Skip to content

Acceptable Use Policy

Last updated: May 2026

Why this exists

HostStack runs your code on shared European infrastructure. Some activities are either illegal, abusive, or so resource-intensive that they would harm other customers. This document tells you what those are so you can avoid surprises.

Prohibited content

You may not host, store, or distribute:

  • Content that infringes copyright, trademark, or other intellectual property
  • Child sexual abuse material — reported to authorities and immediately terminated
  • Content that promotes terrorism, mass violence, or illegal weapons
  • Personal data collected without consent or in violation of GDPR
  • Content unlawful under EU law or the law of your jurisdiction

Prohibited activities

You may not use HostStack to:

  • Send unsolicited bulk email (spam) or operate an open relay
  • Mine cryptocurrency, run proof-of-work workloads, or operate mining pools
  • Run open proxies, VPN exit nodes, or anonymisation services for third parties
  • Conduct port scans, vulnerability scans, or attacks against third parties
  • Distribute malware, exploit kits, command-and-control servers, or phishing sites
  • Run sustained denial-of-service workloads against any target
  • Circumvent rate limits, resource quotas, or fraud-prevention controls
  • Resell HostStack services as a competing PaaS without a written agreement

Resource abuse

Free-tier resources (1 Nano service, 1 Starter Postgres, 1 cron job, and 1 preview environment per team) and paid resources are subject to fair-use limits — CPU steal, sustained network throughput, abusive build patterns. Free-tier Nano services auto-sleep after 60 minutes of zero traffic and wake on the next request; free-tier services with zero traffic for 60 days are auto-suspended. Workloads that exceed published per-tier limits may be throttled, suspended, or asked to resize to a larger tier. We will contact you before taking action whenever practical.

Security research

Authorised security testing of your own services is fine. Testing against HostStack itself or any other customer's services without written permission is not. Report vulnerabilities to security@hoststack.dev.

Enforcement

When we receive an abuse report or detect a violation, our usual sequence is: (1) contact the team owner with details, (2) suspend the offending service, (3) terminate the account if the violation is severe or recurring. Egregious cases (CSAM, active attacks, malware distribution) skip steps (1) and (2). We preserve customer data for 30 days after termination unless law requires otherwise.

Reporting abuse

Send abuse reports to abuse@hoststack.dev with as much detail as possible: URLs, timestamps, headers, and a description of the violation. We aim to acknowledge within one business day.

Operator

HostStack is operated by MICCI — CVR: 45587452 Fyrretoften 31, 7100 Vejle, Denmark.

Essential cookies only — for login sessions. No tracking. Details