Acceptable Use Policy (AUP)

1. Overview and Purpose

This Acceptable Use Policy ("AUP") defines prohibited activities and usage guidelines for all Pyro Inc. ("Pyro") cloud infrastructure and hosting services, including multiplayer server hosting, VPS hosting, web hosting, and related infrastructure services. This AUP is incorporated into and forms part of our Terms of Service and applies to all customers and their end users.

2. General Principles and Community Standards

2.1 Responsible Use Philosophy

All customers must use Pyro services in a lawful, responsible manner that:

Respects the rights and safety of other users and third parties
Maintains the security and integrity of our shared infrastructure
Complies with applicable laws, regulations, and industry standards
Preserves the reputation and business relationships of our community

2.2 Community Standards

Customers are encouraged to operate their hosted communities responsibly and to report security issues and policy violations promptly through the channels in Section 8. Binding requirements are set out in Sections 3 and 4.

2.3 Content Philosophy

We do not proactively monitor customer content (see Section 4.1). However, the content and activities prohibited in Sections 3 and 4 are not permitted and may be removed or restricted, and accounts may be subject to enforcement under Sections 4 and 5. Within those limits, we encourage responsible content creation that:

Avoids promoting hatred, harassment, or discrimination against individuals or groups
Considers the impact on community members and other users
Respects intellectual property rights and legal obligations
Maintains appropriate standards for diverse, global audiences

3. Prohibited Activities and Content

3.1 Illegal Content and Criminal Activities

Strictly Prohibited Criminal Content

Child sexual abuse material (CSAM) or any content exploiting minors
Grooming, sexual solicitation, sextortion, trafficking, coercion, or predatory conduct involving minors
Requests for, attempts to obtain, distribution of, or threats to distribute intimate or sexual images of minors, whether real, synthetic, or manipulated
Human trafficking, exploitation, or modern slavery content
Content promoting or facilitating terrorism, violent extremism, or hate crimes
Drug trafficking, illegal substance distribution, or controlled substance sales
Money laundering, fraud, identity theft, or other financial crimes
Content facilitating or promoting illegal weapons sales or trafficking

Unauthorized Access and Hacking

Hacking, cracking, or unauthorized penetration testing of third-party systems
Distribution of malware, viruses, ransomware, or exploitation tools
Unauthorized access to systems, networks, accounts, or data
Social engineering, phishing, or credential harvesting attacks
Distribution or sale of stolen data, credentials, or personal information

Intellectual Property Violations

Copyright infringement, including distribution of pirated software, media, or content
Trademark violations, counterfeiting, or brand impersonation
Trade secret theft or unauthorized disclosure of proprietary information
Patent infringement or unauthorized use of protected technologies
Circumvention of digital rights management (DRM) or copy protection systems

3.2 Network and Infrastructure Abuse

Denial of Service Attacks

Distributed Denial of Service (DDoS) attacks against any target
Network flooding, bandwidth exhaustion, or protocol abuse
Botnet operation, coordination, command and control activities
Amplification attacks, reflection techniques, or attack infrastructure
Stress testing or load testing of third-party systems without authorization

Security Threats and Exploitation

Vulnerability scanning or penetration testing without explicit authorization
Port scanning, network reconnaissance, or unauthorized system probing
Exploitation of security vulnerabilities for malicious purposes
Distribution of zero-day exploits or advanced persistent threat (APT) tools
Compromise of third-party systems or lateral movement activities

Network Infrastructure Abuse

Excessive bandwidth usage that significantly impacts other customers
Network protocol manipulation, packet crafting, or traffic interception
Routing table manipulation, BGP hijacking, or network redirection
IP address spoofing, source address falsification, or traffic amplification
Unauthorized monitoring, interception, or analysis of network traffic

3.3 Communication and Spam Abuse

Email and Messaging Spam

Sending unsolicited bulk email (spam) or commercial messages
Email harvesting, scraping, or automated address collection
Mail relay abuse or unauthorized use of third-party mail servers
Phishing, spoofing, brand impersonation, or deceptive messaging
Distribution of spam tools, services, or infrastructure

