Effective July 1, 2026

Acceptable Use

FinkMesh automates real systems. These rules keep workflows, webhooks, credentials, schedules, and HTTP/API actions safe for everyone.

Scope

This Acceptable Use Policy applies to all FinkMesh accounts, workspaces, workflows, webhooks, schedules, API tokens, support uploads, AI-assisted features, integrations, and customer-directed third-party requests. It is part of the FinkMesh Terms.

Prohibited activity

  • Illegal activity, fraud, deceptive practices, or activity that violates sanctions, export controls, or applicable law.
  • Spam, unsolicited bulk messaging, phishing, social engineering, malware, credential theft, token harvesting, or account takeover attempts.
  • Credential stuffing, password spraying, vulnerability scanning, scraping, or access attempts against systems you do not own or have permission to test.
  • DDoS-like traffic, abusive webhook floods, recursive loops, retry storms, or attempts to overwhelm FinkMesh or any third-party service.
  • Privacy-invasive monitoring, surveillance, doxxing, unlawful profiling, or processing personal data without required rights, notices, and permissions.
  • High-risk, safety-critical, medical, legal, financial, employment, housing, insurance, law-enforcement, or regulated decision workflows without written approval.
  • Crypto scams, market manipulation, deceptive lead generation, misleading impersonation, or other abuse that creates user, platform, or provider risk.
  • Child sexual abuse material, terrorism or violent extremism, targeted harassment or threats, hate or dehumanizing abuse, or non-consensual intimate content.
  • Content or automations that infringe intellectual property, violate third-party platform terms, or bypass provider access controls, rate limits, or usage policies.
  • Benchmarking, reselling, load testing, probing, or reverse engineering the service unless FinkMesh has approved it in writing.

Workflow and webhook abuse

You may only connect systems, call APIs, receive webhooks, store credentials, or automate actions where you have the right to do so. Do not use loops, retries, schedules, payload fan-out, or external triggers to bypass plan limits, generate abusive traffic, evade provider rate limits, or keep retrying actions that a provider has rejected.

Sensitive and high-risk use

Do not use FinkMesh for workflows where failure, delay, inaccuracy, or unauthorized access could create serious harm unless FinkMesh has approved that use in a signed agreement. This includes emergency services, medical treatment, financial trading, credit, employment, housing, insurance, critical infrastructure, and legal or safety-critical decisioning.

Good-faith security research

Good-faith vulnerability research is permitted when it avoids accessing, modifying, deleting, exfiltrating, or disrupting data that is not yours, avoids service degradation, and is promptly reported to FinkMesh. Testing against other users, production abuse, social engineering, spam, or provider-impacting traffic is not permitted without written approval.

AI-assisted features

AI features may produce inaccurate or unsuitable output. Do not submit secrets, regulated data, or sensitive personal data to AI features unless your plan, settings, provider configuration, and legal obligations support that use. You are responsible for reviewing AI output before using it in a workflow or business process.

Enforcement

To protect users, providers, and infrastructure, FinkMesh may:

  • rate limit requests, runs, webhooks, schedules, retries, or API tokens
  • pause workflows, disable webhook endpoints, or revoke exposed tokens
  • remove content or reject payloads that create security, legal, deliverability, or operational risk
  • investigate suspicious usage, request information from the account owner, or contact affected providers
  • suspend or terminate accounts for severe or repeated violations

Report abuse

Report suspected abuse, exposed credentials, unsafe workflows, phishing, spam, or platform misuse to contact@finkmesh.com with relevant URLs, workspace details, and timestamps if available.