Home / Legal / Acceptable use

Acceptable Use Policy

Last updated: 2026-04-25

This is the technical-and-behavioural floor for using MDSwap. The Content Policy covers what you can publish; this covers how you use the service. They overlap; both apply.

The general rule

Don't break the law, don't break the service, don't break other users. If a thing isn't listed here but obviously falls under one of those, it's still off-limits.

Don't break the law

• No content or activity that is illegal where you are or where MDSwap is operated.
• No CSAM. We will report to NCMEC and to law enforcement, and your account will be permanently banned and IP-blocked.
• No instructions or material that would meaningfully aid the synthesis of weapons of mass destruction (chemical, biological, radiological, nuclear), the creation of cyberweapons designed for mass disruption, or the targeting of critical infrastructure.
• No facilitation of credible violence, terrorism, or self-harm against identifiable people.
• No sanctions or export-control violations.
• No copyright or trademark infringement. If you don't have rights, don't post it. If you mark a work CC0/MIT, you're claiming you have authority to do that.
• No fraud, phishing, or impersonation of a real person, brand, or organization.

Don't break the service

• No automated submissions or scraping that ignores robots.txt, our rate limits, or basic etiquette. Public MDs and the raw .md endpoint are open to fetch; bulk crawls should identify themselves and back off when asked.
• No scripted account creation, vote manipulation, or report-bombing. One human, one account.
• No exploitation of bugs to access data you shouldn't see, escalate privileges, bypass rate limits, or evade moderation. Found one? Tell us via /.well-known/security.txt and we'll thank you publicly if you want.
• No denial-of-service, resource abuse, or attempts to overwhelm any subsystem (database, edge, storage, third-party integrations).
• No malware, drive-by payloads, or links that route through cloakers. Markdown is plain text; don't try to weaponize the renderer.
• No prompt-injection or content-injection attacks targeting MDSwap's own AI features (search descriptions, OG generation, future tools). We treat all content as untrusted, but trying counts as a violation.

Don't break other users

• No harassment. No targeted abuse. No coordinated dogpiles.
• No doxxing or sharing private information about an identifiable person without consent. Public-figure-in-public-capacity is different; if you're not sure, you're not.
• No threats, including jokes that a reasonable person would read as threats.
• No hate content as defined in the Content Policy.
• No abuse of the report button. It's a moderation tool, not a downvote. Spam reports lose your reporting trust score and can get your account suspended.
• No NSFW content involving real people without explicit consent, no NSFW content involving anyone under 18, and no untagged NSFW.
• No SEO spam, AI slop, link farms, or bulk re-uploads designed to game discovery. We remove and ban.

AI-generated content

You can post AI-generated material if you have rights to redistribute it under the license you choose, you tag the MD with the AI-generated indicator (EU AI Act Article 50), and the result is genuinely useful. "I asked GPT to write a system prompt for X" without curation isn't useful and we'll remove it as slop.

API and embeds

Raw markdown endpoints (/swap/:slug/raw.md) and embeds (/swap/:slug/embed) are part of the product. You can fetch and embed them; respect rate limits and don't strip attribution. RSS at /feed.xml is for readers, not for re-publication as your own content.

Enforcement

We act on reports and on what we notice. The action depends on severity and history:

• First, low severity: remove the content, tell you what and why.
• Repeat or moderate severity: warning, temporary suspension (typically 7 days), and forfeit of any reporter trust score.
• Severe or repeat-after-warning: permanent ban.
• Egregious or illegal: immediate ban, IP block where helpful, referral to authorities where required, and we may share information with affected platforms (Vercel, Supabase, OAuth providers).

Soft-delete is the default so we can reverse mistakes. Bans are not negotiated; appeals are read once and answered.

Appeals

Reply to your removal or suspension email within 30 days. One human reads it. Either we reinstate, or we explain. We don't owe you a debate; we owe you an answer.

Contact: muhammedeliwat@gmail.com