Acceptable Use Policy

Last updated: 24 June 2026

This Acceptable Use Policy (the "AUP" or "Policy") sets out the conduct, content, and activities that are permitted and prohibited when using any service, network, platform, system, or facility provided by Draconis Infrastructure, LLC ("Draconis", "we", "us", or "our"), whether directly or through one of our customer-facing brands (collectively, the "Services"). This Policy applies to all customers, account holders, resellers, and their respective end users (each a "you" or "User").

By accessing or using the Services, you agree to comply with this Policy. This AUP is incorporated by reference into, and forms part of, our Terms of Service and any applicable master service agreement, order form, or brand-specific terms. Where this Policy conflicts with a separately negotiated agreement, the more restrictive provision applies to the extent permitted by law.

1. Purpose & Scope

Draconis Infrastructure, LLC is a digital infrastructure holding company. We operate data-center, cloud computing, telecommunications, artificial intelligence, and IT services capacity that underpins a portfolio of specialised brands. Because our infrastructure is shared and interconnected, misuse by a single User can affect the security, performance, reputation, and legal standing of other Users, our networks, and third parties.

The purpose of this Policy is to:

• protect the integrity, security, availability, and reputation of our infrastructure and the Users who depend on it;
• ensure compliance with applicable laws, regulations, and the requirements of our upstream providers, peering partners, and payment processors;
• set clear expectations regarding content that may be stored, transmitted, or processed using the Services; and
• describe how we investigate and respond to suspected violations.

This Policy applies to all use of the Services, including compute, storage, networking, bandwidth, IP address space, domain and DNS services, email, APIs, control panels, and any associated software or documentation. It applies regardless of whether content or traffic originates from you, your customers, your applications, or automated systems acting on your behalf.

2. Prohibited Content

You may not use the Services to host, store, publish, transmit, distribute, link to, cache, or otherwise make available any content that:

• Is illegal or facilitates illegal activity under any law applicable to you, to us, or to the jurisdiction in which our infrastructure or our upstream providers operate.
• Sexually exploits or endangers minors. We maintain a strict zero-tolerance policy toward child sexual abuse material (CSAM) and any content that sexualises, exploits, or endangers minors. Such content will be removed immediately upon detection, the responsible account will be terminated, and we will preserve relevant data and report the matter to the National Center for Missing & Exploited Children (NCMEC) and/or the appropriate law-enforcement authorities as required by law. There is no notice period and no opportunity to cure for this category.
• Infringes intellectual property rights, including copyrights, trademarks, patents, trade secrets, or other proprietary or contractual rights, or that circumvents technical protection measures or facilitates unlicensed distribution of protected works.
• Contains or distributes malware, viruses, worms, trojans, ransomware, rootkits, keyloggers, spyware, exploit kits, command-and-control payloads, phishing kits, or any other malicious or destructive code.
• Promotes fraud or deception, including phishing pages, fake login portals, counterfeit goods, fraudulent financial schemes, identity theft, or content designed to impersonate a person, brand, or organisation to deceive.
• Is defamatory, harassing, threatening, or abusive, or that incites violence, terrorism, or unlawful discrimination, or that promotes self-harm.
• Violates privacy or data-protection rights, including the unlawful collection, publication, or sale of personal data, or the non-consensual publication of intimate images or private information ("doxxing").
• Violates export controls, sanctions, or trade restrictions, or facilitates the proliferation of weapons or other controlled goods and technologies.

3. Prohibited Activities

You may not use the Services to engage in, enable, or assist any of the following:

• Network abuse: activities that degrade, disrupt, or interfere with our network or any third-party network, host, or service, including IP or port scanning without authorisation, packet flooding, traffic amplification or reflection, ARP/DNS/BGP spoofing or hijacking, and the forging of TCP/IP headers or any part of a packet.
• Denial-of-service: launching, participating in, hosting infrastructure for, or knowingly providing services to denial-of-service (DoS) or distributed denial-of-service (DDoS) attacks, "booter"/"stresser" services, or botnets.
• Unauthorised access: attempting to access, probe, scan, or test the vulnerability of any system, account, network, or data without express authorisation; defeating or circumventing authentication, authorisation, or security measures; or intercepting data not intended for you.
• Spam and unsolicited communications: sending, relaying, or facilitating unsolicited bulk or commercial email (UCE/spam), SMS, or messaging; operating open mail relays or open proxies; harvesting addresses; using misleading headers or routing information; or any conduct that violates the CAN-SPAM Act or equivalent anti-spam laws. You must maintain valid opt-in consent and functional unsubscribe mechanisms for all marketing communications.
• Resource abuse: consuming compute, storage, memory, bandwidth, or I/O in a manner that materially and unfairly degrades service for other Users, that exceeds the entitlements of your plan, or that circumvents usage limits, metering, or fair-use controls.
• Cryptocurrency abuse: cryptocurrency mining, distributed proof-of-work, or similar resource-intensive workloads are prohibited unless expressly authorised in writing for a specific service tier. The use of stolen credentials or compromised accounts ("cryptojacking") to perform such workloads is always prohibited.
• Anonymisation and evasion abuse: operating services for the purpose of evading abuse controls, masking the origin of malicious traffic, or facilitating any of the prohibited activities described in this Policy.
• Circumventing billing or identity controls: providing false registration information, using fraudulent or stolen payment instruments, or creating accounts to evade suspension, termination, or usage limits.

