This Acceptable Use Policy (“AUP”) governs your use of the Tunnee services, including websites, APIs, software, tunneling infrastructure, and related services (collectively, the “Service”).
This Policy is incorporated into the Tunnee Terms of Service.
By using Tunnee, you agree to comply with this Acceptable Use Policy.
1. Purpose
Tunnee provides tunneling and networking infrastructure intended for legitimate development, testing, deployment, automation, and remote access use cases.
To protect users, infrastructure, and the broader internet ecosystem, certain activities are strictly prohibited.
2. Prohibited Activities
You may not use Tunnee to engage in, promote, facilitate, or support:
Illegal Activity
- Violations of applicable laws or regulations
- Fraudulent or deceptive conduct
- Identity theft
- Unauthorized surveillance
- Illegal gambling or financial schemes
- Distribution of illegal content
Malware and Malicious Software
- Malware distribution
- Viruses, trojans, worms, ransomware, spyware, or keyloggers
- Command-and-control (“C2”) infrastructure
- Botnets
- Malicious payload delivery
- Exploit hosting or delivery
Unauthorized Access and Security Abuse
- Unauthorized access to systems or networks
- Credential theft
- Password cracking
- Brute-force attacks
- Port scanning without authorization
- Exploit attempts
- Circumvention of security controls
Phishing and Deceptive Practices
- Phishing websites or infrastructure
- Credential harvesting
- Impersonation attacks
- Fake login pages
- Social engineering infrastructure
- URL masking intended to deceive users
Subdomain and Brand Abuse
- Using Tunnee-assigned subdomains to impersonate or typosquat well-known brands, services, or organizations (e.g.
paypal.tunnee.dev,google.tunnee.dev) - Creating tunnels designed to mislead users into believing they are interacting with a legitimate third-party service
- Any use of Tunnee infrastructure to damage the reputation or trademarks of third parties
Spam and Abuse
- Spam distribution
- Unsolicited bulk messaging
- Abuse of email systems
- SMS abuse
- Traffic amplification attacks
- Denial-of-service attacks
Automated Abuse and AI-Related Misuse
- Large-scale automated scraping of websites or services in violation of their terms
- Using tunnels to bypass rate limits or access controls imposed by AI services or APIs
- Routing automated traffic to circumvent bot detection or anti-abuse mechanisms
- Feeding scraped or intercepted data into AI training pipelines without authorization
Harmful or Infringing Content
- Copyright infringement
- Distribution of pirated content
- Distribution of stolen data
- Child exploitation material
- Terrorist or extremist content
- Content promoting violence or abuse
Privacy Violations
- Unauthorized collection of personal data
- Interception of communications without consent
- Surveillance or tracking in violation of law
Infrastructure Abuse
- Excessive automated traffic that degrades the Service
- Cryptocurrency mining abuse
- Resource exhaustion attacks
- Circumvention of quotas or rate limits
- Reselling or redistributing the Service without authorization
Export Controls and Sanctions
- Use of the Service in violation of applicable export control laws or regulations
- Use by individuals or entities located in, or subject to the jurisdiction of, sanctioned countries or regions
- Use by individuals or entities designated on applicable sanctions lists
You are solely responsible for determining whether your use of the Service complies with applicable export control and sanctions laws in your jurisdiction.
3. Public Exposure Responsibility
Tunnee enables users to expose local and private services to external networks.
You are solely responsible for:
- Securing exposed services
- Configuring authentication and authorization
- Preventing unauthorized access
- Monitoring publicly accessible endpoints
- Ensuring that sensitive credentials, API keys, secrets, or environment variables are not inadvertently exposed via tunneled services
Tunnee is not responsible for vulnerabilities or breaches caused by user misconfiguration.
4. Security Research
Tunnee acknowledges the value of legitimate security research. Security researchers acting in good faith, within the scope of a responsible disclosure or bug bounty program, and in compliance with all applicable laws are generally welcome to use the Service for authorized testing activities.
However, security research does not exempt users from other provisions of this Policy, including prohibitions on unauthorized access, exploitation, or data collection. If you believe you have discovered a security vulnerability in Tunnee itself, please report it responsibly to security@tunnee.com.
5. Refunds and SLA Eligibility
Accounts suspended or terminated for violations of this Acceptable Use Policy are not eligible for refunds, credits, or Service Level Agreement (SLA) compensation in connection with the suspension or termination.
6. Monitoring and Enforcement
Tunnee may investigate suspected violations of this Policy.
To protect the Service and users, Tunnee may:
- Rate limit traffic
- Restrict or suspend tunnels
- Remove content
- Suspend or terminate accounts
- Block abusive IP addresses or domains
- Cooperate with law enforcement where legally required
Tunnee reserves the right to act immediately when abuse or security risks are detected.
7. Abuse Reporting
If you believe Tunnee is being used maliciously or unlawfully, please contact:
Please include:
- Relevant URLs or tunnel domains
- Timestamps
- Supporting evidence
- Contact information
8. Cooperation With Investigations
Users must cooperate with reasonable abuse and security investigations related to their use of the Service.
Failure to cooperate may result in suspension or termination.
9. Changes to This Policy
Tunnee may update this Acceptable Use Policy from time to time.
Continued use of the Service after updates become effective constitutes acceptance of the revised Policy.
10. Contact
Questions regarding this Policy may be sent to: