Spaces:
Running on Zero
A newer version of the Gradio SDK is available: 6.20.0
Acceptable Use Policy
This Acceptable Use Policy ("AUP") forms part of the licence terms under which the LEGX toolkit (including the Document Integrity Verifier) is made available. It is incorporated by reference into the LICENSE file. Where the LICENSE permits a use, this AUP narrows that permission. Violating this AUP terminates your licence under the terms in the LICENSE' Violations section.
The terms "Software", "licensor", "you", and "your company" have the meanings given to them in the LICENSE.
The Software is a defensive tool. It exists so that humans and automated workflows can decide whether a document is being truthful about itself before it reaches an AI ingestion pipeline. The Software was not built to attack systems, generate adversarial content, or train models to evade detection — and you may not use it to do those things.
1. Prohibited uses
You may not use the Software, or any part of it, to:
Develop, train, fine-tune, evaluate, distribute, or operate offensive AI capabilities — including but not limited to prompt injection tools, jailbreak generators, document-borne attack templates, watermark removers, hidden-payload writers, OCR-evasion models, or any other system whose primary purpose is to attack, bypass, or weaken safety mechanisms of an AI system, a human reader, or an organisation.
Test attacks against any system you are not authorised to test. You are responsible for ensuring you have explicit, written, scope- bounded authorisation before pointing the Software, its outputs, or any derived artifact at production or third-party systems.
Use detected patterns, regexes, or model outputs as training data, reinforcement signal, or evaluation targets for any system whose purpose is to evade detection by this Software, by any other defensive scanner, or by any AI safety mechanism. The lexicon and the model verdicts are defensive signals; teaching attackers to route around them defeats the entire point of the Software.
Misrepresent Software output — verdicts, detector matrices, OCR diffs, or the written assessment — as compliance certification, as a security audit by the licensor, or as a guarantee of safety. The output is advisory; representing it otherwise is a deceptive practice and a violation of this AUP.
Strip, modify, hide, or work around the LICENSE, this AUP, the
DISCLAIMER.md, theRequired Noticelines, or the in-app warnings in any distribution, fork, deployment, or derived work.Re-enable the authoring side of the LEGX toolkit (challenge generation, transform catalogs, fixtures, blind-package tooling) in a distribution presented as a "detector" or "scanner" to end users without making the re-enabled authoring capability and its risks unambiguously visible. The detector-only export script (
scripts/export_zerogpu_space.ps1) is the canonical detector distribution; forks that quietly re-enable authoring are out of scope of any licence granted to you.Process documents containing personal data, privileged communications, or regulated information with a public instance of the Software (e.g. a public Hugging Face Space). Private, self-hosted deployments are the appropriate channel for any non-public material.
Use the Software to generate, automate, or accelerate harassment, discrimination, surveillance against political dissidents, journalists or human-rights defenders, or any activity prohibited by applicable law.
2. Required disclosures for forks and derived works
If you distribute a fork or derived work:
- Include this
ACCEPTABLE_USE.mdand theDISCLAIMER.mdunmodified. - Preserve every
Required Notice:line from the LICENSE. - State plainly that your fork is not endorsed by, audited by, or maintained by the licensor.
- If your fork modifies any detector, the lexicon, the reasoning
prompt, or the LLM verdict path, document those modifications in a
CHANGES.mdso downstream users can decide whether they trust the modified detection layer. - If your fork removes or weakens any safety check (size cap, GPU
timeout, work-dir cleanup, etc.), this is a material change and must
be flagged in
CHANGES.mdwith the rationale.
3. Reporting abuse
If you become aware of a deployment that violates this AUP, please
contact the licensor (see COMMERCIAL.md). Reports made
in good faith will be treated confidentially where the law allows.
4. Effect of violation
Per the LICENSE, the first time you are notified in writing of a violation, you have 32 days to come into compliance. If you do not, all your licences end immediately. Continued use after termination is copyright infringement.
The licensor reserves the right to publicly identify deployments that materially violate this AUP, especially where doing so protects users from being misled about the safety guarantees of a defensive tool.
5. No defensive exception for offence
The fact that the Software detects an attack class does not grant you permission to create that attack class, even for "research" or "red-team" purposes, unless you are operating under (a) an explicit authorisation from the target system's owner, (b) a published responsible-disclosure policy, and (c) a written commitment not to release weaponisable artifacts. This AUP narrows what counts as "permitted purpose" under the LICENSE — defensive purpose is permitted; offensive purpose is not.