Acceptable Use Policy

This Acceptable Use Policy ("AUP") forms part of the Orkestr Terms of Service and applies to all users of the Orkestr platform. It defines the rules governing acceptable and prohibited use of the Service. Violation of this AUP may result in immediate suspension or termination of your account without prior notice or refund.

We enforce this AUP to protect the security, performance, and reputation of the Platform and its users, to comply with applicable laws (including the EU Digital Services Act), and to maintain our standing with upstream infrastructure providers.

You must not use the Service to host, store, distribute, or link to any of the following:

2.1 Illegal Content

Any content that is illegal under EU law or the laws of Romania, including but not limited to: child sexual abuse material (CSAM); content promoting terrorism or violent extremism; content facilitating human trafficking; and content inciting hatred or violence against individuals or groups based on protected characteristics.

2.2 Malware and Malicious Software

Any malware, ransomware, spyware, trojans, viruses, worms, rootkits, keyloggers, exploit kits, phishing kits, or other malicious software. This includes hosting files intended for distribution as malware, regardless of whether the hosting site itself appears benign.

2.3 Phishing and Fraud

Any website, page, or application designed to impersonate another entity, service, or individual for the purpose of deceiving users, harvesting credentials, financial information, or other personal data.

2.4 Adult and Sexually Explicit Content

Pornographic or sexually explicit content of any kind, including but not limited to images, video, text, or interactive content. This applies regardless of whether such content is legal in your jurisdiction.

2.5 Copyright Infringement and Piracy

Content that infringes on the intellectual property rights of others, including pirated software, media, ebooks, music, films, cracked applications, serial key generators, or any tools facilitating copyright infringement.

2.6 Gambling and Regulated Financial Services

Online gambling, betting, lottery, or casino services unless you hold and provide proof of all required licences. Similarly, financial services requiring regulatory authorisation may not be operated without appropriate licences.

2.7 Dark Web and Anonymisation Services

Content or services intended to facilitate access to dark web marketplaces, anonymous illegal commerce, or services designed to obscure the origin of network traffic for the purpose of evading law enforcement.

2.8 Hate Speech and Harassment

Content that promotes hatred, discrimination, harassment, or violence against any individual or group on the basis of race, ethnicity, national origin, religion, gender, gender identity, sexual orientation, disability, or any other protected characteristic.

You must not use the Service to engage in any of the following activities:

3.1 Cryptocurrency Mining

Using platform resources for cryptocurrency mining, proof-of-work computation, or any form of resource-intensive computation not directly related to serving your application. Containers exhibiting sustained high CPU usage without corresponding application traffic may be automatically suspended.

3.2 Spam and Unsolicited Communications

Sending unsolicited bulk email, SMS, push notifications, or other communications. Operating open mail relays or open proxy servers. Using the Service to harvest email addresses or other personal data for spamming purposes.

3.3 Network Abuse

Launching or facilitating denial-of-service (DoS/DDoS) attacks, port scanning, packet sniffing, IP spoofing, or any form of network intrusion or disruption, whether targeting the Platform, other Orkestr users, or third parties.

3.4 Vulnerability Exploitation

Attempting to probe, scan, or test the vulnerability of the Platform or any system or network connected to the Platform without prior written authorisation. Attempting to access accounts, data, or systems that do not belong to you.

3.5 Botnet and Command-and-Control

Operating or participating in botnets, command-and-control infrastructure, or using the Service as a relay, proxy, or node for coordinating distributed attacks or other malicious activity.

3.6 Resource Abuse

Intentionally consuming excessive platform resources (CPU, memory, storage, bandwidth) in a manner that degrades the Service for other users. As a guideline, the following usage patterns may trigger automated suspension or a request to upgrade:

• Sustained CPU usage above 90% of your plan allocation for more than 30 consecutive minutes without corresponding application traffic
• Sustained memory usage above 95% of your plan allocation, indicating a memory leak or misconfiguration
• Outbound network transfer exceeding 100 GB per month on the free tier, 500 GB on Pro, or 2 TB on Team
• More than 50 deployments per day per project (indicative of automation abuse rather than normal CI/CD)
• Build times consistently exceeding the 10-minute timeout, suggesting builds that are not suitable for the Platform

These thresholds are guidelines, not hard limits. We will generally notify you and provide an opportunity to optimise before taking enforcement action, except where abuse is clearly intentional or impacts other users.

