Acceptable Use Policy

This Acceptable Use Policy (AUP) explains prohibited uses of cyang.io and Doclinks. It exists to protect customers, recipients, and service integrity.

1. Scope

This policy applies to all users, administrators, API clients, and recipients who access content through links, aliases, embeds, or related workflows.

2. Prohibited Activities

You may not use the Service to engage in or facilitate:

• Illegal activity or unlawful content distribution
• Fraud, phishing, impersonation, or deceptive identity workflows
• Malware delivery, exploit kits, credential harvesting, or command-and-control behavior
• Unauthorized access attempts, privilege escalation, or lateral movement
• Denial-of-service behavior or abuse of platform capacity
• Unauthorized scraping, mirroring, cloning, or bulk extraction of service content
• Circumvention of policy controls, rate limits, or server-side guardrails
• Harassment, targeted abuse, or abusive surveillance using shared documents
• Copyright infringement or other intellectual property violations
• Distribution of content that violates sanctions or export control laws

3. Prohibited Content

You may not upload, link, or distribute content that is:

• malicious, fraudulent, or intended to cause harm,
• illegal under applicable law,
• deceptive and designed to impersonate trusted entities,
• abusive or threatening in a way that creates safety risk.

4. Security Testing and Research

Security testing against cyang.io systems requires prior written authorization. Unapproved testing, probing, or automated attack simulation is prohibited.

Responsible disclosures should be submitted to security@cyang.io.

5. Abuse of Sharing Features

Doclinks is intended for controlled sharing workflows. You may not:

• intentionally hide harmful payloads behind benign labels,
• repeatedly create short-lived links to evade moderation,
• use aliases to mislead recipients about document origin,
• use permanent sharing controls in ways that violate this policy.

6. Automation and API Misuse

Automated usage is allowed only within documented limits and intended workflows.

You may not:

• attempt to bypass plan boundaries,
• rotate credentials to evade enforcement,
• generate synthetic traffic to distort analytics,
• abuse webhook delivery to target third-party systems.

7. Enforcement and Escalation

If we reasonably believe a violation occurred, we may take action without prior notice, including:

• quarantining or blocking delivery,
• revoking links or aliases,
• rate limiting or throttling requests,
• suspending features or account access,
• terminating accounts for severe or repeated abuse,
• preserving evidence for legal, security, and compliance obligations.

8. Reporting Abuse

Use /report to submit abuse and suspicious sharing reports.

Include, when available:

• share token or alias,
• document name or URL,
• what occurred,
• why it appears harmful,
• any urgent safety context.

9. Cooperation with Investigations

You agree to cooperate with reasonable requests tied to abuse and security investigations, including confirmation of account ownership and relevant context.

10. Relationship to Other Policies

This AUP is incorporated by reference into the Terms of Service. Additional obligations may apply under the DMCA Policy, Privacy Policy, and Security Policy.

11. Changes to This Policy

We may update this policy to reflect operational risk, threat trends, and legal obligations. Material changes will be posted in the Legal and Trust Center.

12. Contact

• abuse@cyang.io
• security@cyang.io
• legal@cyang.io