Legal & Compliance
Last reviewed: 2026-06-16. This is an operational template for private testing. It is not legal advice. Review with counsel before offering any commercial service.
Provider Terms Boundary
Anthropic's Claude Code legal documentation says Claude Code is subject to Anthropic's Usage Policy. It distinguishes OAuth subscription credentials from API key authentication: developers building products or services should use API keys through Claude Console or supported cloud providers, and should not route requests through Free, Pro, or Max credentials on behalf of users.
Operational rule: do not publicly resell, advertise, or broadly share access backed by consumer subscription credentials. Any commercial product should use authorized API/commercial access.
Privacy Policy Template
- We collect account identifiers, API key metadata, usage counters, and request metadata needed to operate the relay.
- We do not intentionally store prompt or response bodies in edge logs.
- API access logs record metadata such as time, path, status, user agent, and source IP. Authorization values are redacted by Caddy.
- CRS request detail metadata may be retained temporarily for troubleshooting. Body preview remains disabled.
- Users should not submit passwords, private keys, health data, government IDs, or confidential third-party data.
- Backups include CRS config/data and Redis state and are stored under root-only permissions on the VPS.
- Contact the administrator to revoke an API key or delete local relay account metadata.
Terms of Use Template
- Access is invitation-only and may be revoked at any time for security, abuse, non-payment, upstream restrictions, or operational risk.
- Users are responsible for their own prompts, outputs, code changes, credentials, and downstream usage.
- The service is provided on a best-effort basis without uptime, fitness, or non-infringement guarantees.
- Users may not share API keys. Each user must use their own key.
- Users must comply with applicable law and upstream provider policies.
- High-risk uses such as legal, medical, financial, employment, housing, insurance, or academic decisioning require appropriate expert review and disclosure.
Acceptable Use Rules
- No malware, phishing, credential theft, exploit automation against unauthorized targets, or abuse at scale.
- No attempts to bypass upstream safety systems, account restrictions, bans, or region restrictions.
- No harassment, hate, violence, sexual exploitation, or child-safety violations.
- No deceptive political, financial, medical, or legal claims.
- No model scraping, model distillation, or training competing models without authorization.
- No processing of sensitive personal data unless the user has authorization and an appropriate data-processing basis.
Disclosure
If this relay is used in any user-facing workflow, disclose that users are interacting with AI-generated output. For high-risk workflows, require qualified human review before relying on outputs.