Acceptable Use Policy (AUP)
Business Catalyst Consultants (PTY) LTD t/a DirectCloud.io
Last updated: 01 August 2025
Version: 1.0.4

This Acceptable Use Policy forms part of the Website Terms and Conditions and any applicable Service Terms. Capitalised terms have the meanings given in the Terms. The purpose of this AUP is to protect service integrity, ensure lawful, responsible use, and safeguard other Users and third parties.

  1. Scope and Incorporation
     1.1 This AUP applies to all use of hosting, cloud, email, network, security, and related services provided via the Site or under Service Terms (Services).
    1.2 In the event of conflict, mandatory law and the Website Terms and Conditions prevail. This AUP is in addition to, and does not limit, any rights under the Terms, Privacy Policy, or applicable law.

  2. Prohibited Use (non-exhaustive)
     The Services may not be used for activities that are illegal, harmful, abusive, or that interfere with service operation. Prohibited activities include:
    (a) Abuse & Interference: denial-of-service (DoS/DDoS), flooding, mail-bombing, deliberate latency or availability degradation, or interference with network equipment.
    (b) Unauthorized Access: port scanning, crawling/scraping contrary to robots.txt or access controls, credential stuffing, evasion of authentication, or testing without prior written authorization from the Company.
    (c) Malware & Exploits: development, hosting, distribution, or command-and-control of malware, ransomware, spyware, keyloggers, botnets, or exploit kits.
    (d) Fraud & Deception: phishing, pharming, impersonation, brand or domain spoofing, fake identities, or deceptive routing.
    (e) Spam & Unsolicited Messaging: sending or facilitating unsolicited bulk email/SMS/IM (UBE/UBE), messages without valid consent where required, or messages lacking required sender identification, functional opt-out, or lawful routing.
    (f) Infringing or Unlawful Content: material that infringes IP; violates privacy or publicity rights; is defamatory, harassing, or threatening; or is otherwise unlawful in any applicable jurisdiction.
    (g) High-Risk Illegal Content: child sexual abuse/exploitation material (CSAM), non-consensual intimate imagery, bestiality, human trafficking content, extremist propaganda where illegal, or material inciting violence or hatred contrary to law.
    (h) Dangerous Goods & Regulated Activities: unlawful weapons trading; sanctions violations; or regulated financial, medical, or professional services offered without required licences/authorisations.
    (i) Open Proxies/Relays: operation of open SMTP relays, open DNS resolvers, open HTTP/SOCKS proxies, or anonymization exit nodes that can be abused, unless expressly approved in writing by the Company and suitably access-controlled.
    (j) Resource Abuse: activities that consume disproportionate CPU, RAM, disk I/O, bandwidth, or inodes; cryptomining or distributed compute workloads without prior written consent; persistent processes that materially degrade multi-tenant environments.
    (k) Data Handling Violations: processing personal information contrary to the Privacy Laws, storing or sharing data in breach of contractual or statutory confidentiality obligations, or doxxing.

  3. Content Standards
     3.1 The User is responsible for all content hosted, transmitted, or made available through the Services (User Content).
    3.2 User Content must comply with applicable laws (including defamation, IP, privacy, consumer, and advertising standards).
    3.3 The Company may remove or disable access to User Content that appears to violate this AUP or law (see clause 9).

  4. Email and Messaging Requirements (where Services include outbound mail)
     4.1 All bulk or marketing messages must comply with POPIA s69 (South Africa), Spam Act 2003 (Cth) (Australia), and UK PECR, including valid consent where required, sender identification, and a functional opt-out honoured within statutory timeframes.
    4.2 Technical Standards: use of SPF, DKIM, and DMARC is required where available; maintenance of accurate WHOIS/domain records; prohibition on snowshoeing or list rental without documented consent.
    4.3 Hygiene & Rates: complaint rate targets ≤0.1% and hard-bounce rates ≤2% per campaign; routine list hygiene; suppression of unsubscribes and bounces.
    4.4 Open relays and unauthenticated outbound SMTP are prohibited. The Company may impose rate limits, quotas, content scanning, or reputation controls to protect network deliverability.

