Acceptable Use Policy

This Acceptable Use Policy (this "Policy") applies to every product and surface we ship under the MindWiki brand, including but not limited to:

• The iOS app (App Store and TestFlight).
• The macOS app distributed at mindwiki.io/download.
• MindWiki Cloud and the marketing site at mindwiki.io.
• The Vault API at api.mindwiki.io and every endpoint it exposes (REST, OAuth, admin helpers).
• The MindWiki AI worker at ai.mindwiki.io (chat, voice tokens, retrieval-augmented generation).
• The Model Context Protocol (MCP) server at api.mindwiki.io/mcp.
• The per-account email capture address served on the inbox.mindwiki.io domain.
• Any extension, integration, agent template, MCP tool, or downstream surface we offer in the future.

This Policy is incorporated by reference into the Terms of Service. If a conflict arises between this Policy and the Terms on a usage question, this Policy controls. On any other question, the Terms control.

• "MindWiki", "we","us", "our" — the operator of MindWiki, currently a US-based sole proprietorship. Contact support@mindwiki.io.
• "Service" — every product and surface listed in the Scope section.
• "User", "you", "your" — the human or legal entity that registered an account or otherwise interacts with the Service.
• "Content" — anything you create, store, transmit, or instruct an AI agent or third-party tool to create on the Service. Includes markdown pages, attachments (images, audio, video, PDFs, documents), titles, frontmatter, wikilinks, AI prompts and responses, voice transcripts, agent actions, and material captured via the email address.
• "Agent" — any automated system — including but not limited to Claude, ChatGPT, Codex, Cursor, Claude Code, MindWiki AI itself, and any custom MCP client — that interacts with the Service on your behalf.
• "Vault" — the collection of markdown pages and attachments associated with an account.
• "Prohibited Content" — the categories listed in the Prohibited content section below.
• "Affiliate" — any entity that, now or in the future, directly or indirectly controls, is controlled by, or is under common control with MindWiki.

Age

You must be at least 16 years old to use the Service. We do not knowingly accept registrations from individuals under 16. If we learn that a User is under 16, we will terminate the account and delete its data. Where local law sets a higher age of digital consent (for example, certain US states or non-US jurisdictions), the higher age applies.

The Service is not directed to children. If you are a parent or guardian and believe a minor has registered, email support@mindwiki.io and we will remove the account.

Accurate information

You agree to provide accurate registration information and to keep it current. Impersonating another person or entity, misrepresenting your affiliation with a person or entity, or using a name you are not entitled to use is a violation of this Policy.

Account security

• You are responsible for safeguarding your password, Sign in with Apple credentials, refresh tokens, API keys, and MCP scopes.
• You are responsible for everything that happens on your account, including actions taken by Agents you connect.
• If you suspect an account or credential compromise, rotate the credential immediately and notify us at security@mindwiki.io.

One account per person

Personal accounts are individual. Don't share a login across people. Multiple accounts to evade quotas, paywalls, or enforcement are themselves a violation (see Service abuse).

MindWiki is a personal knowledge system. It exists for note-taking, research, journaling, professional and academic knowledge work, project planning, capturing memories, building a personal index, working with your own AI agents on your own data, and other ways of constructing a long-lived second brain. Use it for those purposes.

You may use MindWiki for work or business, including storing client notes, project research, or business IP — provided you have the right to do so under your employer's or client's policies and applicable law, and you accept responsibility for that use.

You may not create, store, generate, transmit, distribute, or promote any of the following on the Service, by any means, including through AI chat, voice conversation, agents, the MCP server, the API, or email capture. This list is illustrative, not exhaustive.

Child sexual abuse material (CSAM)

• Any content depicting a minor in a sexually explicit or exploitative way, real or computer-generated.
• We report CSAM to the National Center for Missing & Exploited Children (NCMEC) and to law enforcement in accordance with applicable law. Account termination is immediate and non-appealable.

Violence, terrorism, and incitement

• Content that promotes, glorifies, or organizes violence against any person or group.
• Material affiliated with designated terrorist organizations, propaganda for them, recruitment materials, or operational planning.
• Specific, credible threats against identifiable individuals or locations.

Harassment, doxxing, and stalking

• Targeted harassment of any person, including via the AI voice surface treated as a tool for harassment.
• Publishing or threatening to publish another person's home address, work address, phone number, or other identifying details without their consent ("doxxing").
• Using the Service to plan, coordinate, or assist stalking.

Sexual content involving minors or non-consenting people

• Sexualization of minors of any kind. See CSAM section above.
• Non-consensual intimate imagery — including so-called "revenge porn", surreptitiously recorded material, or deepfake intimate imagery of an identifiable person without their consent.

