Acceptable Use Policy

Version 1.0  ·  Last updated: 10 April 2026  ·  English only

1. Purpose

Hotbox provides VPS and web hosting infrastructure to customers throughout Europe and beyond. The purpose of this AUP is to define the boundaries of acceptable use in order to:

• Protect the integrity and availability of the Hotbox network and infrastructure;
• Safeguard other customers sharing network and platform resources;
• Ensure compliance with applicable law, including EU directives and Polish law;
• Maintain Hotbox's reputation and standing with upstream network providers.

This AUP does not constitute an exhaustive list. Hotbox reserves the right to determine, at its reasonable discretion, whether any use of services constitutes a violation of this AUP.

2. Prohibited Activities

2.1 Spam and Unsolicited Communications

The use of Hotbox services to send unsolicited bulk email (spam), unsolicited commercial messages, or unsolicited communications of any kind is strictly prohibited. Prohibited activities include:

• Sending email without recipients' explicit prior consent in violation of Directive 2002/58/EC (ePrivacy Directive) or Polish telecommunications law;
• Operating open mail relays or mail proxies used for spam distribution;
• Harvesting email addresses from websites or other sources without consent;
• Sending messages that obscure or falsify the origin, sender, or routing information;
• Sending bulk SMS or other unsolicited communications using Hotbox infrastructure.

2.2 Malware, Viruses, and Malicious Code

You may not use Hotbox services to create, store, distribute, or facilitate the distribution of malicious software, including but not limited to:

• Viruses, worms, Trojans, ransomware, spyware, or adware;
• Exploit kits, botnets, or command-and-control infrastructure;
• Software designed to disrupt, damage, or gain unauthorised access to computer systems;
• Tools for automated credential stuffing, brute-force attacks, or password cracking against third-party systems.

2.3 Phishing and Social Engineering

You may not use Hotbox services to conduct phishing, pharming, or social engineering attacks. This includes:

• Hosting websites or sending communications that impersonate banks, payment processors, government agencies, or other entities to deceive users into disclosing credentials or personal data;
• Registering or using domains designed to deceive users by resembling legitimate brands (typosquatting);
• Any activity constituting fraud under Polish criminal law (Kodeks karny, Art. 286) or EU law.

2.4 Illegal Content

You may not host, store, distribute, or link to content that is illegal under applicable law, including:

• Child sexual abuse material (CSAM) or any content that sexually exploits minors — such content will result in immediate termination and mandatory reporting to law enforcement;
• Content that incites violence, hatred, or discrimination on grounds of race, ethnic origin, religion, gender, sexual orientation, or disability, in violation of EU law or Polish law;
• Counterfeit goods, forged documents, or fraudulent financial instruments;
• Content constituting terrorist propaganda or incitement to terrorism under Directive (EU) 2017/541;
• Content that facilitates or promotes human trafficking or exploitation.

2.5 Copyright Infringement and Intellectual Property

You may not use Hotbox services to infringe the intellectual property rights of others. This includes:

• Hosting, distributing, or streaming copyrighted content (software, films, music, publications) without authorisation from the rights holder;
• Operating websites or services whose primary purpose is to facilitate copyright infringement;
• Circumventing technological protection measures in violation of Directive 2001/29/EC (InfoSoc Directive) or Polish copyright law (Ustawa o prawie autorskim i prawach pokrewnych).

Hotbox responds to notices of alleged infringement under the EU E-Commerce Directive (2000/31/EC) and the Digital Services Act (Regulation (EU) 2022/2065). To report infringement, contact [email protected].

2.6 Network Attacks and Abuse

• DDoS origination: Using Hotbox infrastructure to launch or participate in Distributed Denial of Service (DDoS) attacks against any target is absolutely prohibited;
• Port scanning and probing: Conducting unauthorised scanning, probing, or enumeration of third-party networks or systems;
• Man-in-the-middle attacks: Intercepting or tampering with network traffic not belonging to you;
• IP spoofing: Transmitting data using falsified source IP addresses;
• Network flooding: Generating excessive traffic that disrupts the availability of services for other users on the Hotbox network.

2.7 Cryptocurrency Mining

Cryptocurrency mining operations (proof-of-work mining for any currency) are prohibited on Hotbox shared hosting plans due to the sustained CPU and resource load they impose on shared infrastructure.

