Acceptable Use Policy

ACCEPTABLE USE POLICY & TERMS OF SERVICE (AUP/TOS)

Effective Date: January 23, 2026

Official Contacts: [email protected] | [email protected] | [email protected]

This Acceptable Use Policy & Terms of Service ("Agreement") constitutes a legally binding contract between ohz.es ("Provider") and any individual or entity using Provider services (the "User"). By accessing or using any Provider Infrastructure, the User agrees to comply fully with this Agreement.

---

0. DEFINITIONS

For purposes of this Agreement, the following terms have the meanings set out below:

User: Any individual or legal entity that purchases, accesses, or uses Provider services, directly or indirectly.

Infrastructure: All systems, networks, IP resources, and facilities operated by ohz.es, including but not limited to AS202673, Virtual Private Servers (VPS), Dedicated Servers, BGP Peering, Colocation, storage, and networking equipment.

Shared Cores (vCores): Virtualized CPU cores shared among multiple tenants on a physical host.

High-Frequency Scraping: Automated data collection activities that abuse compute resources, including sustained 24/7 CPU utilization or behavior that degrades host performance.

Professional-Grade: Equipment, software, and operational practices that meet datacenter, carrier, or enterprise standards, excluding consumer or home-grade hardware or configurations.

---

1. NETWORK INTEGRITY & PROHIBITED ACTIVITIES

1.1 Zero-Tolerance Network Abuse

The Provider maintains a zero-tolerance policy for abuse. The following activities are strictly prohibited:

IP Spoofing & Header Manipulation: Forging packet headers, falsifying source addresses, or sending traffic from IPs not explicitly assigned by the Provider. This includes participation in DNS, NTP, SSDP, CLDAP, or any other reflection/amplification attacks.

DDoS & Flooding: Launching, facilitating, advertising, or participating in Denial of Service attacks, stress-testing services, booter panels, or traffic flooding of any kind without explicit written authorization.

Unauthorized Scanning & Reconnaissance: Port scanning, vulnerability scanning, fingerprinting, or network reconnaissance without prior written consent from the target system owner.

Malicious Infrastructure: Hosting or operating Command & Control (C2) servers, botnets, malware droppers, ransomware infrastructure, phishing kits, or exploit delivery systems.

Spam & Messaging Abuse: Bulk unsolicited email (spam), SMS, IRC spam, forum spam, or abuse of messaging APIs. Any activity resulting in IP or ASN reputation damage is prohibited.

1.2 BGP Peering & Routing Hygiene

Users utilizing BGP services must meet professional routing standards:

Authorization: Valid LOA and/or ROA documentation must be maintained for all announced prefixes.

Filtering: Mandatory inbound and outbound route filtering to prevent route leaks, BGP hijacking, and announcement of bogon or invalid prefixes.

Stability: Flapping routes, malformed announcements, or misconfigurations that threaten Provider or upstream stability are grounds for immediate session teardown.

Responsibility: Any routing incident attributable to the User that harms Provider reputation or connectivity will result in immediate suspension or termination of BGP services.

1.3 Prohibited Software & Compute Activities

Cryptocurrency Mining: All mining activities (CPU, GPU, FPGA, storage-based, or proof-of-work derivatives) are prohibited.

Illegal Software & Content: Warez, pirated software, cracked licenses, DRM circumvention tools, and copyright-infringing material.

Resource Abuse: High-frequency scraping, brute-force operations, password cracking, or any sustained workload designed to monopolize shared resources.

---

2. FAIR USAGE POLICY (FUP)

2.1 Dynamic Resource Allocation

Bandwidth, CPU, disk I/O, and memory limits vary by plan and region and are disclosed at purchase. The User is responsible for understanding and complying with the limits applicable to their service.

2.2 Bandwidth Thresholds & Port Usage

Unless otherwise specified by contract, typical thresholds include:

Standard VPS: 20 TB/month

High-Performance VPS: 50 TB/month

10 Gbps+ Infrastructure: 30 TB/month

Exceeding plan limits may result in immediate suspension, rate-limiting, or port speed reduction (e.g., to 10 Mbps) until the next billing cycle. Sustained saturation of shared uplinks for more than 20 minutes is prohibited.

2.3 Compute & Storage Fair Use

Sustained 100% vCore utilization on shared cores for more than 2 hours.

Excessive disk IOPS or burst patterns that degrade host performance.

Such behavior may result in throttling, migration, or suspension without prior notice.

---

3. COLOCATION & PHYSICAL FACILITY STANDARDS

3.1 Hardware Integrity

All colocated equipment must be professional-grade, rack-mountable, and structurally sound. Missing screws, bent rails, leaking components, or damaged chassis are prohibited.

3.2 Power Redundancy

Dual PSUs Required: All servers must have at least two (2) functional and connected power supplies.

Mandatory Repair: Failed PSUs must be replaced within seven (7) calendar days. Non-compliance constitutes a facility risk.

3.3 Environmental & Safety Compliance

Front-to-back airflow is mandatory.

Modified consumer cases or non-standard cooling solutions are prohibited.

The Provider may immediately disconnect equipment emitting excessive heat, noise, smoke, or electrical interference.

---

4. ANTI-DDoS PROTECTION & EMERGENCY ACTIONS

4.1 Best-Effort Mitigation

Basic Anti-DDoS protection is provided on a best-effort basis and does not guarantee uptime. The Provider may deploy aggressive filtering, ACLs, or firewall rules at its sole discretion.

