Legal
Acceptable Use Policy
Version 1.0 — Effective 2026-06-16. Last updated 2026-06-16.
This Acceptable Use Policy (the "AUP" or "Policy") sets out what you may and may not do when you use the Open Model Licensing Association ("OMLA") website, registry, public data, programmatic interfaces, and related services (together, the "Service"). It applies to every visitor, account holder, model creator, commercial user, hoster, API client, and automated agent. The AUP is part of, and incorporated by reference into, the Terms of Service and the OMLA Model License. Capitalized terms not defined here have the meaning given in those documents.
Translations of this Policy may be provided for convenience. The English version governs; in the event of any conflict or ambiguity between the English version and a translation, the English version controls, except where applicable mandatory local law requires otherwise.
No custody. No money transmission. OMLA is a model-licensing registry and royalty-measurement service. OMLA computes the amount owed under the OMLA Model License and publishes the payee's self-provided wallet or payment method. OMLA never holds, receives, moves, routes, escrows, converts, refunds, or custodies funds, and is not a party to, intermediary of, beneficiary of, or guarantor of any settlement. Commercial users pay creators directly. OMLA is not a money transmitter, money-services business, payment processor, escrow agent, bank, broker-dealer, or investment vehicle. No "OMLA balance" exists. omla1… addresses are routing identifiers self-declared by payees, not accounts that hold value. This Policy exists in part to keep it that way: several of the prohibitions below forbid any attempt to make OMLA appear to custody, route, or intermediate funds.
1. Purpose and applicability
1.1. The Service helps the open-model community register models, declare lineage and contribution splits, verify cryptographic signatures, ingest commercial usage reports, and obtain a computed Royalty Statement that states the amount owed and the payee's self-provided wallet or payment method. The Service depends on accurate, honest data and on a registry that the public can trust. This Policy protects that trust.
1.2. This Policy applies to all use of the Service, whether through the website, the public registry, downloaded data, or any programmatic interface. It applies whether or not you have an account, and whether you access the Service as a human or through automated software.
1.3. By accessing or using any part of the Service, you agree to this Policy. If you do not agree, do not use the Service. If you use the Service on behalf of an organization, you represent that you are authorized to bind that organization to this Policy.
1.4. This Policy is in addition to, not in place of, the law. Conduct that is unlawful where you are, where OMLA operates (the State of Washington, USA), or where the affected party is located, is prohibited even if this Policy does not list it specifically. Where this Policy and the Terms of Service or Model License differ on a point of acceptable use, the more restrictive provision applies.
2. Prohibited content
2.1. You may not register, submit, link to, describe, or otherwise make available through the Service any model, metadata, file, text, image, or reference that:
- is unlawful, or that promotes, facilitates, or constitutes unlawful activity under applicable law;
- infringes, misappropriates, or violates any copyright, patent, trademark, trade secret, database right, moral right, publicity right, privacy right, or other intellectual-property or proprietary right of any person;
- you do not hold the rights to license, distribute, or describe, including model weights, training data, or derivative artifacts you are not authorized to register (see also Section 4);
- is, contains, or is primarily designed to produce child sexual abuse material (CSAM) or any other content that sexually exploits or endangers minors. There is zero tolerance: such content will be removed, the account terminated, and the matter reported to the National Center for Missing & Exploited Children (NCMEC) and/or law enforcement as required by law;
- is malware, or is a model, payload, script, or artifact whose primary purpose is to create, deliver, or operate viruses, worms, ransomware, spyware, keyloggers, botnet command-and-control, exploit kits, or other malicious code;
- is designed primarily to enable serious physical, biological, chemical, nuclear, or cyber harm, including operational instructions for weapons of mass destruction, where prohibited by applicable law;
- originates from, is controlled by, or is intended for the benefit of a person, entity, or jurisdiction subject to applicable sanctions or export-control restrictions (including those administered by OFAC), or whose registration would cause OMLA to violate sanctions or export-control law; or
- is defamatory, harassing, threatening, or that incites violence against any person or group, where prohibited by applicable law.
2.2. OMLA does not host model weight files. The registry stores metadata, cryptographic hashes, public keys, declared splits, lineage references, and compliance state. You remain solely responsible for the lawfulness of any model you register and of anything you publish or link to through the Service.
2.3. Registry fields are public by design. You may not use registry descriptions, model names, complaint submissions, or any other field to publish content that violates this Section, to dox or harass another person, or to circumvent the prohibitions elsewhere in this Policy.
3. Prohibited conduct
3.1. You may not, and may not attempt to or assist another person to:
- Register models you lack rights to. Register, or purport to license through OMLA, any model that you do not own or are not authorized to license, or whose declared rights, ownership, or licensing terms you know or should know to be false.
- Impersonate. Impersonate any creator, organization, hoster, commercial user, OMLA, or OMLA personnel; misrepresent your identity, affiliation, or authority; or register a model under a key, name, or identity that is not rightfully yours.
