas’s open-source distribution is licensed under AGPL-3.0; the source-available commercial features in the `/ee` directory are licensed under the separate Atlas Commercial License at github.com/AtlasDevHQ/atlas/blob/main/ee/LICENSE.

You may not use the Service, or any code in the `/ee` directory of the Atlas repository, to develop, market, or operate a hosted product that substitutes for Atlas Cloud. Internal use, customer use, embedding via the SDK, and contribution back to upstream are not affected.

You may not: (a) intentionally or negligently exceed published rate limits in a way that degrades performance for other customers; (b) submit prompts or queries designed to consume resources without producing useful output (e.g. infinite-loop prompts, prompts crafted to maximize token usage without legitimate purpose); (c) operate the Service in a way that materially increases Atlas’s upstream model-provider costs without commensurate Customer use; (d) automate signups or trial accounts to evade plan limits.

Atlas applies rate limits and quotas to protect Service availability. Where automated enforcement is not sufficient, Atlas may contact Customer to discuss usage, and may suspend access in extreme cases as set out in Section 8.

Customer is responsible for the actions of any user accessing the Service through Customer’s account, including employees, contractors, and any end users to whom Customer makes the Service available (for example, via the embeddable widget).

Customer must ensure that its users have agreed to terms at least as protective as these (the Terms of Service, this AUP, and the Privacy Policy) before granting them access.

If Atlas reasonably believes Customer has violated this AUP, Atlas may, in proportion to the violation: (a) issue a written warning and request remediation within a stated period; (b) restrict the affected feature or rate-limit the affected account; (c) suspend the account, in whole or in part, with notice where reasonably possible; (d) terminate the Agreement for cause under the Terms.

For violations that materially threaten the security or availability of the Service for other customers, or that involve illegal content, Atlas may suspend access immediately and without prior notice, and will provide notice as soon as practicable.

Suspension or termination for AUP violation is not subject to the SLA credit obligations at useatlas.dev/sla.

Atlas may update this AUP. Material changes will be announced by email to account admins at least 30 days before taking effect, with the prior version archived and linked from this page.