Multi-Platform Spam Activities

SMS, social media, instant messaging, or forum spam
Comment spam, review manipulation, or artificial SEO enhancement
Automated posting, content generation, or engagement manipulation
Affiliate marketing abuse, deceptive advertising, or fraudulent promotions
Cross-platform spam campaigns or coordinated inauthentic behavior

3.4 Resource Abuse and Service Exploitation

Cryptocurrency and Computational Abuse

Cryptocurrency mining, including on shared hosting, game-server, web, database, or VPS plans, except where a specific plan or written agreement expressly permits it
GPU mining, ASIC operation, or specialized mining hardware deployment
Mining pool participation from shared resources or bandwidth
Blockchain validation, consensus participation, or distributed computing abuse
Unauthorized use of computational resources for profit-generating activities

Excessive Resource Consumption

CPU, memory, storage, or network usage that significantly impacts other customers
Resource-intensive processes designed to consume maximum available capacity
Inefficient applications, infinite loops, or deliberate resource exhaustion
Storage of excessive quantities of inactive, redundant, or unnecessary data
Fork bombs, process multiplication, or system resource exhaustion attacks

Service and Platform Abuse

Creating multiple accounts to circumvent resource limits or usage restrictions
Reselling services without proper authorization or licensing agreements
Automation abuse of free trials, promotional offers, or service credits
Violation of service-specific usage quotas, rate limits, or fair use policies
Circumvention of security measures, access controls, or usage monitoring

3.5 VPS Restrictions and Adult Content Standard

Prohibited VPS Applications

Open proxies, SOCKS proxies, or anonymous proxy services for third parties
VPN services that violate other providers' terms of service or legal requirements
TOR exit nodes, onion routing, or anonymization services
Illegal file sharing via BitTorrent, P2P networks, or similar protocols
Operation, hosting, sale, or advertising of "booter," "stresser," or DDoS-for-hire services, and distribution of game-server crasher, exploit, or denial-of-service tools
Sexually explicit or adult content that does not meet the conditions in Section 3.5.1; escort, prostitution, or sex-trafficking facilitation services
Unlicensed gambling services, casino operations, or betting platforms
High-frequency trading systems designed to manipulate financial markets

3.5.1 Lawful Adult Content Standard

This standard applies to all Pyro services, not only VPS services. Lawful, age-restricted adult content (including sexual education and lawful sexually explicit material) is permitted only where it:

Is legal in the United States and in the jurisdictions where it is hosted, published, and accessed
Complies with applicable age-verification and record-keeping requirements, including 18 U.S.C. § 2257 and applicable state age-verification laws (such as Texas HB 1181) in each jurisdiction of hosting, publication, and access
Is age-gated so it is not accessible to minors, including by meeting applicable age-assurance and online-safety requirements in the jurisdictions of access (for example, the highly effective age-assurance duties under the UK Online Safety Act 2023 where the content is accessible from the United Kingdom)
Complies with the terms of our payment processors and upstream providers
Is not hosted on, linked from, or sharing a player-facing domain, service instance, or game community with any service directed to or likely to be accessed by children, and for which you can produce, on lawful request, the records and custodian-of-records information required by 18 U.S.C. section 2257 where it applies

The following remain strictly and absolutely prohibited regardless of this standard: child sexual abuse material or any content exploiting minors, content facilitating prostitution or human trafficking, and any content that violates payment-processor terms or applicable law. Lawful adult content and sex education are not, by themselves, prohibited.

