Skip to content

Acceptable use / policy

Acceptable Use Policy

This Acceptable Use Policy defines what belongs in RepoWiki, what should stay out, and what conduct may result in content removal, workspace restriction, suspension, or other enforcement.

Report abuseSecurity report

Details

Keep private documentation work safe.

The summary below is followed by detailed rules for authorized content, sensitive information, prohibited content, system abuse, security research, enforcement, and reporting.

content

Publish authorized docs

Use RepoWiki for documentation, runbooks, architecture notes, decision records, onboarding material, and related repository content you are authorized to share.

privacy

Protect sensitive material

Do not intentionally expose secrets, credentials, regulated personal data, customer data, or third-party confidential content unless you have lawful authority and appropriate safeguards.

safety

Keep the system safe

Do not abuse the service, attack other tenants, evade access controls, overload shared infrastructure, or distribute harmful instructions or payloads.

reporting

Route security reports carefully

If you find a vulnerability, exposed credential, or private-content issue, report it directly to security@repowiki.dev rather than through general product contact paths.

Full policy

Use boundaries and enforcement

These rules are practical guardrails for a private docs product: bring content you can process, protect sensitive material, avoid service abuse, and report issues through the right channel.

1. Scope

This Acceptable Use Policy applies to all use of RepoWiki, including accounts, workspaces, synced content, repository metadata, search, support channels, product integrations, and related services.

2. Authorized use

  • Documentation, runbooks, architecture notes, decision records, onboarding material, and other repository-adjacent content that you have permission to process.
  • Content that complies with your organization's rules, third-party agreements, privacy obligations, and applicable law.
  • Source-backed material intended for authorized workspace readers, not public distribution unless you intentionally configure it that way through available product features.

3. Prohibited content

  • Content that violates law, infringes intellectual property, misappropriates trade secrets, or breaches confidentiality obligations.
  • Content that facilitates fraud, phishing, credential theft, impersonation, harassment, exploitation, or other harmful conduct.
  • Malware, exploit payloads, botnets, credential dumps, stolen data, or instructions primarily intended to compromise systems or accounts.
  • Sexual exploitation or abuse material, extremist violence material, or content that targets people with credible threats of harm.
  • Content that you do not have the right to submit, sync, index, display, or make available to workspace members.

4. Sensitive information

  • Do not submit secrets, access tokens, private keys, production credentials, or passwords to RepoWiki.
  • Do not use RepoWiki as a system of record for regulated health information, payment card data, government identifiers, financial account data, biometric data, precise geolocation, children's data, or other highly sensitive personal data unless a separate written agreement expressly authorizes that use and appropriate safeguards are in place.
  • Do not intentionally expose customer data, employee data, or third-party confidential information to users who are not authorized to see it.
  • If sensitive information is accidentally synced or exposed, remove access where possible and report urgent security concerns to security@repowiki.dev.

5. System abuse

  • Do not attempt unauthorized access to RepoWiki, another customer workspace, connected repositories, accounts, infrastructure, or providers.
  • Do not bypass authentication, authorization, rate limits, usage limits, security controls, billing controls, or workspace boundaries.
  • Do not scan, stress test, scrape, crawl, or benchmark RepoWiki in a way that disrupts service, degrades reliability, or extracts private content.
  • Do not introduce malware, harmful code, excessive automated traffic, denial-of-service activity, or attempts to exploit vulnerabilities.
  • Do not use RepoWiki to spam, phish, impersonate others, mislead users, or distribute unwanted communications.

6. Security research and vulnerability reporting

Good-faith security research is welcome when it avoids privacy harm, data destruction, service disruption, social engineering, persistence, spam, phishing, physical attacks, and access to data beyond what is necessary to demonstrate impact. Do not exfiltrate private content, modify data, retain access, or publicly disclose vulnerabilities before RepoWiki has had a reasonable opportunity to investigate and remediate. Report findings to security@repowiki.dev with reproduction notes and impact. RepoWiki does not offer a bounty or reward unless a separate program expressly says so.

7. Workspace responsibility

You are responsible for users you invite, access you grant, repositories you connect, and content you sync. Workspace administrators should promptly remove users who no longer need access and should review repository and workspace permissions regularly.

8. Enforcement

RepoWiki may investigate suspected violations, remove or restrict content, limit features, suspend accounts or workspaces, preserve evidence, contact administrators, or report activity to appropriate authorities when necessary to protect users, the service, or the public.

9. Reporting concerns

Report abuse, policy concerns, or content issues through hello@repowiki.dev or the contact page. Send vulnerabilities, exposed credentials, suspected unauthorized access, or private-content exposure to security@repowiki.dev.

10. Changes

RepoWiki may update this policy as the product, law, or customer needs change. Material updates will be reflected by changing the date on this page or by another appropriate notice.