Acceptable use.
Clearly defined.

01Introduction and Purpose

This Acceptable Use Policy (the "AUP" or "Policy") governs the use of all hosting, infrastructure, and related services provided by Italique SRL under the Ancalagon brand (the "Services"). The purpose of this Policy is to protect our customers, our infrastructure, our network, third parties, and the integrity of the internet at large, and to ensure that the Services are used lawfully and responsibly.

This Policy forms an integral part of, and is incorporated by reference into, our General Terms and Conditions. By ordering, accessing, or using the Services — whether directly or through any authorized user — you agree to comply with this Policy. If you do not agree, you must not use the Services.

Capitalized terms not defined here have the meaning given to them in our General Terms and Conditions.

02Scope and Covered Users

2.1 Services covered

This Policy applies to all Services we make available, including but not limited to:

• Dedicated and physical servers and the compute capacity associated with them;
• Virtual machines (VMs) and virtualized compute resources;
• Network resources, including IP address allocations and connectivity;
• DNS hosting and DNS zone management;
• Domain name registration and management services;
• Email hosting, mailboxes, and related messaging services;
• TLS/SSL certificate issuance and management;
• the Ancalagon Manager control panel and associated management interfaces and APIs;
• any storage, backup, and ancillary services provided in connection with the above.

This Policy applies regardless of the means by which the Services are accessed (web interface, API, command line, or otherwise).

2.2 Users covered

Ancalagon provides Services on a business-to-business (B2B) basis. This Policy applies to, and binds:

• The Customer — the business entity that contracts with us for the Services;
• Authorized users — any individual the Customer permits to access or administer the Services on its behalf (employees, contractors, agents);
• End users and sub-users — any third party to whom the Customer, in turn, provides access to, or services built upon, the Services (for example, the Customer's own customers, tenants, or website visitors).

The Customer is responsible for ensuring that all such persons comply with this Policy. See Section 6.

03Acceptable Use

You may use the Services only for lawful business purposes and in accordance with this Policy, our General Terms and Conditions, and all applicable laws and regulations. You are responsible for all activity that occurs on or through your account, your allocated resources, and your credentials, whether or not authorized by you.

04Prohibited Uses

You must not use the Services, and must not permit any authorized user, end user, or sub-user to use the Services, for any of the following. The categories below are illustrative and not exhaustive.

4.1 Illegal and harmful content or activity

• Any activity that violates applicable Belgian, European Union, or other applicable law.
• Storing, hosting, transmitting, distributing, or linking to child sexual abuse material (CSAM) or any content that sexually exploits or endangers minors. This is strictly and absolutely prohibited and will be reported to the competent authorities.
• Content or conduct that promotes, incites, or facilitates terrorism, violent extremism, human trafficking, or other serious crime.
• Content that is unlawfully defamatory, harassing, threatening, or that incites hatred or violence against persons or groups.
• Promotion or facilitation of unlawful weapons, controlled substances, or other goods or services whose sale or distribution is illegal in the relevant jurisdiction.

4.2 Fraud, deception, and abuse

• Fraudulent activity of any kind, including payment fraud, identity theft, carding, and the use of stolen or unauthorized payment instruments.
• Phishing, pharming, spoofing, or any attempt to fraudulently obtain credentials, personal data, or financial information.
• Operating or facilitating deceptive, misleading, or "scam" schemes, including pyramid or Ponzi schemes and other high-risk financial deception.
• Impersonating any person or entity, or misrepresenting your affiliation with any person or entity, including the falsification of headers, identifiers, or routing information.

4.3 Malware and security threats

• Distributing, hosting, or controlling malware, ransomware, viruses, worms, trojans, spyware, or other malicious code.
• Operating command-and-control infrastructure for botnets or compromised systems.
• Hosting exploit kits, credential-harvesting pages, or tools whose primary purpose is to compromise the security of other systems.

4.4 Network and system abuse

• Unauthorized access to, or interference with, any system, network, data, or account, including hacking, penetration testing without authorization, and privilege escalation.
• Denial-of-service (DoS/DDoS) attacks, traffic amplification, or any activity intended to disrupt or degrade any system or network.
• Port scanning, vulnerability scanning, or probing of networks or systems you do not own or are not expressly authorized to test.
• Operating open mail relays, open DNS resolvers, open proxies, or similarly abusable services that facilitate third-party abuse.
• Activity that places an unreasonable or disproportionate load on our infrastructure, or that interferes with the use of the Services by others.
• Falsifying, forging, or manipulating IP addresses, TCP/IP packet headers, email headers, or any part of a message or routing path.

4.5 Email, messaging, and unsolicited communications

• Sending unsolicited bulk or commercial email (spam), or any messages in violation of applicable anti-spam laws, including the EU ePrivacy rules and the GDPR.
• Sending messages to recipients who have not consented to receive them, or who have opted out.
• Harvesting email addresses or other contact details without consent.
• Maintaining an email configuration that fails to provide a valid, monitored return address or a functional unsubscribe mechanism where required.

4.6 Intellectual property and privacy

• Infringing the copyright, trademark, patent, trade secret, or other intellectual property rights of any party.
• Unlawfully collecting, processing, storing, or disclosing personal data in breach of the GDPR or other applicable data protection law.
• Publishing or distributing private or confidential information of any individual without lawful basis.