- Falsify lineage or contribution splits. Declare, alter, or omit lineage references, ancestry, or contribution splits in a way that you know or should know to be inaccurate, including claiming or denying upstream derivation in order to redirect, inflate, suppress, or evade royalty attribution.
- Falsify usage reports. Submit a commercial usage report, run-cost figure, or revenue figure that you know or should know to be false, incomplete, or misleading, or omit reportable commercial use, in order to understate or evade amounts owed.
- Circumvent royalty measurement. Take any step designed to defeat, distort, or evade OMLA's measurement of amounts owed — for example, fragmenting usage across identities to stay under the per-wallet quarterly minimum, mislabeling commercial use as non-commercial, manipulating run-cost or revenue inputs, or structuring registrations to break a lineage chain you know to exist.
- File false complaints. Submit a complaint, takedown, counter-notice, or compliance report that you know to be false, in bad faith, or intended to harass a competitor or suppress a legitimate registration.
- Steal or misuse keys. Obtain, use, share, or attempt to use another person's account credentials or signing keys (Ed25519 and/or ML-DSA), or induce another person to disclose theirs. You are responsible for keeping your own secret keys secret.
- Misuse published payee details. Use a wallet address, payment handle, or other payee detail published in a Royalty Statement or the registry to commit fraud, to solicit payments you are not owed, to substitute your own wallet for a legitimate payee's (payment redirection), to phish, or for any purpose other than settling a bona fide amount owed to that payee.
- Circumvent the compliance state. Re-register, fork, rename, or create new identities to evade a DELINQUENT or BLACKLISTED status, or otherwise defeat the compliance lifecycle described in Section 8.
- Abuse the Service. Interfere with, degrade, or disrupt the Service or other users' use of it; introduce excessive load; or use the Service in any way that is fraudulent, deceptive, or otherwise contrary to this Policy or applicable law.
4. Model registration, lineage, and reporting rules
4.1. Accurate registration. When you register a model, you sign the registration with a post-quantum-capable key (Ed25519 and/or ML-DSA) and represent that you hold the rights to license the model and that the declared lineage and contribution splits are accurate and complete to the best of your knowledge. A signature_verified result reflects only that a signature checked against a declared public key; it is your representation, not an OMLA guarantee of ownership, rights, or accuracy.
4.2. Honest lineage attribution. Lineage is attributed through a directed acyclic graph (DAG). You must declare genuine upstream ancestry and must not fabricate, conceal, or mis-weight derivation to manipulate attribution or royalty flow-through to other parties.
4.3. Honest usage reporting. Commercial users must report usage truthfully and on the quarterly cadence. The creator pool is computed as 30% of the greater of commercial revenue or run cost; misstating either input to reduce the computed amount owed is prohibited. The Royalty Statement is a computed notice of the amount owed and the payee's self-provided wallet or payment method — it is not an invoice that OMLA collects, and no funds pass through OMLA.
4.4. No fraudulent statements. You may not generate, alter, forge, or distribute a document that purports to be an OMLA Royalty Statement, blacklist, or signature verification but is not, and you may not tamper with the inputs, computation, or published outputs of a Royalty Statement.
4.5. Settlement is your responsibility. Whether and how a commercial user pays a payee, and any routing or conversion fees, are matters strictly between those parties. OMLA caps nothing it does not operate and is not involved in settlement. You must not represent otherwise, and you must not ask OMLA to collect, hold, advance, refund, or disburse any amount.
5. No payment, escrow, or money-laundering use
5.1. Do not use OMLA as a payment, escrow, or routing rail. OMLA never holds, receives, moves, routes, escrows, converts, refunds, or custodies funds. You may not attempt to send funds to OMLA for forwarding to a payee, ask OMLA to act as escrow or paymaster, treat any OMLA-published figure as an OMLA-held balance, or otherwise use or describe the Service in a way designed to make OMLA appear to custody, transmit, or intermediate funds. There is no "OMLA balance," and OMLA will not create one.
5.2. No unlawful or money-laundering use. You may not use the Service, registry data, published payee details, or the royalty-attribution mechanism to launder money, to layer or disguise the source or destination of funds, to finance terrorism, to evade sanctions or taxes, or to facilitate any other financial crime. Settlements occur directly between the parties; you are responsible for your own compliance with anti-money-laundering, sanctions, tax, and money-transmission law applicable to those settlements.
5.3. No investment or securities framing. You may not use the Service to offer, promote, or operate any investment scheme, security, or pooled-funds arrangement, or to represent that omla1… addresses, registry entries, or royalty attributions are investment products. They are not.
5.4. Nothing on the Service is financial, investment, tax, or legal advice, or an offer of securities. Reinforcing the no-custody model is a condition of using the Service: any conduct that undermines it is a material violation of this Policy.
