Acceptable Use Policy

1. You may use sota.io for

• Personal projects, side projects, SaaS products, internal tools.
• API backends, dashboards, marketing pages, e-commerce stores.
• AI-agent-built apps deployed via Claude or other MCP clients.
• Webhooks, integrations, schedulers, background workers.
• Anything that does business with humans and uses bounded bandwidth.

2. Hard-banned use cases

The following are absolute prohibitions. We will suspend the account and remove all deployments without warning if we detect them. Refunds are not issued for accounts terminated for these reasons.

• Open proxies / anonymisation relays — any service that lets third parties route HTTP, SOCKS, or arbitrary TCP traffic through our IPs without authentication bound to the requester's identity. This includes "web proxy" fetch endpoints, free VPN exit nodes, Tor relays, residential proxy networks, and credential-stuffing forwarders.
• Scraping at scale — automated scraping of third-party sites that would be considered hostile by the target (rate limits exceeded, ToS violated, geo-block evasion). Light scraping with respect for rate limits and robots.txt is fine; sustained high-volume scraping is not.
• IP-reputation laundering — any workload designed to tunnel traffic through sota.io for the purpose of obscuring source, evading bans, or sharing a clean reputation across unrelated users.
• Spam / unsolicited bulk email — outbound mass mail without explicit recipient consent. Resend or any other transactional provider you bring with you must comply with their own AUP independently.
• Crypto-mining — proof-of-work or memory-hard mining workloads. Wallet hosting, on-chain analytics, and DeFi tooling are fine; mining is not.
• Illegal content — anything prohibited by EU law or German law (CSAM, terrorism content, copyright-infringing distribution at scale, fraud infrastructure, illegal pharmaceuticals).
• Malware command-and-control — phishing kits, RATs, credential-harvesting fronts, exploit delivery, ransomware payment portals.
• DoS / DDoS infrastructure — booter services, stresser front-ends, attack-orchestration tooling. Even with legitimate intent ("red team"), no.

3. Resource limits

Free tier: 3 projects, 256 MB RAM / 500m CPU per container, shared egress IP, 7-day deployment retention. Pro and Enterprise tiers have higher limits documented at sota.io/pricing. Sustained workload beyond your tier's allocation may be throttled or migrated to a higher tier with prior notice.

4. Reporting abuse

If a sota.io-hosted app is doing something it shouldn't, report it to abuse@sota.io or via the /abuse form. We aim to acknowledge within 24 hours and act within 72 hours for confirmed reports.

5. Suspension procedure

For clear-cut violations (open proxies, illegal content, active abuse) we suspend immediately. For grey-area cases (high scraping volume, ambiguous policy fit) we email the account owner first and give 48 hours to remediate. Suspension stops the workload, preserves data for 14 days, then deletes. Appeals to abuse@sota.io.

6. Changes to this policy

We update this page when new abuse patterns emerge. Material changes are announced via the email address on file at least 14 days before they take effect.