Prohibited activities

You may not use TucDesk to conduct network attacks of any kind — including denial-of-service, port scanning of systems you do not control, credential stuffing, exploitation of vulnerabilities on third-party systems, or lateral movement into infrastructure you are not authorized to access.

You may not use the Service for scraping at scale in violation of a target site’s terms, for sending spam or unsolicited bulk messages, or for hosting, transmitting, or distributing illegal content of any kind.

You may not run cryptocurrency miners on agents installed on machines belonging to other people or organizations, and you may not use other users’ agents, sessions, or compute for your own workloads without their explicit consent.

Attempting to bypass consent gates, approval workflows, ACL policy, audit logging, rate limits, or tenant boundaries is prohibited and grounds for immediate termination.

Agent deployment rules

TucDesk agents may only be installed on machines you own or are explicitly authorized to manage. Authorization means the machine’s owner — or an administrator acting on their behalf — has agreed to the deployment and understands that the agent grants remote access.

Installing an agent on a machine without authorization is unauthorized access. We treat reports of unauthorized agent deployment as abuse: the affected agents are revoked, the deploying account is suspended, and we cooperate with lawful investigations.

When you deploy agents on behalf of an organization or a customer, you are responsible for maintaining the authorization record and for removing agents promptly when that authorization ends.

AI and MCP use

AI operators connected through the MCP integration are bound by exactly the same ACL policy and approval gates as human operators. There is no separate, more permissive path for automated access — every AI-initiated command is evaluated against your team’s policy and attributed to the MCP session in the audit chain.

You are responsible for the actions of AI agents you connect to TucDesk. Configure their roles with least privilege, keep approval gates enabled for high-risk commands, and review the audit log for AI-attributed activity. An AI agent acting under your account is treated as you acting under your account.

Reporting abuse

If you believe a TucDesk agent has been installed on your machine without authorization, or you observe any activity that violates this policy, email abuse@tucdesk.app with as much detail as you can provide — agent identifiers, timestamps, and observed behavior all help us act quickly.

Abuse reports are acknowledged promptly and investigated by the security team. Security vulnerabilities should instead be reported to security@tucnow.com so they follow the coordinated disclosure process.