Create Next App

System Policies

These policies govern the acceptable use, security, resource management, backups, maintenance, and uptime commitments for all HostupCloud services. By using our services you agree to comply with these policies.

Last updated: 22 February 2026 · Effective: 22 February 2026

Acceptable Use Policy (AUP)

All customers must use HostupCloud services lawfully and responsibly. The following activities are strictly prohibited and will result in immediate account suspension without refund.

Prohibited Activities

1.1Sending unsolicited bulk email (spam), including via scripts or mail servers hosted on our platform

1.2Hosting, distributing, or linking to malware, ransomware, spyware, phishing pages, or exploit kits

1.3Conducting or facilitating DDoS attacks, SYN floods, or any network-layer attack against any target

1.4Port scanning, network probing, or vulnerability scanning of any third-party systems without explicit written permission

1.5Hosting child sexual abuse material (CSAM) or any content that exploits minors

1.6Cryptocurrency mining (CPU/GPU mining on shared hosting or VPS without prior written consent)

1.7Running open mail relays, proxy servers, or Tor exit nodes

1.8Storing or distributing pirated software, cracked licenses, or copyright-infringing content

1.9Using services for illegal activities under Indian, UK, or US law

1.10Reselling resources without a valid Reseller Hosting agreement with HostupCloud

Permitted Activities

1.11Hosting websites, web applications, APIs, and databases for lawful purposes

1.12Running legitimate e-commerce stores with proper payment security measures

1.13Hosting personal blogs, portfolios, and business websites

1.14Development, staging, and testing environments

1.15Sending transactional and opt-in marketing emails within sending limits

Violations are investigated by our abuse team. We cooperate with law enforcement and may disclose account information pursuant to valid legal process. Report abuse to abuse@hostupcloud.com.

Fair Usage & Resource Policy

Shared hosting plans operate on shared infrastructure. Excessive resource usage that degrades performance for other customers is not permitted.

CPU Usage

Sustained CPU usage above your plan's vCore allocation triggers throttling. Burst usage is permitted for short periods.

RAM

Memory is allocated per plan. Processes exceeding RAM limits are killed automatically to protect server stability.

Bandwidth

Plans operate on a fair-use basis. We do not hard-cap bandwidth, but excessive or abusive traffic patterns will be reviewed.

Inodes

Each plan has an inode limit (files + directories). Exceeding the inode limit prevents new file creation. Clean up unused files regularly.

Email Sending Limits

2.1All plans: 120 outbound emails per hour per account

2.2SPF, DKIM, and DMARC records are strongly recommended to ensure deliverability

2.3Bulk marketing emails must be sent via a dedicated email service (e.g. Mailgun, SendGrid) — not via the hosting server

2.4Sending more than 120 emails/hour without prior approval will trigger automatic suspension of the mail queue

Security Policy

We implement multiple layers of security across all infrastructure. The following measures are active on all shared hosting accounts by default.

Imunify360

Real-time malware scanning and automatic quarantine on all shared hosting accounts.

Web Application Firewall

WAF rules active at the server level, blocking common attack vectors (SQLi, XSS, RFI).

DDoS Protection

Layer 3/4 DDoS mitigation active on all network edges. Layer 7 protection available on cloud plans.

Free SSL / TLS

Let's Encrypt SSL certificates auto-issued and auto-renewed for all domains on your account.

Account Isolation

Each hosting account runs in an isolated container. A compromised account cannot access others.

LiteSpeed + ModSecurity

LiteSpeed web server with ModSecurity rules for additional application-layer protection.

Two-Factor Authentication

2FA available on HUCPanel and billing portal. Strongly recommended for all accounts.

SSH Key Authentication

Password-based SSH login is disabled by default on cloud VPS. Key-based auth only.

Customer responsibility: You are responsible for keeping your CMS (WordPress, etc.), plugins, and themes up to date. Outdated software is the leading cause of account compromise. Enable auto-updates where possible.

Network Policy

Permitted

4.1Standard HTTP/HTTPS, FTP, SFTP, SSH, SMTP, IMAP, POP3 traffic

4.2Outbound API calls and webhooks for web applications

4.3Legitimate web crawlers and bots (e.g. Googlebot)

4.4WebSocket connections for real-time applications

Prohibited

4.5Port scanning or network probing of any external hosts

4.6Running IRC servers, botnets, or C2 infrastructure

4.7IP spoofing or ARP poisoning

4.8Excessive outbound connections that saturate the network

Backup Policy

We perform automated daily backups on all shared hosting plans. Backups are stored separately from the primary server.

Daily

Backup frequency

Snapshots taken every 24 hours automatically

30 Days

Retention period

Last 30 days of backups retained at no extra cost

1-Click

Restore

Restore files, databases, or full accounts from HUCPanel

5.1File manager, MySQL databases, and email accounts are all included in backups

5.2Backups are available for self-service restore directly from HUCPanel

5.3For assistance with restoring a specific backup, open a support ticket — free of charge

5.4Backups are a courtesy service. Customers are strongly encouraged to maintain their own off-site backups for critical data

5.5Accounts suspended for AUP violations may have backups purged immediately

Uptime SLA

HostupCloud provides a 99.9% monthly uptime guarantee on all shared hosting, cloud VPS, and dedicated server services.

99.9%

Monthly uptime SLA

≤ 43 min

Allowed downtime / month

Pro-rata

Credit for SLA breach

6.1Uptime is measured at the network edge — server must be reachable from external monitoring

6.2SLA credits are issued as account credit automatically upon verified breach

6.3Scheduled maintenance windows (announced 48h in advance) are excluded from SLA calculations

6.4Downtime caused by customer misconfiguration, AUP violations, or third-party attacks is excluded

6.5SLA credits do not apply to accounts suspended or terminated for policy violations

Maintenance Policy

Scheduled Maintenance

Window: Sunday 02:00–06:00 IST (preferred)

Notice: 48 hours advance notice via email and status page

Impact: Brief service interruption possible

Emergency Maintenance

Window: As required — no fixed window

Notice: Best-effort notice; status page updated immediately

Impact: Critical security patches or infrastructure failures

Live status and incident updates are published at status.hostupcloud.com. Subscribe to status updates to receive email notifications.

Incident Response

Our team follows a structured incident response process for all service-affecting events.

Critical

15 min

Full outage, data breach, or security compromise

High

1 hour

Partial outage, degraded performance affecting multiple customers

Medium

4 hours

Single customer issue or non-critical service degradation

8.1Initial acknowledgement sent within the response time above

8.2Status page updated at every major milestone

8.3Post-incident report published within 72 hours for Critical events

8.4Security incidents involving personal data are reported to relevant authorities within 72 hours (UK GDPR / DPDPA)

Suspension & Termination

AUP Violation

Immediate

Immediate suspension without notice. Account reviewed; termination if violation is confirmed.

Non-payment

After notice

Account suspended 3 days after invoice due date. Terminated and data deleted after 14 days of suspension.

Chargeback / Fraud

Immediate

Immediate account suspension. Services may be permanently terminated. Disputed amounts pursued through legal channels.

Customer Request

On request

Account closed within 5 business days. Data deleted after 30-day grace period. No refund on remaining term.

KYC (Know Your Customer) Policy

HostupCloud conducts Know Your Customer (KYC) verification in compliance with India's Prevention of Money Laundering Act 2002 (PMLA), CERT-In Directions 70B (April 2022), and applicable AML/CFT regulations in the UK and USA. KYC is mandatory for high-value accounts, enterprise contracts, bare metal servers, colocation, and any service subject to regulatory scrutiny.

KYC Verification Providers

🌍

Stripe Identity

International customers — automated ID document + selfie verification via Stripe Identity (Stripe Inc., USA). Supports passports, national IDs, driver's licences from 30+ countries.

🇮🇳

Cashfree KYC

India customers — PAN verification, Aadhaar offline XML KYC, and bank account verification via Cashfree Payments India Pvt. Ltd. (RBI-licensed).

📋

Manual Verification

For customers not covered by automated flows — document upload via customer portal reviewed by our compliance team within 1–2 business days.

🤝

MOU / Enterprise KYC

Enterprise, government, and institutional customers may submit KYC under a Memorandum of Understanding (MOU) or formal contract signed by an authorised representative.

