Community guidelines

These are community guidelines for the hosted Towonel service — not a contract. They describe what the service is for, what isn’t allowed, and how to report abuse. Formal Terms of Service and a Privacy Policy will be published before public (non-invite) launch.

• A privacy-preserving reverse tunnel: it forwards encrypted traffic between the public internet and your origin and cannot read your traffic — TLS terminates at your origin, not at our edge.
• Free, run by a non-profit (currently in formation), funded by donations.
• Currently an invite-only alpha: best-effort, no uptime guarantee, and capacity is capped to what donations sustain.

The service exists for self-hosters exposing their own legitimate services. The following are not allowed and will result in removal:

• Phishing, fraud, or deceptive impersonation.
• Distributing malware, or running command-and-control (C2) infrastructure.
• Spam or unsolicited bulk messaging infrastructure.
• Operating an open proxy or relaying third-party traffic to evade restrictions.
• DDoS, amplification, port scanning, or intrusion attempts.
• Cryptocurrency mining or deliberately resource-abusive workloads.
• Distributing infringing or pirated content.
• Child sexual abuse material (CSAM) or any content sexualising minors.
• Anything otherwise illegal under French or EU law.

Limits exist to keep the shared, free service healthy — not to upsell. Please don’t monopolise shared capacity (bandwidth, connections, hostnames, ports). If you expect heavy or sustained traffic, consider self-hosting your own edge — the software is free and open source. Persistent over-use may be rate-limited.

• We do not read, inspect, or log the content of tunneled traffic — the architecture can’t (passthrough TLS).
• We keep the minimum identification data needed to operate the service and to answer lawful requests. The forthcoming Privacy Policy will detail exactly what and for how long.
• We never sell user data or share it with advertisers.

If a Towonel-hosted service is being used abusively, report it:

• Report form: https://console.towonel.dev/abuse
• Email: abuse@towonel.dev

Include the hostname or URL, the type of abuse, and any evidence.

How we handle reports: we acknowledge within 24 hours, identify the responsible tunnel within 48 hours, and remove or disable non-emergency violations within 7 days. CSAM is actioned immediately, with no cure period, and escalated to NCMEC and Pharos. For an emergency or imminent harm, contact local law enforcement first.