Acceptable Use Policy

This Acceptable Use Policy (“AUP”) governs the use of all services provided by Hostinking(“we”, “us”, “our”), including but not limited to shared web hosting, VPS hosting, dedicated servers, domain registration, email hosting, and SSL certificates (collectively, “Services”).

Hostinking serves customers globally — including the Arab world, GCC, Africa, Europe, the Americas, and Asia-Pacific. This policy is designed to comply with applicable international law and the legal frameworks of all major jurisdictions in which our customers operate.

By using our Services you agree to comply with this AUP in full. Violations may result in suspension or permanent termination of your account without refund, and may be reported to the relevant national and international authorities where applicable.

This policy supplements — and does not replace — our Terms of Service and Privacy Policy.

This AUP is written to align with — and satisfy — legal obligations across all major global jurisdictions. The table below maps the key regulatory frameworks that inform this policy. Where your local law is stricter than this AUP, your local law prevails.

This list is illustrative, not exhaustive. Compliance with applicable local law is always required regardless of whether it is listed above.

Our Services are intended for lawful, legitimate purposes including:

• Personal websites, portfolios, and blogs
• Business websites, e-commerce stores, and SaaS applications
• Development, testing, and staging environments
• Open-source software projects and community forums
• Educational content, tutorials, and online courses
• Non-profit, NGO, and charitable organisations
• News, journalism, and editorial publishing
• Corporate intranets, APIs, and internal tools
• Mobile app backends and IoT platforms
• Government and public sector digital services

If you are unsure whether your intended use is permitted, please contact us before purchasing.

The following types of content are strictly prohibited on our infrastructure regardless of your country of residence, the nationality of your audience, or the laws of any single jurisdiction:

The following network activities are prohibited and will result in immediate suspension. These activities are criminal offences in virtually every jurisdiction worldwide:

• DDoS & Network Attacks: Launching or facilitating distributed denial-of-service attacks, SYN floods, UDP floods, or any attack designed to degrade or disrupt networks, servers, or services. Criminalised under UAE Decree-Law 34/2021, Egypt Law 175/2018, Saudi Anti-Cybercrime Law, EU NIS2, UK Computer Misuse Act, USA CFAA, India IT Act, and equivalent laws globally.
• Unauthorised Access & Intrusion: Accessing, attempting to access, or facilitating access to any computer system, network, or data without explicit authorisation from the owner — a criminal offence in all major jurisdictions.
• Port Scanning & Vulnerability Probing: Scanning external IP ranges, brute-force attacks, or probing systems you do not own without written permission from the system owner.
• Botnets & C2 Infrastructure: Operating command-and-control servers, botnet nodes, or automated infrastructure used to remotely control compromised machines.
• IP Spoofing: Forging TCP/IP packet headers, sending traffic with falsified source addresses, or any attempt to impersonate another IP address.
• Cryptocurrency Mining on Shared Plans: Mining any cryptocurrency on shared hosting plans is prohibited. VPS and dedicated server customers may mine using only their allocated resources, subject to fair use and local regulatory compliance (note: certain jurisdictions restrict or prohibit cryptocurrency mining entirely — customers are responsible for local compliance).
• Open Proxies & Anonymisation Relays: Operating open HTTP/SOCKS proxies available to the public, Tor exit nodes, or VPN relay nodes that could facilitate abuse or circumvention of lawful network controls by third parties.
• Resource Abuse: Intentionally consuming excessive CPU, RAM, disk I/O, or bandwidth in a way that degrades the experience of other customers on shared infrastructure.
• Unlawful Interception: Intercepting, monitoring, or recording network communications, credentials, or private data without authorisation — prohibited under electronic surveillance laws in all jurisdictions.

Hostinking operates a zero-tolerance spam policy. All email sent from our infrastructure must comply with the anti-spam laws applicable to both the sender and the recipients' jurisdictions. Key frameworks include:

Accounts found sending spam will be suspended without notice. Hard bounce rates above 2% trigger automatic investigation. Repeated violations result in permanent termination and blacklisting of associated IP ranges.

You may not use Hostinking Services to store, distribute, or transmit content that infringes third-party intellectual property rights, including:

• Pirated software, movies, music, ebooks, or games (warez, torrents, stream-ripping sites)
• Unlicensed use of copyrighted images, fonts, source code, or databases
• Counterfeit branded goods, fake designer products, or trademark-infringing storefronts
• Reproducing trademarked brand names or logos to mislead consumers or damage brand reputation
• Patent-infringing products, methods, or inventions

Counter-notices may be filed by the hosting customer. Repeat infringers will have their accounts terminated in line with applicable law.

When you host applications that collect, process, or store personal data belonging to third parties (your customers, users, employees), you become a data controller or processor under applicable law. You are responsible for:

Hostinking acts as a data processor for data you store on our infrastructure. Our full Data Processing Agreement is available at legal@hostinking.com.

Shared hosting plans operate on shared infrastructure. To maintain performance for all customers regardless of their location, the following limits apply:

Legitimate security research is valuable and we support it. Hostinking permits security testing under the following conditions:

Responsible disclosure reports to abuse@hostinking.com are acknowledged within 3 business days. We do not currently offer a bug bounty programme but acknowledge valid reports publicly with the researcher's permission.

We reserve the right to take the following actions in response to AUP violations, applied proportionally based on severity:

We will make reasonable efforts to notify the account holder before taking action, except where the violation poses an immediate risk to Hostinking infrastructure, other customers, or third parties.

If you discover content or activity on Hostinking infrastructure that violates this policy — whether you are a customer, a third party, or a national authority — please report it immediately. We take all reports seriously regardless of origin.

We aim to acknowledge all reports within 4 business hours and resolve critical issues within 24 hours. Reports with clear evidence are handled fastest.

We may update this AUP from time to time to reflect changes in our services, new jurisdictions served, evolving legal requirements, or industry best practices.

• Material changes will be communicated via email to the account holder at least 7 days before taking effect.
• Minor clarifications take effect immediately — the “Last Updated” date at the top of this page will be revised.
• Continued use of our Services after the effective date constitutes acceptance of the updated AUP.
• Archived versions of this policy are available upon request at legal@hostinking.com.