Acceptable Use Policy

You are responsible for everything that runs in your spaces and Cubes — including software you install yourself, code generated by others on your behalf, and any traffic generated by your end users. If your end users misuse the Service through your account, we treat that as your conduct under this AUP. You remain liable for activity carried out under your credentials even if you did not authorise it.

You must not use the Service to host, store, transmit, distribute or link to:

• child sexual abuse material (CSAM) or any content that sexually exploits a minor;
• content that promotes, incites, glorifies or facilitates terrorism, mass violence or other serious crime;
• content that incites hatred or violence against people on the basis of protected characteristics;
• non-consensual intimate imagery, deepfakes designed to harm, doxxing material or content designed to harass, threaten or stalk;
• malware, ransomware, exploit kits, phishing kits, spyware, stalkerware, credential-harvesting pages or other malicious tooling;
• content that infringes the intellectual-property rights of others (including pirated software, films, books, courses, games, music or other unauthorised distribution) or that facilitates such infringement;
• content that violates applicable privacy, export-control, sanctions, anti-money-laundering or other laws;
• unsolicited bulk or commercial messages, unlawful gambling, fraudulent goods and services, pyramid or Ponzi schemes, deceptive financial offerings, or content designed to deceive users into making payments.

You must not use the Service to:

• attack, probe, scan, fuzz, brute-force or intentionally degrade any system, network or service without explicit written authorisation from its owner — this includes denial-of-service and distributed-denial-of-service attacks, brute-force credential attacks, port scanning, vulnerability scanning, password spraying and amplification attacks;
• attempt to gain unauthorised access to any account, system or network — including other Krovacustomers' Cubes, our infrastructure, our payment provider or any third party — or to circumvent any technical or contractual access restriction;
• send unsolicited, deceptive or otherwise unlawful commercial messages (spam) by email, SMS, instant messaging, push notification or any other channel, including messages that violate CAN-SPAM, CASL, the EU ePrivacy Directive, the UK Privacy and Electronic Communications Regulations or any equivalent law;
• operate command-and-control infrastructure for botnets, malware, stalkerware, coordinated inauthentic behaviour or any other automated abuse network;
• evade or interfere with rate limits, quotas, plan limits, billing or fraud controls — including running multiple accounts to circumvent free credit, abusing trial offers, initiating chargebacks intended to keep services for free, or otherwise abusing the overage and credit systems;
• run cryptocurrency mining, hash-grinding, proof-of-work workloads, generic distributed-compute marketplaces (including paid background-CPU programs) or similar workloads whose primary purpose is monetising raw compute, except with our explicit prior written consent;
• run open proxies, open VPN exit nodes, Tor exit nodes or other services that anonymise third-party traffic without robust abuse controls and our prior written consent;
• run gambling, adult content, financial-services, healthcare, pharmaceutical or other high-risk workloads without holding and complying with all licences, approvals and registrations required where you and your users are located;
• host or operate services used in life-critical situations (medical diagnosis or decision-making, aviation, nuclear, weapons control, mass transit, emergency response, critical-safety infrastructure) — the Service is not designed, intended or approved for such use;
• disrupt, interfere with or impair the integrity, performance or stability of the Service, our infrastructure or the experience of other customers, including by sustained excessive resource consumption, abusive use of shared resources or behaviour that we, in our sole discretion, consider abnormal or disproportionate;
• access, scrape or use the Service in a way that violates the Agreement or any published rate limit, quota or technical restriction;
• misrepresent your identity, impersonate any person or organisation, or forge headers, IP addresses, packets or metadata; or
• use the Service to develop, train or evaluate a competing product or service, or to benchmark the Service for publication without our prior written consent.

Our infrastructure is shared. We expect normal, well-behaved network use. The following are not permitted and can lead to throttling, suspension or termination at our sole discretion:

• sustained traffic that, in our judgement, materially impacts host or platform stability, the experience of other customers, or the operating economics of your plan;
• generating egress traffic specifically designed to consume host bandwidth (for example, running public file mirrors, torrent seedboxes or media-streaming relays at scale) without prior written approval;
• originating attack traffic toward third parties, regardless of whether your Cube was compromised by an attacker or by your own workload;
• traffic patterns that, in our judgement, are likely to attract denial-of-service, reputation-list or blocklist attention against our IP space.

If your Cube is the target of an attack that threatens the stability of the host or our network, we may null-route the affected IP, change your IP, throttle traffic, sleep the Cube or take any other measure we consider necessary to protect our infrastructure and other customers. We are not liable for any interruption resulting from such measures.

You may perform vulnerability testing on your own Cubes and your own systems running inside them. You must not test, probe, scan or attack any Krovasystem, network, dashboard, API, control plane or any other customer's infrastructure without prior written permission from us. If you discover a security issue in our Service, please report it responsibly to [email protected] and give us a reasonable opportunity to investigate and remediate before disclosing it publicly.

If you believe Krova is being used to violate this AUP, please send a report to [email protected]. Please include URLs, IP addresses, timestamps in UTC, and any evidence that helps us investigate quickly. We may, but are not obliged to, update you on the status or outcome of an investigation.

We may investigate suspected violations and take any action we consider appropriate, in our sole discretion. When we identify a violation, we may try to contact you first so you have the opportunity to fix it, but we are not required to. In urgent or high-severity cases — for example, attacks in progress, CSAM, legal orders, security incidents or risks to our infrastructure — we may immediately and without notice:

• sleep, sandbox, throttle or remove affected Cubes;
• null-route IPs, revoke custom-domain routing or disable API access;
• suspend or terminate the offending account and any related accounts;
• preserve, copy, disclose or hand over data as we determine is appropriate to comply with applicable law, a valid legal request or to protect our or others' rights, property or safety;
• forfeit any unused credit, top-ups and prepaid subscription fees and apply them to damages, mitigation costs, investigation costs, chargeback fees and other amounts caused by the violation; and
• pursue any other remedy available to us at law or in equity, including injunctive relief and recovery of legal costs.

Repeat, severe or egregious violations will result in permanent account termination and may be referred to law enforcement.

We may update this AUP at any time as the Service evolves and as we learn about new forms of abuse. The updated AUP takes effect when posted unless we specify a later effective date. Your continued use of the Service after the effective date constitutes acceptance of the updated AUP.