Start Your Website Today with AquaHost — Only ₹30/month Professional Hosting Made Affordable Free SSL Certificate Indian Datacenter Singapore Datacenter Finland Datacenter Start Your Website Today with AquaHost — Only ₹30/month Professional Hosting Made Affordable Free SSL Certificate Indian Datacenter Singapore Datacenter Finland Datacenter
Home
Register Offers
Policy & Compliance

VPS Server Policy

Clear operating rules for refunds, acceptable use, security, abuse handling, and legal compliance across Aquahost VPS services.

As part of our commitment to providing reliable and secure VPS hosting services, Aquahost maintains the following policies to protect service quality, infrastructure integrity, and the interests of all users on our network.

1 Mandatory KYC, Identity Verification & Regulatory Compliance Policy

In accordance with applicable Indian cyber laws, intermediary compliance obligations, digital infrastructure security requirements, anti-fraud standards, and lawful data-retention expectations applicable to hosting and internet infrastructure providers, Aquahost maintains a strict mandatory Know Your Customer (KYC) verification framework for VPS, cloud, dedicated server, and related infrastructure services.

Over the past several years, Indian regulatory authorities and cybersecurity agencies have strengthened compliance expectations for hosting providers, VPS operators, cloud service companies, and internet intermediaries due to increasing incidents involving phishing, ransomware, online fraud, financial scams, botnet abuse, identity theft, cyberterrorism, spam operations, and anonymous misuse of server infrastructure.

The following legal and regulatory frameworks form part of the compliance basis under which identity verification and customer traceability requirements may apply to infrastructure providers and digital intermediaries operating in India:

  • Information Technology Act, 2000 (India): The Information Technology Act, 2000, together with subsequent amendments, establishes the legal framework governing electronic communications, cyber offences, intermediary responsibilities, digital records, unlawful online activities, and cybercrime investigation cooperation within India.
  • Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021: Introduced in 2021 under the IT Act, these rules strengthened due-diligence and compliance expectations for intermediaries, digital platforms, and online service providers, including obligations related to lawful cooperation, grievance handling, traceability support, abuse prevention, and removal of unlawful content where applicable.
  • CERT-In Directions – 28 April 2022: In 2022, the Indian Computer Emergency Response Team (CERT-In), operating under the Ministry of Electronics and Information Technology (MeitY), issued cybersecurity directions under Section 70B of the Information Technology Act. These directions introduced stricter compliance expectations for VPS providers, cloud service providers, VPN providers, and data-center-related entities regarding customer information collection, log retention, incident reporting, and cyber incident cooperation.
  • CERT-In Log Retention & Customer Information Requirements: Under the 2022 CERT-In Directions, service providers including VPS and cloud infrastructure providers may be required to maintain validated customer information, contact details, IP allocation records, timestamps, ownership records, and related technical logs for cybersecurity investigation and lawful tracing purposes.
  • Digital Personal Data Protection Act, 2023 (DPDP Act): India’s DPDP Act, introduced in 2023, establishes obligations regarding lawful processing, handling, storage, protection, and security of personal data. Aquahost processes customer verification data with reasonable security safeguards and restricted internal access controls.

In order to comply with these evolving cybersecurity and regulatory obligations, Aquahost requires customers purchasing VPS, dedicated servers, cloud infrastructure, proxy-related services, or other high-risk internet infrastructure services to complete identity verification before full activation or continued use of services.

  • Mandatory verification before service usage: Customers may be required to complete KYC verification using government-issued identification documents before services are provisioned, activated, or renewed.
  • No anonymous infrastructure usage: Anonymous usage of VPS or server infrastructure using fake names, temporary identities, forged documents, manipulated records, or concealed ownership details is strictly prohibited.
  • Government-authorized verification systems: Aquahost may perform identity validation using secure government-authorized APIs, compliance-certified verification systems, fraud-detection tools, selfie verification systems, address validation systems, or related regulated verification providers.
  • Customer data protection and privacy: KYC information submitted by customers is processed through encrypted systems and handled only for compliance, fraud prevention, abuse mitigation, cybersecurity investigation, lawful verification, and operational security purposes.
  • Restricted access to verification data: Customer verification documents are accessible only to authorized compliance personnel and are not publicly disclosed except where disclosure is required under lawful governmental, regulatory, judicial, or law-enforcement processes.
  • False information and forged documents: Submission of fake, altered, stolen, misleading, unverifiable, or forged KYC documents shall constitute a material violation of Aquahost policies and may result in immediate suspension or permanent termination without refund.
  • Suspension for non-compliance: Aquahost reserves the right to restrict, suspend, hold, or terminate services where KYC verification is incomplete, rejected, unverifiable, inconsistent, suspicious, or intentionally concealed.
  • Cybercrime and legal cooperation: Aquahost may preserve technical logs, IP allocation records, timestamps, verification records, abuse reports, and related service information for cybersecurity investigation, fraud prevention, CERT-In compliance, lawful requests, court orders, subpoenas, or cooperation with competent government authorities and cybercrime investigation agencies.

