# Usage Policy This document describes the rules for using TokenFlux. It applies to the TokenFlux website, API, API keys, and related integration methods. ## Overview You must not use TokenFlux for illegal activity, infringement, fraud, harassment, malicious attacks, restriction bypassing, or any other abuse of platform resources. Some models, routes, or features may have additional usage restrictions. TokenFlux will describe them on the relevant product pages, documentation, or console. By using those capabilities, you agree to follow the corresponding instructions. ## Scope This policy applies to the following scenarios: - Using the TokenFlux website, console, or API - Creating, storing, managing, configuring, or using API keys - Connecting to TokenFlux through Claude Code, Codex, CC-Switch, OpenCode, or other clients - Providing automated workflows, bots, interfaces, or other functionality based on TokenFlux Connecting through compatible clients, your own programs, or other integrations is not prohibited by itself. However, you must not use those methods to bypass TokenFlux authentication, quotas, rate limits, security protections, or product instructions. ## Prohibited Uses ### Illegal or Infringing Activity You must not use TokenFlux to conduct, assist, or promote any illegal or infringing activity, including but not limited to: - Fraud, money laundering, gambling, illegal fundraising, or other illegal activities - Infringement of intellectual property, trade secrets, or other lawful rights - Distribution of content prohibited by law ### Fraud, Impersonation, and Misleading Content You must not use TokenFlux to generate, distribute, or automate the following content: - Content that impersonates a person, organization, customer service representative, or official identity - Content used for scams, social engineering, phishing, transfer inducement, or false promises - Content you know to be false but still use to mislead others - Bulk spam, spam marketing, or harassment messages ### Attacks, Bypassing, and Resource Abuse You must not use TokenFlux to conduct or assist with: - Intrusion, scanning, brute force attacks, credential stuffing, phishing, privilege escalation, or other malicious probing - Writing, distributing, or optimizing malware, trojans, ransomware, or other destructive programs - DDoS, resource exhaustion attacks, or other destructive actions against any system - Bypassing authentication, quotas, rate limits, or security protections of TokenFlux or related services - Maliciously consuming platform resources through abnormal calls, idle requests, traffic inflation, or other methods ### Account and Risk-Control Evasion You must not: - Borrow, steal, or impersonate another person's account or payment method - Evade platform limits or risk controls through bulk registration, fake identities, or scripts - Transfer, sell, lend, or publicly disclose API keys to unauthorized third parties ### No Secondary Distribution Without explicit written authorization from TokenFlux, you must not redistribute, resell, rent, share, proxy, or repackage TokenFlux services, API keys, quotas, model routes, or interface capabilities in any form. Prohibited secondary distribution includes but is not limited to: - Selling, renting, lending, or sharing TokenFlux API keys, quotas, or model routes to third parties - Building relay sites, reseller panels, shared APIs, account pools, bot services, or other services that third parties can call - Wrapping TokenFlux as backend capability into your own API, SaaS, plugin, client, or automation service for third-party use - Evading TokenFlux account, billing, quota, or risk-control rules through group buying, proxy top-ups, proxy sales, or private transfers If secondary distribution or suspected secondary distribution is found, TokenFlux may immediately ban related accounts, disable related API keys, terminate services, refuse refunds when appropriate, and pursue further responsibility. ### Privacy and Data Rights Violations You must not: - Illegally collect, sell, disclose, or misuse another person's personal information - Use leaked data, non-public information, or other data without lawful source to identify, track, or harass others - Generate or process content that violates another person's privacy, likeness, reputation, or identity rights ### Harmful Content You must not use TokenFlux to create, distribute, or assist in generating: - Content that promotes self-harm, suicide, abuse, extreme violence, or terrorist activity - Hate, discrimination, harassment, humiliation, or personal attacks against protected or specific groups - Sexual exploitation, inappropriate content involving minors, or other severely harmful content ### High-Risk Use Restrictions You must not use TokenFlux as the sole basis for decisions that affect important personal rights or interests, including but not limited to medical, legal, financial, insurance, hiring, education admission, housing eligibility, or law-enforcement scenarios. If you use TokenFlux in such scenarios, you are responsible for ensuring human review, necessary disclosure, and compliance with applicable laws and regulations. ## API Key and Account Security Requirements You must protect your account and API keys, and use them only in authorized member, server, or integration environments under the principle of least privilege. You must take reasonable measures to protect API keys, including but not limited to: - Do not commit API keys to public repositories, public clients, or other locations directly accessible by third parties - Separate keys by purpose and avoid long-term mixed usage - Rotate, disable, or delete keys promptly after suspected leakage - Integrate and call services according to public documentation and product instructions ## Boundaries of Tutorials and Integration Instructions The documentation, examples, and integration instructions on this site are only intended to help users configure and use TokenFlux legally. The documentation does not constitute: - Additional authorization for any third-party product, model, or platform - Permission to bypass limits, evade risk controls, perform bulk abuse, or conduct attacks - A guarantee of legality, compliance, or availability for any specific user business scenario You must not use this site's documentation, examples, or integration instructions to impersonate official certification, fabricate partnerships, or mislead others into believing that an integration method has received additional authorization. ## Platform Enforcement and Actions When there is reasonable basis to believe that usage may violate this policy, affect platform stability, or create security risks, TokenFlux may take actions including: - Requesting additional explanation of the usage scenario - Temporarily limiting call frequency, model scope, or account capabilities - Disabling related API keys - Suspending or terminating some features or services TokenFlux will handle relevant situations based on known facts, risk severity, and platform stability needs. ## Appeals and Contact If you believe your account, API key, or request was incorrectly restricted, contact TokenFlux through official support channels and provide as much of the following information as possible: - Account identifier - API key name or purpose - Time range when the issue occurred - Usage scenario description - Relevant error messages or request IDs ## Updates TokenFlux may update this policy based on business needs, risk controls, laws and regulations, or upstream policy changes. Updated versions will be published on the site. If there are material changes, the platform will provide reasonable notice. Continued use of related services after updates take effect means you accept the updated content.