Compliance and Acceptable Use Policy

Project Positioning

New API is an AI API gateway and usage management system designed for legally authorized scenarios, primarily intended for self-use, internal team use, and enterprise private deployment. Its core capabilities include:

• Unified authentication and multi-model routing within the enterprise
• Usage statistics and access control within the organization
• Cost allocation and enterprise client account management
• Private deployment and development testing

Legal Authorization Requirements

When using New API, users must meet the following requirements:

• Legally obtain authorization for upstream API Keys, model services, payment services, and other third-party services
• Comply with upstream terms of service and platform rules
• Comply with local laws, regulations, and supervisory requirements
• Comply with applicable AI governance frameworks and content security requirements

Usage Boundaries

When using this project, ensure that relevant scenarios are legally authorized, compliant, auditable, and meet the following requirements:

• Comply with upstream terms of service and platform rules
• Comply with local laws, regulations, and supervisory requirements
• Comply with content security, public safety, cybersecurity, and rights protection requirements
• Comply with upstream content policies and applicable AI governance requirements

Public Service Obligations

If users provide generative AI services to the general public, they shall independently fulfill compliance obligations required by local laws and regulations, including but not limited to:

• Filing and qualification requirements
• Content security review and governance mechanisms
• Identity management and log retention
• Tax and payment compliance
• Consumer protection
• Upstream authorization and adherence to terms of service

Key and Channel Requirements

• Upstream channels must be accounts, API Keys, model services, or enterprise contracts legally owned or authorized by the deployer
• Features such as multi-key management, load balancing, and failover are only for high availability and enterprise multi-account management
• When using the above capabilities, upstream terms of service, platform rules, and regulatory requirements must be observed

Payment and Account Management

Features such as payment, top-up, redemption codes, and invitations are only for internal settlement, enterprise client accounts, or compliant service fees in legally authorized scenarios. The deployer must ensure that related services, fees, promotions, and upstream authorizations comply with local laws and regulations, upstream terms of service, and platform rules.

Compliance obligations such as taxation, invoicing, consumer protection, and payment risk control for the receiving entity shall be borne by the deployer.

Content Security

The deployer is obligated to ensure that services provided through this project comply with content security requirements. Features such as blacklisting, logging, and monitoring should serve content security, abuse governance, and compliance auditing. For public-facing services, mechanisms for abuse reporting, log auditing, and handling should be established.

Community Governance

Community discussions for this project should revolve around legal authorization, compliant deployment, and legitimate engineering issues. Issues, PRs, and discussions should comply with project compliance requirements and community rules, and maintainers will process non-compliant content according to these rules.

Maintainer Stance