Acceptable Use Policy
Last updated: June 3, 2026
What this covers.
This Acceptable Use Policy ("AUP") is part of, and incorporated into, the Oak Terms of Service. It applies to everyone who uses Oak — the CLI, the hosted service at oakvcs.com, the API, and any content you store, push, or make available through Oak (your "Content"). Capitalized terms not defined here have the meaning given in the Terms.
Oak is version control. You bring your own coding agent; Oak stores and serves the repositories those agents and people push to. You are responsible for everything stored under your account or your organization, including Content created by any agent or automation you run.
Content you may not store or distribute.
You may not use Oak to store, host, or distribute Content that:
- Is unlawful, or that promotes, facilitates, or instructs others in unlawful activity
- Sexually exploits or endangers minors in any way (see section [03] — we have zero tolerance)
- Is malware, ransomware, spyware, or other malicious code intended to harm systems or exfiltrate data without authorization (see section [04] for the security-research exception)
- Is designed to phish, spoof, or otherwise deceive people into disclosing credentials or sensitive information
- Infringes the intellectual-property rights of others, including pirated software, media, or unlicensed redistribution ("warez")
- Contains another person's private or personal information published without a lawful basis ("doxxing"), or leaked credentials, secrets, or access tokens belonging to others
- Is harassing, threatening, or incites violence against any person or group
- Is intended primarily to mine cryptocurrency on, or otherwise abuse, third-party or our infrastructure
Child sexual abuse material: zero tolerance.
Oak has zero tolerance for child sexual abuse material (CSAM) or any content that sexually exploits or endangers minors. We will remove such Content immediately, terminate the accounts involved, preserve the relevant data as required by law, and report it to the National Center for Missing & Exploited Children (NCMEC) and/or law enforcement as required under applicable law.
To report suspected child exploitation on Oak, email
[email protected] with the URL or account and any detail
you can safely provide. Do not download, copy, or redistribute the
material yourself.
Security research and dual-use code.
Oak is built for developers, and legitimate security work routinely involves storing exploit code, proof-of-concept payloads, malware samples for analysis, and offensive-security tooling. Storing such code for research, education, defense, or authorized testing is permitted.
What is not permitted is using Oak as a distribution or command channel for live attacks — for example, hosting an actively served phishing page, staging malware for mass delivery, or using Oak infrastructure to attack third parties. The line is intent and use, not the mere presence of dangerous code. When in doubt, keep the repository private and clearly document its research purpose.
Don't abuse the service.
You also agree not to:
- Attempt to gain unauthorized access to the service, other accounts, or other organizations' data
- Probe, scan, or test the vulnerability of the service except under a coordinated-disclosure arrangement with us
- Interfere with, degrade, or disrupt the service or its infrastructure (including denial-of-service, excessive automated requests, or evading rate limits, quotas, or other technical controls)
- Use Oak primarily as a generic file host, CDN, or backup target for content unrelated to a software project
- Resell or sublicense access to the service without our written permission
- Circumvent storage quotas, account limits, or suspensions, including by creating accounts to evade enforcement
Copyright and DMCA takedowns.
We respect intellectual-property rights and respond to clear notices
of alleged copyright infringement under the U.S. Digital Millennium
Copyright Act (DMCA). If you believe Content on Oak infringes your
copyright, send a written notice to our designated agent at
[email protected] that includes:
- Your physical or electronic signature
- Identification of the copyrighted work claimed to be infringed
- Identification of the infringing material and a URL or path sufficient for us to locate it
- Your contact information (address, telephone, email)
- A statement that you have a good-faith belief the use is not authorized by the owner, its agent, or the law
- A statement, under penalty of perjury, that the information is accurate and that you are authorized to act on the owner's behalf
We may remove or disable access to allegedly infringing Content and, in appropriate cases, terminate repeat infringers. Counter-notices may be sent to the same address. Misrepresentations in a notice or counter-notice may carry liability under 17 U.S.C. § 512(f).
Reporting abuse and how we enforce.
Reporting
Report content or behavior that violates this policy to
[email protected] (use [email protected] for
copyright). Include the repository URL, account, or organization and
enough detail for us to investigate.
Enforcement
When we determine, in our reasonable judgment, that this policy has been violated, we may take any action we consider appropriate, including removing or disabling Content, disabling a repository, suspending or terminating accounts or organizations, and reporting to law enforcement. For severe violations (such as CSAM, active attacks, or content that exposes us or our providers to legal liability) we may act immediately and without prior notice. For less-severe issues we will generally try to notify you and give you a chance to remediate.
If you believe we acted in error, you may appeal by replying to the
enforcement notice or emailing [email protected].
Changes
We may update this policy from time to time. Continued use of the service after a change constitutes acceptance of the updated policy.