Acceptable Use Policy

This Acceptable Use Policy ("AUP") describes what you may and may not do with the stunl tunneling service. This AUP is part of our Terms of Service. Violations may result in immediate suspension or termination of your account without notice or refund.

stunl is a tool for developers. We want to keep it that way. The rules below exist to protect our infrastructure, our users, and the broader internet.

1. Prohibited Content

You may not use stunl tunnels to host, serve, distribute, or transmit:

• Malware - viruses, trojans, ransomware, spyware, adware, rootkits, or any other malicious code
• Phishing - fake login pages, credential harvesting sites, or social engineering attacks
• CSAM - child sexual abuse material of any kind. We report all instances to NCMEC and law enforcement
• Pirated content - copyrighted material you do not have the right to distribute
• Illegal goods - drug marketplaces, weapons sales, counterfeit goods, or other illegal commerce
• Spam content - pages or services designed to generate unsolicited bulk messages

2. Prohibited Activities

You may not use stunl to:

• Launch attacks - DDoS, DoS, port scanning, vulnerability scanning, brute force attacks, or any offensive security activity against systems you do not own or have written authorization to test
• Send spam - unsolicited bulk email, SMS, or messages of any kind
• Mine cryptocurrency - using stunl infrastructure or bandwidth for mining operations
• Circumvent restrictions - bypass account bans, evade rate limits, create duplicate free accounts, or use anonymous tunnels to avoid enforcement actions
• Proxy illegal traffic - use stunl as a proxy, VPN, or relay for traffic that violates any applicable law
• Impersonate - pretend to be another person, company, or service
• Resell access - redistribute, resell, or sublicense stunl services without our written permission
• Interfere with service - overload our infrastructure, exploit bugs, or take any action that degrades the service for other users

3. Sanctions and Export Controls

You may not use stunl if you are located in, or a resident of, a country subject to comprehensive US sanctions (currently: Cuba, Iran, North Korea, Syria, and the Crimea, Donetsk, and Luhansk regions of Ukraine). You may not use stunl if you are on the US Treasury Department's OFAC Specially Designated Nationals list or any similar restricted party list.

4. Resource Limits

Your usage must stay within your plan's limits:

• Bandwidth quotas are enforced per billing period
• Concurrent tunnel limits are enforced per plan tier
• Anonymous tunnels are limited to 30 minutes and 100 MB
• Rate limits apply to API calls and tunnel creation

Tunnels are designed for development, testing, demos, and webhook delivery. They are not intended as permanent production hosting. If you need long-lived, high-traffic tunnels, contact us about our Business plan.

5. Permitted Uses

To be clear, these are the kinds of things stunl is built for:

• Exposing local development servers for testing
• Receiving webhooks from third-party services (Stripe, GitHub, Twilio, etc.)
• Sharing work-in-progress with teammates or clients
• Demo environments and presentations
• Authorized penetration testing of your own systems
• CI/CD pipeline testing with external service integration
• IoT device connectivity and debugging
• Exposing MCP servers for AI agent development
• Sharing files or terminal sessions with collaborators

6. Enforcement

When we become aware of a potential AUP violation, we may:

• Immediately close the offending tunnel(s) without notice
• Suspend your account pending investigation
• Permanently terminate your account without refund
• Report illegal activity to law enforcement
• Cooperate with law enforcement investigations when legally required

For less severe or first-time violations, we may issue a warning and give you the opportunity to correct the behavior. We use our judgment and act in proportion to the severity of the violation.

7. Reporting Abuse

If you believe a stunl tunnel is being used to violate this policy, please report it:

• Email: abuse@stunl.com

Include the tunnel URL or subdomain, a description of the abuse, and any relevant evidence. We investigate all reports and respond within 24 hours for urgent matters.

8. Changes

We may update this AUP as threats and use patterns evolve. Changes take effect when posted. We will notify registered users of material changes via email.

9. Contact

Questions about what's allowed? Ask before you do it:

• Abuse reports: abuse@stunl.com
• General questions: support@stunl.com
• Legal: legal@stunl.com