Acceptable Use Policy

Last updated: March 8, 2026

1. Purpose

This Acceptable Use Policy ("AUP") outlines the permitted and prohibited uses of the Medusa MCP Gateway service. It supplements our Terms of Service.

2. Permitted Uses

• Monitoring and securing MCP server configurations on systems you own or have explicit authorization to manage.
• Enforcing security policies on MCP gateway traffic within your organization.
• Uploading scan results and telemetry data from your own endpoints.
• Using the AI analysis features for security assessment of your own configurations.

3. Prohibited Uses

You must not use the Service to:

• Monitor, intercept, or proxy MCP traffic on systems without authorization.
• Attempt to access other users' data, accounts, or resources.
• Circumvent rate limits, authentication, or security controls.
• Upload malicious content, malware signatures, or exploit payloads.
• Use the Service for denial-of-service attacks or network abuse.
• Resell, sublicense, or redistribute the Service without authorization.
• Reverse-engineer the dashboard or APIs beyond what the open-source license permits.
• Use automated tools to scrape data or abuse API endpoints.

4. Rate Limits

API endpoints are rate-limited to ensure fair usage. Current limits include:

• AI analysis: 20 requests per minute
• Scan uploads: 30 requests per minute
• API key creation: 10 requests per minute

Persistent abuse of rate limits may result in temporary or permanent account suspension.

5. Reporting Violations

If you become aware of any violation of this AUP, please report it to abuse@medusa-mcp.dev.

6. Enforcement

Violations of this AUP may result in warnings, rate limit reductions, temporary suspension, or permanent account termination, at our discretion.