Root Access Responsibilities

Customers with administrative access are responsible for:

All system security, including patches, updates, and configuration management
Monitoring for compromise and immediate notification of security incidents
Compliance with this AUP despite having elevated privileges
Implementation of appropriate security controls and access management
Regular security assessments and vulnerability management

3.6 Server Hosting Content Guidelines

Prohibited Content Categories

Hateful symbols, speech, imagery, or content promoting discrimination based on protected characteristics
Sexually explicit content accessible to minors or that otherwise fails to meet the Lawful Adult Content Standard in Section 3.5.1
Content glorifying real-world violence, terrorism, or promoting harmful activities
Harassment, doxxing, stalking, or targeted abuse of individuals or groups
Misinformation campaigns, coordinated inauthentic behavior, or deceptive practices

3.7 Artificial Intelligence, Automated Content, and Platform-Specific Rules

Prohibited AI Activities

AI systems that violate applicable laws including EU AI Act requirements
AI systems or automated tools used for malware, phishing, credential theft, spam, harassment, unlawful surveillance, evasion of law-enforcement or platform safeguards, or other activity prohibited by this AUP
Automated content generation that infringes copyright or violates platform terms
AI training on copyrighted material without authorization or another lawful basis, exception, or limitation
Deepfakes or synthetic media designed to deceive or manipulate
AI systems that discriminate against protected classes or violate privacy laws
Automated decision-making systems affecting individuals without required transparency

Required for AI Deployments

Compliance with applicable AI content labeling requirements
Implementation of appropriate safeguards for high-risk AI applications
Respect for robots.txt files, website terms, and machine-readable rights reservations where legally or contractually applicable

Platform-Specific Violations

Cheating tools, exploits, unauthorized modifications, or terms of service violations
Using hosting services for non-intended purposes or circumventing platform restrictions
Commercial use without appropriate licensing from content creators or platform holders
Modification of software to bypass publisher restrictions, DRM, or access controls
Distribution of unauthorized copies, cracks, or modified versions of proprietary software

Game-Publisher and Server Rules

If you host a third-party game server (including Minecraft), you must comply with that publisher's end-user license agreement and its server, monetization, commercial, usage, and brand rules, as amended or renamed from time to time. For Minecraft, this includes Mojang/Microsoft's End User License Agreement and Minecraft Usage Guidelines. You are solely responsible for this compliance; we grant no license to any game or its assets, make no representation about your compliance, and your server may be blacklisted by the publisher independently of us.
Where the publisher's license requires it, you must not configure a server to admit players who do not hold a genuine, licensed copy of the game (for example, running Minecraft in offline or "cracked" mode to allow non-authenticated clients), and you are responsible for ensuring connecting players are authenticated as the publisher requires.
You must hold the necessary license to install, host, and (where applicable) redistribute any mods, plugins, modpacks, server software, datapacks, or game assets, and must honor any no-redistribution, no-reupload, or no-monetization conditions set by the author or distribution platform (for example, CurseForge, Modrinth, or the author's license).
If Pyro provides a convenience installer, template, or migration tool for a modpack or server package, that tool does not grant you any license to the underlying content and does not override the author's or platform's distribution rules. Where we operate an automated installer or migration tool that fetches third-party content, we honor the distribution restrictions published by the source platform (such as a project's third-party-distribution setting on CurseForge or Modrinth) and will not fetch content flagged as not redistributable through that channel; you remain responsible for confirming your right to install and host any other content.
For Minecraft and similar titles, in-server monetization must comply with the publisher's commercial rules: no pay-to-win or paid gameplay advantage (cosmetic items, perks, and donations only); any in-game currency must have no real-world cash value and be non-transferable; pricing must be uniform; paying users must hold a genuine licensed copy of the game; and content must be suitable for the game's audience. All content, perks, and pricing must be disclosed to players before they join or pay. Compliance is your responsibility; we do not monitor or audit monetization.

Game Publisher Brands and Assets

If you use a publisher's name, brand, or assets (for example, Minecraft), you must follow that publisher's brand guidelines, must make clear that your server is not operated, endorsed by, or affiliated with the publisher (and must not use the publisher's name as the dominant element of your server's name), must not imply any affiliation with Pyro, and acknowledge that all such marks belong to their respective owners.

