Skip to content

Acceptable Use Policy (AUP)

Version 1.0 · effective from 2 May 2026

This Acceptable Use Policy ("AUP") supplements the Terms of Service and sets out what we expect of you as a Client when using the DataNostro Service and what, by contrast, is not permitted.

The aim of the AUP is to protect the infrastructure, other clients, and end users from abuse — not to restrict legitimate business use. If you're unsure whether a particular use case is acceptable, contact us in advance at [email protected].

1. What the Service may be used for

The DataNostro Service is intended for:

  • Server-side measurement and attribution of traffic on your own websites.
  • Routing tracking events to legitimate marketing and analytics platforms (GA4, Meta CAPI, Google Ads, Sklik, TikTok, etc.).
  • IP anonymization, click ID restoration, server-side cookie persistence, and other common server-side modifications of tracking data.
  • Implementing Consent Mode, GDPR-compliant tracking, and related privacy enhancements.

2. What is expressly prohibited

2.1 Illegal content and activities

  • Running tracking for sites with illegal content (unlicensed drugs, illegal weapons, child pornography, terrorism, fraudulent financial services, illegal gambling outside licensed jurisdictions).
  • Infringing the copyrights, trademarks, or other intellectual property rights of third parties.
  • Operating phishing, scam, or otherwise fraudulent sites.

2.2 Security and infrastructure abuse

  • Distributing malware, ransomware, spyware, ad-fraud click farms, or other malicious code through the Container.
  • Attempting to bypass security mechanisms or gain unauthorized access to the DataNostro admin interface or to other clients' data.
  • Performing penetration tests, vulnerability scanning, fuzzing, or other security testing against our infrastructure without prior written consent (contact: [email protected]).
  • Using the Container as a proxy / security bypass to route traffic that doesn't belong to legitimate measurement of your own site.
  • Generating artificial or automated traffic to manipulate metrics (typically to deceive advertising partners, influence CPC bids, or commit fraud).

2.3 Spam and harassment

  • Sending spam through endpoints configured in the Container (typically a webhook with an email payload directed at a third party).
  • Using client accounts within your Plan for Clients who themselves violate the AUP.

2.4 Privacy and personal data protection

  • Setting up tracking without valid end-user consent (where GDPR + ePrivacy require it).
  • Sending special categories of personal data into the Container (Art. 9 GDPR — health data, biometrics, data on sexual orientation) without prior written consent from DataNostro and without meeting the special legal requirements.
  • Publishing or sharing DataNostro credentials or API keys publicly (on GitHub, forums, blogs).

2.5 Infrastructure load

  • Generating sustained traffic exceeding the limit of your chosen Plan by more than 200% (even accounting for the overage fee). On reaching 300% of the limit, we reserve the right to suspend the Service until the next billing period.
  • Intentionally causing outages or service degradation for other clients (e.g. by flooding shared resources).

3. Consequences of violations

When an AUP violation is identified, we act proportionately to its severity:

  1. Minor violation (e.g. an oversight, a one-off traffic spike): we contact the Client by email and give them 7 days to remedy it.
  2. Serious violation (e.g. malware distribution, phishing, a repeated minor incident): immediate suspension of the Service (the Container stops serving Requests) and a demand for remedy within 48 hours. If the Client doesn't respond in that time, the contract is terminated.
  3. Critical violation (illegal content under Art. 2.1, a coordinated attack on the infrastructure, distribution of CSAM): immediate termination of the contract with no notice period, and reporting to law enforcement authorities under the applicable laws.

On termination of the contract for an AUP violation, the Client has no right to a refund of prepaid fees. DataNostro is entitled to claim compensation for demonstrably incurred damages (legal costs, clean-up, reputational damage).

4. How to report abuse

If you believe a DataNostro Container is being used for activities that breach the AUP, contact us at [email protected]. We investigate every report within 5 working days. Thank you.

For security vulnerabilities (responsible disclosure) use [email protected].

5. Changes to the AUP

We may update the AUP. We'll notify you of substantial changes by email 30 days before they take effect. The date of the last revision is in the header of this document.

Effective from 2 May 2026 · Version 1.0