Acceptable Use Policy

Last updated: March 8, 2026

1. Purpose

This Acceptable Use Policy ("AUP") outlines the permitted and prohibited uses of Medusa. It supplements our Terms of Service.

2. Permitted Uses

  • Monitoring and securing what your team sends to AI tools via the Medusa browser extension on browsers and systems you own or have explicit authorization to manage.
  • Enrolling browsers and enforcing per-category data loss prevention policies within your organization.
  • Receiving findings and metadata-only telemetry from browsers you have enrolled.
  • Using the dashboard and analysis features for security assessment of your own organization's usage.

3. Prohibited Uses

You must not use the Service to:

  • Monitor or capture what users send to AI tools on browsers or systems without authorization.
  • Attempt to access other users' data, accounts, or resources.
  • Circumvent rate limits, authentication, or security controls.
  • Upload malicious content, malware signatures, or exploit payloads.
  • Use the Service for denial-of-service attacks or network abuse.
  • Resell, sublicense, or redistribute the Service without authorization.
  • Reverse-engineer the dashboard or APIs beyond what the open-source license permits.
  • Use automated tools to scrape data or abuse API endpoints.

4. Rate Limits

API endpoints are rate-limited to ensure fair usage. Current limits include:

  • AI analysis: 20 requests per minute
  • Scan uploads: 30 requests per minute
  • API key creation: 10 requests per minute

Persistent abuse of rate limits may result in temporary or permanent account suspension.

5. Reporting Violations

If you become aware of any violation of this AUP, please report it to abuse@medusa-mcp.dev.

6. Enforcement

Violations of this AUP may result in warnings, rate limit reductions, temporary suspension, or permanent account termination, at our discretion.