Acceptable Use Policy

This Acceptable Use Policy ("AUP") describes the things you can't do on Hatchable, the platform operated by Woobox LLC. It applies to everyone who uses the Service — including the apps you build and deploy, the AI agents you let act on your behalf, and anyone you give access to your projects. The AUP is part of the Terms of Service; violating it may result in suspension, project takedown, or termination of your account as described there.

1. Lawful use

You must use Hatchable in compliance with all laws that apply to you and to the people who use what you build. You must not use the Service to host, distribute, facilitate, or transact in:

Content or activity that is illegal where you live or where your users live
Goods or services whose sale is prohibited or restricted (controlled substances, weapons, stolen goods, counterfeit items)
Anything that violates economic sanctions or export controls
Gambling, sweepstakes, or lottery operations that don't have the licenses required in the jurisdictions where users access them
Child sexual abuse material (CSAM), or content that sexualizes minors in any way
Content that incites or facilitates terrorism, genocide, or organized violence
Operational instructions for weapons of mass destruction (chemical, biological, radiological, nuclear), functional designs for untraceable firearms, or other content whose primary purpose is to enable mass-casualty harm

2. Security and platform integrity

Hatchable is a multi-tenant platform — your projects share infrastructure with other people's projects. You must not compromise the integrity of that shared infrastructure or attempt to access anything that doesn't belong to you. Specifically, you must not:

Access without authorization. Don't try to read, modify, or interfere with another user's account, project, database, files, or traffic.
Probe or attack the platform. Don't run vulnerability scans, exploits, fuzzers, or pen tests against Hatchable infrastructure or other users' apps without our written permission.
Break out of the sandbox. Don't attempt to escape the function runtime, escalate privileges, access the host filesystem outside what's exposed by the SDK, or pivot from one project's schema to another.
Run denial-of-service attacks. Don't generate traffic, requests, or load designed to degrade the Service for other users — including against your own apps if it affects shared resources.
Exhaust shared resources. Don't use scripts, loops, or background processes to hammer CPU, memory, storage, bandwidth, database connections, or rate-limited endpoints in a way that goes beyond ordinary use.
Mine cryptocurrency or run unauthorized compute workloads. Don't use Hatchable to mine cryptocurrency (proof-of-work, proof-of-space, etc.), run distributed-computing or hash-cracking jobs for outside parties, or otherwise consume our compute for activity unrelated to running your own app.
Use Hatchable as an open proxy or traffic launderer. Don't use our egress, function runtime, or domains to relay traffic that hides its origin, evade IP blocks imposed by other services, scrape behind our IP reputation, or carry out activity that would be prohibited if performed directly.
Circumvent quotas or rate limits. Don't create multiple accounts, rotate API keys, or use other tricks to evade plan limits, billing, or throttles.
Tamper with platform metadata. Don't forge platform headers, spoof internal endpoints, or interfere with the agent gateway, MCP layer, or auth flows.

3. Harm to others

You must not use Hatchable to hurt other people, on or off the platform. That includes:

Malware. Don't host, distribute, or link to viruses, ransomware, spyware, keyloggers, cryptominers, or any code designed to compromise other systems or users.
Phishing and deceptive sign-ins. Don't build pages designed to harvest credentials by impersonating another service.
Spam. Don't use Hatchable to send unsolicited bulk email, SMS, push notifications, comments, or messages — directly or via integrations.
Harassment, threats, or hate. Don't host content that targets a person or group with threats, harassment, doxxing, or hatred based on protected characteristics.
Fraud. Don't use the Service to defraud anyone — fake stores, fake support pages, payment scams, romance scams, investment scams, anything in that family.
Non-consensual data collection. Don't scrape, store, or sell personal data about people who haven't consented, and don't build trackers that hide what they collect.
Stalkerware and consumer surveillance. Don't build, host, or distribute apps whose purpose is to monitor a person's location, communications, device activity, or accounts without that person's clear, informed consent — including products marketed for spying on partners, children old enough to consent, employees, or other adults.
Non-consensual intimate imagery. Don't host or share intimate images of anyone without their explicit consent.
Non-consensual synthetic media of real people. Don't generate, host, or distribute AI-generated images, video, or audio that depicts a real, identifiable person — face-swaps, voice clones, synthetic intimate imagery, fake quotes, or fabricated events — without that person's consent. Material designed to deceive viewers into believing the depicted person said or did something they didn't is prohibited regardless of context.

4. Content

You're responsible for everything published on your project subdomains and custom domains, including content generated by AI agents acting under your account. You must not:

Infringe intellectual property. Don't copy code, designs, text, images, audio, video, or trademarks you don't have the right to use. If you believe content on Hatchable infringes your copyright, see the DMCA section in the Terms of Service.
Impersonate. Don't claim a project subdomain, custom domain, or display name that misrepresents you as another person, company, or government entity.
Deceive. Don't build sites whose primary purpose is to mislead — fake news, fake reviews, fake brand pages, or anything designed to look like a service it isn't.
Violate third-party rights. Don't post content that violates someone else's privacy, publicity, contractual, or other legal rights.
Adult content. Don't host pornography or sexually explicit content on Hatchable. This applies regardless of how the content is produced or whether the people depicted consented. (CSAM and non-consensual intimate imagery are separately and unconditionally prohibited under §§1 and 3.)

5. Commercial misuse

Hatchable is for building and running your own apps. It's not a wholesale platform for reselling our infrastructure. You must not:

Resell, sublicense, or repackage Hatchable as your own hosting, database, or function-runtime product
Use a free-tier project as production infrastructure for paying customers of yours
Use Hatchable solely as a circumvention layer to evade another provider's terms or to hide the origin of activity that violates them

6. AI agents and automation

A lot of what you do on Hatchable runs through AI agents — Claude Code, MCP clients, and the auto-signup flow. You're responsible for what those agents do under your API key. In addition to everything above, you must not:

Use the agent or MCP integration to mass-generate spam, scam, or abusive sites
Direct an agent to extract data from another user's project, account, or anything else you don't own
Loop, batch, or otherwise drive agent activity primarily to inflate usage, exhaust quotas, or trigger billing on someone else's account
Use the agent surface to probe for prompt-injection or model-jailbreak vulnerabilities in our infrastructure

7. Reporting violations

If you believe someone is violating this policy, email legal@hatchable.com with the URL of the project or content, a short description of what's wrong, and how to reach you if we have follow-up questions. We review every report. Where appropriate, we may warn the account, suspend access, take down the project, or terminate the account, as described in the Terms of Service.

8. Contact

Questions about this policy? Email legal@hatchable.com.