Acceptable Use Policy.

NineHost hosts a wide range of legitimate websites, applications and services. We do not micro-manage what our customers run, but we cannot host content or activity that is unlawful, that endangers others, that damages the internet, or that puts our infrastructure or other customers at risk. This Acceptable Use Policy (the "AUP") describes the boundary.

The AUP forms part of our Terms of Service and applies to all Services you use, including content stored, transmitted or hosted on our infrastructure, whether by you or by your end-users.

You may not use the Services to store, transmit, distribute or facilitate:

• Content or conduct that violates Hong Kong law, the law of the customer's place of residence, the law of the data centre's jurisdiction, or the law of any place where the content is made available.
• Child sexual abuse material (CSAM) of any kind. We report CSAM immediately to the relevant authorities (NCMEC, INHOPE) and to the Hong Kong Police Force.
• Terrorism financing, incitement to violence, or material designated terrorist content under applicable law.
• Fraud, phishing, identity theft, illegal financial schemes, money-laundering or sanctions evasion.
• Unauthorised distribution of copyrighted material, counterfeit goods, leaked credentials or stolen data.
• Unlicensed regulated activity (e.g. unlicensed pharmacies, unlicensed gambling targeting jurisdictions where unlicensed).

You may not use the Services to:

• Launch denial-of-service (DoS / DDoS) attacks, amplification attacks or coordinated traffic floods against any third party.
• Distribute malware, ransomware, spyware, keyloggers, rootkits, viruses or "stresser" / booter services.
• Conduct unauthorised vulnerability scanning, brute-force attacks, credential stuffing or port scanning against systems that have not authorised you in writing.
• Host phishing pages or command-and-control (C2) infrastructure.
• Spoof IP, MAC or email headers; bypass our network controls; or run open relays, open proxies or open DNS resolvers.
• Mine cryptocurrency on shared, WordPress or VPS plans (Bare Metal plans permit it where the workload is properly disclosed at order time and electricity-billed accordingly).

You may not use NineHost mail or HTTP infrastructure to send unsolicited bulk messages of any kind ("spam"), including via SMS, email or messaging APIs. Specifically:

• You may only send marketing email to recipients who have explicitly opted in, with a clear unsubscribe mechanism in every message and accurate sender identification.
• Mail must comply with CAN-SPAM, CASL, Hong Kong's UEMO (Unsolicited Electronic Messages Ordinance) and applicable EU laws.
• Outbound SMTP from shared and WordPress hosting is subject to per-domain rate limits (typically 200 messages per hour). Higher volume requires a dedicated mail-server add-on or use of a transactional-email provider (Resend, SendGrid, Postmark).
• Mailing lists used on our infrastructure must use double opt-in confirmation. Single opt-in mass mailings are prohibited.

Shared and managed-WordPress plans are exactly that — shared. To keep things fair:

• Long-running CPU-intensive processes (training jobs, image rendering, video encoding) should run on a VPS or Bare Metal plan, not on shared hosting.
• "Unlimited" claims on shared plans refer to reasonable web-hosting usage. Sustained use of more than 25% of a shared CPU or 1 GB of RAM may be moved to VPS at our suggestion.
• You may not use storage primarily as a generic cloud-storage / backup target (e.g. uploading 500 GB of video archives to a 50 GB shared plan).

VPS and Bare Metal plans have explicit resource caps and are not subject to fair-use limits within those caps.

Any content or activity involving the sexual exploitation, endangerment or abuse of minors is grounds for immediate termination without refund and is reported to the relevant authorities. We cooperate fully with NCMEC, INHOPE, the Hong Kong Police Force and equivalent international agencies.

You are responsible for ensuring that Customer Content does not infringe the intellectual-property rights, privacy rights, publicity rights or other legal rights of any third party. We respond to validly issued DMCA take-down notices and equivalent procedures in other jurisdictions; see our abuse-reporting page.

The following uses are permitted only with prior written approval and may be subject to additional terms:

• Cryptocurrency mining: Bare Metal only; disclose at order time.
• Cryptocurrency exchanges or custodial wallets: requires KYC / AML compliance evidence.
• Online gambling, sports betting, lottery: requires valid licence covering all jurisdictions where you operate.
• Adult content: permitted where lawful and clearly age-gated; pornography involving minors is absolutely prohibited (see § 6).
• Firearms, ammunition, weapons retail: requires applicable licences.

Where we have reasonable grounds to believe the AUP has been breached, we will take proportionate action:

• Notice & cure (most cases): we contact you with details of the suspected breach and a deadline (usually 24–72 hours) to remediate.
• Suspension: we may suspend the affected Service immediately where (a) you do not remediate by the deadline, (b) the breach is causing ongoing harm, or (c) we are required to act by law.
• Termination: repeated, severe, or unremediable breaches result in termination of the account without refund.
• Emergency action: in extreme cases (active CSAM, large-scale DDoS, court order) we suspend immediately without prior notice and provide notice as soon as practicable.

You may appeal any enforcement action by writing to [email protected] within 14 days; we respond within 7 business days.

If you believe a service hosted on NineHost is breaching this AUP, report it via:

• Our abuse-reporting form.
• Email [email protected].
• For DMCA / copyright take-downs: [email protected] with a properly formatted notice.

Time-to-action targets: CSAM and active attacks < 1 hour; phishing < 4 hours; copyright < 24 hours; other < 72 hours.

Questions about this AUP: