DevOps and Automation
System administration and infrastructure management.
Managed Hosting
Reliable managed web hosting service.
Managed Databases
Performant and secure managed databases.
Storage
Cost effective storage with free egress.
Web Design and Development
Websites and applications using modern frameworks.
Technical Consultancy
Practical and personalised technical advice.
Get Started
- Infrastructure Services
- DevOps and Automation
- Managed Hosting
- Managed Databases
- Storage
- Network Services
- Development Services
- Web Design and Development
- Technical Consultancy
- Support
- FAQ
- Knowledgebase
- For Customers
- Customer Login
Please read this policy carefully before using our services.
Version 1.0 — Effective 20 March 2026 — Reviewed annually. Next review due 20 March 2027.
This Acceptable Use Policy ("AUP") sets out the rules governing the permitted and prohibited uses of all services provided by Vatora Limited ("Vatora", "we", "us"). It applies to managed hosting, managed databases, object storage, SAN block storage, cold archive storage, leased IP subnets, network services, DevOps and automation, technical consultancy, web design and development, and any other services we provide.
All server and hosting infrastructure operated by Vatora is fully managed by Vatora staff. Customers do not have operating system-level or shell access to Vatora-managed servers. The services through which customers have direct access to underlying resources are: leased IP subnets, object storage, SAN block storage, cold archive storage, and managed databases where direct database-level access has been granted. This AUP addresses the responsible use of those services in particular.
By accessing or using any Vatora service, you ("the Customer") agree to comply with this AUP in full. This AUP forms part of your agreement with Vatora and should be read alongside our Terms of Service, Privacy Policy, and Data Retention Policy.
This AUP applies to the Customer and to any employees, contractors, end users, or third parties who access Vatora services through the Customer's account. The Customer is responsible for ensuring all such parties comply.
You must not use any Vatora service, infrastructure, or network for any purpose that is unlawful, harmful, or that interferes with the rights of others. The following prohibitions apply across all services:
You must not use Vatora services to engage in, facilitate, or promote any activity that violates applicable law or regulation, including but not limited to: fraud, identity theft, money laundering, the distribution of unlicensed software or media, or any activity prohibited under the Computer Misuse Act 1990 or equivalent legislation.
You must not attempt to gain unauthorised access to any system, network, service, or account — whether operated by Vatora, another customer, or any third party. Any security testing of applications or services that run on or connect to Vatora infrastructure requires Vatora's prior written approval.
You must not take any action that disrupts, degrades, or impairs the performance, availability, or security of Vatora's infrastructure or any third-party system. This includes introducing malware, viruses, worms, ransomware, or any other malicious code into the Vatora network or any connected system.
You must not attempt to bypass, disable, or circumvent any access controls, authentication mechanisms, or security measures implemented by Vatora or any third party.
Where Vatora leases a customer an IP subnet (/24 or /23) or sponsors an ASN registration, the customer becomes responsible for the legitimate use of that address space. Vatora remains the registered holder of leased IP space through its RIPE LIR membership, and its network reputation is directly affected by how leased subnets are used.
Leased IP space and sponsored ASNs must only be used for lawful purposes consistent with the customer's contracted service and with RIPE policies. Customers must not sub-lease, broker, or transfer their assigned address space to any third party without Vatora's prior written consent.
You must not use, route, or permit leased IP addresses to be used as a source for spam, phishing campaigns, DDoS attacks, port scanning, botnet command-and-control, or any other abusive or malicious traffic. You are responsible for all traffic that originates from your assigned address space, regardless of whether that traffic was generated directly by you or by a downstream party.
You must not advertise, announce, or route your assigned subnet in a manner that misrepresents its origin or ownership. BGP route announcements must accurately reflect your authorised use of the space and must comply with RIPE routing policies. Unauthorised sub-announcement, route hijacking, and prefix hijacking are strictly prohibited. You must not announce address space that has not been assigned to you.
