⚖️ Acceptable Use Policy

• This Acceptable Use Policy governs the use of all services provided by OBHost LLC ("Provider", "we", "us"), including but not limited to shared hosting, reseller hosting, VPS, dedicated servers, AI/GPU servers, colocation, email hosting, domain registration and SSL certificates.
• This AUP applies to all Users ("User", "you", "your"), including primary account holders, resellers and the end-clients of resellers. Resellers are responsible for ensuring their end-clients comply with this AUP.
• The AUP takes effect from the moment of service use or the date of electronic acceptance — whichever occurs first.
• OBHost may update this AUP at any time. Material changes will be communicated by email to the registered contact address. Continued use after changes constitutes acceptance.
• Words indicating the singular include the plural and vice versa. Words indicating a natural person also indicate a legal person (company, organisation, etc.).
• Article titles are for convenience only and do not affect interpretation. This AUP should be read together with the Terms of Service, Privacy Policy and Report Submission Policy.

OBHost services may be used for lawful purposes only. The User is prohibited from transmitting, hosting or facilitating any material that violates international, national or local regulations.

• OBHost reserves the right to refuse service to any User engaged in prohibited activities, at the Provider's sole discretion, without liability.
• If the User continues prohibited use after warning, OBHost will act under the "User non-compliance" clauses of the Terms of Service and may suspend or terminate the account without further notice.
• OBHost may cooperate with law enforcement, regulatory authorities and affected third parties in investigations of prohibited uses, including disclosing User data in accordance with applicable law.

OBHost has zero tolerance for spam. Sending unsolicited bulk messages through OBHost infrastructure — or using OBHost services to support spam operations — is strictly prohibited and a violation of international anti-spam laws (CAN-SPAM Act, GDPR, PECR, CASL).

• Only send email to recipients who have explicitly opted in to receive communications from you. Purchased lists, scraped addresses and appended lists are strictly prohibited.
• Not provide or propose services through which third parties could spread spam via OBHost infrastructure (including bulletproof hosting, spam-friendly mail servers, etc.).
• Implement and maintain SPF, DKIM and DMARC authentication for all outbound email traffic.
• Apply the opt-in principle for all electronic marketing and provide functional, easy-to-use unsubscribe mechanisms in every message.
• Not collect, store, publish or distribute data (e.g., email address harvesters, scraped contact lists) that could facilitate spam.
• Not operate open relays or easily-exploitable mailing systems. Properly secure SMTP authentication on all mail servers.
• Comply with applicable anti-spam laws including CAN-SPAM (USA), GDPR/PECR (EU/UK), CASL (Canada) and similar regulations in your jurisdiction.
• Maintain complaint rates below 0.3% and bounce rates below 5%. Excessive complaint or bounce rates may trigger account review.

• Shared hosting customers are limited to 500 outbound emails per hour by default. Higher limits require a dedicated or managed mail solution.
• VPS and dedicated server customers sending high-volume email must obtain prior approval and configure proper authentication. Cold outreach (outbound to non-subscribers) is strictly prohibited regardless of product.
• Repeated violations result in permanent IP and account blacklisting without the possibility of appeal.

Certain categories of content are not permitted on OBHost infrastructure under any circumstances, regardless of the service purchased.

• OBHost reserves the right to refuse service if stored material violates this AUP, the Terms of Service, or is considered illegal, harmful, or threatening in any way — based on OBHost's sole judgement.
• When unacceptable content is identified, OBHost may act immediately under "User non-compliance" without prior notice. This includes suspension, data preservation for law enforcement, and account termination.
• Discovery of CSAM results in immediate account termination, data preservation, and mandatory reporting to law enforcement worldwide.

