Acceptable Use Policy

01Purpose and scope

This Acceptable Use Policy (the "AUP") sets out the rules that govern your use of the hosting and infrastructure services (the "Services") provided by Bermuda Solution OÜ, registered in Estonia ("Bermuda", "we", "us", "our"). The Services include, without limitation, virtual private servers (VPS / VDS), dedicated servers, cloud hosting, storage, and managed support delivered through the website https://bermuda-solutions.net (the "Website").

This AUP forms part of the Terms and Conditions and applies to every customer, end user, visitor, and any third party for whose conduct you are responsible (collectively, "you", "your"). By ordering or using the Services you confirm that you have read, understood and agreed to this AUP.

02General principles

You are solely responsible for all activity that occurs on or originates from the Services we allocate to you, regardless of whether that activity is carried out by you, by your employees, by your end users or by anyone else who has been granted access — directly or indirectly — to your account, server or workload.

You must:

• comply with all laws applicable to you, to your end users, to the destination of your traffic, and to the location of our infrastructure (Estonia and the European Union);
• comply with this AUP, the Terms and Conditions, the Privacy Policy and any service-specific documentation;
• act in good faith, without harming Bermuda, our other customers, our infrastructure or any third party.

03Prohibited content and activities

You must not use the Services to host, store, transmit, distribute, link to, advertise, generate or otherwise process any of the following:

3.1Illegal content

• Content that is unlawful under Estonian or European Union law, or under the law applicable to you or your end users.
• Child sexual abuse material (CSAM) or any content that sexualises, exploits or endangers minors in any form.
• Content that incites or facilitates terrorism, violent extremism, genocide, or hatred against persons on the basis of race, ethnicity, religion, nationality, gender, sexual orientation, disability or any other protected characteristic.
• Content that infringes intellectual property rights, including copyright, trademark, patent, trade secret or database rights.
• Content that violates the privacy or personality rights of any person, including unlawful publication of personal data, defamation, libel or revenge-distributed intimate imagery.
• Material that promotes, facilitates or instructs the manufacture or use of weapons of mass destruction, illegal firearms or explosive devices.

3.2Fraud and deception

• Phishing pages, scam landing pages, fake login forms, fake banking sites, fake shops or any site designed to deceive visitors.
• "Pump and dump", high-yield investment programmes (HYIP), Ponzi schemes, fake cryptocurrency offerings, fake ICOs / airdrops, romance scams or business-email-compromise infrastructure.
• Forging, spoofing or otherwise misrepresenting headers, identifiers, sender information, IP addresses or domain ownership.

3.3Malicious software and intrusions

• Creating, hosting, distributing, controlling or testing malware, including viruses, worms, trojans, ransomware, rootkits, keyloggers, stealers, droppers, RATs and stalkerware.
• Operating command-and-control (C2 / C&C) servers, botnet controllers, or infrastructure used to exploit, compromise or maintain unauthorised access to third-party systems.
• Performing unauthorised port scanning, vulnerability scanning, brute-force attacks, credential stuffing, password cracking or any form of unauthorised access attempts against systems you do not own or are not expressly authorised to test.
• Reverse-engineering, probing or interfering with the security of our infrastructure or that of our other customers.

3.4Network abuse

• Launching, participating in, amplifying or facilitating any form of denial-of-service attack (DoS, DDoS, reflection, amplification).
• Spoofing source IP addresses or sending traffic that abuses third-party networks.
• Operating open relays, open proxies, open recursive DNS resolvers or any other service that can be exploited by third parties to attack the network.
• Generating excessive traffic intentionally designed to exhaust shared resources or to harm the performance of other customers.

3.5Spam and unsolicited messaging

• Sending unsolicited bulk or commercial email, SMS, instant messages or push notifications ("spam").
• Sending email in violation of the EU ePrivacy rules, the Estonian Electronic Communications Act or applicable anti-spam laws of the recipient's jurisdiction (including CAN-SPAM and CASL).
• Operating list-washing, bulk mailing or marketing automation infrastructure on the Services without our prior written approval. Even when approved, you must use confirmed opt-in, honour unsubscribe requests immediately, and keep complete consent records.
• Hosting websites or domains advertised through spam, even where the spam itself is sent from elsewhere ("snowshoe" hosting).

3.6Adult and high-risk content

Adult or sexually explicit content is permitted only if all of the following are true:

• the content is fully legal in Estonia and in every jurisdiction where it is made available;
• it depicts only consenting adults (18+) and you hold and can produce age-verification and consent records (e.g. 2257-style documentation);
• it is hosted behind appropriate age gates and content warnings;
• you have informed us in advance, in writing, before deploying such content.

The following are prohibited without exception: any sexual content involving minors, non-consensual content, deepfake intimate imagery, bestiality, content depicting real violence or sexual coercion.

