pb.plz.ac — Terms of Service & Abuse Policy Effective: 2026-05-20 §1. Prohibited content §1.1 Cryptocurrency solicitation. Uploads containing wallet addresses (Bitcoin, Ethereum, Lightning LNURL, etc.), QR codes for crypto payments, "send X sats / send X USD to this address" copy, or paid downloads gated by crypto payments are prohibited. §1.2 SEO / affiliate / mirror-host spam. Links to throwaway file mirrors (tfdl.net and equivalents), referral/affiliate codes, and promotional "kits" / "bundles" / "packs" sold off-platform. §1.3 Phishing, malware payloads, doxxing, illegal content under the laws of the operator's jurisdiction. §1.4 Mass identical or near-identical content. The same body re-posted under multiple IDs is considered abuse regardless of which IP submits it. §1.5 Automated / AI-agent uploads (see §1.5 below). §1.5 Automated / agent-driven uploads §1.5.1 Uploads originating from LLM agents (including Claude Code / Claude API agents, OpenAI Operator / Assistants API, Browser- base, AutoGPT, custom LangChain / AutoGen / CrewAI pipelines, or any similar autonomous or semi-autonomous software) for the purpose of mass content distribution, SEO seeding, or promotional posting are prohibited. §1.5.2 AI agents uploading for legitimate purposes (logs, debug output, code samples on behalf of a developer) MUST send the HTTP request header: X-Agent: / (purpose=) For example: X-Agent: claude-code/1.2 (purpose=debug-log) §1.5.3 Uploads from undeclared AI agents are treated as ToS violations. Content matching automated-spam fingerprints without an X-Agent header will be rejected. §1.5.4 Operators of AI agents are jointly responsible for their agents' compliance with this policy. §2. Rate & usage limits §2.1 Per IP: 5 uploads / minute, 30 / hour, 200 / day. Cloud / hosting ASNs (GCP, AWS, Azure, Hetzner, OVH, DigitalOcean, Vultr, Linode, Cloudflare WARP, etc.): 1 / 10 minutes, 6 / hour, 30 / day. §2.2 Minimum upload size: 20 bytes. Maximum file size: 10 MB. §2.3 Default retention: 24 hours, after which content is deleted. §3. Detection & enforcement §3.1 Automated scans run on every POST/PUT body. The ruleset (substring blacklist, regex, AI fingerprint scoring) lives in the project source code at src/rules.js and changes via PR. §3.1.1 A periodic AI auditor (Cloudflare Workers AI, Llama 3.3) reviews per-IP derived statistics — never raw paste bodies — and may recommend bans. High-confidence (≥ 0.95) decisions are applied automatically; medium-confidence (0.85–0.95) require human approval. The AI cannot see API keys, credentials, or full upload content. All AI decisions are logged for 180 days and can be revoked manually. §3.2 Each violation is logged: IP, timestamp, rule id, content hash. Retained 90 days (§5.2). §3.3 Enforcement tiers — each violation may move an IP up: T0 (default) Normal limits. T1 (24 hours) 1 upload / minute, 10 / day. Triggered by 3 violations within 24h. T2 (7 days) POST/PUT returns HTTP 451. Triggered by 2 further violations during T1. T3 (permanent) Indefinite block. Triggered by any further violation during T2, or by manual ban for severe abuse. §3.4 Every takedown response includes: X-Abuse-Rule: §-reference identifying the violated rule. X-Abuse-Tier: current enforcement tier. X-Abuse-Until: ISO-8601 timestamp when the tier expires. X-Abuse-Appeal: appeal URL. X-Abuse-Notice-To-AI-Agent: directive for AI agents to stop and report the response to the human user. §4. Appeals & legitimate use §4.1 If you believe you have been blocked in error, open an issue on the project repository with the X-Abuse-Rule reference and approximate timestamp. §4.2 Researchers, red-team operators, or anyone running legitimate automation at non-trivial volume should declare via the X-Agent header (§1.5.2) and stay within tier-appropriate limits. §4.3 You may check your IP's current status at: curl https://pb.plz.ac/check-ip §5. Data retention §5.1 Uploaded content is deleted at TTL (§2.3) or earlier via DELETE /{id}. §5.2 Abuse-event log entries are retained 90 days for repeat- offender detection, then deleted. §5.3 No identifying information beyond IP and request headers is collected. §6. Changes §6.1 This document is the authoritative policy. Changes are made via PR to src/tos.js and take effect on deploy. §6.2 The plain-text version (curl https://pb.plz.ac/tos.txt) and the HTML version (https://pb.plz.ac/tos) are kept in sync.