3.7 Circumvention

Attempting to circumvent platform security measures, resource limits, plan restrictions, billing controls, or any other technical or administrative safeguards.

You are responsible for the security of your applications and must take reasonable measures to prevent your deployments from being used as attack vectors. This includes:

• Keeping dependencies and frameworks up to date with security patches
• Not hardcoding secrets, API keys, or credentials in source code or environment variables exposed to the public
• Implementing appropriate authentication and authorisation for any administrative interfaces
• Promptly addressing any security vulnerabilities in your applications that are reported to you or that you become aware of

If we determine that a vulnerability in your application poses a risk to the Platform or other users, we may suspend the affected deployment until the issue is resolved.

5.1 Automated Monitoring

We employ automated systems to monitor for AUP violations, including but not limited to: CPU and resource usage anomaly detection; outbound network traffic analysis; URL and domain reputation scanning; build-time dependency scanning; and periodic content reputation checks.

5.2 Abuse Reports

We accept abuse reports from third parties via abuse@orkestr.eu. We will review all credible reports and take appropriate action in accordance with applicable law, including the EU Digital Services Act.

5.3 Enforcement Actions

Upon determining that a violation has occurred, we may take one or more of the following actions at our sole discretion: (a) issue a warning; (b) temporarily suspend the affected deployment or your account; (c) permanently terminate the affected deployment or your account; (d) remove or disable access to the violating content; (e) report the violation to law enforcement or relevant authorities; (f) cooperate with law enforcement investigations as required by law.

5.4 No Prior Notice

For severe violations (including CSAM, malware distribution, phishing, terrorism-related content, or imminent threats to Platform security), we may take immediate enforcement action without prior notice. For less severe violations, we will generally attempt to notify you and provide a reasonable opportunity to remedy the issue before taking action.

5.5 Appeals

If you believe enforcement action was taken in error, you may submit an appeal to appeals@orkestr.eu within 14 days. We will review appeals and respond within a reasonable timeframe. Continued access to the Service is not guaranteed during the appeal process.

In accordance with the EU Digital Services Act, we will: (a) designate a single point of contact for authorities and users; (b) publish transparency reports on content moderation actions; (c) provide a notice-and-action mechanism for reporting illegal content; (d) issue statements of reasons for content moderation decisions.

If you believe that content hosted on the Platform infringes your copyright, you may submit a takedown notice to legal@orkestr.eu including: (a) identification of the copyrighted work; (b) identification of the infringing content and its URL; (c) your contact information; (d) a statement of good faith belief that the use is unauthorised; (e) a statement under penalty of perjury that the information is accurate; (f) your physical or electronic signature.

We will process valid takedown notices promptly and notify the affected user. Counter-notifications may be submitted within 14 days.

You must not use the Service in violation of any applicable trade sanctions, export controls, or embargo regulations, including those imposed by the European Union, the United Nations, or applicable national authorities. Specifically, you must not:

• Use the Service if you are located in, or ordinarily resident in, a country or territory subject to comprehensive EU sanctions (currently including but not limited to: North Korea, Iran, Syria, Cuba, and the Crimea, Donetsk, and Luhansk regions)
• Use the Service on behalf of, or for the benefit of, any person or entity designated on EU, UN, or applicable national sanctions lists
• Use the Service to develop, host, or distribute technology that is subject to export controls under EU Regulation 2021/821 (Dual-Use Regulation) without appropriate licences
• Use the Service to facilitate transactions or activities that would violate applicable anti-money laundering laws

We may verify your country of residence and screen accounts against applicable sanctions lists. If we determine that your use of the Service may violate sanctions or export control laws, we may immediately suspend or terminate your account without prior notice or refund. If you are unsure whether your intended use is permissible, contact legal@orkestr.eu before signing up.

We may update this AUP from time to time. Material changes will be communicated via email or through the Platform with at least 14 days' notice. Continued use of the Service after the notice period constitutes acceptance of the updated AUP.

For questions about this policy or to report abuse:

Abuse reports: abuse@orkestr.eu
General enquiries: legal@orkestr.eu
Appeals: appeals@orkestr.eu