Terms of Service & Acceptable Use Policy — tnls.lt
1. Acceptance of Terms
tnls.lt is a tunneling service that exposes a locally running
service to the public internet via a temporary subdomain of tnls.lt
(the “Service”). The Service is operated by Ievgen Sliusarenko, a natural person
(“we”, “us”, or “the Operator”, as defined below).
By connecting a client to the Service, opening a tunnel, or otherwise using the Service in any way, you (“the User”) agree to these Terms of Service and the Acceptable Use Policy below. If you do not agree, do not use the Service.
The Service may be used without registration. The absence of an account does not exempt any User from these Terms; by using the Service you accept them regardless of whether you have identified yourself.
Definitions. In these Terms:
- “Operator” means Ievgen Sliusarenko, the natural person operating the Service.
- “Tunnel User” (or “User”) means a person who runs a client, opens a tunnel, and thereby accepts these Terms.
- “Visitor” means any person who accesses the public subdomain of a tunnel
(i.e. who sends requests to
*.tnls.lt). A Visitor is not required to, and generally does not, accept these Terms.
2. Nature of the Service
2.1. The Service forwards network traffic between the public internet and a service running on the User’s own machine. The Operator does not author, control, endorse, or monitor in advance the content served through any tunnel.
2.2. The User is solely and fully responsible for all content, data, and traffic transmitted through any tunnel they open, and for the behaviour of any service they expose.
2.3. The Service is provided for legitimate purposes such as software development, testing, previewing work, receiving webhooks, and similar technical use cases.
2.3.1. The Service is intended for individual development and testing use by the Tunnel User. It is not intended to be used as public-facing production infrastructure, nor to serve content, files, or redirects to a broad or general audience. Using a tunnel to distribute content to large numbers of Visitors, or as a hosting or content-delivery platform, falls outside the intended use of the Service and may result in termination of the tunnel.
2.4. Tunnels are ephemeral. The Operator may impose limits on tunnel lifetime, connection count, request rate, and payload size, and may change these limits at any time without notice.
3. Acceptable Use Policy
You agree NOT to use the Service, directly or indirectly, to:
3.1. Phishing & impersonation — host or distribute any page or content designed to deceive users into disclosing credentials, financial information, or other sensitive data, or to impersonate any person, brand, or organisation.
3.2. Malware & malicious code — host, stage, distribute, or command-and-control any malware, ransomware, spyware, exploit kit, or other malicious software, or use the Service as a channel for botnet or remote-control traffic.
3.3. Illegal content — transmit, host, or distribute any content that is illegal under the laws of the Republic of Lithuania or the European Union, including but not limited to child sexual abuse material (CSAM), content that incites violence or hatred, or content that infringes intellectual property rights.
3.4. Fraud & deception — conduct any fraudulent, deceptive, or scam activity, including deceptive redirects, fake stores, or advance-fee schemes.
3.5. Unauthorised access & attacks — use the Service to gain unauthorised access to any system, to scan, probe, brute-force, or attack any third-party resource, or to participate in any denial-of-service activity.
3.6. Circumvention — bypass security controls, firewalls, or access restrictions of any organisation without authorisation, or exfiltrate data in violation of any applicable policy or law.
3.7. Spam & abuse — send or facilitate unsolicited bulk messages, or use tunnel URLs as intermediary links in spam campaigns.
3.8. Service abuse — attempt to overload, disrupt, or circumvent the limits of the Service, or open tunnels in an automated, mass, or abusive manner.
3.9. Privacy violations — collect, harvest, or process the personal data of others in violation of applicable data-protection law.
4. Enforcement
4.1. The Operator may, at its sole discretion and without prior notice, terminate any tunnel, block any IP address, and refuse service to any User believed to be in violation of these Terms or to pose a risk to the Service, its infrastructure, or third parties.
4.2. The Operator may take such action proactively (based on automated detection or monitoring) or reactively (in response to an abuse report or legal request).
4.3. Termination of a tunnel or blocking of access does not limit any other remedy available to the Operator under applicable law.
5. Monitoring, Logging & Privacy
5.1. Tunnel User data. To operate the Service securely, prevent abuse, and comply with legal obligations, the Operator collects and retains connection metadata relating to Tunnel Users — persons who open a tunnel and have thereby accepted these Terms. This metadata may include: the source IP address of the Tunnel User, the assigned subdomain, timestamps of connection and disconnection, user-agent strings, and traffic volume, together with metadata about the requests passing through the tunnel (such as request methods, response status codes, content types, and request rate).
5.1.1. Visitor data. To detect and prevent abuse of the Service (such as phishing pages, malicious redirects, malware distribution, or other unlawful activity served through a tunnel), the Operator processes limited technical data relating to Visitors who access tunnel subdomains. This processing is designed to be data-minimising: Visitor IP addresses are not stored in raw form, but are processed transiently and in salted, hashed form for a short period, for the sole purpose of distinguishing unique Visitors from repeat Visitors within a time window (for example, to detect when an unusually large number of distinct Visitors reach a single tunnel — a common indicator of phishing or malware distribution). The salt is rotated periodically so that the hashes cannot be used to track Visitors across time windows or reversed to recover the original IP address. The Operator does not, in the ordinary course of operation, write raw Visitor IP addresses to persistent logs.
