This policy supplements our Terms of Service. By using Tappy you agree not to use the Service for any of the activities listed below. Violations may result in account suspension, termination, and — for unlawful activity — referral to law enforcement.
1. Prohibited content & conduct
You may not use Tappy to generate, store, request, or distribute:
- Child sexual abuse material (CSAM) or content that sexualises minors in any form.
- Content that depicts or promotes real-world violence, self-harm, or terrorism.
- Non-consensual intimate imagery or sexual content impersonating real people.
- Targeted harassment, hate speech, or content that incites violence against protected groups.
- Content that infringes intellectual property, trade secrets, or privacy rights of others.
- Spam, mass unsolicited messages, or automated content generation for deceptive distribution.
2. Security & abuse
You may not:
- Execute code intended to attack Tappy, its sub-processors, connected data sources, or any third party.
- Attempt to bypass authentication, authorisation, rate limits, or sandbox isolation.
- Probe for vulnerabilities without written authorisation. Report issues to security@tappy.sh instead.
- Scrape, mirror, or archive the Service or other users' data for redistribution.
- Use Tappy as a proxy or tunnel to circumvent third-party terms of service.
- Circumvent per-user rate limits or credit accounting (e.g. by creating many accounts for a single user).
- Use Tappy to train competing machine-learning models on outputs we produce on your behalf.
3. Data & privacy
You may not:
- Upload personal data of third parties without a lawful basis (GDPR / UK GDPR / CCPA compliance is your responsibility).
- Store medical records (PHI), children's data (COPPA), or payment-card data (PCI) in Tappy unless you have a signed agreement with us covering that data type.
- Connect data sources you don't have permission to access.
- Use the Service to deanonymise individuals or build surveillance profiles.
4. Connected data sources
When you connect external data sources (databases, Drives, APIs, websites) you represent that you have authorisation to access and query that data. Tappy acts on your instructions and is not responsible for verifying the legitimacy of connected credentials. We may refuse to execute queries that clearly target malicious endpoints.
5. Web extraction & API sources
Tappy can extract structured data from public webpages and call public APIs. You are responsible for complying with:
- The target website's terms of service and robots.txt.
- Applicable computer-misuse laws in your jurisdiction.
- The target API's usage limits, attribution, and commercial-use terms.
Do not use Tappy to scrape walled-garden sites at scale, circumvent paywalls, or evade rate limits.
6. AI-specific prohibitions
- Do not use Tappy to generate content represented as authored by a specific real person without their consent.
- Do not use AI features to make consequential decisions (medical, legal, hiring, credit, safety-critical) without independent human verification — outputs may contain errors.
- Do not publish AI-generated content as if it were exclusively human-authored where disclosure is required by law or professional ethics.
7. Enforcement
We may investigate suspected violations by reviewing logs, metadata, and connected-source activity. We may suspend or terminate accounts without notice for egregious violations (e.g. CSAM, active security attacks). For other violations we'll typically warn first and allow remediation before taking action. We may notify law enforcement where we reasonably believe there is a risk of serious harm.
8. Reporting abuse
If you believe someone is using Tappy in violation of this policy, email abuse@tappy.shwith as much detail as you can share (account, URL, timestamp, screenshots). We'll respond within 2 business days.
9. Changes
We may update this policy as the Service evolves. Material changes will be reflected on this page with an updated timestamp. Continued use after changes take effect constitutes acceptance.