4.7 Restricted and high-risk activities

The following activities are restricted. They are not permitted without our prior written authorization, and we may impose additional conditions, controls, or limitations, or decline them entirely:

• Adult content services, where permitted by law, subject to strict age verification and legal compliance.
• Online gambling, betting, or gaming-for-money services, subject to holding all required licenses in every jurisdiction served.
• Cryptocurrency mining, blockchain validation, or comparably resource-intensive workloads that may strain shared infrastructure.
• Bulk or high-volume email sending operations.
• Any activity that materially increases the risk of network abuse, reputational harm, regulatory exposure, or harm to third parties.

We reserve the right to determine, in our reasonable discretion, whether a given use falls within a restricted or prohibited category.

05Compliance with Laws, Regulations, and Sanctions

You represent, warrant, and undertake that your use of the Services complies at all times with all applicable laws and regulations, including without limitation those of Belgium and the European Union, and the laws of any other jurisdiction in or from which you operate or to which you direct the Services.

In particular, you must comply with applicable:

• Data protection and privacy law, including the General Data Protection Regulation (GDPR) and the Belgian implementing legislation;
• Electronic communications and anti-spam law, including the ePrivacy rules;
• Consumer protection, e-commerce, and intellectual property law;
• Anti-money-laundering (AML) and counter-terrorist-financing (CTF) obligations applicable to your business.

5.1 Economic sanctions and export controls

You must comply with all applicable economic sanctions, trade restrictions, and export-control laws, including those administered by the United Nations, the European Union, and the Kingdom of Belgium, and, where applicable, the sanctions regimes of other competent authorities (including, where relevant, the United States Office of Foreign Assets Control — OFAC).

You must not use the Services, and must not permit the Services to be used:

• by, for, or on behalf of any individual or entity that is the target of applicable sanctions, or that is owned or controlled by such a person; or
• in or for the benefit of any country, territory, or region subject to comprehensive sanctions or embargoes; or
• in any manner that would cause Italique SRL to be in breach of applicable sanctions or export-control law.

You warrant that you, your authorized users, and your end users are not sanctioned parties and are not located in a comprehensively sanctioned territory. We may suspend or terminate Services where we reasonably believe a sanctions or export-control concern exists.

06Responsibility for Authorized Users, End Users, and Sub-Users

The Services are provided on a B2B basis and are frequently used to host or deliver services to the Customer's own users. Accordingly:

• The Customer is fully responsible for all use of the Services by its authorized users, end users, sub-users, and any third party who accesses the Services through the Customer's account or resources, and for all content stored, transmitted, or processed through the Services.
• The Customer must ensure that all such persons are bound by terms at least as protective as this Policy, and must enforce those terms.
• An act or omission by any such person that would breach this Policy is treated as a breach by the Customer.
• The Customer must implement reasonable measures to prevent, detect, and remedy abuse originating from its account or resources, including responding promptly to abuse notifications we forward.
• The Customer must provide us, on reasonable request, with information necessary to identify the source of, and to investigate, suspected abuse.

Nothing in this Section relieves any authorized user, end user, or sub-user of their own obligation to comply with this Policy.

07Monitoring, Investigation, and Enforcement

7.1 Monitoring

We do not routinely monitor the content of customer data, and we are under no general obligation to do so. However, we reserve the right — but assume no obligation — to monitor use of the Services, inspect traffic patterns and resource usage, and investigate suspected violations, in order to protect the Services, our network, our customers, and third parties, and to comply with applicable law, lawful requests from competent authorities, and valid abuse reports.

7.2 Investigation and cooperation

We may investigate any suspected violation of this Policy. In doing so, and where permitted or required by law, we may access, preserve, and disclose relevant information, and we may cooperate with law enforcement, regulatory authorities, and affected third parties, including by reporting unlawful content or activity.

7.3 Enforcement measures

Where we determine, in our reasonable discretion, that a violation has occurred or is reasonably suspected, or where required to protect the Services, our infrastructure, other customers, or third parties, we may take any of the following actions, with or without prior notice depending on the severity and urgency of the situation:

• issue a warning and request that the violation be remedied within a stated period;
• remove, disable, or block access to offending content or traffic;
• throttle, restrict, or limit the affected resources or functionality;
• suspend all or part of the Services, including the relevant account or resources;
• terminate the Services or the contract, in whole or in part, in accordance with our General Terms and Conditions;
• report the matter to the competent authorities.

We will generally seek to give notice and a reasonable opportunity to cure before suspension or termination. However, where a violation is severe, ongoing, unlawful, or poses an imminent risk to our infrastructure, our customers, third parties, or the public (including, without limitation, CSAM, active network attacks, malware distribution, phishing, or a sanctions concern), we may act immediately and without prior notice.

The Customer remains liable for all fees and for any damages, costs, fines, or claims arising from a violation of this Policy. Enforcement action under this Policy is without prejudice to any other right or remedy available to us under the contract or applicable law.

08Reporting Abuse

If you become aware of any use of the Services that may violate this Policy, please report it to our abuse team at abuse@ancalagon.be, with as much detail as possible (including relevant IP addresses, domain names, URLs, timestamps with time zone, and message headers where applicable). We will review and act on valid reports as appropriate.

09Changes to this Policy

We may update this Policy from time to time to reflect changes in our Services, legal or regulatory requirements, or industry practice. The current version is always available on our website, with the "Last updated" date shown above. Material changes will be communicated in accordance with our General Terms and Conditions. Your continued use of the Services after a change takes effect constitutes acceptance of the updated Policy.

10Contact

This Policy is governed by the laws of Belgium. Any dispute relating to it is subject to the jurisdiction set out in our General Terms and Conditions.