Operator Responsibility for Services Likely Accessed by Children

If your hosted service allows users to interact with one another and is likely to be accessed by children, then as between you and Pyro, you are responsible for operating that service in compliance with applicable child-safety and children's-data laws, which may include (as applicable) the UK Online Safety Act, the UK Age-Appropriate Design Code ("Children's Code"), EU minor-protection requirements and GDPR Article 8, and the US Children's Online Privacy Protection Act. This may require age assurance, content moderation, and high-privacy and safety defaults. Pyro remains responsible for obligations that apply to Pyro's own services and account data. We provide unmanaged infrastructure only and do not monitor your service (see Section 10.7 of the Terms of Service). We may suspend, restrict, or terminate a hosted service if we obtain actual knowledge that you are operating a child-directed or child-accessed service in material violation of applicable child-safety or children's-data law.

Community Management Requirements

Hateful content reported by users may be subject to removal requests with advance warning
Immediate action may be taken for severe violations involving illegal content or serious harm
Community moderators should implement appropriate content policies and enforcement
Server administrators are responsible for monitoring and managing user-generated content

4. Content Oversight and Monitoring

4.1 Content Review Approach

No Proactive Monitoring: We do not systematically monitor customer content or communications
Reactive Investigation: Content reviewed in response to abuse reports, legal requirements, or security concerns
Automated Detection: Limited automated systems may flag potential violations for human review
Manual Review: Trained staff review flagged content following established guidelines and legal requirements

4.1.1 Child Safety and CSAM Reporting

Upon obtaining actual knowledge of, or a report concerning, apparent child sexual abuse material (CSAM), online enticement, child sex trafficking, or another reportable child sexual exploitation offense on our services, we will preserve the relevant data and report to the National Center for Missing & Exploited Children (NCMEC) CyberTipline as required by 18 U.S.C. § 2258A.

We will cooperate with law enforcement and, where applicable, with child-safety regimes such as the UK Online Safety Act and EU requirements. Apparent CSAM is removed immediately and the responsible account is terminated. Our general practice of not proactively monitoring customer content (Section 4.1) does not limit these mandatory reporting and preservation obligations.

Where we become aware of information giving rise to a suspicion that a criminal offense involving a threat to the life or safety of a person has taken place, is taking place, or is likely to take place, and the EU Digital Services Act requires reporting, we will promptly inform the competent law-enforcement or judicial authorities and provide the relevant information available to us.

We provide unmanaged hosting infrastructure and do not have a general obligation to monitor content. On obtaining actual knowledge or awareness of illegal content through the reporting channels in Section 8, a valid authority order, or our own review, we act expeditiously to remove or disable access to it. We intend to conduct voluntary, good-faith investigations and the limited automated detection described in Section 4.1 consistently with any applicable intermediary-liability rules, including under the EU Digital Services Act.

4.2 Content Removal Procedures

DMCA Copyright Compliance: Copyright takedown requests processed according to Digital Millennium Copyright Act procedures
Abuse Report Investigation: We review reports based on severity, legal priority, available information, and operational capacity, with appropriate follow-up actions
Legal Compliance: Immediate compliance with valid court orders, legal process, and regulatory requirements
Emergency Removal: Immediate action for content posing imminent harm, safety risks, or legal violations

4.3 Appeals and Dispute Resolution

Content Removal Appeals: Customers may appeal content removal decisions through our support channels. Where we remove or disable access to content of a recipient in the EU/EEA, we provide the affected recipient a clear statement of reasons identifying the ground for the action, the facts and circumstances relied on, and the available appeal and redress options, consistent with our obligations as a hosting provider under the EU Digital Services Act.
Counter-Notification Process: DMCA counter-notification procedures available for disputed copyright claims
Review Process: Appeals reviewed by senior staff with expertise in relevant legal and policy areas
Restoration Procedures: Legitimate content restored promptly following successful appeals

5. Enforcement Framework and Penalties

5.1 Statement of Reasons

Where we restrict the visibility of content, or suspend or terminate a service or account, on grounds of illegality or breach of these policies, we provide the affected recipient a clear statement of reasons on a durable medium (by email or support ticket) covering:

The action taken, including whether it restricts content visibility, monetary payments, service access, or account access, and the territorial scope and duration of the restriction where relevant
The facts and circumstances relied on, including whether the action followed a third-party notice or our own initiative and whether automated means were used
The legal or contractual ground and why the content or conduct was considered illegal or incompatible with our terms
Information about redress, including the internal appeal process (Sections 4.3 and 5.4) and the availability of judicial or out-of-court remedies

We may withhold or delay a statement of reasons for unsolicited commercial content (spam) or where providing it is prohibited by law or would prejudice an active investigation (for example, in a CSAM or law-enforcement matter).