  5. Security Obligations of Users
     5.1 Reasonable safeguards must be implemented, including strong unique credentials, MFA where available, timely patching, removal of default passwords, least-privilege access, and regular backups.
    5.2 Private keys, API tokens, and credentials must be stored securely and never embedded in public code repositories.
    5.3 Security testing of the Services or the Company’s infrastructure requires prior written authorization and coordination; coordinated vulnerability disclosure procedures will be supported in good faith.
    5.4 The User must immediately mitigate actively exploited vulnerabilities in workloads under the User’s control when notified by the Company or a competent authority.

  6. Resource Usage and Fair Use
     6.1 The Company may set or enforce fair-use thresholds, concurrent connection limits, burst limits, or other technical controls to protect service stability.
    6.2 Activities that materially degrade shared environments may be throttled, isolated, or suspended. Dedicated resources may be required for sustained heavy workloads.

  7. Data Protection and Privacy Interface
     7.1 Processing of personal information via the Services must comply with Privacy Laws (POPIA, Australian Privacy Act/APPs, UK GDPR/UK DPA).
    7.2 The User is the responsible party/controller for personal information it uploads or processes using the Services, except where the Company acts as a controller under law. The Privacy Policy explains roles and responsibilities.
    7.3 Sensitive or special-category data should not be uploaded unless appropriate safeguards, legal bases, and security controls are in place.

  8. Monitoring, Logging, and Lawful Cooperation
     8.1 To protect the Services, the Company may employ automated and manual monitoring, logging, rate limiting, abuse detection, malware scanning, and reputation services, in accordance with the Privacy Policy and applicable law.
    8.2 The Company may preserve and disclose logs or account information where required by law, regulation, court/tribunal order, accredited ombud, or competent authority, or to protect rights, safety, and service integrity, subject to applicable legal processes.

  9. Enforcement and Remedial Action
     9.1 On reasonable grounds of violation, the Company may take proportionate action, which may include warning, removal or quarantine of content, traffic filtering, rate limiting, suspension, or termination (and, if applicable, disabling of domains, DNS records, or API keys).
    9.2 Emergency Action: immediate suspension may occur without prior notice where necessary to protect the Services, Users, or the public, or to comply with law.
    9.3 Restoration: where feasible, restoration will be attempted once the underlying issue is resolved and any required assurances are provided.
    9.4 Appeal: an appeal may be submitted to the contact in clause 12 with supporting facts. Appeals will be reviewed in good faith; restoration is not guaranteed.

  10. Reporting Channels
     10.1 Suspected abuse, AUP violations, phishing, malware, CSAM, or security vulnerabilities should be reported promptly to: abuse@directcloud.io or info@directcloud.io.
    10.2 Reports related to IP infringement should follow the procedure in the Website Terms and Conditions (IP Infringement and Takedown Procedure).
    10.3 CSAM reports may also be made to relevant national hotlines or law-enforcement agencies. The Company will promptly report and remove known CSAM.

  11. Jurisdiction-Specific Statements (summary)
     11.1 South Africa: unsolicited electronic communications will comply with POPIA s69; takedowns may be processed under the ECT Act and any applicable industry codes.
    11.2 Australia: consumer messaging must comply with the Spam Act 2003 (Cth) and industry codes; ACL consumer guarantees are preserved.
    11.3 United Kingdom: electronic marketing will comply with PECR; UK CRA rights are preserved. Nothing in this AUP limits non-excludable statutory rights.

  12. Contact and Changes
     12.1 Contact for AUP matters:
    • Email: info@directcloud.io (general and legal notices) / abuse@directcloud.io (abuse/security)
    • Postal/service address: Unit 1 Monaco Square, 14 Church Street, Durbanville, Cape Town, South Africa, 7550
    • Telephone (business hours): +27 83 419 4851
    12.2 Changes to this AUP may be made by posting an updated version with a revised “Last updated” date. Material changes will be signposted on the Site where practicable. Continued use of the Services after the effective date constitutes acceptance.

  13. Relationship to Suspension for Non-Payment
     13.1 Operational enforcement under this AUP is separate from credit control measures. Suspension or termination for non-payment may occur under the Service Terms and Website Terms and Conditions (see Security, Maintenance, and Suspension), in addition to any AUP enforcement.

  14. Survival
     14.1 Clauses 3–11 and 13 survive termination to the extent necessary to give them effect.

Get in touch with us!

Copyright © 2026 DirectCloud. All Rights Reserved.