KVProxy Acceptable Use Policy (AUP)

Last Updated: January 26, 2026

This Acceptable Use Policy (“AUP”) explains rules for using KVProxy’s websites, SDKs, APIs, proxy endpoints, dashboards, and related services (collectively, the “Services”). The Services are designed to help mobile and client application developers securely route requests and protect third-party secrets (for example, API keys) by proxying requests and performing controlled substitution and policy enforcement.

By accessing or using the Services, you agree to follow this AUP. If you violate this AUP (or help someone else violate it), KVProxy may suspend or terminate your access, throttle traffic, remove or disable content, or take other reasonable steps to protect the Services, our users, and third parties.

We may update this AUP from time to time by posting a revised version. Your continued use of the Services means you accept the updated AUP.

1) Core principle

Use KVProxy only for lawful, authorized, and respectful purposes.

You are responsible for:

  • ensuring you have the right to send traffic through KVProxy to any upstream service or destination,
  • ensuring your end users have been properly informed where required (for example, privacy disclosures),
  • configuring KVProxy so it does not cause harm, abuse, or unauthorized access.

2) No illegal, harmful, or deceptive use

You may not use the Services to engage in, promote, facilitate, or instruct others to engage in illegal, harmful, or deceptive activities, including:

  • Illegal activity: any use that violates applicable laws or regulations, including laws related to fraud, identity theft, and unauthorized access.
  • Fraud and scams: phishing, social engineering, “get rich quick” schemes, pyramid/ponzi schemes, fake support operations, or impersonation intended to mislead others.
  • Harm to minors: any content or activity involving child sexual abuse material (CSAM) or exploitation of minors. KVProxy will report suspected CSAM to appropriate authorities and may terminate accounts immediately.
  • Deceptive collection of data: collecting credentials, payment information, personal data, or authentication codes through misrepresentation.
  • Illicit goods/services: trafficking or promotion of illegal goods or services.

3) No infringement or misuse of others’ rights

You may not use the Services to transmit, store, or distribute content or traffic that infringes, misappropriates, or violates the intellectual property, proprietary, or privacy rights of others, including:

  • copyright, trademark, trade secret, or other IP infringement,
  • unauthorized scraping or harvesting that violates another party’s terms or legal rights,
  • distributing private personal information without authorization (for example, doxxing).

4) No offensive or abusive content

You may not use the Services to transmit, store, or distribute content that is unlawful, obscene, or abusive, including:

  • content that is defamatory or unlawfully harassing,
  • non-consensual sexual content, including imagery depicting sexual violence,
  • content that is otherwise illegal or prohibited under applicable law.

5) No security violations or “hacking” activity

You may not use the Services to compromise, probe, scan, or attempt to gain unauthorized access to any system, network, application, or device (each a “System”), including:

  • Unauthorized access: attempting to bypass authentication or access controls; credential stuffing; brute force attacks; or exploiting vulnerabilities without permission.
  • Testing without authorization: vulnerability scanning or penetration testing of Systems you do not own or lack permission to test.
  • Interception: monitoring or intercepting traffic or data without permission.
  • Malware: distributing malware or malicious code (viruses, trojans, worms, spyware), or facilitating botnets.
  • Obfuscation of origin for abuse: forging or falsifying packet headers or request metadata for the purpose of deception, evasion, or wrongdoing.

6) No network abuse or disruption

You may not use the Services in ways that degrade, disrupt, or interfere with the Services, KVProxy infrastructure, other users, or third-party systems, including:

  • DoS (Denial of Service): flooding a target or generating traffic intended to overwhelm or impair a System.
  • High-risk “open proxy” behavior: operating an unrestricted proxy that allows the public (or broad unauthenticated users) to relay traffic through KVProxy.
  • Traffic laundering: routing abusive, prohibited, or policy-violating traffic through KVProxy to conceal its source.
  • Circumventing limits: attempting to evade quotas, rate limits, access controls, plan restrictions, or enforcement mechanisms.

7) Email, messaging, and notification abuse

You may not use the Services to send or facilitate unsolicited bulk communications (“spam”), including:

  • unsolicited promotional email or messages,
  • altering or obscuring headers or sender identity without permission,
  • harvesting addresses or contact identifiers for bulk messaging.

8) KVProxy-specific restrictions (secrets, proxying, and substitution)

Because KVProxy is designed to handle sensitive credentials and proxy requests, the following are specifically prohibited:

  • Proxying without authorization: routing traffic to an upstream service unless you are authorized to use that upstream service and comply with its terms and policies.
  • Key theft or exfiltration intent: using KVProxy to extract, infer, or reconstruct third-party secrets, tokens, or credentials (including attempting to use KVProxy as a step in stealing secrets from others).
  • Misconfiguration that exposes secrets: configuring your integration in a way that intentionally exposes secrets to end users or third parties (for example, returning upstream keys in responses) or encourages others to do so.
  • Credential replay at scale: using KVProxy to automate credential replay against third parties (for example, rotating tokens or headers to evade fraud controls).
  • Illegal content routing: using KVProxy to proxy content that is illegal to host, distribute, or access.

You are responsible for designing your integration so your end users cannot use KVProxy as a general-purpose relay to arbitrary targets.

9) Compliance with platform and upstream requirements

You must comply with:

  • this AUP,
  • KVProxy’s Terms of Service and any plan-specific limits,
  • the acceptable use rules of our infrastructure providers (for example, hosting, networking, and DDoS mitigation providers),
  • and the terms/policies of any upstream services you access through KVProxy.

If an upstream provider or platform flags your traffic as abusive or noncompliant, we may require you to modify configurations, reduce traffic, add safeguards, or suspend impacted routes.

10) Monitoring, enforcement, and cooperation

KVProxy may investigate suspected violations and take action to protect the Services and others. Actions may include:

  • suspending or terminating accounts, projects, routes, or API credentials,
  • throttling or blocking traffic patterns,
  • disabling configurations that enable abuse,
  • requesting additional information about your use case and authorization,
  • preserving evidence and cooperating with law enforcement or regulators when we reasonably believe it is required.

We do not promise to monitor all traffic or configurations, and you should not rely on us to detect misuse. You remain responsible for your use of the Services.

11) Intended request size and payload limits

KVProxy is optimized for high-volume, low-to-moderate payload API traffic, such as JSON or similar request/response patterns commonly used by mobile and client applications. The Services are not designed to proxy large file transfers (for example, video, audio, large binaries, or bulk data exports).

To ensure consistent performance and reliability for all customers:

  • KVProxy expects the average request size (including headers and body) for a project to remain around 250 KB or less.
  • Occasional larger requests may occur naturally and are not, by themselves, a violation of this Policy.
  • However, sustained usage patterns where the rolling average request size materially exceeds this range may indicate use cases that are outside the intended scope of the Services.

If KVProxy determines that a project’s traffic consistently exceeds reasonable request size expectations, we may, at our discretion:

  1. notify you of the observed usage pattern and provide guidance on mitigation or architectural alternatives,
  2. request configuration changes to reduce payload size or move large transfers to more appropriate infrastructure,
  3. apply temporary limits or suspensions to affected routes or projects if the pattern persists.

These measures are intended to protect platform stability and ensure fair use across customers, not to penalize good-faith usage. We encourage customers with atypical payload requirements to contact us before deploying such workloads so we can help evaluate fit or suggest alternatives.

12) Reporting suspected abuse

If you believe there is a violation of this AUP, please report it to: support@kvproxy.com.

Include, if available:

  • project or account identifier,
  • relevant request IDs or timestamps,
  • affected domains/endpoints,
  • and a short description of the suspected abuse.