Acceptable Use Policy

Effective: 2026-04-11 · Last updated: 2026-04-11

walkindb is an unauthenticated, ephemeral SQLite endpoint. Anyone — human or machine — can send a SQL query to https://api.walkindb.com/sql and get a private database with a 10-minute lifetime. Because we don’t ask for accounts, the rules below are how we keep the service usable for everyone.

By sending a request to the walkindb API, you agree to this Acceptable Use Policy. If you don’t agree, don’t use the service.

What walkindb is for

• LLM agents that need a temporary scratch database for the duration of a task.
• Humans testing, learning, prototyping, or demoing SQL.
• CI runners, throwaway notebooks, and similar short-lived workloads.
• Anything where a 10-minute, 10 MB SQLite instance is enough.

What walkindb is not for

The following uses are prohibited and will result in immediate termination of access without notice. Where applicable, we will also report the activity to the relevant authorities and preserve evidence for law enforcement.

Illegal content

• Child sexual abuse material (CSAM). Zero tolerance. Any CSAM stored or referenced through walkindb will be reported to the National Center for Missing & Exploited Children (NCMEC), INHOPE, and the relevant national authority, and the source IP will be permanently blocked.
• Content that is unlawful in Portugal or in your jurisdiction, including incitement to violence or terrorism, content prohibited under the EU Digital Services Act, or content subject to court-ordered removal.
• Stolen data, leaked credentials, breach dumps, or non-public personal information about identifiable third parties. walkindb is not a credential dropzone.
• Material that infringes copyright, trademark, or trade secrets. Use the DMCA procedure (/legal/dmca) for takedown requests against allegedly infringing material.
• Material subject to export controls or to sanctions maintained by the EU, the United States, the United Kingdom, or the United Nations. Do not use walkindb to facilitate transactions or coordination with sanctioned persons or entities.

Personal data

• Do not store personally identifiable information about identifiable third parties (names tied to addresses, government IDs, biometric data, health data, financial account numbers, or any other data category protected under GDPR Articles 9 or 10).
• Do not use walkindb as a workaround for your own GDPR obligations to your users. We are not your data processor and we do not offer Data Processing Agreements for the free anonymous tier.
• The 10-minute TTL is a technical mitigation, not a legal one. Storing PII for 30 seconds is still storing PII.

Abuse of the service itself

• Resource abuse. Do not attempt to circumvent rate limits, query timeouts, storage caps, or instance TTLs. Do not run pathological queries designed to consume CPU, memory, or disk beyond your fair share.
• Mass scraping. Do not script the creation of large numbers of instances to obtain free aggregate storage or compute.
• Cryptomining or comparable resource-extractive workloads of any kind. SQLite is not a great mining target, but if you find a creative way, it is still prohibited.
• Distributed-denial-of-service activity targeting walkindb or any third party.
• Probing or attacking other walk-in instances or attempting to escape the SQLite sandbox. If you find a vulnerability, report it to [email protected] — we offer bounties.

Attacks on third parties

• Do not use walkindb to stage malware, host phishing pages or kits, or coordinate attacks on third-party systems.
• Do not use walkindb as a command-and-control channel for botnets or for credential-stuffing campaigns.
• Do not use walkindb to enumerate, brute-force, or otherwise attack any service operated by a third party.

Spam, deception, and fraud

• Do not use walkindb to send spam, distribute phishing material, or impersonate persons or organizations.
• Do not use walkindb in connection with any fraudulent scheme.

Notice and action

If you believe content or activity hosted on walkindb violates this AUP or applicable law, please contact [email protected] with:

1. A description of the content or activity.
2. The instance identifier or session token, if known. (If you don’t have one, the timestamp of the request and the IP that issued it are the next best things.)
3. Your contact information.
4. The legal basis for the complaint, if applicable (DMCA, GDPR Article 17, court order, etc.).

We aim to acknowledge legitimate complaints within 48 hours and act on them within 72 hours. Acting on a complaint may include terminating the instance, blocking the source IP, preserving access logs for law enforcement, and removing the content if it persists across instances.

For copyright complaints specifically, see /legal/dmca.

Termination and enforcement

We may, at our sole discretion and without prior notice:

• Terminate any walk-in instance.
• Block any IP address or range.
• Refuse service entirely to any client, for any reason or no reason.
• Preserve access logs and any other evidence in response to a subpoena, court order, or law-enforcement request.

There is no appeal process, because there is no account. If you believe you have been blocked in error, contact [email protected] and we will look at it.

Changes

We may update this policy. Material changes will be reflected in the “Last updated” date at the top and announced in the walkindb changelog. Continued use after a change constitutes acceptance.

Contact

• Abuse and content complaints: [email protected]
• Security vulnerabilities: [email protected]
• General inquiries: [email protected]