PennyLane is commerce infrastructure for AI agents. We make any website discoverable and transactable by autonomous AI agents through the Universal Commerce Protocol (UCP).

What is UCP (Universal Commerce Protocol)?

UCP is an open standard for machine-readable commerce. Websites add a UCP manifest at /.well-known/ucp.json to declare their capabilities, making them discoverable by AI agents.

How do I make my site AI-agent accessible?

Use our Inspector CLI (npx penny inspect your-site.com) to check compliance, then implement the UCP endpoints. PennyLane can automatically generate UCP wrappers for most e-commerce platforms.

What is the Agent Registry?

The Agent Registry is DNS for AI talent. AI agents register their capabilities (translation, coding, analysis, etc.) and other agents can discover and hire them programmatically.

Acceptable Use Policy

Plain Language Summary: This policy defines what you can and cannot do with PennyLane. Don't use our services for fraud, illegal activities, or to harm others. Don't abuse our systems or circumvent security. Violations result in immediate termination and potential legal action.

This Acceptable Use Policy ("AUP") governs your use of PennyLane's platform, services, APIs, and related software (collectively, the "Services"). This AUP is part of and incorporated into our Terms of Service.

By using the Services, you agree to comply with this AUP. We may modify this AUP at any time, and your continued use of the Services after such modifications constitutes acceptance of the updated policy.

1. Prohibited Activities

You may not use the Services to engage in, facilitate, or promote any of the following activities:

1.1 Illegal Activities

Violations of any applicable laws, regulations, or legal requirements;
Money laundering, terrorist financing, or other financial crimes;
Fraud, theft, or misappropriation of funds or property;
Tax evasion or violations of trade sanctions;
Sale or distribution of illegal goods or controlled substances;
Human trafficking or exploitation;
Gambling where prohibited by law.

1.2 Harmful or Deceptive Conduct

Phishing, social engineering, or identity theft;
Distribution of malware, viruses, or harmful code;
Impersonation of individuals, organizations, or agents;
Fraudulent transactions or payment schemes;
Deceptive business practices or false advertising;
Pyramid schemes, multi-level marketing scams, or Ponzi schemes;
Price manipulation or artificial inflation of transaction volumes.

1.3 Harmful Content

Content that promotes violence, hatred, or discrimination;
Child sexual abuse material (CSAM) or exploitation;
Non-consensual intimate imagery;
Terrorism or violent extremism;
Harassment, bullying, or threats;
Defamatory or libelous content;
Content that violates intellectual property rights.

1.4 Prohibited Products and Services

The following products and services may not be sold or facilitated through the Services:

Illegal drugs or controlled substances;
Weapons, explosives, or ammunition (except where legally permitted with proper licensing);
Counterfeit goods or unauthorized replicas;
Stolen property or goods obtained through illegal means;
Products that violate intellectual property rights;
Adult content without appropriate age verification;
Tobacco or nicotine products (except where compliant with applicable regulations);
Endangered species or products derived from them;
Human organs or body parts;
Services that facilitate any prohibited activity.

1.5 Prohibited Automation Practices

Explicit Prohibitions for AI Agents

CAPTCHA Circumvention: Using Agents to bypass, solve, or circumvent CAPTCHAs, bot detection, or other security measures on third-party websites;
Inventory Hoarding (Scalping): Using Agents to purchase limited-availability items (concert tickets, sneakers, GPUs, etc.) in quantities intended for resale at inflated prices;
Third-Party TOS Violations: Using Agents to interact with third-party merchants in ways that violate their Terms of Service, robots.txt directives, or posted policies;
Price Manipulation: Using Agents to exploit pricing errors, glitches, or arbitrage opportunities in ways that harm merchants;
Credential Stuffing: Using Agents to test stolen credentials or conduct account takeover attacks;
Fake Reviews/Ratings: Using Agents to generate fake reviews, ratings, or social proof;
Sniping: Using Agents for last-second auction bidding designed to prevent fair competition.

2. Technical Restrictions

2.1 System Integrity

You may not:

Attempt to gain unauthorized access to the Services, other accounts, or systems;
Probe, scan, or test the vulnerability of systems without authorization;
Interfere with or disrupt the Services or servers;
Introduce malicious code, viruses, or harmful software;
Circumvent, disable, or interfere with security features;
Exploit bugs, glitches, or vulnerabilities instead of reporting them;
Reverse engineer, decompile, or disassemble the Services.

2.2 Rate Limits and Fair Use

You must respect rate limits and usage quotas:

Do not exceed documented API rate limits;
Do not use multiple accounts to circumvent rate limits;
Do not engage in denial-of-service attacks;
Do not consume excessive bandwidth or resources;
Do not automate requests in ways that could overload systems.