5.2 Violation Response Procedures

Initial Response (Minor Violations)

Warning notice with specific details about the violation and required corrective actions
Reasonable time to address violations and implement compliance measures, unless faster action is required by law, safety, security, or platform integrity
Guidance and support provided for achieving compliance with policies
Follow-up monitoring to ensure sustained compliance and prevent recurrence

Escalated Response (Moderate Violations)

Suspension of specific services or features while maintaining account access for resolution
Implementation of resource limitations, access restrictions, or enhanced monitoring
Required additional verification, compliance measures, or security improvements
Reasonable remediation steps before service restoration

Severe Response (Critical Violations)

Immediate account suspension without prior notice for serious policy violations
Service termination, content removal or disablement, data preservation, deletion, or export restrictions for ongoing or severe violations, subject to applicable law, legal holds, and the retention terms in our agreements
Cooperation with law enforcement agencies when required by applicable law
Legal action for significant damages, ongoing violations, or criminal activities

5.3 Violation Severity Classification

Minor Violations (Warning and Correction)

Unintentional resource abuse or configuration issues without malicious intent
Accidental policy violations with quick resolution and customer cooperation
Minor community guideline violations with limited impact on other users
Technical misconfigurations causing issues but demonstrating good faith efforts to comply

Moderate Violations (Suspension and Remediation)

Repeated minor violations after warnings and opportunities for correction
Intentional resource abuse or service disruption affecting other customers
Spam, abuse, or inappropriate content affecting our services or user community
Non-compliance with content removal requests or policy guidance

Severe Violations (Immediate Termination)

Illegal content, particularly CSAM, terrorism-related material, or serious criminal activity
DDoS attacks, hacking attempts, or security threats against our infrastructure or third parties
Repeated moderate violations indicating a pattern of abuse or intentional non-compliance
Activities causing significant harm to other customers, our infrastructure, or public safety

5.4 Appeals and Remediation Process

Customers may appeal enforcement actions by:

Timely Appeal: Submit a ticket at portal.pyro.host or email support@pyro.host within 30 days of the enforcement action
Detailed Explanation: Providing a specific explanation of circumstances and planned corrective measures
Supporting Evidence: Submitting relevant documentation, evidence, or third-party validation
Compliance Commitment: Agreeing to appropriate remediation, monitoring, or compliance measures
Senior Review: Appeals reviewed by senior staff and legal counsel when appropriate

Notice submitters may also request review of our decision on an illegal-content notice by emailing abuse@pyro.host or submitting a ticket within thirty (30) days after our decision. We will review the request through a non-automated process appropriate to the nature of the report. This voluntary review process does not create obligations that apply only to online platforms unless those obligations apply to Pyro by law.

6. Resource Usage Guidelines and Fair Use

6.1 Computational Resource Standards

CPU Usage Guidelines

Sustained high CPU usage should be proportional to your service tier and resource allocation
CPU-intensive processes should be optimized and not monopolize shared infrastructure resources
Background tasks and maintenance operations should be scheduled during low-usage periods
Mining, password cracking, brute force attacks, and similar intensive activities are strictly prohibited

Memory Usage Standards

Memory allocation and usage should not exceed allocated limits or fair use guidelines
Memory leaks, inefficient usage patterns, and resource hoarding should be promptly addressed
Shared hosting customers should monitor memory consumption and optimize applications accordingly
Excessive swap usage should be minimized to prevent performance impact on shared infrastructure

Storage Usage Policies

File storage should be used for legitimate business, personal, or application purposes
Backup data should be compressed, deduplicated, and efficiently managed when possible
Temporary files, logs, and cache data should be regularly cleaned and maintained
File sharing and distribution should comply with copyright laws and intellectual property requirements