4.2 Defensive Nullrouting

If an attack threatens network stability or other customers, the affected IP(s) may be nullrouted immediately. The Provider is not liable for downtime, data loss, or business impact resulting from defensive actions.

---

5. DATA, SECURITY & LIABILITY

5.1 Data Responsibility

The Provider is not a backup service. The User is solely responsible for maintaining independent, off-site backups. The Provider bears no liability for data loss due to hardware failure, software defects, cyber incidents, force majeure events, or service termination.

5.2 Security Maintenance

Users must keep operating systems and applications patched and secured. Compromise caused by negligence, misconfiguration, or failure to follow industry best practices constitutes a material breach and may result in immediate termination without refund.

5.3 GDPR & Data Protection (EU Compliance)

ohz.es acts as a data processor with respect to personal data processed on behalf of the User, and the User acts as the data controller, as defined under Regulation (EU) 2016/679 (GDPR).

The User is solely responsible for ensuring that all personal data hosted or processed via the Infrastructure is collected, processed, and stored in compliance with GDPR and applicable EU and Spanish data protection laws.

The Provider shall implement reasonable technical and organizational measures to protect Infrastructure-level security but does not inspect or control User content.

Upon lawful request, ohz.es may process, restrict, or disclose data to comply with legal obligations.

5.4 Indemnification

The User agrees to indemnify and hold harmless ohz.es, its directors, employees, contractors, and upstream providers from any claims, damages, administrative fines, penalties, or legal fees arising from the User’s activities, content, or GDPR non-compliance.

---

6. ENFORCEMENT, LEGAL COOPERATION & FEES

6.1 Abuse Handling & Escalation Timeline

Immediate Action (No Notice): In cases involving active attacks, malware, DDoS activity, routing incidents, legal orders, or threats to network stability, ohz.es may suspend, nullroute, or terminate services immediately without prior notice.

Standard Abuse Notice: For non-critical violations, the Provider may issue an abuse notice to the User with a reasonable remediation window, at the Provider’s sole discretion.

No Obligation to Notify: The Provider is not obligated to notify the User where notification would increase risk, violate law, or conflict with upstream or law enforcement requirements.

6.2 Law Enforcement Cooperation

The Provider will comply with valid legal requests and court orders. Logs, IP assignments, account data, and payment records may be disclosed to authorities where legally required or permitted. User notification is not guaranteed.

6.3 IP Reputation & Remediation Fees

Any activity resulting in blacklisting of Provider IP space will incur a $100 USD cleaning fee per affected IP address, in addition to immediate service suspension or termination.

6.4 No Refunds & Chargebacks

All sales are final. Services terminated for AUP violations are not eligible for refunds. Chargebacks may be treated as fraudulent disputes and contested using Provider records and this Agreement.

---

7. TERMINATION, RESELLERS & SUB-USERS

7.1 Termination Rights

The Provider may suspend or terminate services immediately for violations of this Agreement, legal obligations, sanctions compliance, or upstream requirements.

7.2 Resellers & Sub-User Responsibility

Users acting as resellers are fully responsible for the actions of their customers or sub-users.

All sub-users must comply with this Agreement.

Violations by sub-users are treated as violations by the primary User.

The Provider has no contractual relationship with sub-users.

7.3 Data Disposition & Logs

Upon termination, User data may be deleted immediately and irreversibly without recovery.

Logs may be retained for compliance, billing, and legal obligations under EU and Spanish law.

---

8. FORCE MAJEURE

The Provider shall not be liable for failure or delay caused by natural disasters, war, terrorism, pandemics, power failures, IX outages, upstream failures, or government actions.

---

9. SERVICE LEVELS, AVAILABILITY & NO-SLA

9.1 No Default SLA

Unless explicitly agreed otherwise in writing, services are provided on an as-is, best-effort basis with no guaranteed uptime, latency, packet loss, or availability.

9.2 Basic Availability Target (Non-Binding)

The Provider targets 99.0% monthly network availability. This target is not a guarantee and does not entitle the User to credits or refunds.

9.3 Custom SLA Plans

Enhanced SLAs may be offered under a separate written contract with additional pricing.

No SLA applies unless explicitly stated in a signed agreement.

---

10. EXPORT CONTROL, SANCTIONS & GEO-RESTRICTIONS

10.1 Sanctions & Export Control Compliance

The User represents and warrants that neither the User nor any sub-user is subject to EU, Spanish, or international sanctions.

10.2 Prohibited Jurisdictions

ohz.es does not conduct business with or permit traffic from or to China, Russia, or other sanctioned jurisdictions.

Traffic from or to these regions may be blocked without notice.

10.3 User Responsibility

Violations of sanctions or geo-restrictions constitute grounds for immediate termination without refund.

---

11. GOVERNING LAW & SEVERABILITY

This Agreement is governed by the laws of Spain and applicable EU regulations.

Spanish courts have exclusive jurisdiction.

If any provision is held unenforceable, the remaining provisions remain in force.

---

12. AMENDMENTS & NOTIFICATIONS

ohz.es reserves the right to modify this Agreement at any time.

Continued use constitutes acceptance.

Where required by law, reasonable efforts will be made to notify Users of material changes.