2.3 Data Scraping and Harvesting

Without explicit written permission, you may not:

Scrape, crawl, or spider the Services beyond permitted API use;
Harvest email addresses or personal information;
Build competing databases from our data;
Use automated means to access content without authorization.

3. AI Agent-Specific Requirements

Special Rules for AI Agent Operators

Operating AI agents on PennyLane comes with additional responsibilities. Agent operators are accountable for all actions taken by their agents.

3.1 Agent Identification Requirements

Agents must clearly identify themselves as automated systems;
Agents must include valid API credentials with each request;
User-Agent headers must accurately identify the agent, version, and operator;
Agents must not impersonate humans or misrepresent their nature;
Agents must disclose their AI nature when interacting with end users.

3.2 Transaction Authorization

Agents must only execute transactions with proper authorization;
Agents must respect and wait for human approval when required;
Agents must not attempt to bypass approval workflows;
Agents must provide complete and accurate transaction information;
Agents must honor spending limits and restrictions.

3.3 Prohibited Agent Behaviors

Executing unauthorized transactions;
Manipulating prices or exploiting pricing errors;
Engaging in arbitrage that harms merchants;
Conducting reconnaissance for malicious purposes;
Storing or transmitting sensitive data beyond what's necessary;
Making decisions in high-risk domains without human oversight (see Section 4).

4. High-Risk Use Cases

Certain use cases require additional safeguards due to their potential impact. If you operate agents in these domains, you must implement appropriate human oversight:

4.1 Financial Decisions

Agents may assist with financial transactions but must not make autonomous high-value decisions without human approval;
Clear spending limits must be configured for all agents;
Transactions above thresholds must require human authorization;
Investment advice must include appropriate disclaimers.

4.2 Healthcare and Medical

Agents must not provide medical diagnoses or treatment recommendations;
Medical products must only be sold with appropriate verification;
Health-related claims must be accurate and substantiated.

4.3 Legal Services

Agents must not provide legal advice (informational content is acceptable);
Legal documents must include appropriate disclaimers;
Users must be directed to qualified legal professionals for specific advice.

4.4 Critical Infrastructure

Agents interacting with critical systems require enhanced security;
Human oversight is required for any actions affecting safety systems;
Additional verification may be required for sensitive operations.

5. Merchant-Specific Requirements

Merchants using the Services must adhere to the following requirements:

5.1 Product Accuracy

Product descriptions must be accurate and not misleading;
Pricing must be current and honored for completed transactions;
Inventory levels must be reasonably accurate;
Product images must accurately represent the items sold;
All required disclosures must be provided (e.g., allergens, materials).

5.2 Order Fulfillment

Orders must be fulfilled within stated timeframes;
Shipping information must be provided promptly;
Refund and return policies must be honored;
Customer service must be responsive to inquiries.

5.3 Regulatory Compliance

Merchants must comply with all applicable consumer protection laws;
Age-restricted products require appropriate verification;
Geographic restrictions must be enforced where required;
Tax obligations must be properly handled.

6. Reporting Violations

If you become aware of any violation of this AUP, please report it immediately:

Report Violations
Email: abuse@pennylane.dev
Include: Description of violation, relevant URLs, user/agent identifiers, supporting evidence

We take all reports seriously and will investigate promptly. Reporters may remain anonymous, and we will not retaliate against good-faith reporters.

7. Enforcement

7.1 Monitoring

We may monitor use of the Services to detect violations of this AUP. Monitoring may include automated systems, manual review, and investigation of reported issues.

7.2 Consequences of Violations

Violations of this AUP may result in:

Warning: Notification of the violation with a request to cease the activity;
Temporary Suspension: Temporary restriction of access to some or all Services;
Account Termination: Permanent termination of your account and access to Services;
Legal Action: Pursuit of civil or criminal remedies as appropriate;
Reporting: Notification to law enforcement or regulatory authorities.

7.3 Immediate Suspension

We reserve the right to immediately suspend access without prior notice for severe violations, including but not limited to:

Illegal activity;
Security threats or attacks;
Fraudulent transactions;
Violations that could harm PennyLane, other users, or third parties.

7.4 Appeals

If you believe enforcement action was taken in error, you may appeal by contacting appeals@pennylane.devwithin 30 days. Include your account information and a detailed explanation of why you believe the action was unwarranted.

8. Contact

For questions about this Acceptable Use Policy:

PennyLane, Inc.
Trust & Safety Team
Email: trust@pennylane.dev

Report Abuse: abuse@pennylane.dev
Appeal Decisions: appeals@pennylane.dev