o10Last updated 2026-06-14b

Acceptable Use Policy

Rules for lawful use of o10.io and the o10 control plane — provider compliance, prohibited abuse, high-risk use cases, and enforcement actions.

Last updated: 2026-06-09 · Questions: privacy@o10.io · legal@o10.io

SummaryKey points

What is the o10 Acceptable Use Policy?

The AUP defines permitted and prohibited use of o10.io and the o10 control plane. It protects Customers, Providers, and o10 from abuse, unlawful activity, and circumvention of upstream model or gateway restrictions.

What happens if we violate the AUP?

o10 may warn, throttle, suspend specific routes, suspend accounts, or terminate access — immediately where required by law or Providers. Serious violations may be reported to authorities.

Do provider rules still apply?

Yes. The AUP does not replace OpenAI, Anthropic, Google, Amazon, Vercel AI Gateway, OpenRouter, or other Provider terms. You must comply with both.

01Deep dive

Introduction

Permitted use of o10.io and the o10 control plane.

This Acceptable Use Policy ("AUP") governs use of https://o10.io (the "Site") and the o10 inference spend control plane (the "Service") operated by Shen Pandi and the o10 team ("o10").

This AUP supplements the Terms of Service. Capitalized terms not defined here have the meanings in the Terms. Violation may result in suspension or termination without refund.

You are responsible for activity under your account and by authorized users you invite.

02Deep dive

Permitted use

What o10 is designed for.

The Service is intended for lawful enterprise inference spend management: eval-gated routing, shadow and enforce modes, budget envelopes, KYI governance, and CFO-grade ledger reporting across gateways and cloud venues you authorize.

You may use the Site for research, education, and evaluation of o10 capabilities consistent with these policies.

  • Routing production or test inference through o10 per your configuration and Provider Terms.
  • Running shadow mode to prove savings before enforce mode.
  • Generating KYI and ledger reports for internal governance and board assurance.
  • Browsing the model catalog, calculators, and documentation for capacity planning.
03Deep dive

Unlawful and abusive activity

Strictly prohibited.

You must not use the Site or Service to:

  • Violate any applicable law, regulation, export control, sanctions, or court order.
  • Facilitate fraud, theft, phishing, harassment, hate speech, or exploitation of minors.
  • Distribute malware, conduct denial-of-service attacks, or probe or breach o10 or third-party systems without authorization.
  • Harvest or scrape the Site or Service at scale except via documented APIs you are authorized to use.
  • Impersonate any person or entity or misrepresent affiliation with o10 or Providers.
04Deep dive

Provider and gateway compliance

Upstream rules are binding.

The Service routes traffic to third-party gateways and model providers ("Providers"). You must comply with all applicable Provider Terms, acceptable use policies, geographic restrictions, and entity-level limitations.

You must not use the Service to access models, regions, or features you are not authorized to use — including via VPNs, proxy chains, false location signals, or mislabeled entity metadata.

You must not resell raw Provider API access or use o10 primarily as an unauthorized aggregator or competing gateway.

If a Provider suspends your access, you must not use o10 to circumvent that suspension.

05Deep dive

Prohibited content and use cases

High-risk and harmful applications.

Without appropriate legal review, human oversight, and Provider authorization, you must not use the Service for:

  • Generating or distributing illegal content or instructions for wrongdoing.
  • Unattended decisions in regulated domains (medical diagnosis, legal advice, credit/lending, employment, insurance, housing) without qualified human review.
  • Biometric identification, surveillance, or profiling that violates privacy law.
  • Spam, bulk unsolicited messaging, or astroturfing.
  • Infringement of intellectual property or unauthorized disclosure of trade secrets.
  • Processing special-category personal data at scale without written agreement to additional safeguards.
06Deep dive

Security and integrity

Protecting the platform and other customers.

You must not:

  • Attempt to bypass authentication, rate limits, routing policies, or billing controls.
  • Reverse engineer the Service except where expressly permitted by law.
  • Share credentials across unauthorized users or leave API keys in public repositories.
  • Introduce prompts or traffic designed to corrupt eval systems, ledger integrity, or KYI scoring for other customers.
  • Conduct adversarial testing (prompt injection, jailbreaking, red teaming) against third-party models through the Service without prior written approval from o10 and applicable Providers.
07Deep dive

Fair use and resource limits

Preventing platform abuse.

You must not consume disproportionate resources in a manner that degrades the Service for others — including excessive automated requests to the Site, ledger export flooding, or deliberate retry storms designed to evade envelopes.

o10 may apply rate limits, quotas, and technical measures to protect platform stability.

08Deep dive

Monitoring and enforcement

How o10 responds to violations.

o10 may monitor use for security, abuse prevention, and compliance with this AUP — including metadata analysis, not routine review of Customer content except as needed for support, eval configuration, or legal obligation.

We may investigate suspected violations and cooperate with law enforcement and Providers.

Enforcement actions include warnings, feature restrictions, route suspension, account suspension, termination, and legal remedies. We are not obligated to monitor all activity or pre-screen content.

Reporting abuse: security@o10.io

09Deep dive

Changes to this AUP

Updates and notice.

We may update this AUP at any time. Material changes will be posted on the Site with an updated date. Continued use after changes constitutes acceptance where permitted by law.

Provider policy changes may require immediate AUP updates to protect platform access — check Provider Terms regularly.

10Deep dive

Contact

Questions and abuse reports.

Abuse / security: security@o10.io

Legal: legal@o10.io

Privacy: privacy@o10.io

LegalRelated documents
Terms of ServicePrivacy PolicyData Processing AgreementGovernance
FAQFrequently asked questions

Common questions

Is the AUP separate from the Terms?

It supplements the Terms of Service. Violating the AUP is a breach of the Terms and may result in suspension or termination.

Can I use o10 to bypass provider geo-restrictions?

No. Circumventing Provider geographic, entity, or model restrictions via VPNs, proxies, or false metadata is prohibited.

Can I red-team models through o10?

Not without prior written approval from o10 and applicable Providers. Unauthorized adversarial testing violates Provider terms and this AUP.

What about regulated AI use cases?

High-risk regulated uses require appropriate human review, legal compliance, and Provider authorization. Unattended use in medical, legal, or financial decisions without safeguards is prohibited.

How do I report abuse?

Email security@o10.io with URLs, account identifiers, timestamps, and description. For Provider-specific issues, also notify the relevant Provider.

Will o10 monitor my prompts?

o10 does not routinely monitor prompt content. We may review metadata and limited content for security, abuse investigations, configured eval replay, or legal requirements.

Can competitors scrape the model catalog?

Automated scraping of the Site beyond authorized APIs is prohibited. The catalog is available for human and LLM ingestion via llms-models.txt and documented indexes.

Where is the full Terms of Service?

https://o10.io/terms — incorporated by reference alongside this AUP and the Privacy Policy.