Acceptable Use Policy

Effective date: March 18, 2026

This Acceptable Use Policy ("AUP") defines what is and is not permitted on BugUnstuck. It supplements our Terms of Service. Violation of this policy may result in immediate account suspension or termination without notice.

1. Authorized Use Only

BugUnstuck is designed exclusively for legitimate, authorized security research collaboration. Every user must ensure they hold proper authorization (written permission, valid bug bounty program participation, or equivalent legal basis) for any security testing they discuss on the Platform.

2. Mandatory Content Masking

All requests posted on BugUnstuck must be fully masked and anonymized. The following are strictly prohibited in any user-generated content:

• Real target names — company names, product names, brand names, or program names.
• URLs, domains, and subdomains — including partial URLs, staging URLs, or internal hostnames.
• IP addresses — public or private, IPv4 or IPv6.
• Credentials — passwords, API keys, tokens, secrets, session cookies, or authentication headers.
• PII — names, email addresses, phone numbers, physical addresses, or any data that could identify a natural person.
• Exploit code — working exploits, payloads, or proof-of-concept code that could be directly used against live systems.
• Internal architecture details — that would allow identification of the specific target system.

Our automated validation system rejects content containing common patterns of the above. Attempts to circumvent these filters (encoding, obfuscation, steganography, or similar techniques) are a serious violation of this policy.

3. Bug Bounty Program Compliance

Before posting a collaboration request about a finding, you must verify that the relevant bug bounty program or VDP allows sharing of finding details with third-party collaborators. Many programs have confidentiality clauses that prohibit this. BugUnstuck is not responsible for verifying program compliance — that obligation rests entirely with you.

4. No Illegal Activity

The Platform shall not be used to facilitate, coordinate, or conduct:

• Unauthorized access to computer systems, networks, or data.
• Exploitation of vulnerabilities without authorization.
• Sale, brokering, or trading of vulnerabilities or access outside of legitimate bounty programs.
• Extortion, blackmail, or coercion of any kind.
• Money laundering, fraud, or any financial crime.
• Violation of CFAA, CMA, GDPR, or any applicable cybercrime or data protection legislation.

5. Responsible Collaboration

When collaborating with other researchers through the Platform:

• Agree on bounty split terms before beginning collaborative work.
• Document all collaboration agreements in writing (outside BugUnstuck).
• Respect intellectual property and attribution rights.
• Do not claim sole credit for collaborative findings.
• Honor any agreements you make with other researchers.

6. Rate Limiting and Fair Use

The Platform enforces rate limits to prevent abuse. You may not submit more than 5 requests per hour. Automated submission, scraping, or API abuse is prohibited. Users who repeatedly trigger rate limits or validation filters may be subject to temporary or permanent account restrictions.

7. Reporting Violations

If you observe content that violates this policy, use the "Flag" feature on any request or contact us at @BugUnstuck on Twitter. We will review flagged content promptly and take appropriate action, which may include content removal and account suspension.

8. Enforcement

Violations of this Acceptable Use Policy may result in:

• Immediate removal of offending content.
• Temporary or permanent account suspension.
• Referral to law enforcement if illegal activity is suspected.
• Notification to affected bug bounty platforms if program rules are violated.

Enforcement decisions are made at our sole discretion and are final.