Network Bandwidth Guidelines

Bandwidth usage should be consistent with legitimate service purposes and allocated resources
Sustained maximum bandwidth usage may be subject to review and potential limitations
High-bandwidth applications should implement appropriate optimization and efficiency measures
Content distribution networks (CDNs) and optimization techniques are encouraged for high-traffic applications

6.2 Monitoring and Resource Management

Usage Alerts: Where supported, customers may receive alerts when resource usage approaches allocated limits
Usage Reporting: Usage information is available through the account dashboard for supported services
Resource Upgrades: Some configurations support automatic scaling or resource upgrades
Optimization Support: Self-serve documentation and best-effort guidance for resource optimization

7. Third-Party Integration and API Usage

7.1 External Service Dependencies

When integrating third-party services, customers must ensure:

Terms Compliance: Full compliance with third-party terms of service and usage policies
Proper Licensing: Appropriate licensing for commercial use and distribution
Security Standards: Maintenance of security and privacy protections for integrated services
Policy Compatibility: Compatibility with our infrastructure policies and technical requirements

7.2 API and Automation Guidelines

Rate Limiting: API usage must comply with published rate limits and usage guidelines
Error Handling: Automated tools should implement appropriate throttling, retry logic, and error handling
Service Integration: Integrations should not compromise security, performance, or stability
Commercial Usage: Commercial API usage may require additional terms, licensing, or approval

7.3 Third-Party Content and Services

Content Responsibility: Customers responsible for all third-party content accessed through our services
Service Dependencies: Understanding and managing risks associated with third-party service dependencies
Compliance Coordination: Ensuring coordinated compliance across all integrated services and platforms
Impact Management: Managing potential impacts of third-party service changes or discontinuation

8. Reporting and Investigation Procedures

8.1 Violation Reporting Channels

Primary Reporting / Abuse: Submit tickets at portal.pyro.host or email abuse@pyro.host with subject line "AUP Violation Report"
Security Incidents: Submit urgent tickets at portal.pyro.host or email security@pyro.host marked as urgent
DMCA Copyright: dmca@pyro.host with complete DMCA takedown notice
Legal Matters: legal@pyro.host for law enforcement coordination and legal compliance
Emergency Issues: For child-safety reports, imminent threats to life or safety, or other urgent illegal content, submit a priority ticket marked urgent or email abuse@pyro.host with "Emergency Child Safety" or "Emergency Safety" in the subject line

8.1.1 Reporting Illegal Content (EU Digital Services Act)

Any individual or entity may notify us of content they consider illegal by submitting a report through portal.pyro.host or to abuse@pyro.host. To enable us to act, your notice should include:

A sufficiently substantiated explanation of why you consider the content illegal
The precise electronic location of the content, such as the URL, domain, or IP address
Your name and email address, except for reports concerning suspected child sexual abuse material or other child-exploitation offenses, which may be submitted without them
A statement confirming your good-faith belief that the information in the notice is accurate and complete

Where your notice contains your electronic contact details, we will confirm receipt without undue delay. We will then process your notice in a timely, diligent, non-arbitrary, and objective manner, and notify you of our decision without undue delay. Decision notices will tell you how to seek review of our decision, including the request-for-review process in Section 5.4 and your ability to pursue judicial or out-of-court remedies, and will state, where applicable, whether automated means materially affected the decision. A sufficiently substantiated notice may give us actual knowledge or awareness of the content for liability purposes.

8.2 Required Reporting Information

Effective abuse reports should include:

Detailed Description: Specific description of the suspected violation and its impact
Service Identification: Specific services, IP addresses, domains, or account information involved
Timeline Information: Date, time, duration, and frequency of observed activities
Supporting Evidence: Logs, screenshots, communications, or other relevant documentation
Reporter Information: Your contact information and relationship to the reported matter
Requested Action: Specific action requested and urgency level of the report

8.3 Investigation and Response Process

Initial Acknowledgment: Confirmation of report receipt as promptly as practicable
Preliminary Investigation: Initial assessment based on severity, legal priority, available information, and operational capacity
Customer Notification: Notification to affected customers with opportunity to respond
Detailed Investigation: Further review with technical analysis and evidence review where needed
Final Determination: Decision on enforcement action with clear explanation and next steps
Follow-Up Monitoring: Ongoing monitoring for compliance and prevention of recurrence

