Usage Policy / Acceptable Use

1. Purpose and scope

This Usage Policy applies to Grik.io, including Ricochet for coding / agentic development, Rico for video / media generation, the website, API, extensions, CLI, gateway, hosted inference, credits, messenger integrations, cloud workers, and other features.

This Policy supplements the Public Offer / Terms of Service, Privacy Policy, Service Credits Terms, and applicable third-party AI provider terms. By using Grik.io, you agree to comply with this Policy and to ensure compliance by your users, employees, contractors, and integrations.

2. Core Grik.io principle: free tool and free BYOK

Ricochet may be distributed as a free tool and/or open-source software. Bringing your own API key (BYOK) does not require payment to Grik.io for the tool itself. You remain responsible for paying and complying with the terms of your selected AI provider.

If you use Hosted Inference, Grik Gateway, Rico rendering, managed agents, team workspaces, cloud execution, or other paid Grik.io features, that use may be subject to limits, credit consumption, and additional safety rules.

3. General prohibitions

You may not use Grik.io for illegal, harmful, deceptive, violent, discriminatory, exploitative, rights-infringing, or otherwise abusive activity.

• violate applicable law, sanctions, export control rules, or third-party rights;
• circumvent limits, rate limits, paywalls, access controls, anti-abuse systems, or moderation systems;
• create, distribute, or improve malware, ransomware, stealers, botnets, credential theft tools, phishing kits, or covert access tools;
• obtain unauthorized access to accounts, systems, networks, repositories, data, API keys, cookies, tokens, SSH keys, or secrets;
• use the service for fraud, spam, mass account creation, fake activity, payment abuse, or deception;
• create content that compromises child safety, promotes violence, hatred, extremism, self-harm, or exploitation;
• generate or distribute sexual content involving minors or content that sexualizes minors.

4. Special rules for Ricochet and agentic coding

Ricochet is intended for lawful software development, automation, and project maintenance. Agentic features may read files, propose diffs, create pull requests, run commands, call APIs, send messages through messengers, and perform other actions only within user-granted permissions.

• Do not use Ricochet for attacks, unauthorized scanning, vulnerability exploitation, persistence, lateral movement, or post-exploitation outside an explicitly authorized test environment.
• Do not instruct the agent to extract, retain, publish, or transmit secrets, private keys, passwords, cookies, access tokens, or personal data without a lawful basis and necessity.
• Do not use Ricochet for supply-chain attacks, dependency confusion, malicious packages, backdoors, hidden telemetry beacons, or deception of maintainers.
• Destructive actions, deployment, production infrastructure changes, database migrations, bulk file changes, sending messages on your behalf, and financially significant operations should require deliberate user approval.
• You are responsible for reviewing code, commands, diffs, pull requests, and deployment steps before applying them, especially where safety, money, third-party rights, or data may be affected.

5. Permitted security research

Security research is permitted only for systems that you own, control, or have explicit written authorization to test. For Grik.io vulnerabilities, use the Responsible Disclosure Policy.

Even during authorized testing, DDoS, data destruction, production mass scanning, access to third-party data beyond the minimum necessary, social engineering, phishing employees or users, physical attacks, and extortion are prohibited.

6. Special rules for Rico video and media generation

Rico is intended for creative, commercial, and technical generation of video, images, audio, and other media while respecting law, third-party rights, and platform rules.

• Do not create deepfakes, voice clones, impersonation, or likeness content without a lawful basis and consent where such content may mislead people or cause harm.
• Do not use real people, public figures, brands, characters, trademarks, copyrighted works, or another person’s likeness in a rights-infringing or misleading manner.
• Political advertising, news, journalistic, medical, financial, or other high-risk content should include human review, AI disclosure, and compliance with applicable law.
• Media used for harassment, blackmail, sexual extortion, defamation, fraud, deceptive advertising, fabricated evidence, or bypassing identity systems is prohibited.
• Do not upload images, video, audio, or biometric-like data of people unless you have the rights, consent, and lawful basis to process them.

7. High-risk domains

If output is used in legal, healthcare, finance, insurance, employment, housing, education, journalism, public services, or other domains where a decision may materially affect a person, you must ensure qualified human review, disclose AI involvement, and not rely on output as the sole source of truth.

8. Child safety and minors

Grik.io is not intended for children below the minimum age specified in the Public Offer / Terms and applicable law. You may not use the service to exploit, sexualize, groom, track, manipulate, or harm minors.

9. Rights, data, and third-party privacy

You must have all rights, licenses, permissions, and consents necessary for prompts, files, code, repositories, images, audio, video, datasets, contacts, messenger content, and other input data that you submit to Grik.io or to third-party AI providers through BYOK or hosted inference.

10. Enforcement

We may limit, throttle, suspend, terminate access, remove content, revoke promotional credits, refuse to process a request, or notify competent authorities if we believe use violates this Policy, law, user safety, or third-party rights. We may use automated and manual methods to detect violations.

11. Appeals and abuse reports

If you believe an enforcement action was applied in error, contact us by email with details of the account, request, timing, and reason for reconsideration. Reports of dangerous content, rights violations, or abuse may be sent to the main Grik.io contact.