Watasu
Get started
Legal

Acceptable Use Policy

Last updated: 2026-05-05

This Acceptable Use Policy (the “AUP”) applies to all use of the Watasu platform (the “Service”) provided by Watasu LTD (“Watasu”). It forms part of the Terms of Service and any breach is a material breach of the Terms.

The AUP is intended to keep the Service safe and reliable for all customers, comply with applicable law, and protect the integrity of the underlying infrastructure and our subprocessors’ networks.

1. Lawful use

You must use the Service in accordance with all applicable laws, including the laws of England and Wales, the law of your jurisdiction, and the law of any jurisdiction where your end users are located. You must not use the Service in furtherance of any unlawful activity.

2. Prohibited content and conduct

You must not use the Service to host, transmit, distribute, or facilitate:

Malicious software. Malware, ransomware, spyware, rootkits, keyloggers, exploit kits, command-and-control infrastructure, or any code or content designed to harm, disrupt, or gain unauthorised access to systems or data.

Phishing and fraud. Phishing pages, credential harvesting, fraudulent payment pages, deceptive impersonation of legitimate brands or services, or any content intended to deceive users into revealing information or transferring funds.

Spam and unsolicited communications. Unsolicited bulk email, SMS, or messaging; harvested address lists; mailing-list practices that breach the UK Privacy and Electronic Communications Regulations (PECR), the EU ePrivacy Directive, the US CAN-SPAM Act, or equivalent laws.

Child sexual abuse material (CSAM). Any content sexually exploiting or endangering minors. Such content is reported to the Internet Watch Foundation (IWF) and law enforcement immediately.

Content depicting non-consensual sexual activity, terrorism, or incitement to violence. Including content unlawful under the UK Terrorism Act 2006 or equivalent law.

Hate and harassment content. Content that constitutes unlawful hate speech, harassment, or incitement against protected groups under applicable law.

IP infringement. Material that infringes copyright, trademark, patent, trade secret, or other intellectual property rights, including pirated software, media, or game content.

Privacy violations. Material that unlawfully discloses personal data, doxxing material, or non-consensual intimate imagery.

Illegal goods or services. Marketplaces, listings, or content facilitating the sale of controlled substances, prohibited weapons, stolen goods, counterfeit currency, forged documents, or services that are illegal in the jurisdiction of operation.

Sanctions violations. Use that would breach UK, EU, or US sanctions, including provision of services to sanctioned persons, entities, or jurisdictions.

3. Network and platform abuse

You must not:

  • Probe, scan, or test the vulnerability of any system or network without authorisation;
  • Circumvent, interfere with, or attempt to defeat any security, authentication, or quota mechanism of the Service;
  • Reverse engineer, decompile, or disassemble the Service except to the limited extent permitted by law that may not be excluded by contract;
  • Use the Service in a manner that materially degrades the Service for other customers, including through resource exhaustion, runaway processes, or unreasonable retry storms;
  • Run open relays, open proxies, or other infrastructure that is likely to be abused by third parties;
  • Conduct denial-of-service attacks, traffic amplification attacks, or coordinated traffic floods against any third party from the Service;
  • Use the Service to participate in botnets or as a C2 endpoint for compromised systems.

4. Cryptocurrency and high-density compute

Cryptocurrency mining, including proof-of-work mining and on-platform staking workloads with disproportionate compute demand, is not permitted on standard plans. Such workloads are permitted only on plans or product features explicitly designated for high-density compute, where pricing reflects the resource profile.

5. Email and outbound traffic

If you send email through or from the Service, you must:

  • Only send to recipients who have provided lawful consent or have an existing business relationship with you that legally permits the communication;
  • Honour unsubscribe requests promptly and provide a working unsubscribe mechanism;
  • Configure SPF, DKIM, and DMARC for sending domains;
  • Comply with the policies of upstream email providers (including SendGrid where applicable);
  • Not send transactional email containing material that would be classified as marketing under UK PECR or EU ePrivacy without separate consent.

We may impose sending limits, require warm-up of new sending domains, or suspend outbound email at any time to protect platform deliverability.

6. Security responsibility

You are responsible for the security of the applications, dependencies, configurations, and credentials you deploy on the Service, including:

  • Keeping software and dependencies patched;
  • Managing access controls and rotating credentials;
  • Configuring application-level rate limiting and abuse mitigation;
  • Promptly remediating compromises affecting your workloads;
  • Reporting any suspected security incident affecting the Service to security@watasu.io.

You must not deploy applications you know or reasonably should know to be vulnerable to active mass exploitation in a way that endangers the platform.

7. Online Safety Act 2023 and customer-deployed services

Watasu is a platform-as-a-service provider and is not itself a “user-to-user service” or “search service” within the meaning of the Online Safety Act 2023 (the “OSA”). Where Customer deploys on the Service an application that meets the definition of a regulated service under the OSA (for example, a forum, social platform, messaging service, or search service with links to the United Kingdom), Customer is solely responsible for compliance with the OSA, including any obligations to carry out illegal-content and children’s-content risk assessments, implement age assurance, comply with codes of practice issued by Ofcom, and respond to information notices and enforcement action. Watasu will comply with lawful service restriction orders issued by Ofcom under section 92 of the OSA and will provide Customer with reasonable notice where lawful to do so.

8. Reporting abuse

To report abuse of the Service by a Watasu customer, email abuse@watasu.io with: the affected URL, IP address, or domain; the nature of the abuse; and any evidence (logs, headers, screenshots). We aim to acknowledge abuse reports within one business day.

9. Enforcement

Where we determine, in our reasonable judgement, that this AUP has been breached, we may, depending on severity:

  • Notify you and require remediation within a stated period;
  • Throttle, restrict, or partially disable the affected workload;
  • Suspend the affected workload or your account;
  • Terminate the Agreement for cause;
  • Report the matter to law enforcement, the IWF, or other competent authority;
  • Preserve relevant data in response to a lawful preservation request.

For severe and ongoing harm — including CSAM, active phishing campaigns, ongoing DDoS attacks originating from your workload, or active malware command-and-control — we may suspend or remove the offending content immediately, before notice. Where we act before notice, we will notify you as soon as reasonably practicable thereafter.

10. Changes

We may update this AUP from time to time to address new categories of abuse or to reflect changes in law or operational practice. Material changes will be communicated by email to account administrators with at least 30 days’ notice, except where a shorter period is necessary to address an urgent risk.

11. Contact