Vatora monitors leased IP address space against public blacklists. Where Vatora receives abuse complaints referencing your address space, you must cooperate fully with our investigation and take prompt remedial action where a complaint is substantiated. Failure to respond within a reasonable timeframe may result in suspension or withdrawal of the subnet.
Vatora reserves the right to withdraw BGP announcement of a leased subnet, or to apply null routing or upstream filtering to specific addresses within it, without notice, where abuse or a threat to network integrity is detected.
The following prohibitions apply to all traffic transiting Vatora's network, including via leased IP space or any other service:
You must not launch, direct, or facilitate distributed denial of service (DDoS) attacks, volumetric floods, or any other form of attack intended to overwhelm or degrade the availability of any system or network. Vatora may null-route, block, or rate-limit traffic it determines to be malicious or abusive, without notice.
You must not conduct port scanning, network sweeping, or packet interception targeting systems or networks that you do not own or have explicit written authorisation to test. Scanning activity originating from Vatora-connected infrastructure or leased IP space will be treated as a breach of this AUP.
You must not use Vatora services or leased IP space to send unsolicited bulk email (spam), unsolicited commercial messages, or any communications that violate the UK Privacy and Electronic Communications Regulations (PECR) or equivalent legislation. This includes operating open mail relays, sending messages with forged or misleading headers, or using Vatora-connected resources to harvest email addresses.
You must not deliberately consume bandwidth or network resources in excess of your contracted allocation in a manner that materially impairs service quality for other customers. Vatora may apply fair-use controls or rate limiting where overconsumption is detected.
This section applies to all Vatora storage products, including S3-compatible object storage, NVMe block volumes, SAN-attached storage, and cold archive storage. Because these services grant customers direct read and write access to stored data, customers bear responsibility for the content they introduce.
You must not store, upload, or retain any content that is unlawful in England and Wales or in the jurisdiction in which it is accessed. This includes without limitation: child sexual abuse material (CSAM), content that incites violence or terrorism, material that infringes third-party intellectual property rights, malware, exploit kits, ransomware payloads, phishing assets, or content prohibited under the Online Safety Act 2023.
You must not use Vatora storage services as a distribution point for spam, phishing pages, malware, unlicensed media, or any other prohibited content, including by making object storage buckets or file paths publicly accessible for such purposes.
You must not exceed your contracted storage allocation in a manner that impairs service availability. Vatora may apply hard limits or suspend write access where storage consumption significantly exceeds contracted capacity.
Cold archive carries a minimum storage commitment of 1 TB and a minimum duration of 90 days. You must not use cold archive to retain data that you are legally obligated to delete, or to circumvent a data subject's rights under applicable data protection law. See our Data Retention Policy for further detail.
SAN storage accessed via iSCSI must be used only for legitimate workload purposes. You must not use SAN access to probe, enumerate, or interfere with storage infrastructure beyond your own allocated volumes.
This section applies where Vatora grants a customer direct database-level access to a managed MySQL, PostgreSQL, or MariaDB instance. Vatora retains responsibility for the underlying infrastructure, operating system, and database engine. The customer is responsible for the content of and queries against their database.
You must not store any unlawful content in a Vatora-managed database, including but not limited to CSAM, data that facilitates fraud or identity theft, or data you do not have the legal right to hold.
You must not attempt to access, enumerate, or read data belonging to other customers. Any query or connection attempt that targets resources outside your own database instance will be treated as a serious breach of this AUP and may be referred to law enforcement under the Computer Misuse Act 1990.
You must keep database credentials — including usernames, passwords, and connection strings — secure and must not share them with unauthorised parties. If credentials are compromised, you must rotate them immediately and notify Vatora at [email protected].
You must not use your database connection to conduct network reconnaissance, port scanning, or any activity intended to probe systems beyond the database environment. Queries must be used solely for legitimate data management purposes consistent with your service agreement.