On VPS plans, cryptocurrency mining is permitted only with prior written approval from Hotbox, subject to the customer demonstrating that resource usage remains within purchased plan limits and does not adversely affect other customers. To request approval, contact [email protected].

2.8 Resource Abuse

All customers must use resources (CPU, RAM, bandwidth, storage) within the limits of their purchased plan. Prohibited resource abuse includes:

• Sustained use of CPU resources above plan limits in ways that degrade shared infrastructure performance;
• Running processes designed to circumvent resource quotas;
• Using a service as a file distribution network for large-scale content delivery without a dedicated bandwidth plan;
• Deliberately inflating resource usage to harm Hotbox or other customers.

Hotbox may throttle or temporarily restrict services where resource limits are exceeded without prior notice, and will notify the affected customer of the reason.

2.9 Hacking and Unauthorised Access

• Attempting to gain unauthorised access to any system, network, or account not belonging to you;
• Possessing or distributing hacking tools intended for malicious use against third-party systems;
• Exploiting security vulnerabilities in Hotbox systems or third-party systems without authorisation (authorised penetration testing of your own services must be declared in advance to [email protected]).

2.10 Gambling and Regulated Activities

Hosting of online gambling services (games of chance, sports betting, poker) requires compliance with applicable Polish and EU gambling regulations. Such services may not be hosted on Hotbox infrastructure without demonstrating valid licencing in the jurisdictions where players are located. Unlicenced gambling operations are strictly prohibited.

3. Customer Responsibility for Third-Party Content

If you resell or sublicense Hotbox resources (subject to authorisation under the Terms of Service), you are responsible for ensuring that your end users comply with this AUP. You must maintain your own acceptable use policy that is at least as restrictive as this AUP and ensure its enforcement.

Hotbox operates as a hosting service provider and does not proactively monitor the content hosted by customers. However, in accordance with the EU Digital Services Act (Regulation (EU) 2022/2065), Hotbox will act expeditiously upon receiving valid notices of illegal content and will remove or disable access to such content where required by law.

4. Monitoring and Investigation

Hotbox reserves the right to monitor network traffic, system logs, and server performance for the purpose of:

• Detecting and preventing abuse, spam, and network attacks;
• Ensuring compliance with this AUP and applicable law;
• Protecting the security and integrity of the Hotbox network;
• Responding to complaints from third parties or authorities.

Such monitoring is carried out in compliance with GDPR and applicable data protection law. Hotbox does not inspect the content of encrypted communications except where legally required by a court order or equivalent lawful authority.

5. Enforcement

When Hotbox becomes aware of a potential AUP violation — whether through internal monitoring, third-party complaints, or authority notifications — it will follow the enforcement process below. The severity and speed of response depends on the nature and urgency of the violation.

Hotbox reserves the right to skip warning steps and proceed directly to suspension or termination for violations that pose an immediate threat to the network, other customers, or third parties, or where required by law.

6. Reporting Abuse

If you become aware of any misuse of Hotbox infrastructure — including spam, malware hosting, phishing, or other abusive activity — please report it to:

Email: [email protected]

Please include as much detail as possible: the IP address(es) involved, URLs, timestamps, log excerpts, and a description of the observed abuse. We will acknowledge all abuse reports within 24 hours on business days and will take appropriate action as expeditiously as possible.

Reports related to copyright infringement should also be submitted to [email protected], citing the relevant rights, the infringing material, and the lawful basis for the removal request, consistent with Article 16 of the EU E-Commerce Directive and the Digital Services Act.

7. Legal Framework

This AUP is governed by and construed in accordance with Polish law and applicable EU law, including:

• Directive 2000/31/EC — E-Commerce Directive (liability of hosting providers);
• Regulation (EU) 2022/2065 — Digital Services Act;
• Directive 2002/58/EC — ePrivacy Directive;
• Regulation (EU) 2016/679 — General Data Protection Regulation (GDPR);
• Directive (EU) 2017/541 — Combating terrorism;
• Directive 2001/29/EC — InfoSoc Directive (copyright);
• Polish Penal Code (Kodeks karny) — provisions on fraud, computer crime, and illegal content.

8. Changes to This AUP

Hotbox may update this AUP at any time to reflect changes in law, technology, or operational needs. Changes take effect upon publication on our website. Customers will be notified of material changes by email at least 14 days in advance.