Cloud Flex Technologies Pvt. Ltd. – Acceptable Use Policy

1. Purpose

This Acceptable Use Policy (“Policy”) defines the proper use of Cloud Flex services and aims to ensure compliance with applicable Indian laws and standards. It sets forth rules and restrictions to protect the security, availability, and integrity of Cloud Flex’s networks and resources, as well as the rights and data of all parties. In line with industry practice, Cloud Flex reserves the right to enforce this Policy to safeguard its infrastructure and clients’ interests. This Policy applies to all customers and all users (including employees, contractors, and other end users) of Cloud Flex services.

2. Scope of Services

This Policy applies to all Services provided by Cloud Flex, whether hosted on Cloud Flex’s cloud infrastructure or managed on-premises at a client’s site. It covers use of any Cloud Flex-provided infrastructure, platforms, software, networks, hardware, and support services. All Customers of Cloud Flex and their authorized end users must comply with this Policy when accessing or using Cloud Flex services. Customers are responsible for ensuring that their users understand and adhere to this Policy in conjunction with any service agreement or other Cloud Flex policies.

3. Prohibited Activities

Cloud Flex expressly forbids any use of its Services for activities that violate Indian law, infringe rights, threaten network security, or abuse the resources. Examples of prohibited activities include, but are not limited to:

• Illegal or Unlawful Use: Engaging in any activity that violates Indian criminal law, regulations, or other applicable laws. This includes, for example, unauthorized access (hacking), fraud, trafficking in contraband (e.g. weapons, drugs) or regulated data, identity theft, and other illicit activities. Users shall not use Cloud Flex Services to facilitate any crime or to publish or distribute content that is illegal in India.
• Offensive or Illicit Content: Storing, transmitting, or distributing content that is obscene, defamatory, abusive, hateful, harassing, violent, or that promotes illegal acts. This includes (but is not limited to) hate speech, threats, defamatory statements, extremist propaganda, child sexual abuse material, bestiality, or other content deemed harmful or offensive. Any content that is pornographic or adult-oriented must comply with Indian obscenity laws; Cloud Flex prohibits distribution of child pornography or content illegal to any jurisdiction.
• Intellectual Property Violations: Uploading, sharing, or hosting copyrighted or trademarked material without proper authorization. Users must respect intellectual property rights (copyrights, trademarks, patents, etc.) and may not distribute pirated software, media, or data through Cloud Flex services. For example, “knowing use of an infringing copy” of software is a criminal offense under Indian law. Use of open-source software is permitted only in compliance with its license terms.
• Network Security Violations: Engaging in activities that compromise the security or integrity of any network, system, or data. This includes scanning or probing networks without authorization, attempting to breach security controls, or executing denial-of-service attacks. Introducing malicious software (viruses, worms, Trojans, ransomware, password crackers, etc.) or tools that could damage systems is forbidden. Forging packet headers or other identifiers to disguise origin is prohibited. Users may not attempt unauthorized monitoring or interception of data on any network.
• Spam and Unsolicited Messaging: Transmitting unsolicited bulk email or spam, or any messages intended to harass or defraud recipients, is prohibited. Users shall not use Cloud Flex services to relay spam or to send email that obscures or falsifies header information. Continuing to email recipients who have opted out, sending malicious mail (mailbombing, phishing), or otherwise abusing email systems is a violation.
• Abuse of Resources: Consuming excessive bandwidth or server resources in a way that adversely affects other customers or the Service. This includes running illegal botnets, cryptocurrency mining without approval, or any automated processes that overload infrastructure. Running any service or application that disrupts or degrades Cloud Flex’s network or other users’ experience is not allowed.

Cloud Flex reserves the right to determine, at its sole discretion, whether a user’s actions violate these prohibitions. Users shall not facilitate the above activities on other networks or systems through Cloud Flex’s Services.

4. Data Security and Privacy

Users of Cloud Flex Services must safeguard all personal and sensitive data in compliance with Indian law. The Information Technology Act, 2000 and its Rules require corporate bodies to implement “reasonable security practices and procedures” to protect sensitive personal data, with failure to do so potentially resulting in liability for damages. Accordingly, Users must:

• Store and process personal data (such as names, contact, financial, health, or biometric information) only in accordance with applicable laws. Obtain all necessary consents for collecting, processing, or sharing personal data, especially sensitive data (passwords, financial accounts, etc.). Comply with any sector-specific requirements (e.g. RBI or other regulator mandates on data storage and security).
• Implement appropriate technical safeguards for data confidentiality and integrity. Examples include using strong encryption for data at rest and in transit, access controls and authentication for sensitive systems, regular patching of software, network firewalls, intrusion detection, and secure backups. Follow best practices for information security to prevent data breaches and unauthorized disclosure. Log and monitor access to critical data as required.
• Notify Cloud Flex promptly if you suspect a data breach or any compromise of security. Work cooperatively with Cloud Flex on incident response and mitigation.

Cloud Flex employs industry-standard security measures for its infrastructure (including encryption, hardened networks, and backups). Users should similarly adopt strong practices and must not circumvent Cloud Flex’s security controls. Personal data collected or stored on Cloud Flex systems should be handled in accordance with Cloud Flex’s Privacy Policy and applicable privacy obligations.