9. Legal Compliance and Regulatory Requirements

9.1 Multi-Jurisdictional Compliance

Customers must comply with applicable laws in:

Primary Jurisdiction: Country of residence, citizenship, or primary business operation
Content Jurisdiction: Jurisdiction where content is published, accessed, or distributed
Service Jurisdiction: United States federal law and Delaware state law governing our services
International Requirements: European Union regulations, international treaties, and cross-border legal obligations

9.2 Export Control and Sanctions Compliance

Export Regulations: Compliance with U.S. Export Administration Regulations (EAR) and International Traffic in Arms Regulations (ITAR)
OFAC Sanctions: Ongoing compliance with Office of Foreign Assets Control sanctions and screening requirements
Restricted Entities: Prohibition on providing services to sanctioned countries, individuals, or organizations
Technology Transfer: Restrictions on transfer of certain technologies, software, or technical data

9.3 Industry-Specific Regulations

Customers are responsible for determining whether their workloads are subject to regulated-industry requirements, including healthcare, financial-services, education, government, payment-card, export-control, or data-protection rules.

Pyro provides unmanaged infrastructure and does not provide managed compliance services. Unless Pyro expressly agrees in writing for a specific service, the services are not intended for workloads that require HIPAA-regulated business associate services, PCI DSS cardholder-data environments, FERPA school-official processing, FedRAMP-authorized infrastructure, or similar regulated hosting commitments.

10. Policy Updates and Communication

10.1 Policy Modification Process

This AUP may be updated to address:

Emerging Threats: New types of abuse, security threats, or technological risks
Legal Changes: Updates to applicable laws, regulations, or legal requirements
Industry Standards: Changes in common abuse-prevention and security practices
Technology Evolution: Changes in technology affecting service delivery or security
Customer Feedback: Input from customers and community regarding policy effectiveness

10.2 Change Notification Process

Material Changes: 30 days advance notice via email for changes affecting customer rights or obligations
Minor Clarifications: Implementation of clarifications and improvements without advance notice
Emergency Updates: Immediate implementation for urgent security, safety, or legal compliance requirements
Customer Acceptance: Acceptance, termination rights, and the effect of continued use are governed by Section 15.1 of the Terms of Service; urgent security, safety, or legal updates may apply prospectively when posted or notified
Termination Rights: Customers may terminate services if policy changes are unacceptable

10.3 Policy Communication Channels

Email Notifications: Direct email communication to registered customer addresses
Website Updates: Policy changes posted prominently on our website and customer portals
In-Service Notifications: Account dashboard alerts and notifications for significant changes
Documentation Updates: Documentation updates with change logs and effective dates where appropriate

11. Education and Compliance Support

11.1 Customer Education Resources

Policy Documentation: Documentation explaining policies and compliance requirements
Guides: Educational resources covering security, compliance, and optimization
Educational Materials: Occasional educational materials on compliance, security, and policy updates
Community Forums: Peer support and knowledge-sharing platforms for customers
Technical Support: Best-effort support guidance

11.2 Compliance Assistance Programs

We do not provide managed compliance, professional consulting, or security-assessment services. The following are best-effort resources only and may change:

Onboarding Support: Policy orientation materials for new customers
Self-Serve Resources: Documentation and guides to help you implement appropriate policies and procedures

Nothing in this Section 11 creates a service-level commitment, a professional-services engagement, or a warranty; these resources are provided "as is."