By purchasing or using Aquahost VPS, cloud, proxy, or dedicated infrastructure services, customers acknowledge and agree that identity verification and KYC compliance form a mandatory legal and operational requirement under applicable cybersecurity, intermediary, anti-fraud, and regulatory compliance frameworks.

2 Refund Policy

Our refund policy is designed to remain transparent while accounting for provisioning and infrastructure costs.

  • No refunds after activation: Once a VPS is provisioned and activated at the datacenter, refund requests will not be accepted because server resources are immediately allocated and reserved.
  • 7-day review window for new orders: New customers may request a refund within 7 days of initial purchase only if the service has not yet been activated.
  • Non-refundable add-ons: Domain registrations, SSL certificates, software licenses, setup fees, and dedicated IP addresses are non-refundable once purchased or assigned.
  • Service credits: In exceptional cases, Aquahost may issue service credits at its sole discretion instead of a cash refund.
  • Prepaid billing: All VPS services are billed in advance, and no partial refunds are issued for unused time in an active billing cycle.
  • TOS/AUP violations: Refunds will not be issued for accounts suspended, terminated, or restricted for policy violations.

For any billing concern, please contact our billing team with full order details before service activation.

3 Acceptable Use Policy (AUP)

Customers must use VPS services lawfully, responsibly, and in a way that does not disrupt other users, networks, or third-party systems. Common AUP standards across hosting providers prohibit phishing, fraud, malware, spoofing, scanning abuse, spam, and harmful deception. [web:438][web:433][web:434]

  • Illegal, fraudulent, abusive, deceptive, or harmful activity is strictly prohibited.
  • Hosting or distributing pirated software, exploit kits, malware, ransomware, spyware, botnet infrastructure, phishing kits, or scam content is not allowed.
  • Port scanning, packet sniffing, interception, spoofing, brute-force attempts, unauthorized intrusion testing, and vulnerability probing without written authorization are prohibited.
  • Sending spam, phishing emails, scam messages, or running misleading pages intended to steal credentials, payment data, or personal information will result in immediate action.
  • DoS/DDoS attacks, amplification activity, abusive proxying, anonymization for malicious use, and traffic patterns that threaten upstream stability are prohibited.
  • Customers must comply with Indian law and the laws applicable in the server jurisdiction, along with all lawful directions from competent authorities.

4 Resource Usage Policy

To maintain fair and stable performance, all VPS plans must operate within their allocated technical limits.

  • CPU usage must not exceed 90% on a sustained basis for more than 15 consecutive minutes unless the plan specifically allows such load.
  • Memory, disk, and network usage must remain within the limits of the purchased plan.
  • Bandwidth overages, if applicable, may be billed at published rates or may require an upgrade.
  • Persistent resource abuse, noisy-neighbor behavior, or workloads that negatively affect the node or network may lead to throttling, suspension, or upgrade requests.

5 Security and Compliance

Security remains a shared responsibility between the customer and Aquahost.

  • Customers must keep operating systems, control panels, CMS software, and applications updated with current security patches.
  • Each VPS should use strong passwords, access controls, and a properly configured firewall.
  • Compromised, exploited, or abused services may be isolated, suspended, rate-limited, or blocked to protect the wider network.
  • Aquahost may take urgent protective action without prior notice where there is a credible security risk to infrastructure, upstream providers, or third parties.

6 Backups and Data Management

Unless explicitly included in a managed backup service, customers are responsible for protecting their own data.