Hate-based content

Content whose primary purpose is to dehumanize, incite hatred against, or call for discrimination against a person or group based on protected characteristics including race, ethnicity, national origin, religion, caste, sexual orientation, gender identity, disability, or serious medical condition. Genuine academic, journalistic, or counter-speech contexts are not prohibited.

Malware, exploits, and credential abuse

• Working malware, ransomware, or exploit code written to harm specific systems.
• Stolen credentials, password lists, or instructions to access systems you are not authorized to access.
• Phishing kits, scam templates, fraud playbooks designed to deceive others.

Fraud and deception

• Fake identification documents, counterfeit currency templates, forged signatures, fake reviews-for-hire content.
• Synthetic media designed to deceive viewers about what a real, identifiable person said or did ("deepfakes").
• Material in support of investment scams, pyramid schemes, "pig butchering" / romance scams, or similar.

Intellectual property infringement

• Content that infringes another party's copyright, trademark, trade secret, or patent at scale. Personal research notes that quote sources are fine; a vault full of pirated ebooks redistributed to others is not.
• See Intellectual property and DMCA for the takedown process.

Other illegal content

• Anything explicitly illegal under United States federal law or the law of the user's jurisdiction, including but not limited to controlled-substance distribution coordination, illegal weapons manufacturing instructions targeting end users, and content prohibited by sanctions law.

Beyond what you store, the following behaviors are prohibited regardless of what content is involved:

• Accessing, attempting to access, or assisting anyone to access an account, vault, token, or scope that isn't theirs.
• Probing, scanning, or testing the Service for vulnerabilities, except through coordinated disclosure to security@mindwiki.io. You may not run automated scanners, load tests, or penetration tests against any MindWiki host without written permission.
• Reverse engineering, decompiling, or disassembling the Service or any of its binaries beyond what applicable law expressly allows.
• Bypassing or attempting to bypass technical access controls, rate limits, plan quotas, geofences, or feature gates.
• Removing, hiding, or interfering with notices, copyright marks, watermarks, or attribution embedded in or alongside the Service.
• Interfering with another user's use of the Service — including spamming public-facing surfaces or attempting to flood another account with junk via email capture.
• Using the Service to send unsolicited bulk communications.
• Misusing or misrepresenting the MindWiki name, logo, or claims (see Security and the trademark guidelines in our Terms).

MindWiki AI includes vault-grounded chat, live voice conversations, retrieval over your own pages, agent orchestration, and the MCP surface that lets external models read and write into your vault. The AI Use Policy describes how we handle your data when you use those features. The following AUP rules also apply:

• You may not use AI features to generate any Prohibited Content listed above. The AI is your tool — output generated through MindWiki is attributable to you for AUP purposes.
• You may not attempt to circumvent safety instructions, system prompts, content filters, or model alignment through prompt injection, jailbreak techniques, or adversarial prompting, in order to produce Prohibited Content.
• You may not use the AI surface to harass, threaten, or deceive another person. Live voice conversations are a two-party flow between you and a synthetic voice; using the synthetic voice as a vector to deceive a third party (for example, by recording the AI saying something and presenting it as the words of a real person) is a violation.
• You may not use Auto-Linker, agents, or scripted writes to mass-rewrite a vault in a way that evades capture limits, storage limits, or quota accounting.
• You may not use AI features to extract training data, prompts, or model weights of MindWiki or any upstream provider, beyond what those providers explicitly permit.
• You may not represent AI output as anything other than AI output. If you publish AI-assisted writing where attribution matters (for example, an academic or journalistic context with attribution norms), you are responsible for disclosing the AI's role.

The Service is built for programmatic access. The public REST API, OAuth flow, and MCP server are intended to let you connect your own agents and your own tools. With that comes specific responsibility.

• You are responsible for your Agents. Any action taken by an Agent connected to your account — Claude, ChatGPT, Codex, Cursor, Claude Code, custom scripts, or anything else — is attributable to you under this Policy. Set scopes conservatively. Review what the Agent writes.
• Credentials are credentials.API keys, OAuth refresh tokens, and MCP scopes function like passwords. Don't commit them to public repos. Don't share them with people who shouldn't have access to your vault. Don't use them on shared infrastructure where they can be exfiltrated.
• Rate limits are real.The API and MCP server advertise per-endpoint rate limits. Sustained over-limit traffic will be throttled and then blocked. Don't engineer around rate limits with sharded keys, rotating identities, or proxy pools.
• No cross-tenant access.An Agent or API key tied to your account may only read or write into your account's vault. Attempts to read or write into another account's vault via any endpoint are a violation regardless of intent.
• No undisclosed automation against the marketing site. Scraping mindwiki.io, the docs at /docs, or the API reference at /api-reference at scale, ignoring robots.txt directives, or harvesting content for training a derivative model is not permitted without written agreement.
• Disclose your client. Programmatic clients should send a meaningful User-Agent header that identifies the Agent. Anonymous high-volume requests are subject to stricter limits.
• Revoke compromised keys immediately. If a key is leaked, revoke it from /account/api-keys (or the corresponding iOS / macOS settings panel) and notify security@mindwiki.io.

