Forge

Legal

Forge Acceptable Use Policy

CommitShield, Inc. · www.commitshield.com

Effective: 2026-04-15 · Last Updated: 2026-04-15

Purpose

Purpose

Forge is a code hosting and collaboration platform operated by CommitShield, Inc. (“CommitShield,” “we,” “us,” or “our”) at www.commitshield.com. Our community includes developers, organizations, and open source projects from around the world. This Acceptable Use Policy (the “AUP”) describes the content and activities that are, and are not, permitted on Forge. It is incorporated into and forms part of the Forge Terms of Service (the “Terms”).

Capitalized terms not defined here have the meanings given in the Terms. Any reference to “the Service” includes Forge, the www.commitshield.com website, our APIs, command-line tools, and related applications.

We apply this AUP both to the letter and to the spirit of the rules. If conduct is not explicitly listed but is similar in character to something that is prohibited, we may still treat it as a violation. We resolve ambiguity in favor of protecting users and the integrity of the Service.

Section 01

Your responsibility

You are responsible for everything that appears in your account, your repositories, your Organization’s repositories, and anything done through your credentials. You are also responsible for ensuring that your use of the Service complies with all applicable laws and regulations and with every provision of this AUP.

Section 02

Prohibited content

You may not upload, store, share, transmit, link to, or otherwise make available through the Service any content that:

  • Is unlawful under any law applicable to you or CommitShield, or that promotes or facilitates unlawful activity.
  • Infringes or misappropriates the intellectual property rights of others, including copyright, trademark, trade secret, patent, or moral rights.
  • Depicts, describes, promotes, or facilitates the sexual exploitation or abuse of minors. Such material will be reported to the National Center for Missing & Exploited Children (NCMEC) and to law enforcement as required by law.
  • Is sexually obscene, or is pornographic in a manner that lacks serious literary, artistic, political, or scientific value.
  • Depicts or incites graphic violence, gore, or the physical harm of any person or animal.
  • Contains or constitutes non-consensual intimate imagery, or private sexual content shared without the subject’s consent.
  • Promotes or facilitates terrorism, violent extremism, or the recruitment or financing thereof.
  • Advocates, threatens, or incites violence against individuals or groups.
  • Targets others with hate speech, discrimination, or harassment on the basis of race, ethnicity, national origin, religion, gender, gender identity, sexual orientation, disability, age, or serious medical condition.
  • Is designed to defame, libel, or falsely damage the reputation of another person or organization.
  • Reveals another person’s personal, private, or confidential information without their explicit permission (often referred to as “doxxing”), including home address, phone number, identification document numbers, financial account information, or private communications.
  • Impersonates any individual, organization, or official body in a manner intended to deceive others, including using a username, avatar, or profile that misleads as to identity or affiliation.
  • Is designed to spread disinformation or deliberately manipulated media that could cause serious harm to public safety, electoral integrity, or public health.
  • Has previously been removed from the Service for violating this AUP, unless we have expressly authorized its restoration.
Section 03

Malware, exploits, and offensive security research

You may not use the Service to directly deliver, distribute, or command malware or other malicious payloads against systems or users that you are not authorized to test. Specifically, you may not:

  • Operate an active command-and-control server through the Service.
  • Host active phishing pages, credential-harvesting infrastructure, or drive-by malware distribution.
  • Use the Service to exfiltrate stolen data, distribute illegally obtained credentials, or stage attacks against third parties.
Security research is welcome. This AUP is not intended to prohibit legitimate security research, proof-of-concept code, educational content, or the responsible disclosure of vulnerabilities. Security research is permitted provided that: (a) the purpose is research, defense, or education, not active exploitation; (b) any real-world targets or victims are properly anonymized; (c) content is clearly labeled as to its nature; and (d) the conduct complies with applicable law.
Section 04

Harassment, bullying, and abuse

We expect users to interact with each other professionally and respectfully. You may not use the Service to:

  • Target another user with unwanted, repeated, or hostile contact.
  • Post or link to derogatory, humiliating, or demeaning content directed at an individual.
  • Threaten violence, physical harm, or the destruction of property against another person.
  • Incite others to engage in harassment or abuse.
  • Retaliate against users who have reported violations to us in good faith.

Project maintainers are encouraged to establish clear community guidelines and to moderate their own repositories. CommitShield may take action when conduct within a repository violates this AUP even if the affected users are not subscribers to the project.

Section 05

Service integrity and security

You must not take any action that compromises, attempts to compromise, or could reasonably be expected to compromise the integrity, security, or availability of the Service. Prohibited activity includes:

  • Probing, scanning, or testing the vulnerability of the Service, its infrastructure, or any associated network without our prior written authorization.
  • Breaching or attempting to breach any authentication, authorization, rate-limiting, or other security measure.
  • Accessing or attempting to access any account, repository, data, or system for which you do not have explicit permission.
  • Reverse-engineering, decompiling, or disassembling the Service, except to the extent such activity is permitted by applicable law.
  • Intercepting, monitoring, or tampering with transmissions to or from our servers.
  • Uploading or transmitting viruses, worms, Trojan horses, ransomware, logic bombs, keyloggers, or other malicious code intended to damage or disrupt the Service or the systems of its users.
  • Submitting intentionally malformed inputs, prompt injections, or similar attacks against any machine learning or AI-powered feature we offer in an attempt to bypass our controls or cause the feature to act in violation of this AUP.
Section 06