5. Software and Licensing Compliance

All software and services used with Cloud Flex resources must be properly licensed and legally obtained. Users may not install, use, or distribute unlicensed, pirated, or counterfeit software on Cloud Flex systems. Under Indian law, “knowing use of an infringing copy” of software is a punishable offense. In particular:

• Authorized Software: Only install software for which you hold a valid license. This includes operating systems, applications, plugins, and any commercial or proprietary software. Users must comply with all license terms and usage restrictions for software or content used on Cloud Flex services.
• Open Source and Third-Party Licenses: Adhere to all terms of open-source and third-party licenses. Do not combine incompatible licenses or use software in violation of its license. If redistributing any software or code, ensure proper attribution and compliance with the original license.
• Prohibited Software: Hosting or distributing tools that facilitate circumvention of license protections (e.g. keygens, cracks) is forbidden. Users must not run any unapproved or unauthorized operating system images or virtual machine templates.

Cloud Flex may, at its discretion, require proof of licensing or remove software that appears non-compliant. Users are responsible for any legal consequences arising from improper software use.

6. Account and Access Security

Users must secure their access credentials and accounts for Cloud Flex Services:

• Unique Credentials: Each user or system must have unique login credentials. Passwords must be strong (using a mix of characters and sufficient length) and changed regularly. Do not share your account or password with anyone. Do not use default or easily guessable credentials.
• Authentication: Enable multi-factor authentication (MFA) wherever supported. Users are responsible for any actions taken with their credentials. Notify Cloud Flex immediately if you suspect your credentials have been compromised or if unauthorized access is detected.
• Least Privilege: Limit account privileges to the minimum necessary. Users should only use administrator or root-level access when required for their tasks, and should maintain separate accounts for administrative activities.
• Responsibility: Each customer is responsible for all actions taken through their accounts. Users must not share accounts or access methods, and should maintain internal procedures to revoke access for departing employees or contractors.

By following these practices, users help prevent unauthorized access or accidental misuse of the Services. Prompt reporting of any security concerns is mandatory.

7. Monitoring, Enforcement, and Remedial Actions

Cloud Flex reserves the right to monitor usage of its Services to ensure compliance with this Policy and protect its network. In general, Cloud Flex does not monitor customer content unless necessary to investigate a suspected violation. However, Cloud Flex may log network traffic, scan for malware, and audit resource usage for security purposes.

If a violation is detected or reported, Cloud Flex may take one or more of the following actions to remediate the issue:

• Notification and Correction: Cloud Flex may notify the user of the violation and demand that the prohibited activity cease immediately. The user must promptly correct any non-compliant behavior.
• Suspension of Service: For serious or repeated violations, Cloud Flex may suspend access to any Service or account without prior notice to prevent further harm. For example, in cases of security breaches, network attacks, or illegal activity, Cloud Flex may immediately suspend service to protect others.
• Termination of Service: Cloud Flex may terminate any Service or user account permanently for severe or continuing violations. Termination may occur after notice or without notice in urgent situations (such as ongoing attacks or illegal operations).
• Other Remedial Actions: Cloud Flex may remove or quarantine offending content, blacklist IP addresses, or restrict specific functionalities. When appropriate, Cloud Flex will cooperate with law enforcement or regulatory agencies. Customers may be required to reimburse Cloud Flex for costs of investigating or mitigating abusive activities.

Consequences of violations can include, but are not limited to, warnings, account suspension, service termination, or legal action. Cloud Flex disclaims liability for actions taken in good faith to enforce this Policy. Users acknowledge that violation of this Policy may result in loss of service with no entitlement to refund.

8. Reporting Violations

If you become aware of any violation of this Policy or any security incident, you must report it immediately to Cloud Flex. Include as much detail as possible (e.g. affected account, time of incident, IP addresses, and evidence) to help us investigate. Reports may be sent to our team via email at support@cloudflex.co.in or via our support portal. Cloud Flex will handle reports confidentially and will take appropriate action.

Failure to report known violations or security breaches may itself be considered a violation of this Policy. Users are encouraged to act in good faith to preserve the security and legality of the Services.

9. Modifications to the Policy

Cloud Flex may modify this Policy at any time by posting the revised version on its website or notifying customers through official channels. Any changes take effect immediately upon posting. It is the responsibility of customers and users to review this Policy periodically. Continued use of Cloud Flex services after a revised Policy is posted constitutes acceptance of the new terms.

Cloud Flex will aim to notify customers of significant changes (for example, by email), but notification is not required. Users who do not agree with the updated Policy should cease using the Services and terminate their accounts.

10. Legal Jurisdiction

This Policy and any disputes arising from it are governed by the laws of India. Any legal action or proceeding related to this Policy will be subject to the exclusive jurisdiction of courts in Delhi, India. Cloud Flex’s relationship with its customers and users shall be construed in accordance with Indian law, including the Information Technology Act, 2000 and other applicable statutes.

11. Acknowledgment Clause

By accessing or using Cloud Flex services, the Customer and all end users explicitly acknowledge and agree to abide by this Acceptable Use Policy. The Customer affirms that it will inform its users of this Policy and ensure their compliance. Any violation of this Policy may result in suspension or termination of services, as described above. The Customer agrees that no provision of this Policy is unenforceable, invalid, or void, and that the remaining provisions shall remain in full force and effect.

Cloud Flex reserves the right to immediately disable access or remove any data that violates this Policy. This Policy is an integral part of any service agreement with Cloud Flex. By using the Services, you confirm that you have read, understood, and accepted this Policy.