Each account receives a personal capture address on the inbox.mindwiki.io domain that forwards mail into your vault. The capture address is for personal use only.

• Inbound only. The capture address receives mail and writes it into your capture/folder. It does not send outbound mail. Don't spoof it as a sender.
• No deliberate inbound spam. Do not publish your capture address on lists, forums, or sign-up forms with the intent of farming spam into your vault. Sustained adversarial inbound flow may cause your capture address to be deactivated.
• Not a public mailbox.Don't use your capture address as a customer-service inbox or a reply-to address for outbound campaigns; that is what your own email provider is for.
• Personal data via email. If you forward correspondence from third parties (clients, colleagues), make sure their privacy expectations allow it. See Privacy of other people below.

MindWiki is a productivity tool, not a regulated service. The following use cases are sensitive and require additional caution. We do not warrant that MindWiki or its AI features are suitable for them, and you accept the additional risk if you use the Service for these purposes.

• Medical, mental-health, and clinical use. MindWiki AI does not provide medical advice, diagnosis, or treatment. Do not rely on MindWiki AI output as the basis for a medical decision. If you are in crisis or experiencing a mental-health emergency, contact local emergency services or a qualified clinician. You may use MindWiki to take personal notes about your health, but the Service is not a HIPAA-eligible system and is not suitable for storing protected health information (PHI) on behalf of patients in a clinical setting.
• Legal advice. MindWiki AI does not provide legal advice. Do not rely on AI output as a substitute for an attorney. You may use MindWiki to organize your own legal research and notes; you may not use it to generate legal opinions on behalf of clients without independent professional review.
• Financial advice. MindWiki AI does not provide investment, tax, or financial planning advice. Decisions about money should not be made on AI output alone.
• Safety-of-life decisions.Don't use MindWiki or its AI features to make decisions where a mistake could cause physical harm, including but not limited to operating heavy machinery, aviation, transportation, industrial safety, or public-health response.
• Critical infrastructure. The Service is not designed for use as a load-bearing component of critical infrastructure (energy, water, telecommunications, financial settlement, emergency response).
• Automated consequential decisions about people.Don't use MindWiki AI as a sole-decision-maker in employment, housing, credit, insurance, education, or law-enforcement contexts. A human responsible for that decision must remain in the loop.

Your content

You retain ownership of the Content you put into your vault. By using the Service, you grant MindWiki the limited license described in the Terms of Service — a license to host, transmit, and process your Content in order to provide the Service to you. We don't use your private Content to train third-party models. See the AI Use Policy for full detail.

Third-party intellectual property

Don't store, generate, or share Content in a way that infringes someone else's copyright, trademark, trade secret, or patent at scale. Personal research notes that quote sources are fine; a vault of pirated ebooks redistributed via shared MCP scopes is not.

Reporting copyright infringement (DMCA notice)

If you believe Content on the Service infringes your copyright, send a written notice to abuse@mindwiki.io that includes all the elements required by 17 U.S.C. § 512(c)(3):

• Your physical or electronic signature.
• Identification of the copyrighted work claimed to have been infringed.
• Identification of the material claimed to be infringing and information reasonably sufficient to allow us to locate it.
• Your contact information (address, phone, email).
• A statement that you have a good faith belief that use of the material in the manner complained of is not authorized by the copyright owner, its agent, or the law.
• A statement, under penalty of perjury, that the information in the notice is accurate and that you are authorized to act on behalf of the owner of an exclusive right that is allegedly infringed.

Repeat infringers will have their accounts terminated. Counter-notices follow 17 U.S.C. § 512(g) and can be submitted to the same address.

Trademark

"MindWiki" and the MindWiki logo are trademarks of MindWiki. Don't use them in a way that suggests an endorsement or partnership we haven't agreed to in writing. Referential use ("works with MindWiki", "compatible with MindWiki MCP") is acceptable provided it doesn't imply affiliation.

You may store information about other people in your vault — names, conversations, meeting notes, relationship details. With that comes responsibility.

