cryptoservers.io
Sign in Launch server

Acceptable Use Policy

What you can run on our infrastructure, what you can't, and the exact line between the two.

Effective 2026-04-01 Last updated 2026-04-22 Version v2.0 Signed with 0x62B79979C97C1241

Our position

We host content that is controversial, unpopular, and sometimes legally disputed in other jurisdictions. That is the point. What we do not host is content that causes unambiguous harm to identifiable individuals, content that weaponises our network against third parties, or content that is illegal under the law of Saint Kitts and Nevis or the local law of our operating datacenters.

This document is exhaustive. If a use case is not prohibited below, it is permitted. We do not rely on a vague "spirit of the rules" clause to police customer behaviour.

Tier 1 — Prohibited with zero cure period

Accounts hosting any of the following are suspended immediately on confirmed discovery, with no cure period and no refund:

  • Child Sexual Abuse Material (CSAM) — any image, video, text, or illustration depicting sexual abuse of a minor. Reported to NCMEC regardless of which jurisdiction the content is hosted from, under 18 U.S.C. § 2258A-compatible reporting procedures.
  • Credible threats of violence — specific, actionable threats against an identifiable person or group, including swatting precursors, kill-lists with addresses, and incitement to immediate lawless action. Reported to the relevant local law-enforcement authority.
  • Phishing kits targeting financial institutions, cryptocurrency exchanges, wallets, or our own customers. Includes credential-stealing pages, fake exchange front-ends, and clipboard-hijacker malware command & control.
  • Ransomware command-and-control (C2) infrastructure.
  • Originating DDoS attacks against non-consenting third parties — reflected, amplified, or direct.

Tier 2 — Prohibited with 48-hour cure

Accounts receive a written notice and 48 hours to bring the Service into compliance. Failure to cure results in suspension.

  • Outbound spam exceeding 0.1 % of sent messages flagged as spam by downstream providers (calculated rolling 7-day).
  • Unauthorised port-scanning or credential-bruteforcing of non-consenting third-party hosts. Authorised scanning (your own network, bug-bounty targets with published policy, agreed-upon penetration tests) is permitted.
  • Open recursive DNS resolvers that have been abused for amplification attacks.
  • Open SMTP relays used for spam.
  • Compromised services serving malware to visitors — after one courtesy notice, failure to clean results in suspension.

Explicitly permitted

The following use-cases are explicitly welcome, even if other providers have cited "abuse" or "terms of service" to terminate them:

  • Tor relays — middle, guard, bridge, and exit nodes. Exit operators should inform abuse@ ahead of time so we can pre-ack the anticipated complaint volume.
  • VPN services — commercial or personal; Wireguard, OpenVPN, Shadowsocks, Outline, SOCKS.
  • Cryptocurrency nodes & validators — Bitcoin Core, Monero, Ethereum (including archive and validator), Solana, Lightning, Arweave, Filecoin.
  • Cryptocurrency mixers that comply with the AML framework of Saint Kitts (broadly: non-custodial, with transparent reporting to users).
  • Adult content — legal under the law of the datacenter jurisdiction where the server runs, depicting consenting adults.
  • Political speech, journalism & leaked documents of legitimate public interest.
  • Content claimed to be infringing by a third-party copyright holder — we do not act on DMCA notices; see DMCA Stance.
  • Controversial or minority viewpoints — political, religious, academic, or otherwise — that do not meet the Tier-1 threshold above.

Network abuse & rate-limits

You are responsible for outbound traffic from your Services. To avoid accidental participation in network abuse:

  • Rate-limit any publicly exposed recursive DNS, NTP, or SMTP that you operate. If you don't need it, turn it off.
  • If you receive a network-abuse notice from us for an automated report (spamhaus, abuseipdb, etc.), you have 48 hours to acknowledge and either cure or explain.
  • Operate Tor exits responsibly — we recommend the Tor Project's published guidance.

Enforcement

We believe in due process. Enforcement follows a fixed escalation:

  1. Investigation — we confirm the report with at least one independent signal.
  2. Notice — a PGP-signed email to your account address describing the finding, the rule violated, and the cure period (0 for Tier-1, 48h for Tier-2).
  3. Cure or appeal — you either fix the issue or reply with counter-evidence. Appeals go to a different engineer from the one who opened the ticket.
  4. Suspension & data-handling — if not cured, the Service is suspended. Disks are preserved for 7 days on voluntary cure; immediately wiped on Tier-1 enforcement.
  5. Transparency — every enforcement action is counted (anonymously, by category) in the semi-annual Transparency Report.

Reporting a violation

If you believe another customer is violating this AUP, see the Abuse Policy for the correct reporting format and contact address. Reports sent to non-abuse addresses (legal@, support@) are forwarded but may be delayed.

This document is v2.0, effective 2026-04-01, last updated 2026-04-22. PGP-signed version available on request at [email protected].