ACCEPTABLE USE POLICY (AUP)
Company: Bastile Holding Limited (Hong Kong SAR)
Website: https://cobaltstack.net
Abuse contact: abuse@cobaltstack.net
Last updated / Effective date: 5 Jan 2026
1. Purpose and Scope
This AUP defines prohibited uses of our Services, including software licenses, API services, VPS, dedicated servers, SaaS, and VPN. It applies to you and anyone using your Account.
2. General Rule
You may use our Services only for lawful purposes and in a manner that does not harm our network, other customers, third parties, or the public.
3. Prohibited Activities (Non-Exhaustive)
You must not, and must not attempt to:
3.1 Illegal activities
Use the Services in violation of Hong Kong SAR law or any applicable law/regulation, including sanctions, export controls, and court orders.
3.2 Malware, compromise, and harmful code
Distribute or run malware, trojans, ransomware, botnets, spyware, credential theft tools, or exploit kits; host phishing pages; or engage in fraud/scams.
3.3 Unauthorized access and attacks
- DDoS/DoS attacks, traffic amplification, or facilitating attacks
- Port scanning or vulnerability scanning of systems you do not own/control without explicit authorization
- Password brute forcing, credential stuffing, or unauthorized interception of traffic
- Exploiting vulnerabilities to gain unauthorized access
3.4 Spam and messaging abuse
- Sending unsolicited bulk messages (email/SMS/messaging)
- Using open relays or misrepresenting headers
- Hosting spam tools or lists
- Using VPN or servers to evade spam enforcement or blacklists
3.5 Intellectual property infringement
Host, distribute, or make available content that infringes copyrights, trademarks, or other IP rights; distribute pirated software, cracks, keygens, or DRM circumvention tools.
3.6 Harmful or abusive content
Content that is unlawful, promotes violence or hate where unlawful, or otherwise violates applicable law. We may restrict content that creates material legal or safety risk.
3.7 Privacy violations
Illegally collect, publish, or sell personal data; doxxing; unauthorized surveillance; or any activity that violates privacy laws or third-party rights.
3.8 Resource abuse and unfair use
- Excessive consumption that disrupts Service stability (CPU/RAM/IO/network)
- Circumventing quotas or plan restrictions
- Multi accounting or resale designed to bypass limits (unless explicitly permitted)
- Running public “stressers/booters” or similar tools
We may apply throttling, shaping, or suspension to protect the platform.
3.9 Cryptomining
Cryptomining is prohibited unless explicitly permitted under your plan and does not violate our resource policies. Unauthorized or hidden mining is prohibited.
4. Service-Specific Rules
4.1 VPN
You must not use VPN to:
- conduct attacks, spam, phishing, malware distribution, or fraud
- evade lawful restrictions in a manner that is illegal in your jurisdiction
- cause our IP addresses to be blacklisted through abusive activity
We may enforce restrictions or terminate access to protect network reputation.
4.2 API Services
You must not:
- bypass authentication, scrape secrets, reverse engineer protected components
- perform load testing without prior written approval: test@cobaltstack.net
- exceed rate limits or use automation to evade quotas
We may throttle, block, or suspend API keys.
4.3 VPS / Dedicated Servers
You are responsible for securing your systems. Prohibited actions include:
- hosting public open proxies/open relays without authorization
- running command-and-control infrastructure
- knowingly allowing compromised systems to persist
We may isolate or suspend systems that threaten infrastructure.
4.4 SaaS
You must not:
- upload unlawful content or content you do not have rights to use
- attempt to access other tenants’ data
- abuse features to send spam or conduct fraud
4.5 Software licenses
You must not:
- resell, share, or distribute license keys contrary to publisher terms
- use licenses to violate laws or third-party rights
5. Reporting Abuse
Send reports to abuse@cobaltstack.net including:
- date/time (preferably UTC),
- affected domain/IP/URL,
- relevant logs/evidence,
- a description of the issue and impact.
6. Enforcement
6.1 Actions. We may take any action we deem appropriate, including:
- warnings and requests to remediate,
- throttling or blocking traffic/ports,
- suspending Services or Accounts,
- removing or disabling content,
- terminating the Agreement.
6.2 Immediate action. We may act without notice if needed to prevent harm, respond to legal requirements, or protect security and network integrity.
6.3 Logs and evidence. We may preserve and analyze logs and technical data for investigations and enforcement consistent with our Privacy Policy.
7. Changes
We may update this AUP. The updated version becomes effective when posted with a new effective date.