3.7Cryptocurrency, mining and trading

• Cryptocurrency mining (proof-of-work or otherwise) on shared VPS, virtual or cloud plans is prohibited because of its disproportionate impact on shared resources. Mining is only permitted on dedicated servers expressly designated for the purpose and only with our prior written approval.
• Cryptojacking — running miners on the resources of third parties without their informed consent — is strictly prohibited.
• Operating unregistered virtual asset service providers, mixers / tumblers, or services designed to launder the proceeds of crime is strictly prohibited.

3.8Other prohibited uses

• Anonymous public proxies, public VPN exit nodes, Tor exit nodes, or any other open relay service used by unidentified third parties — these may be operated only with our prior written approval and only with adequate abuse-handling procedures.
• IRC servers, file-sharing trackers, "warez" sites or any platform whose primary purpose is the distribution of pirated material.
• Operating gambling, lottery or betting services without all required licences in every jurisdiction where they are offered.
• Selling or supplying medicines, controlled substances, firearms or other regulated goods in violation of applicable law.
• Running "stresser" / "booter" services, regardless of how they are marketed.

04Resource use and fair-use rules

The Services are provided on shared physical infrastructure. To protect all customers:

• you must not intentionally consume resources (CPU, RAM, disk I/O, network) in a way designed to disrupt others;
• "unmetered" or "unlimited" traffic is provided on a fair-use basis and is intended for normal business workloads. We may rate-limit, deprioritise or temporarily suspend traffic that materially harms shared infrastructure, after notifying you where reasonably practicable;
• you must not run benchmarking, stress-testing or load-testing against shared resources without our prior written approval.

05Customer security responsibilities

You must:

• keep your account credentials, SSH keys, API tokens and control-panel passwords confidential and properly secured;
• promptly install security patches, update operating systems and applications under your control, and maintain reasonable hardening of your workloads;
• monitor your servers for compromise and act on any signs of intrusion without delay;
• notify Bermuda without undue delay (and in any event within 72 hours of becoming aware) of any actual or suspected compromise of a server, account or any personal data processed on the Services.

You are responsible for all actions taken via your account, whether authorised by you or not, until the moment we are notified that the credentials have been compromised.

06Cooperation with abuse handling and law enforcement

We take abuse reports seriously. If we receive a credible complaint, court order, request from a competent authority or notice under the EU Digital Services Act, we may:

• forward the complaint to you and require a response within a reasonable deadline (typically 24–48 hours, shorter for urgent abuse such as phishing, CSAM, active malware, or DDoS sources);
• suspend or restrict the affected resource immediately, without prior notice, where the abuse is ongoing, severe or causes risk to third parties or to the network;
• in cases involving CSAM, terrorist content, or active threats to safety, act immediately, preserve relevant evidence and report the matter to the competent authorities, including the Estonian police, CERT-EE and the relevant EU bodies, in accordance with applicable law.

You agree to cooperate with us in good faith in the investigation and resolution of abuse reports.

Reports of abuse can be sent to abuse@bermuda-solutions.net. Reports must include the IP address or domain involved, a description of the abuse, the date and time (with time zone), and any relevant evidence (logs, headers, screenshots).

07Enforcement, suspension and termination

We may, at our sole and reasonable discretion and in proportion to the violation, take any of the following actions if we believe (acting in good faith) that this AUP has been or is being violated:

• request that you remove or remediate the offending content or behaviour within a stated deadline;
• null-route, filter, throttle or otherwise restrict network traffic;
• suspend the affected service, the entire account, or all services associated with the account;
• terminate the agreement under the Terms and Conditions, with or without refund depending on the seriousness of the violation;
• preserve and disclose information to law enforcement, regulators, or affected third parties as required or permitted by law.

Repeated or wilful violations will result in permanent termination and may result in our refusing to provide further Services to you or to entities under your control.

08Liability for AUP violations

You are responsible for any damages, costs, fines, claims or expenses (including reasonable legal fees) suffered by Bermuda or any third party as a result of your violation of this AUP, and you agree to indemnify Bermuda accordingly, subject to the limits set out in the Terms and Conditions.

We are not liable to you for actions we take in good faith under this AUP, including suspension or termination, even where it later turns out that no actual violation occurred.

09Reporting violations

If you observe content or activity hosted on the Services that you believe violates this AUP or applicable law, please send a report to abuse@bermuda-solutions.net. We aim to acknowledge well-formed abuse reports within one business day.

10Changes to this AUP

We may amend this AUP from time to time, in particular to reflect changes in law, in the threat landscape or in our services. The most current version is always available on the Website, with the "Last updated" date shown at the top. Material changes will be notified by email to the account contact at least 14 days in advance, except where a shorter period is required by law or by an immediate threat to security.

11Contact

Bermuda Solution OÜ
Pärnu mnt 139e/2, 11317 Tallinn, Estonia
General: contact@bermuda-solutions.net
Abuse: abuse@bermuda-solutions.net
Telegram: @bermudasolution