Yovale acceptableuse policy

This AUP binds every Customer of the Yovale Service, every person who accesses the Service through a Customer account, and every individual who interacts with a Customer Site hosted by the Service.

Customers are responsible for the conduct of users they grant access to their Customer Sites and for the content those users publish through those sites.

This AUP supplements the Yovale End User License Agreement. A breach of this AUP is a breach of the End User License Agreement.

Where this AUP conflicts with the End User License Agreement on a question of acceptable use, this AUP prevails to the extent of the conflict.

Content that is illegal under the laws of the jurisdiction in which the Customer or the targeted audience is located, including but not limited to: child sexual abuse material; content that promotes, depicts, or facilitates terrorism; content that depicts non-consensual violence; and content that violates intellectual-property rights of third parties.

Yovale will report content of this kind to law-enforcement authorities where required and will cooperate fully with any related investigation.

Distribution of viruses, worms, trojans, ransomware, cryptominers running on visitor browsers without disclosure, or any other malicious code.

Hosting of phishing pages, including pages that impersonate legitimate brands to harvest credentials, payment data, or personal information.

Hosting infrastructure for fraudulent commerce, fake support call centres, or schemes designed to defraud third parties.

Content that incites violence or harassment against individuals or groups on the basis of race, ethnicity, religion, disability, sexual orientation, gender identity, or other protected characteristics.

Content that constitutes harassment, stalking, doxxing, or threats of physical harm against identified individuals.

Adult and pornographic content is not prohibited per se, but is permitted only on sites that comply with the age-verification, performer-consent, and recordkeeping requirements of the jurisdictions in which the Customer is established and in which the targeted audience is located.

If you intend to operate an adult site on the Service, notify Yovale at compliance@yovale.com before launch so any necessary additional steps can be agreed.

Launching denial-of-service attacks against third parties from any Customer Site, server, or account.

Operating open relays, open proxies, or open recursive resolvers used to amplify attacks.

Conducting unauthorised port scans, vulnerability scans, or penetration tests against third parties.

Sending bulk unsolicited commercial email, SMS, or other messages using the Service or in any way that points back to a Customer Site.

Operating list-rental, scraped-list, or purchased-list mailing programs through any SMTP provider configured against a Customer Site.

Hosting infrastructure that supports a third-party spam operation, including click-tracking, redirect chains, or signup-confirmation handling for such operations.

Sharing or reselling Yovale Service access without an authorised reseller arrangement.

Using the Service to brute-force credentials of third parties or to launch credential-stuffing attacks.

Circumventing Yovale's access controls, security measures, billing controls, or plan limits.

Operating multiple accounts to exceed plan limits or to avoid suspension actions previously taken against a Customer.

Running cryptocurrency mining workloads on the server-side compute provided by the Service.

Embedding browser-based mining scripts in Customer Sites without explicit, informed visitor consent. Even with consent, browser mining must comply with applicable consumer-protection law.

Each plan publishes its CPU, memory, storage, and request-rate ceilings. Customer Sites that consistently operate at or above plan ceilings should upgrade to a plan that matches their actual usage.

Short-lived spikes — flash sales, traffic from a viral post, a single load test — are not considered abuse, even where they briefly exceed plan limits, provided the Customer Site returns to within the plan's ceilings within a reasonable window.

Sustained operation above plan limits beyond a 7-day rolling window without a plan upgrade may result in throttling and, on continued breach, suspension.

WordPress cron jobs, scheduled posts, WP-CLI tasks, and similar background work are part of normal operation and counted within plan limits.

Long-running background jobs unrelated to a Customer Site's published purpose — for example, video transcoding pipelines, data-scraping crawlers, scientific computation — are not permitted on shared infrastructure. If you need this kind of workload, contact Yovale to discuss the bring-your-own-server option.

Bandwidth allowances are published per plan. Cloudflare's edge caching covers most static traffic at no incremental cost; cache-busting query strings, large unoptimised media, or sustained bot traffic outside the AI-bot allow list can shift bandwidth into the priced tier.

Yovale will notify the Customer through the dashboard before bandwidth-related charges apply and will work with the Customer to identify the source of the traffic.

The Customer is responsible for keeping account credentials and WP-admin credentials confidential. Notify Yovale promptly at support@yovale.com of any suspected compromise so the credentials can be reset.

Two-factor authentication, where supported by the Service, should be enabled on every account with administrative access.

Customers should keep WordPress core, themes, and plugins up to date. Yovale auto-applies core security patches on managed sites; theme and plugin updates remain under Customer control.

Customers should remove unused themes and plugins. Unmaintained third-party plugins are a common source of intrusion and may, on discovery of a known vulnerability, be disabled by Yovale with notice to the Customer.

If Yovale notifies a Customer of a confirmed security issue on a Customer Site — for example, a defaced page, an injected webshell, or an outbound spam campaign — the Customer must address the issue within the timeframe stated in the notice.

Failure to remediate within the stated timeframe may result in the Customer Site being temporarily taken offline to protect other Customers and the wider internet.

For low-severity issues, Yovale typically issues a written warning describing the issue and a reasonable timeframe for resolution.

For repeated or moderate-severity issues, Yovale may throttle the affected Customer Site, restrict specific features, or temporarily suspend the Site pending resolution.

For severe issues — including any of the prohibited-content or network-abuse categories above — Yovale may suspend or terminate the affected Customer Site and the underlying account immediately, with notice given as soon as is operationally and legally feasible.

Yovale will cooperate with valid legal process, including subpoenas, court orders, and law-enforcement requests, in accordance with the Privacy Policy and applicable law.

Where lawful, Yovale will give the Customer advance notice of any response to legal process so that the Customer can take independent legal advice or seek to challenge the process.

Reports of AUP violations — phishing, spam, malicious content, copyright infringement, network abuse — can be sent to abuse@yovale.com.

Reports should include a description of the issue and supporting evidence (URLs, message headers, log excerpts) where available. Yovale acknowledges abuse reports within 5 business days and prioritises investigation based on severity.

Yovale may update this AUP from time to time to reflect changes in the legal environment, observed abuse patterns, or operational practice.

Material updates will be announced through the Yovale dashboard and customer email at least 30 days before they take effect.

Abuse reports: abuse@yovale.com. Compliance enquiries: compliance@yovale.com. General Customer support: support@yovale.com.