VulpineOS
Star on GitHub →
Legal · Last updated 9 May 2026

Acceptable Use Policy

VulpineOS gives you stealth-grade browser automation. This policy makes the rails explicit: legitimate use is welcome, abuse is not, and enforcement is fast.

01

Scope

This policy applies to your use of vulpineos.com, the waitlist at auth.vulpineos.com, the operator console at admin.vulpineos.com, and any future hosted runtime we offer. The open-source runtime that you self-host on your own infrastructure is governed by its source-code license, but the same principles apply when you use our trademarks or hosted services.

02

Why this policy exists

VulpineOS exposes capabilities — browser automation, fingerprint coherence, proxy rotation, scraping primitives, agent orchestration — that can be used to cause harm if misapplied. This policy makes the boundaries explicit so legitimate use is unambiguous and abuse can be enforced quickly.

03

Prohibited use

You may not use the service to:

  • Gain unauthorised access to systems, accounts, or data, including bypassing authentication, account-takeover attacks, or credential stuffing.
  • Use stolen, traded, leaked, or otherwise unlawfully obtained credentials.
  • Conduct fraud, phishing, scams, money laundering, or sanctions evasion.
  • Distribute malware, ransomware, spyware, or any code intended to damage, destabilise, or surveil systems you do not own.
  • Send unsolicited bulk messages, spam, or unauthorised marketing.
  • Bypass site access controls (paywalls, age verification, geographic restrictions, robots directives) where doing so is unlawful.
  • Scrape, mirror, or republish data in violation of applicable copyright, trade secret, database-rights, or contract law.
  • Evade lawful rate limits, bot protections, or terms of service of third-party sites in ways that cause material harm to those operators.
  • Harass, dox, stalk, threaten, or impersonate individuals or organisations.
  • Generate, distribute, or enable child sexual abuse material, terrorist content, or content that incites violence.
  • Operate large-scale automation against critical infrastructure (financial, healthcare, energy, government) without explicit authorisation.
  • Attempt to attack VulpineOS itself, our subprocessors, or the open-source projects we depend on.
04

Stealth, fingerprinting, and identity

Fingerprint coherence and identity-aware browsing are real capabilities of the runtime. They exist so legitimate operators can do their work reliably:

  • Operating accounts you own, or accounts you are explicitly authorised to operate.
  • Security testing, accessibility auditing, or research on systems where you have documented written authorisation from the system owner.
  • Internal automation against your own infrastructure.

Using these capabilities to impersonate a person without authorisation, bypass identity controls you are not entitled to bypass, evade safety mechanisms on third-party sites, or commit fraud is prohibited. Lack of written authorisation for testing of third-party systems is sufficient grounds for enforcement.

05

Operator responsibility

If you are an operator running the runtime — whether self-hosted or on a future hosted offering — you are responsible for the agents you spawn and the actions they take. Approval gates, rate-limit monitors, and audit logs are in the runtime to help; using them is your job.

06

Reporting violations

If you believe someone is using VulpineOS to violate this policy, report it to abuse@vulpineos.com. Security vulnerabilities should be reported through the Security policy instead.

07

Enforcement

We may suspend or terminate access without notice for violations. Where applicable we will cooperate with law-enforcement requests and applicable legal process. Persistent or severe abuse may also be referred to upstream service providers (hosting, payment, domain) and to regulators.

08

Updates

We update this policy as the product evolves. Material changes are flagged with the "last updated" date at the top of this page.