Acceptable Use Policy

Scope

This AUP applies to the Customer, the Customer’s end users, and anyone the Customer permits to use the Services. The Customer is responsible for the acts and omissions of its end users to the same extent as for its own.

Cloudpepper does not actively monitor Customer environments. We do, however, respond to credible reports of abuse and to signals from our infrastructure providers, and we may act on what we observe in the course of operating the platform.

Prohibited content

You may not use the Services to host, store, transmit or distribute:

• Content that is illegal under Belgian, EU or any other applicable law, including content that infringes copyright, trademark, patent, trade secret or other intellectual property rights.
• Child sexual abuse material (CSAM), or content that sexually exploits or endangers minors.
• Content that incites or threatens violence, terrorism, or self-harm; content that promotes or facilitates terrorist organisations.
• Content that constitutes harassment, defamation, hate speech, or unlawful discrimination on protected grounds.
• Malware, ransomware, exploit code, command-and-control infrastructure, phishing kits, or content designed to damage, disable, surveil or gain unauthorised access to systems or data.
• Content that violates the privacy or publicity rights of third parties, including non-consensual intimate imagery and doxxing.
• Counterfeit goods, controlled substances offered in violation of applicable law, or other goods or services prohibited by law.

Prohibited activities

You may not use the Services to:

• Violate any applicable law or regulation, or facilitate the violation of any law or regulation by others.
• Gain or attempt to gain unauthorised access to any system, account or data — whether ours, another customer’s, or a third party’s. This includes credential stuffing, brute-forcing, exploit scanning of systems you do not own, and exploitation of vulnerabilities you discover.
• Interfere with or disrupt the Services or any other system, including by denial-of-service attacks, traffic flooding, fork bombs, or activities that destabilise shared infrastructure.
• Probe, scan or test the vulnerability of any system or network without express written authorisation, except in respect of systems you own and only on infrastructure you have provisioned for that purpose.
• Circumvent rate limits, quotas, geographic restrictions, IP blocks, account suspensions or other access controls applied by Cloudpepper or by upstream providers.
• Resell, sublicense or repackage the Services to third parties except as expressly permitted by your plan or order form (e.g., agency / whitelabel features).
• Operate proxy, anonymisation, VPN exit-node, Tor relay or open-relay services targeted at end users, where such operation creates abuse exposure for our infrastructure or upstream providers.
• Engage in fraud, including payment fraud, identity fraud, account-takeover services, fake-review services, or facilitating any of the foregoing.

Email and messaging

If you send email, SMS or other messaging through the Services or from systems hosted on our infrastructure, you must:

• Comply with applicable anti-spam laws (including Article XII.13 of the Belgian Code of Economic Law, Directive 2002/58/EC, the German UWG and TMG, the UK PECR, and the US CAN-SPAM Act and TCPA).
• Send only to recipients who have given valid consent or for whom another lawful basis applies, and honour opt-out requests promptly.
• Not engage in unsolicited bulk email, list-bombing, harvested-list mailings, “snowshoe” sending across many domains or IPs to evade reputation systems, or any sending that triggers material complaint rates at upstream providers.
• Not impersonate any person or organisation, and not falsify routing information, headers or sender identity.

Cloudpepper does not provide a transactional or marketing email service. Outbound email from your Odoo instance typically goes through an SMTP relay (SES, Mailgun, Postmark, or similar) you configure; you are responsible for complying with that provider’s terms in addition to this AUP.

Resource abuse

You may not use the Services to:

• Mine, generate, validate or transact in cryptocurrencies (including proof-of-work, proof-of-stake validators, and consumer-facing wallet or exchange services where the workload places material additional load on the platform).
• Operate file-sharing, torrent-tracker or torrent-seedbox services in violation of applicable copyright law.
• Run sustained workloads that materially exceed the resource expectations of your plan, or that destabilise shared compute, storage or network resources used by other customers. We will work with you in good faith on a plan upgrade or alternative configuration before taking action where this is practical.

Security research

We welcome good-faith security research on the Cloudpepper Platform. Reports may be sent to privacy@cloudpepper.io. Please do not perform tests that degrade the Services for other customers (e.g., denial-of-service, sustained brute-force), and do not access, modify or exfiltrate data that does not belong to you. Good-faith research conducted within these limits will not be treated as a violation of this AUP and we will not pursue legal action.

Reporting violations

To report abuse, illegal content, or a suspected violation of this AUP, email privacy@cloudpepper.io. Include the affected URL or instance, a description of the issue, any evidence you can share, and your contact details so we can follow up. We respond to all credible reports.

Enforcement

If we believe in good faith that this AUP has been violated, we may take action proportionate to the violation, including:

• Asking you to remediate (e.g., remove specific content, rotate credentials, reconfigure).
• Throttling, isolating or disabling specific functionality on the affected instance.
• Suspending the affected instance or your account, in whole or in part.
• Terminating the Services and your account in accordance with the Terms of Service.
• Cooperating with law enforcement or competent authorities where legally required, and preserving relevant data as part of that cooperation.

Where time and circumstances permit, we will give you notice and an opportunity to remediate before suspension or termination. For severe violations — including illegal content, active abuse causing harm to third parties, or instructions from an upstream provider or competent authority — we may act first and notify you immediately afterwards.

Changes to this policy

We may update this AUP from time to time to reflect changes in law, threat landscape or our platform. The current version is always available at this URL, and the “Last updated” date at the top will indicate when it was most recently revised. Material changes will be notified to active customers at least thirty (30) days before they take effect.

Contact