• The User is prohibited from storing, publishing, sending, distributing or otherwise transferring any content that violates copyright, trademark, patent or other intellectual property rights.
• User content must not violate applicable laws in the User's jurisdiction, the location of OBHost infrastructure, or international regulations.
• If a User uploads copyrighted material without permission, the copyright holder or any interested third party may submit a takedown request per the Report Submission Policy.
• OBHost complies with the Digital Millennium Copyright Act (DMCA) and operates a repeat infringer policy. Accounts subject to multiple valid DMCA notices may be permanently terminated.
• OBHost reserves the right to suspend or terminate services of Users reasonably suspected of copyright infringement based on submitted evidence.
• False DMCA claims may result in legal liability for the complaining party under Section 512(f) of the DMCA.

Shared hosting services are designed for small-to-medium personal, business and organisation websites. Resources are shared among multiple customers on the same server, and fair use is essential for server stability.

Shared hosting resources may ONLY be used for:

Shared hosting resources may NOT be used for:

• OBHost does not limit disk space or bandwidth on shared hosting, provided usage complies with this AUP and does not affect other customers.
• iNode (file count) limits apply based on the plan purchased to prevent filesystem abuse.
• If resource usage presents a risk to stability, security, performance or uptime of the shared server — and affects other customers — OBHost reserves the right to suspend the account, restrict resources, or require migration to VPS/dedicated hosting.
• Customers with consistent high resource usage will be asked to upgrade to a VPS or dedicated server as a condition of continued service.

VPS and dedicated server customers receive isolated resources and much greater flexibility — but the underlying network and AUP rules still apply.

• VPS customers are allocated the CPU, RAM, storage and bandwidth specified in their plan. While you have full root/administrator access, sustained CPU usage above 80% for extended periods may be flagged as fair-use abuse.
• Outbound email from VPS/dedicated servers must use proper SPF/DKIM/DMARC authentication. Port 25 may be blocked by default — contact support to enable outbound SMTP after identity verification.
• Public-facing services (SSH, database, control panels) must be properly secured with strong credentials, rate-limiting, and ideally IP whitelisting.
• If a VPS/dedicated server becomes compromised (malware, rootkit, command-and-control), OBHost reserves the right to null-route or suspend the server until the User remediates the issue.
• Running commercial Tor exit nodes, I2P exit nodes, or public VPN services requires prior written approval from OBHost. Approval is not guaranteed and may require a dedicated server in specific locations.
• Stress-testing / load-testing of systems you do not own is strictly prohibited, even for "research" purposes.

• Over-usage of network resources and malicious traffic patterns are strictly prohibited. This includes flooding, port scanning, brute-forcing, and exploiting vulnerabilities against any target.
• If a VPS or server becomes the source of outbound attack traffic (DDoS, brute-force, scanning, spam), OBHost reserves the right to take immediate action — including null-routing, traffic filtering, or suspension — to protect infrastructure and other customers.
• If an OBHost service is the target of an inbound DDoS attack, OBHost may apply traffic filtering, null-routing of attacked IPs, or connection restrictions. This is standard mitigation practice and is not considered downtime under the SLA.
• Common actions include: suspension, null-routing specific IPs, connection-rate limiting, port blocking, and isolation of affected services — applied for as long as necessary to restore stability.
• The User acknowledges that service outages resulting from abuse mitigation (inbound or outbound) do not qualify as downtime under the uptime SLA.
• Continued abusive behaviour after warnings may result in permanent account termination and network-level blacklisting of associated IPs.

Users are responsible for the security of their accounts, services and content. While OBHost maintains infrastructure-level security, customers must follow security best practices to keep their environments safe.

• Use strong, unique passwords for all accounts (client area, cPanel, WHM, VPS root, database) — minimum 12 characters with mixed case, numbers and symbols. Enable two-factor authentication (2FA) wherever available.
• Keep all software current — CMS (WordPress, Joomla, Drupal), plugins, themes, server OS, control panel, web server, database engine, PHP version. Outdated software is the leading cause of compromise.
• Regularly back up your own data. While OBHost may provide optional backup services, the User is ultimately responsible for maintaining independent backups of critical data.
• Monitor your services for unusual activity. Report suspected unauthorised access or compromise to support immediately at support@obhost.org.
• Do not share account credentials with unauthorised parties. If access must be granted, create separate sub-user accounts where possible.
• Users whose accounts become compromised and are subsequently used for abuse (e.g., spam, malware distribution) remain responsible for the abuse under this AUP, even if they were unaware.
• OBHost may perform automated security scanning on shared/reseller hosting to detect known malware patterns, and may quarantine detected malicious files automatically.