5.1.2. The lawful basis for processing Visitor data is the Operator’s legitimate interest, and that of third parties, in the security and integrity of the Service and in preventing its use for unlawful purposes (Art. 6(1)(f) GDPR; see Recital 49). Because Visitors do not accept these Terms, this processing is strictly limited to what is necessary for abuse detection and security.
5.1.3. Where abuse is detected or reasonably suspected, the Operator may temporarily retain otherwise-transient data (including relevant Visitor data) for as long as necessary to investigate the incident, terminate the offending tunnel, protect affected parties, and comply with any legal obligation.
5.2. The Operator does not intentionally inspect or retain the full contents (request/response bodies) of legitimate tunnel traffic in the ordinary course of operation. Metadata may be inspected where necessary to investigate suspected abuse, respond to a legal request, or protect the Service and third parties.
5.3. The IP address of a Tunnel User is personal data under the GDPR. The Operator processes such data on the basis of (a) the necessity of providing the Service the User has requested, and (b) its legitimate interest in operating the Service securely and preventing abuse (Art. 6(1)(f) GDPR). Tunnel User logs are retained for 30 days and then deleted, unless retention is required to investigate an ongoing incident or to comply with a legal obligation.
5.3.1. Third-party abuse checks. To assess whether a connecting Tunnel User poses a security risk, the Operator may submit the Tunnel User’s IP address to third-party IP-reputation services, including AbuseIPDB (operated by Marathon Studios Inc.). Such services may process the submitted IP address in accordance with their own privacy policies. The Operator uses these checks solely for security and abuse-prevention purposes, on the basis of its legitimate interest (Art. 6(1)(f) GDPR). Tunnel Users who wish to understand or object to this processing may contact the Operator at [email protected].
5.4. Data subjects have rights under the GDPR, including access, rectification, erasure, and objection. Requests may be directed to [email protected]. A full Privacy Policy is available at /en/privacy.
5.5. The Operator may disclose collected data to law enforcement or other authorities where required by law or where the Operator believes in good faith that disclosure is necessary to investigate, prevent, or act regarding illegal activity or violations of these Terms.
6. Abuse Reporting
Suspected abuse of the Service may be reported to [email protected]. Please include the offending subdomain, approximate time, and a description of the issue. The Operator endeavours to review reports promptly and may terminate offending tunnels and block associated addresses upon investigation.
7. Disclaimer of Warranties
7.1. The Service is provided “as is” and “as available”, without warranties of any kind, whether express or implied, including but not limited to warranties of merchantability, fitness for a particular purpose, availability, or non-infringement.
7.2. The Operator does not warrant that the Service will be uninterrupted, secure, timely, or error-free, that any tunnel will remain available for any period, or that data transmitted will be delivered or protected.
7.3. The User exposes their local services to the public internet at their own risk. The Operator is not responsible for any unauthorised access to, or compromise of, any service or data the User chooses to expose.
8. Limitation of Liability
8.1. To the maximum extent permitted by applicable law, the Operator shall not be liable for any indirect, incidental, special, consequential, or punitive damages, or for any loss of data, profits, or goodwill, arising out of or in connection with the use of, or inability to use, the Service.
8.2. To the maximum extent permitted by applicable law, and given that the Service is provided free of charge, the Operator’s total aggregate liability arising out of or relating to the Service shall be nil.
8.3. Nothing in these Terms excludes or limits liability that cannot lawfully be excluded or limited under the laws of the Republic of Lithuania or applicable EU consumer-protection law.
9. Indemnification
The User agrees to indemnify and hold harmless the Operator from and against any claims, damages, losses, liabilities, costs, and expenses (including reasonable legal fees) arising out of or related to: (a) the User’s use of the Service; (b) any content or traffic transmitted through the User’s tunnels; or (c) the User’s violation of these Terms or of any applicable law or third-party right.
10. Changes to These Terms
The Operator may modify these Terms at any time. The updated version will be posted at /en/terms with a revised “Last updated” date. Continued use of the Service after changes take effect constitutes acceptance of the revised Terms.
11. Governing Law & Jurisdiction
These Terms are governed by the laws of the Republic of Lithuania, without regard to conflict-of-law principles. Any dispute arising out of or in connection with these Terms or the Service shall be subject to the exclusive jurisdiction of the competent courts of the Republic of Lithuania, without prejudice to any mandatory consumer-protection rights the User may have under EU law.
12. Severability
If any provision of these Terms is found to be unenforceable or invalid, that provision shall be limited or eliminated to the minimum extent necessary so that the remaining provisions remain in full force and effect.
13. Contact
Questions about these Terms may be directed to:
Ievgen Sliusarenko
Email: [email protected]
Abuse: [email protected]