4. Security & Integrity Obligations

You are responsible for the security of the systems, applications, and accounts under your control. You must:

• keep operating systems, applications, frameworks, and dependencies patched and reasonably secure, and promptly remediate known vulnerabilities;
• protect credentials and access keys, use strong authentication, and enable multi-factor authentication where available;
• configure firewalls, access controls, and least-privilege permissions appropriate to your workloads;
• not deploy intentionally insecure, misconfigured, or vulnerable services that could be exploited to harm others (for example, open relays, exposed administrative interfaces, or default credentials);
• monitor your environment for compromise and respond promptly to any incident; and
• cooperate with reasonable security requests, including the application of urgent patches or the isolation of compromised systems.

If your account, server, or application is compromised and used to harm our infrastructure or third parties, we may take action under this Policy even where the underlying misuse was not initiated by you.

5. Customer Responsibility for End Users

If you provide services to your own customers or end users using our infrastructure — for example, as a reseller, platform operator, or one of our brands — you are responsible for their conduct as if it were your own. You must:

• maintain and enforce an acceptable use policy with your end users that is at least as protective as this Policy;
• have effective mechanisms to receive, investigate, and act on abuse reports concerning your end users;
• promptly suspend or remove end-user content or activity that violates this Policy; and
• be able to identify and, where lawful and appropriate, take action against the source of a violation.

A violation by your end user is treated as a violation by you, and we may act against your account if you are unable or unwilling to address it in a timely manner.

6. Reporting Abuse

We take reports of abuse seriously and investigate credible reports promptly. If you believe that the Services are being used in violation of this Policy, please contact us with as much detail as possible — including relevant IP addresses, URLs, domains, timestamps (with time zone), log excerpts, message headers, and a description of the issue.

• Abuse reports: abuse@draconisinfrastructure.com
• General contact: info@draconisinfrastructure.com

For complaints alleging copyright or other intellectual-property infringement, please follow the notice procedure in our Terms of Service or applicable copyright/DMCA policy and direct your notice to info@draconisinfrastructure.com. Reports concerning child sexual abuse material are escalated immediately and handled in accordance with Section 2 and applicable law.

7. Investigation & Enforcement

We may, but are not obligated to, monitor use of the Services for compliance with this Policy. When we become aware of a suspected violation, we may investigate and may, at our discretion and to the extent permitted by law, take any of the following actions without prior notice:

• issue a warning and request that you remediate the issue within a stated time;
• remove, disable, filter, throttle, or null-route the offending content, traffic, IP addresses, or systems;
• suspend the affected service, account, or related services in whole or in part; or
• terminate the account and any associated services.

The action we take depends on the nature, severity, and recurrence of the violation, the potential or actual harm to others, and your responsiveness. Severe violations — including CSAM, active attacks, ongoing fraud or phishing, or conduct that exposes our infrastructure or other Users to imminent harm — may result in immediate suspension or termination without prior notice and without opportunity to cure. Suspension or termination under this Policy does not entitle you to a refund of prepaid fees, and you remain liable for charges incurred and for any damages or costs arising from the violation.

8. Cooperation with Law Enforcement

We cooperate with law-enforcement authorities, regulators, and courts of competent jurisdiction. Where required or permitted by applicable law, we may preserve, access, and disclose account, traffic, and content data in response to a valid legal request, subpoena, warrant, or court order, or where we reasonably believe disclosure is necessary to protect the safety of any person, to prevent or investigate a crime, to protect our rights or property, or to comply with a legal obligation. We may also report apparent unlawful activity to the appropriate authorities on our own initiative.

9. Relationship to Payments & Brands

Draconis Infrastructure, LLC processes payments centrally on behalf of its brands. Conduct that violates this Policy may also violate the rules of our payment processors and card networks. To maintain compliance and protect all parties, we may decline, reverse, or withhold transactions, and may suspend services, in connection with activity that breaches this Policy.

10. Changes to This Policy

We may update this Policy from time to time to reflect changes in our Services, our infrastructure, legal or regulatory requirements, or the evolving threat landscape. When we make material changes, we will revise the "Last updated" date above and, where appropriate, provide additional notice. Your continued use of the Services after changes take effect constitutes acceptance of the revised Policy. We encourage you to review this page periodically.

11. Contact

If you have questions about this Policy or wish to report a suspected violation, please contact us:

• Abuse: abuse@draconisinfrastructure.com
• General & legal: info@draconisinfrastructure.com · support@draconisinfrastructure.com
• Telephone: +1 (302) 488-1540
• Registered office: 131 Continental Dr, Suite 305, Newark, DE 19713, United States
• Entity: Draconis Infrastructure, LLC · Delaware, USA — File No. 7800123

This document is provided in English, which is the authoritative version; automated translations are for convenience only.