1. Home
  2. Legal
  3. Acceptable Use

Legal

Acceptable Use Policy

Capnode acts inside your Kubernetes clusters with real, scoped permissions. This policy sets the boundaries for how the platform — and the people who use it — may operate, so every cluster we touch stays safe, lawful, and under your control.

Last updated: 5 June 2026

Purpose & scope

This Acceptable Use Policy (the "Policy") governs your access to and use of Capnode, the autonomous AI SRE and Kubernetes workloads-management platform operated by AIKAY Technologies Pvt Ltd ("Capnode", "we", "us"). It applies to everyone who uses the Capnode server, the React console, the Aria conversational layer, and the Capnode agent you install into your Kubernetes cluster(s).

This Policy supplements, and forms part of, the Terms of Service. Capitalised terms not defined here have the meaning given in the Terms. Where this Policy conflicts with an explicit term of a signed order or enterprise agreement, that agreement controls for the subject it addresses. By connecting an agent or signing in to the console, you and everyone in your organisation agree to use Capnode only in the ways described below.

Our goal is simple: Capnode is built to detect, diagnose, remediate, and learn on the clusters you own or are authorised to operate. This Policy keeps that loop pointed at legitimate, authorised infrastructure — never at systems you do not control.

Prohibited activities

You may not use Capnode, the agent, or any data or output the platform produces to do — or to help anyone else do — any of the following:

  • Illegal use. Violate any applicable law or regulation, including the laws of India, GDPR/EEA data-protection law, and the CCPA, or use Capnode to store, transmit, or process unlawful content.
  • Intellectual-property infringement. Infringe, misappropriate, or violate the patents, copyrights, trademarks, trade secrets, or other rights of Capnode or any third party, including reverse-engineering the platform except to the limited extent the law cannot be lawfully restricted.
  • Malware & malicious payloads. Introduce, host, or distribute viruses, worms, ransomware, cryptominers, backdoors, or any code designed to disrupt, damage, or gain unauthorised access to systems or data.
  • Unauthorised access & testing of others. Connect an agent to, scan, probe, penetration-test, or attempt to access any cluster, system, network, or account you do not own or are not expressly authorised in writing to operate.
  • Circumventing limits. Bypass, disable, or interfere with authentication, RBAC scoping, rate limits, usage metering, approval gates, or any other technical or contractual control built into the platform.
  • Unauthorised reselling. Resell, sublicense, rent, lease, or operate Capnode as a service for third parties without our prior written authorisation.
  • Attacking or abusing infrastructure. Use Capnode — or the actions it can take in a cluster — to launch denial-of-service attacks, exhaust shared resources, mine cryptocurrency, send spam, or otherwise abuse any infrastructure, whether ours, a cloud provider's, or a third party's.

Security & integrity

Capnode is a closed-loop control plane for production clusters, so protecting the integrity of the service is non-negotiable. You may not:

  • Probe, scan, or test the vulnerability of the Capnode server, agent, or supporting infrastructure without our prior written consent.
  • Interfere with, degrade, or disrupt the platform — including its WebSocket transport, dispatch path, data stores, or the console — or attempt to overload, flood, or impair it for other customers.
  • Access non-public areas of the platform, other tenants' data, or another organisation's cluster state, telemetry, or remediation history.
  • Forge headers, spoof identities, or manipulate the agent-to-server channel to misrepresent the origin of data or commands.

Responsible disclosure. If you discover a security vulnerability, a data-exposure risk, or any flaw that could affect the safety of customer clusters, report it privately to support@capnode.io before disclosing it publicly. Give us a reasonable window to investigate and remediate. We will not pursue good-faith researchers who follow responsible-disclosure practices, avoid privacy violations and service disruption, and do not access or modify data beyond what is needed to demonstrate the issue.

Customer cluster responsibilities

Capnode is a Server + Agent architecture: the agent you install runs inside your cluster and acts on your behalf. Because those actions happen in infrastructure you own, you carry the responsibilities that come with it.

  • Grant least-privilege RBAC. The agent is designed to run RBAC-scoped and least-privilege. You are responsible for installing it under a service account that grants only the permissions your environment requires, and for reviewing that scope over time. Do not bind the agent to cluster-admin or broader rights than the workloads you intend Capnode to manage.
  • Own the actions taken in your clusters. You are responsible for the resources you connect and for the outcomes of actions taken there — including approvals your team grants. Connect only clusters you are authorised to operate.
  • Configure automation tiers appropriately. Capnode tiers every action. SAFE_AUTO actions run automatically; ALWAYS_APPROVAL actions require a human click — true human-in-the-loop. You are responsible for configuring these tiers for each environment, reviewing what runs automatically, and ensuring the right people hold approval authority. Treat production and non-production differently where that matters to you.
  • Keep credentials and access controlled. Safeguard your console accounts, agent install tokens, and any API credentials, and promptly revoke access for people who should no longer have it.

By design, the agent never mutates its own namespace, and risky changes are gated behind explicit human approval — but these safeguards complement, and do not replace, your own change-management and access controls.

Resource & fair use

Capnode is a shared, multi-tenant platform. To keep it fast and reliable for everyone, your use must stay within the entitlements of your plan and any documented or contractual limits — for example, connected clusters, agent throughput, retention windows, and Aria query volume.

  • Do not use automated scripts, scrapers, or integrations to place an unreasonable or disproportionate load on the platform, or to circumvent metering and rate limits.
  • Do not generate artificial agent traffic, synthetic incidents, or excessive remediation requests intended to inflate usage, distort billing, or degrade service for other tenants.
  • Where your needs exceed your plan's entitlements, contact us to discuss capacity rather than working around the limits.

We may apply reasonable technical safeguards to protect platform stability, and we will work with you in good faith on legitimate high-volume needs.

Enforcement & suspension

We take a measured, evidence-first approach to enforcement. Where we reasonably determine that you have violated this Policy, we may, depending on the severity and the risk to other customers or to the platform:

  • Contact you to investigate and ask you to remediate the issue;
  • Throttle, restrict, or disable specific features, automation tiers, or agent connections;
  • Suspend affected accounts, agents, or clusters; or
  • Suspend or terminate your access in accordance with the Terms of Service.

Where it is practical and does not increase risk to others, we will give notice and an opportunity to cure before suspending. In cases involving an active security threat, suspected unlawful activity, or harm to other tenants or to shared infrastructure, we may act immediately to contain the issue and notify you as soon as reasonably possible. Suspension does not relieve you of obligations under the Terms, and we may preserve relevant logs and evidence as permitted by law.

Reporting violations

If you believe someone is using Capnode in violation of this Policy — or you see suspicious activity affecting your clusters, your data, or the platform — tell us. Report it to support@capnode.io with as much detail as you can safely share: what you observed, the affected resources, and approximate timestamps. Use the same address for responsible-disclosure of security issues. We review every report and follow up where appropriate.

Changes to this policy

We may update this Policy from time to time to reflect new features, evolving threats, or changes in law. When we make material changes, we will update the "Last updated" date above and, where appropriate, notify you through the console or by email. Your continued use of Capnode after a change takes effect means you accept the revised Policy. If you do not agree, you should stop using the platform and may close your account in line with the Terms.

This Policy is governed by the laws of India, with GDPR/EEA and CCPA requirements addressed where they apply to your use.

Questions about acceptable use?

Reach our team at support@capnode.io. Registered office: AIKAY Technologies Pvt Ltd, India (registered office available on request).