# OpenErrand — Acceptable Use Policy _Last updated: 2026-06-19_ OpenErrand and the Open Browser Execution Protocol (OBEP) let a person — or an application acting at a person's direction — run actions inside that person's own browser and authenticated sessions. The extension is a general-purpose tool: like a browser, what it does is determined entirely by the people who use it. This policy sets the line between acceptable and prohibited use. It applies to anyone who installs the extension, integrates the SDK, operates a relay (managed or self-hosted), or authors a recipe ("errand"/playbook). By using OpenErrand you agree to this policy. If you connect an application that drives the extension for your users, you are responsible for ensuring that application and its errands comply with this policy. ## Your responsibility: comply with the sites you act on You may only automate actions on a site that you are **authorized** to perform manually, and only in a way that **complies with that site's terms of service, robots/automated-access rules, and applicable law**. - **Respect third-party terms.** Many sites restrict or prohibit automated access, scripted interaction, or scraping. OpenErrand does not grant you any right to act on a site that the site itself forbids. Confirm a target site permits your use before you automate it — the obligation is yours, not OpenErrand's. - **Use your own access.** Only use credentials and accounts you own or are expressly permitted to use. Do not use OpenErrand to access accounts, data, or systems you are not authorized to reach. - **Customers/integrators:** you must have the end user's informed authorization for every action your application drives in their session, and you must ensure those actions are permitted by the destination site and by law in the relevant jurisdictions. ## Prohibited uses You must not use OpenErrand to: - **Circumvent security or anti-automation controls.** Do not use it to defeat, evade, or solve CAPTCHAs, bot-detection, rate limits, access controls, or any technical or contractual measure a site uses to restrict automated access. OpenErrand ships with no stealth, fingerprint-spoofing, proxy-rotation, or CAPTCHA-solving capability, and you must not add or pair it with any. - **Access systems or data without authorization**, or in excess of the authorization you have — including anything that would violate computer-misuse laws (e.g. the U.S. CFAA or equivalents). - **Scrape or extract data in violation** of a site's terms, applicable database/IP rights, or law. - **Impersonate** a person or organization, or misrepresent that an action is manual when it is automated, where that misrepresentation is itself prohibited. - **Send spam, commit fraud, manipulate metrics, create fake accounts, or perform mass/abusive actions** against a service. - **Harm, overload, or degrade** any site or service (denial-of-service, excessive request volume, etc.). - **Violate privacy or data-protection law**, or process personal data you have no lawful basis to process. - **Engage in any illegal activity**, or facilitate another party doing the above. ## If you use an LLM decider OpenErrand is "the pipe" — the intelligence is yours. If you back the SDK's `decide(ctx)` with an LLM (or any third-party model service), you are additionally responsible for: - **The model provider's terms and usage policy.** Agentic browser control is permitted by the major providers, but subject to their conditions — keep a human able to oversee and intervene for consequential actions, and do not pursue any goal their usage policy prohibits (the same prohibited categories listed above). - **What you send the model.** Only send page content you have the right to send. OpenErrand minimizes what leaves the device (interactive-element labels and types, not values; secrets redacted on-device; screenshots/DOM off unless a signed recipe enables them) — but the destination site's terms and applicable privacy law still govern sending its content to a third-party model. Use a provider tier that does not train on your inputs, and prefer zero/limited data retention for sensitive flows. - **Not using the model to circumvent controls** — do not use it to solve CAPTCHAs or defeat bot-detection or access controls. A signed errand with deterministic `steps` runs its happy path with **no LLM call at all**; the model is only invoked on the cold-start/fallback path. Preferring recorded errands is the simplest way to shrink this surface. ## What OpenErrand does to keep use legible — and its limits OpenErrand is designed so that automation is **transparent and consented**, not covert: - Actions run in the **user's own browser and authenticated session**, not a cloud browser or headless bot, and only in tabs the extension opened for the task. - The extension holds **no site access until the user grants it**, one domain at a time, matching the signed recipe's domain fence. - A built-in **sensitive-surface guard** refuses to capture high-risk pages (API-key dashboards, password managers, cloud IAM) unless a recipe consciously acknowledges them. These properties keep authorized use honest. **They are not a license to bypass a site's rules**, and they do not relieve you of the responsibilities above. A site's permission to automate is a matter between you and that site. ## Enforcement We may suspend or terminate access to the managed OpenErrand relay for use that violates this policy. The open-source protocol and extension (Apache-2.0) carry no such control — which is exactly why the obligation to use them lawfully and within each site's terms rests with you. ## Contact Questions or reports of abuse: support@protogylabs.com.