• Cryptocurrency mining is strictly prohibited on shared hosting, reseller hosting, and standard VPS services. Mining workloads are CPU/GPU intensive and degrade performance for other customers.
• Running a full node (blockchain daemon) for personal wallet use on VPS/dedicated is generally acceptable, provided resource usage stays within plan limits.
• Lightweight wallet operations, blockchain explorers and non-mining cryptocurrency services are permitted on VPS/dedicated with sufficient plan resources.
• AI/GPU Dedicated Servers are not general-purpose mining rigs. While the hardware is powerful, these servers are provisioned for AI/ML workloads. Mining on AI/GPU servers requires explicit written approval.
• Running cryptocurrency exchange services, ICO platforms, or investment schemes requires compliance with local financial regulations and may require additional KYC documentation.
• OBHost reserves the right to suspend accounts engaged in cryptojacking, unauthorised mining on compromised sites, or any mining activity that violates the terms of the applicable service.

• Adult content is not permitted on shared hosting, reseller hosting or managed WordPress hosting. Such content typically generates excessive bandwidth and resource usage, affecting other customers.
• Legal adult content (involving only consenting adults, with required age-verification and 2257 compliance for US jurisdiction) may be hosted on VPS, dedicated servers or colocation — subject to applicable law in the server location.
• Regardless of service type, the following are absolutely prohibited and will result in immediate termination and law enforcement reporting: CSAM, non-consensual intimate imagery (revenge porn), content depicting minors in any sexualised context, and content that violates the laws of the server's hosting jurisdiction.
• Pakistan-hosted services (Karachi, Multan) do not permit adult content due to local law.
• Operators of legal adult content services must implement robust age-verification, DMCA compliance, content moderation, and compliance with laws such as the US 2257 recordkeeping requirements.

OBHost welcomes legitimate AI and machine learning workloads — particularly on our AI/GPU dedicated servers. However, the general AUP still applies to AI-generated content and use of models.

• Users may host, fine-tune and run open-source LLMs (Llama, Mistral, DeepSeek, etc.) on AI/GPU dedicated and VPS services, subject to licence compliance and resource plan limits.
• Generated content must comply with the Unacceptable Content (§4) policy. AI-generated CSAM, non-consensual deepfakes, automated phishing, and AI-driven spam campaigns are prohibited.
• Deepfake generation of real public figures for defamatory or deceptive purposes is strictly prohibited. Consensual parody/satire is permitted in accordance with local law.
• Automated scraping at scale (for training datasets or otherwise) must comply with the target sites' robots.txt, ToS and applicable copyright law. Aggressive scraping that overwhelms target servers is prohibited.
• Users operating AI chatbots, APIs, or agent services accessible to the public bear responsibility for moderating outputs and complying with AI regulations in their user jurisdictions (EU AI Act, etc.).
• Training data used on OBHost infrastructure must not include CSAM, illegally obtained personal data, or copyrighted material used in violation of fair use/fair dealing.

Violations of this Acceptable Use Policy are taken seriously. The response depends on the severity, intent and history of violation.

• OBHost will generally attempt to contact the User via the registered email before taking action — except in cases of active attack, CSAM, or severe security risk where immediate action is required.
• Suspended accounts have 7 days to remediate the violation and respond to the abuse notification. After 7 days without remediation, the service may be terminated.
• Users whose services have been suspended or terminated may appeal by submitting a ticket to support@obhost.org with full explanation, evidence of remediation, or clarification of the incident.
• Appeals are typically reviewed within 5 business days. OBHost's decision on appeals is final.
• Termination for AUP violation does not entitle the User to a refund of prepaid fees. Refund eligibility follows the Terms of Service.
• OBHost may refer AUP violations to law enforcement when required by law or when the violation involves criminal activity.