12. International Considerations

12.1 Cross-Border Data Transfer

Data Localization: Compliance with data residency and localization requirements
Transfer Mechanisms: Appropriate safeguards for international data transfers
Regulatory Coordination: Coordination with multiple regulatory frameworks and authorities
Customer Obligations: Customer responsibilities for cross-border compliance

13. Enforcement Coordination

13.1 Law Enforcement Cooperation

Legal Process Response: Prompt response to valid legal process and court orders
Criminal Investigation Support: Cooperation with legitimate criminal investigations
Information Sharing: Appropriate information sharing with law enforcement when legally required
Documentation Preservation: Preservation of evidence and documentation for legal proceedings

13.2 EU/EEA Authority Orders (Digital Services Act)

On receipt of a qualifying order from an EU/EEA judicial or administrative authority to act against a specific item of illegal content (Article 9 of the Digital Services Act) or to provide information (Article 10), we will acknowledge receipt where required, where the order meets the applicable conditions of the Digital Services Act give effect to it without undue delay (seeking clarification first where it does not), and inform the issuing authority of the action taken and when it was taken.

Unless prohibited by law or unless doing so would prejudice an investigation, we will also inform the affected customer of the order, its territorial scope where relevant, the action taken, and the redress available to them.

13.3 Industry Collaboration

We cooperate with law enforcement (Section 13.1) and may, where practical, participate in industry security and abuse-mitigation efforts.

14. Privacy and Confidentiality

14.1 Investigation Privacy

Customer Privacy: Protection of customer privacy during investigations and enforcement actions
Confidential Information: Appropriate handling of confidential information during reviews
Data Minimization: Collection and review of only necessary information for investigations
Information Security: Secure handling and storage of investigation materials and evidence

14.2 Communications

Process Information: Information about investigation processes and procedures where appropriate
Decision Explanation: Explanation of enforcement decisions and rationale where appropriate
Appeal Information: Information about appeal processes and requirements
Policy Clarity: Updates intended to make this AUP easier to understand

15. Contact Information and Support

For questions, reports, or assistance related to this Acceptable Use Policy:

General AUP Questions: legal@pyro.host
Abuse Reports: Submit tickets at portal.pyro.host or email abuse@pyro.host (subject: "AUP Violation Report")
DMCA Copyright Claims: dmca@pyro.host
Security Incidents: Submit urgent tickets at portal.pyro.host or email security@pyro.host (mark as urgent)
Emergency Situations: Submit a priority ticket marked urgent or email abuse@pyro.host for child-safety reports, imminent threats to life or safety, or urgent illegal-content reports
Legal Matters: legal@pyro.host

Business Address

Pyro Inc.
Attention: Legal Department
1604 Philadelphia Pike, Suite 63
Wilmington, DE 19809
United States

Response Targets

These are operational targets unless applicable law requires a shorter deadline.

General Inquiries: Reviewed as promptly as practicable during business days
Abuse Reports: Acknowledgment and review based on severity, legal priority, available information, and operational capacity
Security Incidents: Prioritized by severity, customer impact, and available information
Legal Matters: Reviewed as required by applicable law
Emergency Situations: Prioritized where there is imminent harm or illegal activity

16. Effectiveness and Enforcement

16.1 Policy Scope and Application

This Acceptable Use Policy applies to all customers, their users, applications, content, and activities conducted through or in connection with Pyro services. Violation of this AUP may constitute a material breach of our Terms of Service and may result in graduated enforcement under Section 5. Immediate suspension, restriction, or termination may be used for severe violations, illegal content, security threats, non-payment, legal obligations, or imminent harm.

16.2 Compliance Responsibility

Customer Responsibility: Customers are responsible for ensuring compliance by all users of their services
Education Obligation: Customers must educate their users about applicable policies and requirements
Monitoring Responsibility: Customers should implement appropriate monitoring and compliance measures
Reporting Obligation: Customers should report suspected violations and security incidents promptly

16.3 Policy Review

We review this Acceptable Use Policy based on:

Performance Analysis: Regular analysis of policy effectiveness and enforcement outcomes
Customer Feedback: Input from customers about policy clarity, fairness, and effectiveness
Industry Changes: Changes in technology, threats, and common abuse-prevention practices
Legal Development: Evolution of legal requirements and regulatory expectations
Community Standards: Development of community standards and ethical expectations

This Acceptable Use Policy is incorporated into our Terms of Service and applies to all Pyro services and customer activities. By using our services, you agree to comply with all provisions of this policy.