• Don't store another person's sensitive personal information — government ID numbers, biometric data, financial-account numbers, medical records — without their consent or a lawful basis to do so.
• Don't use the Service to maintain databases of non-consenting individuals (for example, scraping someone's social profile into structured records to target them).
• If you use the Service in a professional capacity that brings you under privacy regulations (GDPR, CCPA, HIPAA, FERPA, etc.), you remain the data controller / covered entity for the third-party personal data you store, and you are responsible for honoring the rights of those individuals (access, deletion, etc.).
• If a third party requests deletion of information about themselves from a User's vault, we will forward the request to the User. We do not edit User vaults to comply with third-party requests except when required by law or court order, or in response to a verified takedown demand under this Policy or the law.

The Service is provided from the United States and is subject to US export control and economic sanctions law. You represent and warrant that:

• You are not located in, ordinarily resident in, or a national of a country or region subject to comprehensive US sanctions (currently Cuba, Iran, North Korea, Syria, the Crimea, Donetsk, and Luhansk regions of Ukraine), and you will not access the Service from such locations.
• You are not listed on the US Treasury Office of Foreign Assets Control (OFAC) Specially Designated Nationals (SDN) list, the US Department of Commerce Entity List, or any equivalent restricted- party list maintained by the US, EU, UK, Canada, Australia, or Japan.
• You will not use the Service in any way prohibited by US export control laws, including but not limited to the development, production, or use of weapons of mass destruction.

If we determine that an account violates these representations, we may suspend or terminate it without notice and report it as required by law.

Infrastructure abuse

• Don't flood any MindWiki host with traffic designed to degrade service for others. Rate limits exist for a reason.
• Don't use the Service as a relay for unrelated traffic (using attachments as anonymized CDN storage, using the email capture address as an open mail relay, etc.).
• Don't store extraordinarily large attachments designed to push storage limits rather than to support actual use.

Coordinated security disclosure

We welcome good-faith security research. If you believe you've found a vulnerability, email security@mindwiki.io with a description and reproduction steps. Don't publish, exploit, or share the issue with anyone else until we've had a reasonable opportunity to investigate and fix it. We won't pursue legal action against researchers who follow this process in good faith — which means: no data exfiltration beyond what proves the issue, no destructive testing, no social-engineering of MindWiki staff, no testing against production data of other users.

• Personal accounts are personal.One account per user. Don't share credentials, refresh tokens, or API keys across people.
• Team use. If you are using MindWiki at work or with collaborators, each person needs their own account today. Proper team plans are on the roadmap; until they ship, please contact us before deploying MindWiki to a group beyond a handful of individual subscribers.
• No resale. You may not resell MindWiki access, API keys, MCP scopes, or capture addresses to third parties. You may not provision MindWiki accounts as a subprocessor offering to external customers without our written agreement.
• No multi-account abuse. Creating multiple accounts to bypass quotas, paywalls, free- trial limits, suspension, or enforcement is a violation. Detection of multi-account abuse may result in all linked accounts being terminated.

• Backups are yours.The Service provides export at any time. We make commercially reasonable efforts to durably store your vault, but you are ultimately responsible for keeping your own backups of anything you can't afford to lose. See Security for our durability posture and Help Center for how to export.
• Lawful purpose. Your use of the Service must comply with all laws applicable to you, including but not limited to the laws of the jurisdiction in which you are located and any laws applicable to the Content you create or store.
• Accurate information. Keep your account information current. If you stop being eligible (sanctions list, age, etc.), close the account.
• Notify us of problems.If you see someone else's personal data in your vault by accident, a sync issue that crosses accounts, an unexpected charge, or anything else that looks wrong, email support@mindwiki.io so we can investigate.

If we conclude — at our reasonable discretion, based on evidence available to us — that an account is in violation of this Policy, we may take any of the following actions, alone or in combination, depending on severity, frequency, and intent:

• Warning. An email or in-app notice identifying the issue and what we expect you to do.
• Feature limitation. Temporarily disabling or throttling the specific surface being misused (for example, the email capture address, AI chat, or an API key) while leaving the rest of the account intact.
• Suspension. Pausing the account pending a response from you. During suspension you can still export the vault by contacting support.
• Termination. Permanent closure of the account, with deletion of associated data according to the Data retention section below.
• Reporting. For unlawful content (CSAM, credible threats, fraud at scale), report to law enforcement, NCMEC, or other authorities as required or permitted by law.
• Civil action. Where the violation causes us cognizable harm (for example, sustained attack traffic that costs us infrastructure spend), we reserve the right to pursue available legal remedies.

