Acceptable Use Policy

1. Purpose

This Acceptable Use Policy ("Policy") defines the permitted and prohibited uses of Copper Sun Brass ("Service", "Software", "BrassCoders"). This Policy applies to all users and supplements our Terms of Service.

2. Permitted Uses

Copper Sun Brass is designed for legitimate software development activities, including:

2.1 Development Activities

• Code Analysis: Analyzing your own code or code you have permission to analyze
• Quality Improvement: Using recommendations to improve code quality and security
• Project Intelligence: Gathering insights about software projects you own or contribute to
• AI Enhancement: Providing context to AI coding assistants for better assistance

2.2 Team and Organizational Use

• Team Development: Using the Service within development teams
• Code Review: Analyzing code during review processes
• Technical Due Diligence: Evaluating codebases for business purposes (with proper authorization)
• Educational Purposes: Learning and teaching software development practices

2.3 Commercial Use

• Professional Development: Using the Service in commercial software development
• Consulting Services: Using insights to provide development consulting
• Product Development: Incorporating recommendations into commercial software products

3. Prohibited Uses

3.1 Illegal Activities

You may not use Copper Sun Brass to:

• Analyze code you do not have legal rights to access
• Violate intellectual property rights or trade secrets
• Circumvent security measures or access controls
• Engage in any illegal or fraudulent activities

3.2 Harmful Activities

You may not:

• Malware Development: Develop malware or analyze malicious code for offensive purposes (defensive security research with proper authorization is permitted)
• Security Exploitation: Use analysis to find vulnerabilities for malicious purposes
• Unauthorized Access: Analyze code obtained through unauthorized means
• Data Harvesting: Extract or collect proprietary information from analyzed code

3.3 Service Abuse

You may not:

• Quota Abuse: Attempt to circumvent the Paid Plan's monthly enrichment-token quota, machine-activation limit, or per-license inflight concurrency limit
• Resource Abuse: Use the Service in ways that degrade performance for other users (e.g. scanning extremely large directory trees in tight scripted loops)
• License Violations: Share license keys, create unauthorized copies, or circumvent licensing
• Reverse Engineering: Attempt to reverse engineer, decompile, or extract the Service's proprietary algorithms (does not apply to the OSS core, which is Apache 2.0 licensed and readable as source)

3.4 Harmful Content

Do not analyze or process:

• Illegal Content: Code that facilitates illegal activities
• Harmful Software: Malware, viruses, or other malicious software
• Privacy Violations: Code that unlawfully collects or processes personal data
• Harassment Tools: Software designed to harass, threaten, or harm others

4. Integration with Downstream AI Assistants

4.1 Output Consumption

BrassCoders produces YAML output intended for consumption by AI coding assistants (Claude Code, Cursor, Continue, and similar). The Service does not require or integrate with any third-party AI API itself.

4.2 Your Downstream Account

If you use BrassCoders output with an AI coding assistant, you remain solely responsible for:

• Complying with that assistant's terms of service and acceptable use policy (e.g. Anthropic's Usage Policies for Claude, Anysphere's terms for Cursor)
• Your own API keys, billing, and rate limits with that vendor
• Any analysis, recommendations, or code changes generated by that assistant

5. Security Requirements

5.1 License Key Security

You must:

• Protect Your License Key: Treat the BrassCoders license key like a credential
• No Sharing: Never share license keys across teams or organizations outside your own seats
• Secure Storage: Follow best practices for credential storage (avoid committing to version control)
• Report Breaches: Immediately report any unauthorized access or key compromise to brass@coppersuncreative.com

5.2 System Security

You must:

• Secure Environment: Use the Service in secure development environments
• Access Controls: Implement appropriate access controls for team use
• Regular Updates: Keep the Service updated to the latest version
• Vulnerability Reporting: Report security vulnerabilities responsibly

5.3 Data Protection

You must:

• Authorized Analysis: Only analyze code you have permission to analyze
• Data Classification: Respect data classification and handling requirements
• Privacy Compliance: Ensure analysis complies with applicable privacy laws
• Confidentiality: Maintain confidentiality of analyzed code and results

6. Content and Code Analysis

6.1 Code Ownership

You represent and warrant that:

• You own or have permission to analyze all code processed by the Service
• Your use of the Service does not violate any licensing agreements
• You will respect intellectual property rights of all analyzed code

6.2 AI-Generated Recommendations

You acknowledge that:

