Acceptable Use Policy

This Acceptable Use Policy ("AUP") defines the rules and restrictions that apply to all users of the cloud infrastructure and container orchestration services provided by Digital Frontier Unipessoal LDA ("Digital Frontier," "we," "us," or "our"). This AUP is incorporated into and forms part of our Terms of Service.

Digital Frontier operates as an infrastructure and hosting provider under the Digital Services Act (DSA, Regulation (EU) 2022/2065). We do not provide crypto-asset services regulated under MiCA. This AUP is designed to ensure that the Services are used in a manner that is lawful, consistent with the DSA, and respectful of the integrity and security of our platform and infrastructure.

1. Purpose

This AUP establishes clear rules for the use of Digital Frontier Services, supports our DSA notice-and-action obligations (Article 16), defines prohibited activities, and sets out our enforcement and authority cooperation framework. It applies to all customers, users, and any third parties accessing the Services.

2. Prohibited Activities

The following activities are strictly prohibited. This list is non-exhaustive. We reserve the right to determine, at our sole discretion, whether any use of the Services violates this AUP.

2.1 Illegal Activities

You may not use the Services to:

• Violate any applicable local, national, EU, or international law or regulation.
• Distribute, store, or transmit material that constitutes child sexual abuse material (CSAM) or promotes the exploitation of minors.
• Engage in money laundering, terrorist financing, or other financial crimes.
• Violate economic or trade sanctions administered by the European Union, the United Nations, or the United States Office of Foreign Assets Control (OFAC).
• Produce, distribute, or store content that is illegal under Portuguese or EU law, including content that constitutes a criminal offence under the Portuguese Criminal Code.
• Facilitate the sale or distribution of controlled substances, weapons, or other regulated goods without proper authorization.

2.2 Terrorist Content

The dissemination of terrorist content through our Services is strictly prohibited. "Terrorist content" has the meaning given in Regulation (EU) 2021/784, as implemented in Portugal by Decree-Law 25/2026. This includes material that:

• Incites the commission of terrorist offences.
• Encourages the contribution to, or participation in, the activities of a terrorist group.
• Directs or instructs on how to make or use explosives, firearms, or other weapons for terrorist purposes.
• Glorifies terrorist acts.

One-hour removal obligation: Under Decree-Law 25/2026, the Polícia Judiciária (PJ) is designated as the competent authority to issue terrorist content removal or blocking orders. Digital Frontier is legally required to remove or disable access to identified terrorist content within one (1) hour of receiving a valid removal order. Failure to comply with a valid terrorist-content removal order within the applicable period may constitute an administrative offence under Decree-Law 25/2026 and may result in sanctions imposed by ANACOM.

2.3 Cybercrime and Network Abuse

You may not use the Services to:

• Distribute malware, ransomware, spyware, or any other malicious software.
• Conduct or facilitate distributed denial-of-service (DDoS) attacks, brute-force attacks, or other network-based attacks against any target.
• Operate botnets, command-and-control infrastructure, or zombie networks.
• Scan, probe, or attempt to gain unauthorized access to systems, networks, or accounts without authorization.
• Intercept, monitor, or tamper with communications or data that you are not authorized to access.
• Exploit vulnerabilities in software, hardware, or services without authorization.
• Conduct phishing, social engineering, or credential harvesting campaigns.
• Operate open DNS resolvers, SMTP relays, or other services that can be abused to send spam or amplify attacks, without proper access controls.
• Engage in port scanning or port exploitation of systems you do not own or are not authorized to test.

Activities prohibited under this section may also constitute criminal offences under Portuguese Cybercrime Law (Law 109/2009).

2.4 Fraud and Deception

You may not use the Services to:

• Operate fraudulent websites, marketplaces, or services designed to deceive users.
• Host or distribute content intended to defraud individuals or organizations.
• Engage in investment fraud, Ponzi schemes, pump-and-dump schemes, or other financial scams, including those involving cryptocurrencies or digital assets.
• Create or operate services that impersonate legitimate businesses, organizations, or individuals.
• Use wallet addresses, crypto infrastructure, or payment systems for fraudulent purposes.

2.5 Intellectual Property Violations

You may not use the Services to:

• Distribute, store, or transmit material that infringes the copyright, trademark, patent, trade secret, or other intellectual property rights of any third party.
• Operate platforms or services primarily designed to facilitate unauthorized sharing or distribution of copyrighted content.
• Reverse-engineer, decompile, or disassemble software in violation of applicable license agreements.

Under the DSA and Decree-Law 20-B/2024, IGAC is the competent authority for copyright-related matters in Portugal.

