Drydock Acceptable Use Policy

This Acceptable Use Policy (“AUP”) governs your use of the services provided by Drydock Labs, Inc. (“Drydock”, “we”, “us”) and is incorporated by reference into the Drydock Terms of Service. Capitalized terms not defined here have the meanings given in the Terms of Service.

We may update this AUP at any time. Material changes will take effect 14 days after they are announced in the dashboard or by email.

1. You are responsible for what runs on your VM

You are granted root access to the virtual machines you provision. You — not Drydock — are responsible for everything that runs on those VMs, including all software, content, and network traffic, whether you put it there yourself or allowed someone else to.

2. Prohibited content

You may not use the Service to host, store, transmit, or distribute content that:

• is illegal under applicable U.S. federal law or the laws of your jurisdiction;
• depicts, promotes, or facilitates the sexual exploitation or abuse of minors (CSAM) — we will report violations to the National Center for Missing & Exploited Children (NCMEC) and to law enforcement, and will preserve evidence as required by law;
• promotes, incites, or threatens violence, terrorism, or imminent harm to others;
• infringes the intellectual property, privacy, publicity, or other rights of any third party;
• is fraudulent, deceptive, or part of a phishing, pharming, or impersonation scheme;
• is defamatory, harassing, or constitutes targeted abuse.

3. Prohibited activities

You may not use the Service, and may not allow your VMs or accounts to be used, to:

Network and system abuse

• conduct or facilitate denial-of-service or distributed-denial-of-service (DoS/DDoS) attacks, reflection or amplification attacks, or volumetric flood attacks against any system, including third-party systems;
• scan, probe, or test the vulnerability of any system or network without explicit written authorization from its owner;
• circumvent or attempt to circumvent any authentication, rate-limit, or access control on any system you do not own;
• gain or attempt to gain unauthorized access to any system, account, data, or network;
• run open mail relays, open recursive DNS resolvers, open proxies, or other services that can be abused as reflectors;
• intentionally introduce malware, ransomware, worms, rootkits, or other malicious software into any system or network;
• operate command-and-control infrastructure for botnets or malware.

Email and messaging abuse

• send unsolicited bulk email (spam), unsolicited commercial email, or any message that violates the U.S. CAN-SPAM Act or equivalent law in the recipient's jurisdiction;
• forge headers, sender addresses, or routing information in any message;
• harvest, scrape, or otherwise acquire email addresses or other contact information for the purpose of sending unsolicited messages.

Fraud and identity abuse

• run or assist any “make money fast” scheme, pyramid scheme, Ponzi scheme, high-yield investment program, or similar fraudulent operation;
• use the Service to commit financial fraud, payment fraud, or identity theft.

Resource abuse

• use the Service in a manner that causes a disproportionate or unreasonable load on the Service's underlying infrastructure or that interferes with the use of the Service by other Drydock customers;
• run cryptocurrency mining without prior written consent from Drydock;
• circumvent, defeat, or attempt to defeat any usage limits, billing meters, or anti-abuse controls.

Content distribution at scale

• operate large-scale public file-sharing, torrent tracker, torrent seeder, or warez distribution services;
• operate services whose primary purpose is to host or distribute infringing copies of copyrighted works.

4. Payment and account abuse

You may not:

• create accounts using stolen, fraudulent, or unauthorized payment instruments;
• create multiple accounts to evade suspension, termination, billing, or trial limits;
• chargeback, dispute, or reverse a payment for services that were actually delivered without first contacting legal@drydock.build to attempt resolution.

5. Sanctions and export control

You may not use the Service if you are located in, or are a national or resident of, any country or region subject to a comprehensive U.S. embargo (currently Cuba, Iran, North Korea, Syria, and the Crimea, Donetsk, and Luhansk regions of Ukraine), or if you are on the U.S. Department of the Treasury's Specially Designated Nationals list or any equivalent restricted-party list. You may not use the Service to provide services to any such person.

6. Reporting abuse

To report abuse, malware, spam, or other AUP violations originating from a Drydock IP address, email legal@drydock.build with:

• the source IP address or VM identifier (if known);
• the destination or victim, if applicable;
• timestamps in UTC;
• log excerpts, packet captures, or other evidence.

We acknowledge abuse reports within 1 business day. We may share your report with the customer responsible for the VM in question, redacted as appropriate.

7. Enforcement

If we determine, in our reasonable discretion, that you are violating this AUP, or if we receive a credible third-party complaint, we may take any of the following actions, with or without prior notice:

• contact you to investigate;
• throttle, rate-limit, or null-route traffic to or from the affected VM;
• suspend network access to the affected VM;
• suspend the affected account;
• terminate the Agreement;
• preserve and disclose evidence to law enforcement, copyright holders, or other affected parties as required by law or as we believe in good faith is appropriate.

We will generally try to give notice and an opportunity to remediate before suspension, but in cases involving CSAM, active attacks on third parties, legal process, or risk to the security or availability of the Service, we may act immediately and without notice. We are not required to issue refunds for periods during which the Service is suspended or terminated for an AUP violation.

8. Cooperation with law enforcement

We cooperate with valid legal process and, where required by law, with informal requests from law enforcement. We may preserve account data, network logs, or VM contents in response to a preservation request and may disclose information in response to subpoena, court order, or other valid legal process.

9. Questions

Questions about this AUP can be sent to legal@drydock.build.