Acceptable Use Policy

Last updated: April 2026

Why this exists

HostStack runs your code on shared European infrastructure. Some activities are either illegal, abusive, or so resource-intensive that they would harm other customers. This document tells you what those are so you can avoid surprises.

Prohibited content

You may not host, store, or distribute:

  • Content that infringes copyright, trademark, or other intellectual property
  • Child sexual abuse material — reported to authorities and immediately terminated
  • Content that promotes terrorism, mass violence, or illegal weapons
  • Personal data collected without consent or in violation of GDPR
  • Content unlawful under EU law or the law of your jurisdiction

Prohibited activities

You may not use HostStack to:

  • Send unsolicited bulk email (spam) or operate an open relay
  • Mine cryptocurrency, run proof-of-work workloads, or operate mining pools
  • Run open proxies, VPN exit nodes, or anonymisation services for third parties
  • Conduct port scans, vulnerability scans, or attacks against third parties
  • Distribute malware, exploit kits, command-and-control servers, or phishing sites
  • Run sustained denial-of-service workloads against any target
  • Circumvent rate limits, plan limits, or fraud-prevention controls
  • Resell HostStack services as a competing PaaS without a written agreement

Resource abuse

Free-tier and paid services are subject to fair-use limits. Sustained workloads that exceed published plan limits — even if billed under usage-based pricing — may be throttled, suspended, or asked to upgrade. We will contact you before taking action whenever practical.

Security research

Authorised security testing of your own services is fine. Testing against HostStack itself or any other customer's services without written permission is not. Report vulnerabilities to security@hoststack.dev.

Enforcement

When we receive an abuse report or detect a violation, our usual sequence is: (1) contact the team owner with details, (2) suspend the offending service, (3) terminate the account if the violation is severe or recurring. Egregious cases (CSAM, active attacks, malware distribution) skip steps (1) and (2). We preserve customer data for 30 days after termination unless law requires otherwise.

Reporting abuse

Send abuse reports to abuse@hoststack.dev with as much detail as possible: URLs, timestamps, headers, and a description of the violation. We aim to acknowledge within one business day.