2.6 Spam and Unsolicited Communications

You may not use the Services to:

• Send unsolicited bulk email (spam), SMS, push notifications, or other communications.
• Operate email servers or mailing lists without proper authentication, unsubscribe mechanisms, and compliance with the EU ePrivacy Directive and applicable Portuguese law.
• Harvest email addresses or other contact information without consent.

2.7 Harmful or Offensive Content

While Digital Frontier does not generally monitor customer deployments, you may not use the Services to distribute:

• Content that promotes violence, terrorism, or hate speech based on race, ethnicity, religion, gender, sexual orientation, disability, or other protected characteristics.
• Content that threatens, harasses, intimidates, or defames individuals or groups.
• Non-consensual intimate imagery or content that facilitates revenge porn.
• Content that promotes self-harm or suicide.

2.8 Resource Abuse

You may not:

• Use the Services to mine cryptocurrency without explicit authorization under your service plan.
• Intentionally consume excessive resources (CPU, memory, bandwidth, storage) beyond the scope of legitimate use.
• Run benchmarks or stress tests against shared infrastructure without prior written approval.
• Deploy workloads designed to circumvent usage limits or billing mechanisms.

2.9 Service Misuse

You may not:

• Attempt to circumvent security controls, access controls, or usage policies.
• Use the Services to violate the acceptable use policies of third-party cloud providers accessed through our platform.
• Resell or redistribute the Services without written authorization.
• Create multiple accounts to evade enforcement actions or service limitations.
• Interfere with or monitor other customers' deployments or data.

3. Wallet and Cryptocurrency Activity

Given the nature of our platform's integration with blockchain and cryptocurrency payment systems, the following additional rules apply:

• Wallet addresses associated with your account must not be used for money laundering, terrorist financing, sanctions evasion, or other financial crimes.
• You must not operate mixing services, tumblers, or other tools primarily designed to obscure the origin of cryptocurrency transactions.
• Wallet addresses associated with known illicit activity (as identified by EU, UN, or OFAC sanctions lists, or by blockchain analytics tools) are prohibited from use with our Services.
• Where cryptocurrency payment features are provided through authorized third-party providers, users must comply with the applicable requirements of those providers and with applicable law.

For the avoidance of doubt: Digital Frontier does not provide crypto-asset services regulated under MiCA (custody, exchange, execution, transfer-on-behalf, portfolio management, or advice). We are not a CASP and are not authorized as such. If cryptocurrency payment features involve regulated activities, they are carried out by authorized third-party payment providers under the supervision of the competent authorities (Banco de Portugal and/or CMVM, as applicable).

4. Port and Network Usage

The following rules govern the use of network ports and interfaces on Digital Frontier infrastructure:

• Open ports and exposed services must be secured with appropriate authentication and access controls.
• You must not operate services on ports commonly associated with abuse (e.g., open SMTP relays, open DNS resolvers) without prior written approval and demonstrated security measures.
• Port scanning, sniffing, or exploitation of network traffic not belonging to your deployments is prohibited and may constitute a criminal offence under Law 109/2009.
• Operating Tor exit nodes or similar anonymity services requires prior written approval from Digital Frontier.
• Network traffic must not be spoofed, forged, or otherwise manipulated to disguise its origin.

5. DSA Notice-and-Action Mechanism

In accordance with Article 16 of the DSA, Digital Frontier maintains an electronic, easy-to-access, and user-friendly mechanism for any person or entity to notify us of specific allegedly illegal content hosted on our infrastructure.

5.1 How to Report

• General illegal content: Illegal content reporting page or abuse@digitalfrontier.so
• Copyright infringement: abuse@digitalfrontier.so (IGAC is the competent authority in Portugal)
• Terrorist content (emergency): emergency@digitalfrontier.so (1-hour response required under Decree-Law 25/2026)
• Child sexual abuse material: emergency@digitalfrontier.so

5.2 What to Include

To help us process your report efficiently, please include:

• A clear description of the allegedly illegal content.
• The exact URL, IP address, deployment ID, or other identifier.
• The legal basis for considering the content illegal.
• Your contact information.
• Whether you are acting as the affected party or a reporting authority.

5.3 Our Response

We will assess reports without undue delay and take appropriate action, which may include removal, access restriction, or escalation to authorities. In accordance with DSA Article 17, when we restrict or remove content, we will provide a clear and specific statement of reasons to the affected user, except where a criminal procedure or secrecy rule lawfully limits notice.

