Acceptable Use Policy

BrushPass Acceptable Use

Effective May 22, 2026. This policy explains what is not allowed on BrushPass workspaces, AI proxy access, and review systems.

Authorized Work Only

Use BrushPass only for authorized engineering work sessions, interviews, training, audits, and related review workflows. Do not use BrushPass to access, test, scan, or attack systems you do not own or have permission to assess.

No Abuse Of Infrastructure

Do not mine cryptocurrency, run botnets, send spam, host malware, scrape at abusive scale, evade rate limits, overload networks, or use workspaces as general-purpose hosting unrelated to a session.

No Credential Misuse

Do not upload, expose, exfiltrate, sell, share, or attempt to discover secrets, tokens, private keys, credentials, session tokens, candidate keys, provider keys, or source control credentials you are not authorized to use.

No AI Provider Abuse

Do not use the AI proxy to bypass provider rules, generate illegal content, evade usage controls, reverse engineer provider protections, or intentionally create excessive cost for an organization.

No Evasion

Do not disable or bypass BrushPass telemetry, command recording, AI logging, file snapshots, teardown controls, network restrictions, budget limits, or other safety controls.

Assessment Integrity

Customers should use BrushPass in a fair and transparent way. Candidates should not impersonate others, tamper with evidence, conceal unauthorized assistance, or submit work they are not allowed to use.

Enforcement

BrushPass may suspend sessions, destroy workspaces, revoke tokens, block traffic, remove content, or suspend accounts when activity appears unsafe, abusive, illegal, or likely to harm BrushPass, customers, candidates, providers, or third parties.