6. Security and platform-integrity rules
6.1. You may not, and may not attempt to:
- probe, scan, or test the vulnerability of any OMLA system or network, or breach or circumvent any authentication, authorization, rate-limiting, or other security measure, without OMLA's prior written authorization;
- bypass, defeat, or exploit row-level security (RLS), access controls, or tenancy boundaries to read, write, or infer data you are not authorized to access;
- tamper with, forge, truncate, reorder, or otherwise interfere with the hash-chained audit log or any audit, integrity, or signature mechanism, or attempt to make audit records inconsistent with reality;
- reverse-engineer, defeat, or forge the signature-verification, key-management, or blacklist-signing processes, or impersonate OMLA's association-level signing key;
- inject, alter, or replay data through the Edge Functions or API in a way that bypasses validation, admin gating, or idempotency controls;
- exploit, or fail to responsibly disclose, any vulnerability in order to access data, escalate privileges, disrupt the Service, or manipulate registry, statement, or compliance state; or
- use the Service to attack, overload, or gain unauthorized access to any third-party system.
6.2. Responsible disclosure. If you discover a security vulnerability, do not exploit it beyond the minimum necessary to confirm it, do not access or alter other users' data, and report it promptly to legal@omla-ai.org. Good-faith, responsible security research that complies with this Section and applicable law is welcome; conduct that exceeds it is prohibited.
7. Automated access, scraping, and rate limits
7.1. Public registry data and documented public artifacts may be consulted by SDKs, platforms, and tooling. Reasonable, well-behaved automated access for those purposes is permitted. The disabled blacklist-status marker is not an enforcement or reputation source.
7.2. You may not engage in abusive or automated scraping, crawling, or harvesting that exceeds published or reasonable rate limits, ignores rate-limiting responses, evades rate limits through rotating identities or addresses, or that imposes an unreasonable or disproportionate load on the Service. You may not use automated means to circumvent access controls, to mass-create accounts or registrations, or to interfere with the availability of the Service for others (including denial-of-service or distributed denial-of-service activity).
7.3. Automated clients must identify themselves honestly, respect applicable access controls and rate limits, and stop when asked. OMLA may throttle, block, or revoke access for clients that do not.
8. Enforcement and the compliance state machine
8.1. Range of responses. OMLA may respond to violations of this Policy in a manner proportionate to the violation, including: issuing a warning; requiring correction of inaccurate registrations, lineage, or reports; removing or hiding registry content; rejecting or suspending usage reports or statements; rate-limiting, throttling, or blocking access; suspending or terminating accounts; and referring matters to law enforcement or other authorities. OMLA may act immediately and without prior notice where a violation is serious, unlawful, or poses a risk to the Service, to other users, or to the integrity of the registry.
8.2. The compliance lifecycle. For registered models and commercial users, enforcement runs primarily through OMLA's compliance state machine. A model is REGISTERED on entry, becomes COMPLIANT when reporting and settlement obligations are met, and moves to DELINQUENT when they are not. Sustained non-compliance or serious abuse may result in a public BLACKLISTED registry status after a separate reviewed transition. The external blacklist feed is disabled.
8.3. No funds are seized or held by OMLA. Compliance states are reputational and operational. Because OMLA never holds funds, no state — including DELINQUENT or BLACKLISTED — involves OMLA seizing, freezing, holding, or refunding any payment. Where a share is disputed, it is marked not-yet-payable or suspended in the published statement; OMLA issues no statement line for that share until the dispute resolves, and the payer withholds that share directly. Compliance status can reverse: a party that cures its non-compliance can return to a COMPLIANT state on the next cycle.
8.4. Account termination. OMLA may suspend or terminate accounts for abuse, fraud, unlawful use, or repeated or serious violation of this Policy. Registered models and their audit records may be retained after termination to preserve lineage integrity and lawful flow-through attribution to unaffected upstream parties. Terminated users may not re-register or create new identities to evade enforcement (see Section 3).
8.5. Appeals. Compliance and enforcement decisions are subject to the complaint and appeal process described on the Compliance page and in the OMLA Model License. Enforcement under this Policy does not limit any other remedy available to OMLA or to affected third parties under the Terms of Service or applicable law.
9. Reporting abuse
9.1. If you believe a model, registration, report, account, or any use of the Service violates this Policy, please tell us.
9.2. Please include enough detail for us to investigate: the model, registration, URL, account, or report at issue; what you believe is wrong; and any supporting evidence. Reports made in good faith are welcome. Reports you know to be false are themselves a violation of this Policy (see Section 3).
10. Changes to this Policy
10.1. OMLA may update this Policy from time to time. The version and effective date appear at the top of the page. Material changes will be announced through the site, and your continued use of the Service after a change takes effect means you accept the updated Policy. If you do not agree to a change, stop using the Service.