We try to use the lightest enforcement that fixes the problem. For ambiguous cases we usually start by asking what you're trying to do. For clear, severe violations — CSAM, malware distribution, credential-stuffing, sanctioned-party use — we move directly to termination and, where applicable, reporting, without prior warning.

Nothing in this section limits any other right or remedy available to us at law or in equity.

If your account is suspended or terminated and you believe we made the wrong call, you may appeal by emailing appeals@mindwiki.io within 30 days of the enforcement action. Include the account email, a description of what you were doing, and any context we may have missed. We'll review within 10 business days and respond in writing.

Appeals are not available for terminations involving CSAM, sanctioned-party use, or other categories where a reversal would itself put us out of compliance with law.

• General abuse: abuse@mindwiki.io — include the account or content involved (if known), what you observed, when, and any supporting material.
• Copyright takedown (DMCA): same address. See Intellectual property and DMCA for required elements.
• Security vulnerability: security@mindwiki.io.
• Child safety (CSAM): abuse@mindwiki.io with "URGENT CSAM" in the subject. We escalate immediately. You may also report directly to NCMEC at report.cybertip.org or call 1-800-843-5678.
• Emergencies involving threats to life: contact local law enforcement first; then notify abuse@mindwiki.io so we can preserve relevant data and assist.

We respond to legitimate reports within 5 business days, faster for active-harm categories (CSAM, credible threats, ongoing credential abuse).

• On voluntary deletion, we remove vault content from live storage within 30 days. Backups age out on the normal schedule described in our Privacy Policy.
• On termination for cause, we may retain limited records of the account, the violation, and the evidence supporting the enforcement action for as long as reasonably necessary to defend our interests, cooperate with law enforcement, or comply with legal obligations.
• Where law requires us to preserve specific data (for example, CSAM reports to NCMEC), we will do so for the required period.
• You may request an export of your vault before or during a suspension by contacting support. We will not provide an export where doing so would itself further the violation (for example, exporting a vault of CSAM is not available).

To the maximum extent permitted by law, you will indemnify, defend, and hold harmless MindWiki, its Affiliates, and their respective officers, directors, employees, and agents from and against any third- party claims, damages, liabilities, costs, and expenses (including reasonable attorneys' fees) arising out of or related to:

• Your Content, or any AI output you generated through the Service that you used or distributed.
• Your violation of this Policy or any applicable law.
• Your violation of the rights of any third party, including intellectual property and privacy rights.
• The actions of any Agent operating under your credentials.

We will give you prompt notice of any such claim and cooperate with you in its defense at your reasonable expense. You may not settle any claim that imposes obligations on MindWiki without our prior written consent.

AI outputs from MindWiki AI, agents you connect, or third-party models accessed through the Service can be wrong, biased, out of date, fabricated, or harmful. The Service is provided "as is" with respect to AI outputs, without warranty of accuracy, fitness for a particular purpose, or non-infringement, to the maximum extent permitted by law. Verify before you act. See the AI Use Policy and the broader warranty disclaimers in the Terms of Service.

We may update this Policy from time to time. Material changes — changes that meaningfully reduce your rights, expand our right to terminate, or add new categories of prohibited content — will be announced by email to the address on your account at least 30 days before they take effect. Non-material changes (typo fixes, clarifications, new contact addresses) may take effect immediately.

Continued use of the Service after the effective date of any change is acceptance of the updated Policy. The current version is always available at mindwiki.io/acceptable-use-policy.

This Policy is governed by the laws of the State of Utah, United States, without regard to its conflict- of-laws principles. Disputes arising out of or relating to this Policy will be resolved exclusively in the state and federal courts located in Salt Lake County, Utah, and you consent to the personal jurisdiction of those courts — provided that nothing in this section limits either party's right to seek injunctive relief in any court of competent jurisdiction to protect intellectual property or confidential information.

Where the Terms of Service include an arbitration or dispute resolution clause, that clause governs the forum for disputes; this section identifies the substantive law that applies.

If any provision of this Policy is held invalid or unenforceable, that provision will be modified to the minimum extent necessary to make it enforceable, and the remaining provisions will continue in full force and effect. Sections that by their nature should survive termination (including Definitions, IP and DMCA, Sanctions, Indemnification, No warranty, Governing law, and Severability and survival) will survive any termination of your account or this Policy.

• General questions: support@mindwiki.io
• Abuse reports / DMCA: abuse@mindwiki.io
• Security disclosures: security@mindwiki.io
• Appeals: appeals@mindwiki.io

Related documents: Terms of Service · Privacy Policy · AI Use Policy · Subscription Terms · Security.