  • Customers must maintain their own verified backups of websites, databases, applications, and server configurations.
  • We strongly recommend following the 3-2-1 backup principle for critical business data.
  • Backup storage consumption must remain within allocated limits or purchased quotas.
  • Aquahost is not liable for data loss caused by deletion, corruption, compromise, misconfiguration, ransomware, or customer-side operational failure.

7 Terms of Service

All VPS services are governed by Aquahost’s overall Terms of Service and related service policies.

  • Accounts must maintain valid contact, billing, and identity information.
  • Aquahost may update services, pricing, features, and policies with reasonable notice where applicable.
  • Failure to pay invoices on time may result in suspension, late fees, termination, or data removal in accordance with the service terms.
  • All billing, service, and compliance disputes should be raised through official support or billing channels.

8 Managed Server Policy

Managed VPS services are designed for customers who want infrastructure oversight and operational support from our team.

  • We monitor core server health and assist with operating stability as covered under the purchased managed scope.
  • Security patches and maintenance tasks may be applied as part of the management plan.
  • We assist with common server-side troubleshooting, service availability checks, and baseline hardening.
  • Managed support applies to the covered server environment and does not automatically include custom development, third-party code debugging, or application-level business logic issues unless explicitly agreed.

9 Unmanaged Server Policy

Unmanaged VPS plans give customers full control, but full responsibility also remains with the customer.

  • Aquahost provides infrastructure availability and node-level service, while server administration remains the customer’s responsibility.
  • Customers are responsible for server setup, software installation, updates, firewall rules, security controls, and application troubleshooting.
  • Support on unmanaged services is generally limited to network reachability, virtualization layer issues, and hardware-related concerns where applicable.
  • If customers require operating system, panel, security, migration, or application assistance, they may purchase managed support separately.

10 Legal and Ethical Usage Policy

Aquahost provides hosting infrastructure only and does not authorize, support, or participate in unlawful, harmful, or unethical use of VPS services.

  • Customers are solely responsible for the content, traffic, software, communications, and activities originating from their VPS instances.
  • Use of our infrastructure for cybercrime, fraud, impersonation, unauthorized interception, financial abuse, unlawful scraping, credential theft, or deceptive operations is strictly prohibited.
  • Aquahost shall not be responsible for any civil, criminal, regulatory, or contractual consequences arising from a customer’s misuse of services.
  • Where misuse is detected or credibly reported, we may suspend, restrict, null-route, investigate, or terminate the service without refund.

11 Abuse, Phishing, Fraud & Legal Cooperation Policy

Hosting providers commonly prohibit phishing, fraud, forged origin data, monitoring without permission, password theft, and other deceptive or harmful activity, and they may investigate abuse reports or act when required by law. Formal legal requests for customer data or preservation are generally expected to come through valid legal process. [web:438][web:440][web:448]

  • Zero tolerance for phishing and fraud: Any use of VPS services for phishing pages, fake payment portals, impersonation, credential harvesting, OTP theft, card fraud, mule activity, scam call-back panels, malware delivery, or similar abuse is strictly prohibited.
  • Abuse report handling: Aquahost may review abuse complaints received from users, providers, cybersecurity organizations, rights holders, registries, law enforcement, or government agencies, and may request explanations, logs, screenshots, identification, or remediation steps from the customer. [web:440][web:443]
  • Immediate protective action: If activity appears malicious, unlawful, or dangerous to the network, we may suspend the VPS, disable services, block ports, remove routes, preserve logs, or restrict access without prior notice. [web:433][web:438]
  • Cooperation with authorities: Aquahost may cooperate with lawful requests, investigations, preservation notices, court orders, subpoenas, cybercrime cells, CERT-related matters, and other competent government or law-enforcement processes as required by applicable law. [web:440][web:448]
  • No provider liability for misuse: Aquahost acts solely as an infrastructure provider. Customers remain fully and solely responsible for all data, content, emails, software, transactions, and actions originating from their service.
  • Customer indemnity and responsibility: If a customer misuses the service, the customer bears responsibility for all resulting claims, notices, penalties, takedowns, investigations, damages, and legal consequences arising from that misuse.
  • False information or concealment: Providing false KYC/contact details, hiding ownership, rotating phishing domains, evading abuse controls, or attempting to conceal origin may itself be treated as a material policy violation. [web:438][web:433]

Aquahost reserves the right to preserve relevant service records, logs, ticket history, and technical evidence for abuse investigation, internal review, or lawful disclosure where required.