• Review Required: All AI recommendations must be reviewed before implementation
• No Warranty: We provide no warranty about the accuracy or suitability of recommendations
• Your Responsibility: You are responsible for testing and validating all suggestions
• Compliance: Implementation must comply with your organization's policies and standards

6.3 Sensitive Information

You must not:

• Process code containing classified or highly sensitive information without proper authorization
• Analyze code that includes personal data without appropriate privacy protections
• Use the Service to process code subject to export controls or other regulatory restrictions

7. Fair Use and Resource Management

7.1 Reasonable Use

Use the Service reasonably and in good faith:

• Normal Development: Use patterns consistent with typical software development
• Token Budget: The Paid Plan includes 50 million enrichment tokens per month per license; sustained automated workloads that exceed this budget should be backed by top-ups rather than license-key sharing or scripted retries
• Concurrency: Respect the per-license inflight-request limit; do not parallelize scans beyond what the gateway accepts
• Shared Resources: Consider impact on other users and service performance

7.2 Automated and CI Usage

For automated, scripted, or CI usage:

• Activation slots: Each license includes 3 machine activations — a CI runner is one of them; run brasscoders deactivate on retired runners to free a slot
• Error Handling: Handle errors gracefully without overwhelming the Service (no tight retry loops on 429 / 402 responses)
• Monitoring: Monitor your remaining monthly token budget via brasscoders license
• Contact us: For high-volume use cases (e.g. CI scanning across many repos, monorepo orchestration), reach out at brass@coppersuncreative.com

8. Compliance and Legal Requirements

8.1 Regulatory Compliance

You must comply with all applicable laws and regulations, including:

• Export Controls: U.S. Export Administration Regulations (EAR) and International Traffic in Arms Regulations (ITAR) - consult legal counsel if analyzing code subject to export restrictions
• Privacy Laws: GDPR, CCPA, and other privacy regulations
• Industry Standards: Relevant industry-specific compliance requirements
• Professional Ethics: Professional codes of conduct for software developers

8.2 Organizational Policies

You must:

• Company Policies: Comply with your organization's IT and security policies
• Client Requirements: Meet any contractual obligations related to code analysis
• Industry Standards: Follow relevant industry best practices and standards

9. Reporting and Enforcement

9.1 Reporting Violations

Report violations of this Policy to:

• Email: brass@coppersuncreative.com
• Subject Line: "Acceptable Use Policy Violation"
• Information: Provide details about the violation and any evidence

9.2 Investigation Process

We will:

• Investigate: Review reported violations promptly and thoroughly
• Response: Review reports and follow up as appropriate
• Documentation: Maintain records of investigations and resolutions
• Confidentiality: Treat reports confidentially to the extent possible

9.3 Enforcement Actions

Violations may result in:

• Warning: Initial notice of policy violation
• Service Restrictions: Temporary limitations on Service access
• Account Suspension: Temporary suspension of Service access
• Account Termination: Permanent termination of Service access
• Legal Action: Legal proceedings for serious violations

10. Mitigation and Appeals

10.1 Self-Correction

If you realize you've violated this Policy:

• Stop Immediately: Cease the violating activity
• Contact Us: Report the violation voluntarily
• Corrective Action: Take steps to prevent future violations
• Cooperation: Cooperate with any investigation

10.2 Appeals Process

If you believe enforcement action was taken in error:

• Appeal Window: Submit appeals within 30 days of action
• Appeal Email: brass@coppersuncreative.com with subject "Acceptable Use Appeal"
• Information Required: Provide detailed explanation and evidence
• Review Process: We will review appeals and follow up with the outcome

11. Updates and Modifications

11.1 Policy Updates

We may update this Policy to:

• Clarify Requirements: Provide clearer guidance on acceptable use
• Address New Risks: Respond to emerging security or abuse patterns
• Legal Compliance: Meet evolving legal and regulatory requirements
• Service Changes: Reflect changes in Service functionality

11.2 Notification

We will notify you of material changes through:

• Email Notification: Direct communication to license holders
• Service Notification: Alerts within the Service interface
• Website Publication: Updates posted on our website

12. Contact Information

For all questions about this Acceptable Use Policy — policy interpretation, abuse reporting, security issues, or general support — email a single address:

Copper Sun Content and Creative, LLC
brass@coppersuncreative.com

For faster routing, prefix your subject line with one of: [Policy], [Abuse], [Security], or [Support].

Last Updated: 2026-05-31