The following restrictions apply across all Vatora services through which content may be stored or transmitted:
You must not store, transmit, publish, or distribute content that is unlawful in England and Wales or in the jurisdiction in which it is received, including CSAM, content inciting violence or terrorism, or content prohibited under the Online Safety Act 2023.
You must not use Vatora services to host or distribute malware, ransomware, spyware, exploit kits, phishing pages, or any software or code designed to cause harm, gain unauthorised access, or deceive end users.
You must not store or distribute content that infringes the copyright, trademark, patent, trade secret, or other intellectual property rights of any third party. Vatora will respond to valid intellectual property notices under applicable law, including the UK Digital Economy Act 2017.
You must not store or distribute content that is defamatory, harassing, threatening, or abusive towards any individual or group, or that constitutes hate speech under the Public Order Act 1986 or equivalent legislation.
Because Vatora fully manages all server and hosting infrastructure, customers' security obligations are focused on the services and credentials to which they have direct access: the customer portal, storage services, database connections, and API integrations.
You must keep all access credentials — including portal passwords, storage API keys, database credentials, and service tokens — confidential and must not share them with unauthorised parties. If any credential is compromised, rotate it immediately and notify Vatora at [email protected].
If you discover a security vulnerability in Vatora's own infrastructure or systems, please report it in accordance with our Responsible Disclosure Policy. You must not exploit or publicly disclose a vulnerability before Vatora has had a reasonable opportunity to remediate it.
You must notify Vatora promptly — and in any event within 24 hours — upon becoming aware of any security incident, suspected data breach, or compromise affecting Vatora infrastructure or that may affect other customers. Contact: [email protected].
Where you grant third parties access to your Vatora services — including storage buckets, database instances, or portal accounts — you remain responsible for ensuring those parties comply with this AUP. Vatora will treat a breach by a third party as a breach by the Customer.
Vatora takes breaches of this AUP seriously. Our response will be proportionate to the nature and severity of the breach, but we reserve the right to act immediately where the integrity of our infrastructure, other customers, or third parties is at risk.
Vatora may suspend access to any or all services immediately and without prior notice where a breach of this AUP is suspected or confirmed, or where continued service delivery poses a material risk. This includes active DDoS attacks from leased IP space, malware distribution via storage, CSAM, or active exploitation of database access.
Vatora may terminate the Customer's service agreement without liability where a serious or repeated breach has occurred. Customer data will be handled in accordance with our Data Retention Policy and the Terms of Service.
Where abusive traffic originates from or is routed through a Customer's leased IP space or any other Vatora-connected resource, Vatora may apply null routing, traffic filtering, rate limiting, or upstream firewall rules without notice.
Where Vatora reasonably suspects illegal activity has occurred, it may refer the matter to relevant authorities including the National Crime Agency, or other competent bodies, and may disclose Customer information as required by law.
Where a Customer's breach of this AUP results in costs to Vatora — including incident response, third-party claims, upstream provider penalties, or regulatory fines — Vatora reserves the right to recover those costs from the Customer.
If you become aware of any activity that may constitute a breach of this AUP — whether originating from a Vatora customer, from Vatora infrastructure, or targeting Vatora systems — please report it:
Email: [email protected]
NOC: [email protected]
Please include timestamps, IP addresses, affected subnets or storage buckets, log excerpts, and a description of the activity. We investigate all credible reports promptly.
Vatora may update this AUP from time to time. Where a revision is material, we will provide at least 14 days' notice before it takes effect. The current version is always available at vatora.uk/acceptable-usage-policy.
This AUP is governed by the laws of England and Wales. The courts of England and Wales shall have exclusive jurisdiction over any dispute arising from it.
Vatora Limited is registered with the Telephone Preference Service (TPS). Unsolicited telephone marketing directed at Vatora Limited or its staff is unlawful under the Privacy and Electronic Communications Regulations 2003 and should not occur.
