Back to home
Legal

Acceptable Use Policy

Last updated July 11, 2026

This is an editable starter document provided for convenience. It is not legal advice. Have a qualified professional review it before relying on it.

1. Purpose

Idea to Life generates and deploys real, working web applications. That power comes with responsibility. This Acceptable Use Policy ("AUP") describes what you may not do with the platform, with the applications it generates, and with the infrastructure it provisions on your behalf. It applies to every user, on every plan, including trials and bring-your-own-key usage, and it is incorporated into our Terms of Service. If you operate an application built with the Service, you are responsible for how that application behaves and for the content it hosts.

2. Prohibited Uses

You may not use the Service, or applications generated by it, to do any of the following:

  • Malware and harmful code: create, distribute, host, or operate viruses, worms, ransomware, spyware, keyloggers, botnet controllers, exploit kits, or any software designed to damage, disrupt, or gain unauthorized access to systems or data.
  • Credential theft and deception: build phishing pages, fake login screens, credential-harvesting forms, or any application that impersonates another person, brand, or service to trick people into revealing passwords, payment details, or personal information.
  • Spam and abusive automation: send unsolicited bulk email or messages, operate mass-registration bots, scrape services in violation of their terms, evade rate limits or CAPTCHAs at scale, or automate engagement fraud such as fake reviews, votes, or followers.
  • Cryptocurrency mining: run miners or otherwise consume platform build resources, sandbox compute, or provisioned infrastructure for proof-of-work computation or similar resource abuse.
  • Infringing or illegal content: host or distribute content that infringes copyrights, trademarks, or other rights; that is defamatory; that constitutes child sexual abuse material (which we report to authorities); or that is otherwise illegal in the jurisdictions where you operate or where the content is served.
  • Attacks on third parties: conduct denial-of-service attacks, port scanning or vulnerability scanning without authorization, unauthorized penetration testing, traffic interception, or any attempt to access accounts, systems, or data that do not belong to you.
  • Attacks on the platform: probe, disrupt, or circumvent the Service's security controls, sandboxing, command allowlists, or billing and credit systems; attempt to extract other users' data or secrets; or resell platform access in ways that disguise the true end user.
  • Regulated harm: build applications intended to facilitate violence, trafficking, the sale of illegal goods, or activity that violates sanctions or export control laws.

3. Your Responsibilities

Generated applications deploy to accounts you own, so you are the operator of record for GitHub repositories, Render services, Supabase projects, and connected domains. You must comply with those providers' acceptable use policies as well as this one. You are responsible for content submitted by your own end users and should implement appropriate moderation and abuse reporting for applications that accept user content. You must also keep your account credentials secure; activity under your account is treated as yours.

4. Reporting Abuse

If you discover an application built with the Service being used in violation of this policy, or a security vulnerability in the platform, please report it through the contact channel listed in our Security Overview. We review reports promptly and appreciate responsible disclosure.

5. Enforcement

We may investigate suspected violations of this AUP and take action proportionate to the severity of the violation. Actions may include issuing a warning, removing or blocking specific content or builds, halting deployments, suspending build capability, suspending or terminating the account, and, where legally required or appropriate, notifying affected third parties or law enforcement. For serious violations — including malware distribution, credential theft, and attacks on third parties — we may suspend first and review afterward to limit harm. Credits consumed by builds that violated this policy are not eligible for refunds.

Because your projects live in your own third-party accounts, enforcement by us does not automatically remove already-deployed applications; the relevant providers apply their own enforcement processes, and we may share information with them when investigating abuse, consistent with our Privacy Policy.

6. Changes

We may update this AUP as new abuse patterns emerge. Material changes will be announced in the app or by email, and continued use of the Service after the effective date constitutes acceptance. If any prohibition here is unclear as applied to your idea, ask us before building — we would rather answer a question than suspend an account.