Resource usage and infrastructure abuse

The Service is shared infrastructure. You must use it in a manner that is fair to other users and does not impose an unreasonable load. You may not:

  • Use Forge primarily as a generic file host, backup service, content delivery network, media server, or free object storage service unrelated to software development.
  • Use Forge repositories to host cryptocurrency mining software intended to run on CommitShield infrastructure, including within continuous integration or automated build environments that we provide.
  • Exceed the storage, bandwidth, compute, or request limits published for your plan, or circumvent rate limits through artificial means such as account rotation or distributed automation.
  • Run automated jobs, bots, crawlers, or scrapers that consume disproportionate resources or that make requests faster than a reasonable human could through the standard interface.
  • Create large numbers of accounts, Organizations, or repositories for the purpose of evading limits, bypassing restrictions, or inflating metrics.

We reserve the right to throttle, suspend, delete, or otherwise restrict access to any account, repository, or feature that we determine, in our reasonable judgment, is consuming resources in a manner disproportionate to similar use by other users.

Section 07

Spam, advertising, and inauthentic activity

Forge is not a platform for advertising, mass marketing, or artificial promotion. You may not use the Service to:

  • Send unsolicited bulk messages, emails, comments, merge requests, issues, or other communications.
  • Post, distribute, or link to content that promotes “get-rich-quick,” multi-level marketing, pyramid schemes, or other deceptive commercial activity.
  • Artificially inflate or manipulate stars, forks, followers, contribution metrics, or any other engagement signal (for example, by operating follow-for-follow networks or coordinated sockpuppet accounts).
  • Engage in deceptive SEO manipulation, keyword stuffing, or hidden text designed to mislead search engines.
  • Post content that is excessive, repetitive, or otherwise of negligible value and disrupts the usefulness of the Service for others.

Incidental advertising or monetization that is reasonable and in good faith (for example, a project README that describes a commercial offering, sponsorship links, or donation buttons) is generally acceptable provided it is truthful and complies with applicable disclosure laws, including the guidelines of the U.S. Federal Trade Commission where applicable.

Section 08

Privacy of others

Even where content does not amount to doxxing or harassment, you must still respect the privacy of others. You may not use the Service to collect, aggregate, or publish the personal information of other users without their consent, and you may not use scraping or other automated means to compile profiles of users based on information available within the Service.

Section 09

AI tools and synthetic media

You may use AI-assisted development tools, including our AI features, to generate, review, or refactor code. However, you may not use the Service or any AI feature we offer to:

  • Create or distribute synthetic or manipulated media that is intended to deceive and that could reasonably cause significant harm (for example, fabricated media of a real person saying or doing something they did not).
  • Generate non-consensual intimate imagery of any person, whether real, composite, or otherwise identifiable.
  • Produce outputs that would themselves violate this AUP if submitted directly by a user.
  • Attempt to override, jailbreak, or otherwise circumvent the safety measures of any AI feature.
Section 10

Private repositories

We respect the privacy of private repositories and limit access by our personnel to the situations described in the Terms and our Privacy Policy (for example, with your consent, in response to a suspected active attack, to comply with law, or where reasonably necessary to maintain the Service). The rules in this AUP, however, still apply to private repositories. Content that is prohibited here is prohibited whether a repository is public or private. We reserve the right to investigate and act on credible reports even when the content at issue is in a private repository.

Section 11

Reporting violations

If you believe that content or activity on the Service violates this AUP, you can report it by contacting support@commitshield.com or by using the in-product reporting tools, if available. For reports of copyright infringement, please follow the DMCA process described at www.commitshield.com/dmca. For reports of child sexual abuse material, please contact abuse@commitshield.com; such reports are treated with the highest priority and escalated to appropriate authorities.

Section 12

Enforcement

Where we determine that a user has violated this AUP, we may take any action we consider appropriate, which may include:

  • Issuing a warning or requesting that the user take corrective action.
  • Removing, disabling, hiding, or restricting access to content or repositories.
  • Restricting specific features (for example, forking, comments, or merge requests) for an account or repository.
  • Temporarily suspending or permanently terminating accounts, Organizations, or any portion thereof.
  • Cooperating with law enforcement, court orders, or other legal process, and preserving and disclosing information where legally required.

We aim to give users a reasonable opportunity to address a violation where circumstances permit, but we reserve the right to take immediate action in cases of serious harm, imminent risk, or repeated violations. We may also act against conduct that occurs outside the Service if that conduct is directed at users of the Service or materially affects the safety, security, or integrity of the Service.

We may reinstate an account or content in appropriate circumstances, for example where we determine that a removal was made in error or where the user has credibly committed to future compliance.

Section 13

Changes to this AUP

We may update this AUP from time to time as our Service evolves, new abuse patterns emerge, or legal requirements change. Where changes are material, we will post notice at least thirty (30) days before the changes take effect, except where a change is required sooner to address urgent safety or legal risk. Continued use of the Service after the effective date of an updated AUP constitutes acceptance of the updated AUP.

Section 14

Contact

Questions about this AUP should be directed to legal@commitshield.com. Reports of violations should be directed to support@commitshield.com or, for urgent safety issues, to abuse@commitshield.com.