COOKIESSPACE – ACCEPTABLE USE POLICY (AUP)

Version 2025.1

Applicable to all IaaS, PaaS, Virtual Machines, Cloud Hosting & Network Services

Effective Date: 01/01/2026

This Acceptable Use Policy (“AUP”) governs the use of all services offered byCookiesSpace Private Limited (“CookiesSpace”, “we”, “our”). All customers (“Users”) must comply with this AUP in addition to the Terms.

Use of CookiesSpace Services constitutes acceptance of this AUP.

1. PURPOSE OF THIS AUP

The purpose of this AUP is to :

Ensure secure, legal, and responsible use of CookiesSpace cloud services
Protect the integrity, availability, and performance of our systems
Comply with Indian laws including IT Act, CERT-In Directions, DPDP Act
Prevent abuse, fraud, and illegal conduct using our infrastructure

2. PROHIBITED ACTIVITIES

The following activities are strictly prohibitedwhen using CookiesSpace Services.

2.1 PROHIBITED ACTIVITIES

Users may not use our Services to:

Violate any Indian law (IT Act, Copyright Act, DPDP Act, Penal Code, etc.)
Host or distribute illegal content
Distribute pirated software, movies, or copyrighted content
Engage in or support cybercrime
Provide cloud services to sanctioned entities or individuals
Impersonate government or regulatory entities

2.2 Security Violations & Cyber Offences

The following are explicitly prohibited under IT Act 2000 & CERT-In 2022 Directions:

Unauthorized access to systems or networks
Penetration testing without explicit written permission
Distributing malware, viruses, ransomware, Trojans
Operating botnets, C&C infrastructure, dark-web services
Launching or facilitating DDoS attacks
Port scanning, vulnerability scanning, or brute-force attempts
Reverse engineering or circumventing security protections

2.3 Email, Messaging & Network Abuse

Users may not use the Services to:

Send SPAM, phishing or bulk unsolicited emails
Host email harvesting operations
Spoof IP addresses, MAC addresses, headers, or routing information
Run open mail relays or proxy services for anonymous abuse
Create misleading or fraudulent communication

2.4 Harmful or Offensive Content

Users may not host, transmit, or process:

Child sexual abuse material (CSAM) — automatically reported to authorities
Pornographic or sexually explicit content that may also involve minors
Hate speech, threats, violent content
Content that promotes self-harm or illegal acts
Deep fake content that violates DPDP Act or privacy laws
Any content that violates public order, morality, or Indian Penal Code

2.5 Resource Abuse

Users may not engage in:

Excessive consumption beyond allocated limits
Crypto mining on trial accounts or without explicit permission
Attempting to destabilize shared environments
Running workloads that threaten infrastructure integrity
Hosting fake traffic, fake user generation, or ad fraud systems

2.6 Misuse of Cloud Services

Prohibited uses include:

Running VPNs, proxies, TOR nodes for illegal activity
Hosting gambling or betting services without government licenses
Operating investment/financial services without regulatory approval
Selling or distributing controlled substances
Running fake apps, scams, fraud portals, fake tech support centers
Misrepresenting your identity or organization

3. USER SECURITY OBLIGATIONS

Users must:

Keep account credentials secure
Use strong passwords and enable MFA
Maintain updated operating systems and applications
Secure Customer Data using state of the art security systems and protocols
Take necessary backups for crucial data, especially in case of using any and all IaaS related services from us
Notify CookiesSpace of any suspected breach within 24 hours
Retain logs as required under CERT-In for workloads running on their infrastructure

Failure to maintain adequate security may result in suspension.

4. NETWORK RULES AND FAIR USE

Users must not:

Abuse bandwidth, network capacity, or routing policies
Modify IP allocations without authorization
Run public resolvers (open DNS) unless explicitly permitted
Host or distribute unlicensed VOIP or telecom services

CookiesSpace reserves the right to regulate or suspend services temporarily for network abuse. In case of persistent abuse, Cookiesspace reserves the right to terminate services t such customers

5. DATA PROTECTION & PRIVACY COMPLIANCE

Users must comply with:

DPDP Act 2023
Applicable privacy regulations in chosen regions

Users may NOT:

Upload personal data without a legal basis
Process data without consent where required
Store personal data of minors without legal compliance
Process sensitive personal data illegally

CookiesSpace may request proof of compliance for workloads handling personal data.

6. CUSTOMER RESPONSIBILITY FOR CONTENT

Users are fully responsible for:

Content stored on virtual machines
Code executed on the infrastructure rented
Websites, apps or APIs hosted using Cookiesspace’s infrastructure
End-user behaviour on platforms they provide

CookiesSpace does not monitor content unless required by law or at the behest of the customer.

7. REPORTING ABUSE

To report violations, email:

abuse@cookiesspace.com

CookiesSpace responds to abuse reports within 24 hours.

8. ENFORCEMENT & SUSPENSION

CookiesSpace may take the following actions for AUP violations:

Warning notice
Service limitation
Temporary suspension
Permanent termination
Reporting to law enforcement or CERT-In

Severe violations (malware, child abuse, threats, and government order breaches) may result in immediate suspension without notice.

9. LAW ENFORCEMENT COMPLIANCE

As required by Indian IT Act & CERT-In, CookiesSpace will:

Preserve logs, metadata, and customer information for 90 days upon request
Cooperate with lawful interception or investigations
Provide information only in accordance with Indian law

10. CHANGES TO THIS AUP

CookiesSpace may modify this AUP with 30 days advance notice. Material changes will be communicated via email or console notifications.

11. ACCEPTANCE

By using CookiesSpace Services, the User confirms acceptance of this Acceptable Use Policy.