6. Enforcement Actions

Upon receiving a credible report via our notice-and-action mechanism, detecting a potential violation through our own monitoring, or receiving a valid order from a competent authority, we may take one or more of the following actions:

• Investigation: Review the reported deployment, wallet, network traffic, or resource for potential violations.
• Warning: Issue a written warning to the account holder describing the violation and required corrective action.
• Content removal or restriction: Remove, disable access to, or restrict the availability of illegal content, with a statement of reasons per DSA Article 17.
• Service restriction: Block specific ports, suspend network access, or disable specific deployments or wallets associated with the violation.
• Account suspension: Temporarily suspend the account pending investigation.
• Account termination: Permanently terminate the account for severe or repeated violations.
• Data preservation: Preserve relevant logs and data when required by law or in anticipation of legal process under Law 109/2009.
• Law enforcement referral: Report the activity to the relevant authorities, including the Polícia Judiciária (terrorist content, cybercrime), ANACOM (DSA matters), CNPD (data protection), IGAC (copyright), or other competent bodies.

Under the DSA hosting safe harbour (Article 6), a provider that does not have actual knowledge of illegal activity or information and, upon obtaining such knowledge, acts expeditiously to remove or disable access to the information, is not liable for the stored information.

7. Authority Cooperation

Digital Frontier cooperates with competent authorities in accordance with Portuguese and EU law. Our cooperation framework covers:

• DSA orders (Articles 9 and 10): We process valid orders issued by competent judicial or administrative authorities to act against illegal content or to provide information within our possession and control, within the Portuguese framework in which ANACOM serves as Digital Services Coordinator. Orders may be submitted via our contact form or legal@digitalfrontier.so.
• Terrorist content (Regulation (EU) 2021/784, Decree-Law 25/2026): We execute removal and blocking orders from the Polícia Judiciária within one hour. Emergency channel: emergency@digitalfrontier.so.
• Cybercrime (Law 109/2009): We cooperate with lawful preservation, copying, disclosure, access blocking, and deletion orders issued under the Portuguese Cybercrime Law. The appropriate response depends on the specific order: preservation, copy and disclosure, integrity maintenance, access blocking, or deletion, as directed by the competent authority.
• NIS2 (Decree-Law 125/2025): Where applicable, we comply with incident reporting obligations under the supervision of the competent Portuguese cybersecurity authorities, including CNCS where applicable.
• Sanctions: We cooperate with EU and UN sanctions enforcement. We maintain risk-based screening of identified counterparties, enterprise customers, and vendors, proportionate to our role as a hosting provider.
• Data protection: We cooperate with CNPD in its supervisory capacity under Law 58/2019.

Digital Frontier does not provide data to authorities for mass surveillance programs. Except where applicable law permits or requires emergency disclosure, all disclosures are made on a case-by-case basis in response to valid legal process. We disclose only information lawfully in our possession and within our control, consistent with DSA Article 10.

8. Monitoring

Digital Frontier reserves the right to monitor usage of the Services to the extent permitted by applicable law for the purposes of:

• Ensuring compliance with this AUP and our Terms of Service.
• Detecting and preventing security incidents.
• Maintaining the integrity and performance of our infrastructure.
• Complying with legal obligations.

Monitoring is conducted in a manner consistent with the GDPR, Law 58/2019, and Portuguese data protection law. The DSA prohibits Member States from imposing a general monitoring obligation. We do not inspect the contents of customer deployments or data unless there is a specific, lawful reason to do so.

9. Customer Responsibilities

As a user of Digital Frontier Services, you are responsible for:

• Ensuring that all content and activity on your deployments complies with this AUP and applicable law.
• Implementing appropriate security measures for your deployments, including access controls, encryption, and vulnerability management.
• Monitoring your own deployments, wallet activity, and network usage for signs of unauthorized or abusive activity.
• Promptly reporting any suspected security incidents or AUP violations to Digital Frontier.
• Maintaining up-to-date contact information so we can reach you in case of emergencies or enforcement actions.
• Ensuring that any third parties who access your deployments or account also comply with this AUP.

10. Changes to This Policy

We may update this AUP from time to time. Material changes will be communicated through our website, email, or the Platform. Your continued use of the Services after any modification constitutes acceptance of the revised AUP.

11. Contact Information

For questions or reports related to this AUP:

• Abuse / illegal content reports (DSA Article 16): abuse@digitalfrontier.so or our illegal content reporting page
• Emergency / terrorist content (1-hour response): emergency@digitalfrontier.so
• Security incidents: security@digitalfrontier.so
• Law enforcement / authority inquiries: legal@digitalfrontier.so
• Postal: Digital Frontier Unipessoal LDA, Cascais, Portugal

Relevant Portuguese authorities:

• ANACOM — DSA Digital Services Coordinator (Decree-Law 20-B/2024)
• Polícia Judiciária (PJ) — Terrorist content orders, cybercrime (Decree-Law 25/2026, Law 109/2009)
• CNPD — Data protection (Law 58/2019)
• IGAC — Copyright under the DSA (Decree-Law 20-B/2024)
• Banco de Portugal / CMVM — MiCA / CASP matters (not applicable to our current Services; Law 69/2025)