ACCEPTABLE USE POLICY (AUP)
Effective Date: November 1st, 2024
Last Revised: October 22nd, 2024
1. Overview
This Acceptable Use Policy (AUP) governs the use of services provided by Movaci Co., Ltd., a Thailand-registered business. This AUP applies to all divisions and services of Movaci, including Secure Hosting, Cloud Services, and Managed Services. By using Movaci's services, you agree to comply with and enforce this AUP and with all end-users or end-clients you give access to, as well as all applicable laws and other agreements with Movaci.
2. Definitions
- Services: All offerings provided by Movaci, including but not limited to Secure Hosting, Cloud, and Managed Services.
- Servers: CPU-based hardware platforms, whether managed or unmanaged, provided by Movaci.
- IP Addresses: Any IPv4 or IPv6 addresses assigned to you by Movaci.
3. Compliance with Laws and Regulations
All users of Movaci’s services must comply with relevant international and local laws. This includes, but is not limited to:
- Thailand’s Computer Crimes Act B.E. 2550: Governing the use of IT systems in Thailand, covering computer-related offenses.
- Personal Data Protection Act (PDPA) Thailand: Thailand’s primary law governing the collection, use, and protection of personal data.
- GDPR (General Data Protection Regulation): Applicable to the handling of personal data for European residents.
- CCPA (California Consumer Privacy Act): Relevant for protecting the personal data of California residents.
- HIPAA (Health Insurance Portability and Accountability Act): Protecting sensitive health information in the U.S.
- NIST 800-53: Security and privacy controls for information systems.
- PCI DSS: Payment Card Industry Data Security Standard for payment security.
4. Prohibited Activities
The following activities are strictly prohibited when using Movaci's services, servers, and IP addresses:
- Illegal Activities: Including but not limited to copyright infringement, distribution of illegal software, child pornography, and drug trafficking.
- Malicious Activities: Including but not limited to distributing malware, unauthorized access to systems (hacking), denial of service (DoS) attacks, and phishing schemes.
- Spam: The sending of unsolicited bulk emails (SPAM), chain letters, or any unauthorized advertisements.
- Fraud: Engaging in deceptive practices such as identity theft, financial fraud, or phishing attempts.
- Security Breaches: Attempting to bypass security systems or gain unauthorized access to services, servers, or data hosted by Movaci.
Violations of these prohibited activities may result in suspension, termination, or fines as detailed below.
5. Service Suspension and Termination
Movaci reserves the right to immediately suspend or terminate any service for the following reasons:
- Nonpayment: Nonpayment in whole or part for any of Movaci's services.
- Violation of AUP: Any violation of Movaci’s AUP, the AUP of any upstream provider, or the AUP of any connected network.
- Fines and Penalties: Movaci reserves the right to impose fines ranging from $800USD to $15,000USD per incident for violations, including but not limited to:
- Copyright Infringement: Fines of $1,500USD per instance of illegal hosting, distribution, or linking to copyrighted material.
- Malicious Activities: Fines of $3,000USD to $15,000USD for engaging in hacking, distribution of malware, or other malicious acts.
- Spam and Fraud: Fines of $800USD to $15,000USD for unsolicited bulk email, phishing, or fraud-related activities.
6. Data Responsibility and Security Standards
- Encryption: All data stored or transmitted by Movaci is encrypted using AES-256 for data at rest and TLS 1.2 or higher for data in transit.
- Data Privacy Compliance: Movaci adheres to strict data protection regulations, including PDPA, GDPR, and HIPAA, ensuring that customer data is securely handled and stored.
- Backup and Recovery: Movaci maintains automated backups for disaster recovery, but customers are responsible for ensuring their own data retention policies are in place.
- Incident Response: Movaci operates a security incident response team to address breaches or security incidents within 24 hours, with additional measures such as server reboots, forensic investigations, or access restriction as necessary.
7. Shared Responsibility Model
Movaci and its customers share responsibility for security and system management:
- Movaci Responsibilities: Secure infrastructure management, including securing servers, networking equipment, and ensuring the integrity of the Movaci environment.
- Customer Responsibilities: Customers are responsible for their own data configurations, applications, user permissions, and any internal security measures they implement on Movaci’s platform.
Failure to properly manage these responsibilities may result in security risks or service termination.
8. Policy Enforcement and Resolution
Violations of this AUP may be subject to enforcement actions by Movaci. Actions include, but are not limited to:
- Policy Enforcement Notice: Movaci may issue a notice to the registered contact email address for any violations of the AUP.
- Service Suspension: Depending on the severity of the violation, services may be temporarily or permanently suspended. In such cases:
- Movaci may disconnect services within a timeframe ranging from 0 hours (immediate) to 24 hours based on the nature of the offense.
- Servers or services may be subject to probation, and customers may be required to provide root access for investigations or security hardening.
9. Specific Violations and Response Times
Movaci responds to violations based on severity. Specific timelines for response are as follows:
- 24-Hour Issues:
Violations such as copyright infringement, IP blacklisting, and spam-related activities.
- 16-Hour Issues:
Including hosting high-yield investment programs, infection or distribution of viruses or worms, and network scanning for vulnerabilities.
- 8-Hour Issues:
Including hacking, identity theft, denial-of-service (DoS) attacks, and distribution of malware.
- 1-Hour Issues:
Includes hosting or distribution of child pornography, open proxies, or violation of upstream provider AUPs.
Movaci may impose immediate fines for these violations ranging from $800USD to $15,000USD depending on the severity of the issue.
10. Prosecution and Cooperation with Law Enforcement
Movaci cooperates fully with local and international law enforcement agencies in investigating and prosecuting illegal activities. Movaci reserves the right to:
- Prosecute offenders: Movaci will take legal action against customers involved in illegal activities.
- Seize Data and Equipment: In extreme cases, Movaci reserves the right to seize servers and data for law enforcement investigation.
11. Pricing and Charges
All references to monetary fines and service charges are expressed in United States Dollars (USD). The following rates apply for violations and services:
- Violation Fines: $800USD to $15,000USD per incident.
- Administrative Work: If Movaci is required to resolve a violation on behalf of the customer, an administrative charge of $250USD per hour applies.
12. Contact Information Maintenance
Customers are responsible for maintaining accurate contact information in Movaci's systems. Failure to update this information may result in service disruption.
13. IP Address Usage and Network Performance
- IP Address Usage: Using IP addresses not assigned to you by Movaci is strictly prohibited.
- Network Resource Abuse: Excessive use of shared network resources that impacts other customers will not be tolerated.
14. Reporting Violations
If you suspect a violation of this AUP, please report it immediately to [email protected].