Accepted Identity Documents

🇮🇳 India

Aadhaar Card (Offline XML — masked, not biometric/OTP)

PAN Card (mandatory for billing above ₹50,000)

Passport

Voter ID (EPIC)

Driving Licence

🌍 International

Passport (any country)

National ID Card (EU / UK / USA)

Driver's Licence

Business Registration Certificate (for companies)

KYC Requirements

9.1KYC is required before activation of bare metal servers, colocation services, reseller accounts, and accounts placing orders above ₹1,00,000 / $1,200 / £950 in a single transaction.

9.2Aadhaar-based KYC is accepted only in the offline XML format (no biometric or OTP-based Aadhaar authentication is used) in compliance with the Supreme Court judgment in Justice K.S. Puttaswamy v. Union of India (2018) and UIDAI guidelines.

9.3PAN Card verification is mandatory for Indian customers whose aggregate annual transactions with HostupCloud exceed ₹50,000, in accordance with the Income Tax Act, 1961.

9.4KYC documents are stored encrypted, access-controlled, and retained for 5 years as mandated by CERT-In Directions 70B (2022) and PMLA rules.

9.5MOU / enterprise KYC arrangements must be countersigned by an authorised signatory and accompanied by a Certificate of Incorporation or equivalent company registration document.

9.6Services will not be activated or will be suspended if KYC is requested but not completed within 7 days of the request.

9.7HostupCloud does not accept KYC documents that appear altered, expired, or inconsistent with other provided information.

KYC data is processed solely for identity verification and regulatory compliance. It is never shared with third parties except the KYC service provider (Stripe / Cashfree) under a Data Processing Agreement, or when required by law (PMLA, CERT-In, law enforcement with valid process).

CERT-In Compliance — IT Act 2000 Section 70B

HostupCloud Technolabs Private Limited (India entity) is classified as an intermediary and cloud service provider under the Information Technology Act, 2000 and is subject to the CERT-In Directions under Section 70B — Directions 70B dated 28 April 2022 issued by the Indian Computer Emergency Response Team (CERT-In), Ministry of Electronics & Information Technology (MeitY). The following mandatory obligations are fulfilled:

🚨

Cyber Incident Reporting

Mandatory reporting of 20 specified types of cyber security incidents to CERT-In within 6 hours of detection/notification, as per the CERT-In Directions 70B (2022).

📋

Log Retention — 180 Days

All ICT system logs (server logs, access logs, authentication logs, network logs) are retained in India for a minimum of 180 days rolling, as mandated. Logs are stored on Indian-jurisdiction servers.

🕐

NTP Clock Synchronisation

All ICT infrastructure is synchronised with the National Informatics Centre (NIC) NTP server (time.gov.in) or STQC-approved NTP source, as required by CERT-In Directions.

🗄️

Subscriber / Customer Data — 5 Years

Customer registration information, KYC records, IP address logs, and transaction records of Indian subscribers are retained for a minimum of 5 years as required under CERT-In Directions 70B.

👤

Designated Point of Contact

A designated officer has been appointed as HostupCloud's point of contact with CERT-In for receipt and processing of directions, orders, and incident reports.

☁️

VPN & Cloud Provider Obligations

As a cloud service provider and VPN-adjacent operator, HostupCloud maintains validated customer names, addresses, contact numbers, email IDs, IP addresses, subscription details, and purpose of service for all subscribers, per Directions 70B.

Customer Obligations under CERT-In

10.1Customers using HostupCloud infrastructure to provide services to end-users (resellers, SaaS providers, etc.) are independently responsible for their own CERT-In compliance obligations.

10.2Customers must report any cyber security incident affecting HostupCloud infrastructure to abuse@hostupcloud.com immediately and not later than 6 hours after becoming aware.

10.3Customers must not interfere with, disable, or modify HostupCloud's logging and monitoring systems, which are maintained for CERT-In compliance.

10.4Customers using VPN services hosted on HostupCloud infrastructure must ensure their end-user records are maintained in compliance with CERT-In Directions 70B if they are an Indian intermediary.

Full text of the CERT-In Directions under Section 70B of the IT Act 2000, dated 28 April 2022, is available at cert-in.org.in. Non-compliance may attract penalties under Section 70B(7) of the IT Act 2000.

Questions about these policies?

For policy clarifications, abuse reports, or compliance enquiries, contact the relevant team below.

Report Abuse Legal / Compliance Open a Support Ticket