Acceptable Use Policy

1. Prohibited uses

You must not use CloudGPU, or any compute resource obtained through CloudGPU, for any of the following activities. Violations may result in immediate account suspension without refund and, where appropriate, referral to law enforcement.

1.1 Illegal activity

Any activity that is illegal under (a) the laws of the jurisdiction where the underlying GPU hardware is located (mainland China / Hong Kong SAR), (b) the laws of your own jurisdiction, or (c) applicable international law.

1.2 Weapons development

Development, design, testing, or manufacture of conventional, nuclear, chemical, biological, or radiological weapons, or the missile or drone systems that carry them. This includes computer-aided design of weapon components and computational modelling of weapon performance.

1.3 Sanctioned military end-use

Any use supporting the military, intelligence, or defence-industrial activities of entities subject to a United Nations, OFAC, EU, UK, or HKSAR sanctions programme.

1.4 Terrorism & violent extremism

Planning, supporting, inciting, or executing acts of terrorism or serious violence, including propaganda glorifying terrorist organisations or designed to recruit for them.

1.5 Child sexual abuse material (CSAM)

Generating, hosting, storing, transmitting, fine-tuning on, or otherwise handling child sexual abuse material. Zero tolerance. We will ban accounts without notice, preserve evidence, and report to the National Center for Missing & Exploited Children (NCMEC) or the equivalent authority in the jurisdiction with strongest enforcement reach.

1.6 Non-consensual intimate imagery & identity abuse

Creating or distributing sexually explicit deepfakes of real persons without their consent, non-consensual intimate imagery of any kind, or deepfakes intended to harass, defame, impersonate, or defraud a specific person.

1.7 Cybercrime

Developing, distributing, or operating malware, ransomware, spyware, credential stealers, exploit kits, or command-and-control infrastructure. Conducting DDoS attacks, credential stuffing, port scanning, phishing, or network intrusion.

1.8 Large-scale copyright infringement

Training models on datasets you do not have rights to use, distributing pirated content at scale, or running systems whose primary purpose is circumventing digital rights management (DRM).

1.9 Sanctions evasion

Evading or enabling others to evade sanctions imposed by any country or international body. Providing compute to sanctioned entities, or routing compute to or through sanctioned jurisdictions.

1.10 Cryptocurrency mining & proof-of-work

Any proof-of-work computation, including cryptocurrency mining. Our unit economics do not support this workload; accounts will be suspended on detection.

1.11 Mass fraudulent content

Mass generation of misleading or deceptive content: spam, phishing pages, fake product reviews, fake news articles, astroturfing campaigns, or content designed to manipulate elections or public debate by misrepresenting the identity of the speaker.

1.12 Scraping personal data of real individuals

Compiling or publishing databases of real individuals' personal information (names, addresses, phone numbers, government ID numbers, biometric data) without a clear lawful basis and the individuals' consent.

2. Restricted technologies

The following uses are not prohibited outright but require the user to ensure their own legal compliance, including any licensing, certification, registration, or third-party-consent obligations in their jurisdiction. CloudGPU is a general-purpose compute provider and does not certify workloads as safe or compliant for these uses.

• Large-scale face recognition. Public-space surveillance or population-scale face matching carries significant legal risk (e.g. GDPR Article 9, US state biometric laws, PIPL).
• Credit scoring or social scoring. Systems that make or materially inform decisions about an individual's access to credit, housing, employment, or public benefits.
• Medical diagnosis or treatment decisions. In most jurisdictions these require regulatory certification (FDA, CE-MDR, NMPA, etc.). CloudGPU has not obtained any such certification.
• Automated financial trading. Compliance with local securities and commodities laws is your responsibility.
• Lethal autonomous systems of any kind. Requires explicit written authorisation from CloudGPU, which we will not grant without government-sanctioned end-use certification.

3. Sanctions compliance

By registering for or using CloudGPU you represent and warrant, each time you access the Service, that:

• You are not located in, a resident of, or connecting from North Korea (DPRK), Iran, Syria, Cuba, or the Crimea, so-called Donetsk People's Republic, or so-called Luhansk People's Republic regions of Ukraine.
• You are not listed on, or owned 50% or more by parties listed on, the US OFAC SDN list, the EU consolidated sanctions list, the UK HMT sanctions list, or the UN Security Council consolidated list.
• You are not acting on behalf of, or for the benefit of, any sanctioned person or entity.
• You will not use CloudGPU to export controlled technology or services to any destination for which you are not separately authorised.

CloudGPU uses IP-based geolocation and network metadata to enforce these representations. IP blocks may be imperfect; circumvention (VPN, residential proxy, etc.) does not cure a sanctions violation and will result in termination.

4. Your data handling obligations

When you process personal data using CloudGPU:

• You act as the data controller (or its equivalent) under GDPR, PIPL, CCPA, or similar regimes. CloudGPU acts as a compute / infrastructure processor for your chosen workload only.
• You must have a lawful basis for processing any personal data you upload or generate.
• You must obtain explicit consent when processing the personal data of individuals under 13 (or under 16 in GDPR jurisdictions).
• You must not use CloudGPU to process "special category" data (health, biometric, sexual orientation, political opinion, etc.) unless you have a specific lawful basis and reasonable technical controls.
• You are responsible for notifying affected individuals and regulators of any personal-data breach that occurs on your instance; CloudGPU will assist with forensic data where legally required.

5. Enforcement

CloudGPU reserves the right to:

• Suspend or permanently terminate any account we reasonably believe is in violation of this AUP, immediately and without refund.
• Preserve and disclose account data and logs pursuant to valid legal process from a competent authority.
• Retain audit and security logs for up to twelve (12) months for the purpose of compliance investigation, after which they are routinely deleted or anonymised.
• Cooperate proactively with law-enforcement agencies regarding CSAM, imminent threats to life, and sanctions violations, even without a formal legal demand, where permitted by the laws of the relevant jurisdiction.

We will, where legally permitted, notify affected users of a data-disclosure request. We will challenge requests we believe are unlawful or disproportionate. We may publish an aggregated transparency report once the user base is large enough for aggregation to be meaningful.

6. Reporting violations

If you believe another user is violating this AUP, or if you encounter CSAM, a terrorism-related use, or a serious sanctions violation, please email abuse@cloudgpu.app. Please include: (a) the nature of the abuse, (b) the URL or service URL involved, (c) the timestamp in UTC, and (d) any supporting screenshots. We aim to triage abuse reports within 24 hours.

7. Updates to this AUP

We may update this AUP from time to time. The version number and last-updated date at the top of this page reflect the currently-effective version. Material changes will be announced by email to registered users with at least 14 days' notice. Continued use of the Service after the effective date constitutes acceptance of the updated AUP.

8. Contact

General questions: support@cloudgpu.app. Abuse reports: abuse@cloudgpu.app.