February 20, 2026

Acceptable Use Policy

This Acceptable Use Policy ("AUP") governs the use of the Service (including Suga Cloud and Connected Clusters) by Customer and its End Users. This AUP forms part of the Agreement between Customer and Suga. Capitalised terms used but not defined in this AUP have the meanings given to them in the Customer Agreement.

Suga may update this AUP from time to time by posting an amended version on our website. Customer is responsible for ensuring that its use of the Service, and all Customer Applications deployed through the Service, comply with the then-current version of this AUP at all times.

1 Prohibited Content

Customer must not, and must ensure that End Users do not, use the Service or Suga Cloud to host, deploy, store, process, distribute, transmit or otherwise make available any of the following:

1.1 Child Sexual Abuse Material

Any content that sexually exploits or endangers minors, including child sexual abuse material (CSAM), content that depicts minors in a sexual context or any content that facilitates the exploitation of minors. This prohibition is absolute and applies regardless of the legality of such content in any jurisdiction.

1.2 Terrorism and Violent Extremism

Content that promotes, incites, recruits for, provides material support for or provides instructions for terrorism, violent extremism or acts intended or likely to cause death, serious physical harm or injury to individuals or groups.

1.3 Non-Consensual Intimate Imagery

Non-consensual intimate imagery (NCII), including any intimate, sexual or explicit content depicting a person without their consent, whether real or synthetically generated (such as deepfakes).

1.4 Malicious Software and Code

Malware, viruses, worms, Trojan horses, ransomware, spyware, adware, rootkits, keyloggers, botnets, corrupted files, cryptojacking scripts or any other software, code or files of a destructive, malicious or deceptive nature.

1.5 Phishing and Credential Harvesting

Phishing pages, credential-harvesting tools, fake login pages or any other content, application or service designed to fraudulently obtain the personal information, authentication credentials or financial details of others.

1.6 Intellectual Property Infringement

Content or materials that infringe or misappropriate the Intellectual Property Rights of any third party, including in violation of the Digital Millennium Copyright Act (DMCA) or equivalent laws in any applicable jurisdiction.

1.7 Illegal Goods and Services

Content or applications that constitute, facilitate, promote or enable:

a. the sale, distribution or trafficking of controlled substances or illegal drugs;

b. the sale, distribution or trafficking of weapons, firearms, ammunition or explosives in violation of applicable law;

c. illegal gambling or unlicensed gambling operations;

d. the sale or distribution of counterfeit goods; or

e. any other illegal goods or services.

1.8 Hateful and Harmful Content

Content that promotes hatred, harassment, violence or discrimination against individuals or groups based on race, ethnicity, national origin, religion, gender, gender identity, sexual orientation, disability, age or any other protected characteristic.

1.9 Deceptive Content

Content that is intentionally false, misleading or deceptive and that is likely to cause harm, including content that impersonates another person or entity, fraudulent schemes or scams.

2 Prohibited Activities

Customer must not, and must ensure that End Users do not, use the Service or Suga Cloud to:

2.1 Illegal Activity

Engage in, promote, facilitate or encourage any activity that is illegal under applicable law or that violates or encourages the violation of the legal rights of others.

2.2 Cryptocurrency Mining

Conduct or facilitate cryptocurrency mining, blockchain validation, proof-of-work computation or similar resource-intensive computational activities, whether for digital currencies, tokens or any other purpose.

2.3 Spam and Unsolicited Communications

Generate, distribute, publish, send or facilitate spam, unsolicited mass email, unsolicited bulk messaging, promotions, advertisements or other unsolicited communications.

2.4 Unauthorised Access and Interference

a. Gain unauthorised access to, or attempt to gain unauthorised access to, any systems, networks, accounts, services, data or equipment, whether belonging to Suga, Suga's infrastructure providers, other customers or any third party.

b. Disrupt, degrade, impair, overload or interfere with the Service, Suga Cloud, or the infrastructure, systems, networks or equipment used to provide them.

c. Launch or facilitate denial-of-service attacks, distributed denial-of-service attacks, packet flooding or any similar attack against any target.

2.5 Security Circumvention

Circumvent, disable, tamper with or interfere with any security, authentication, filtering, rate-limiting, resource-limiting or access-control features of the Service or Suga Cloud.

2.6 Vulnerability Testing

Perform vulnerability testing, penetration testing, security scanning or similar assessments of the Service or Suga Cloud without Suga's prior written consent. Any authorised testing must be conducted in accordance with the scope and conditions specified by Suga.

2.7 Fraud and Deceptive Practices

Operate or facilitate pyramid schemes, Ponzi schemes, multi-level marketing schemes, advance-fee fraud or any other deceptive, misleading or fraudulent business practices.

2.8 Sanctions and Export Compliance

Operate services, process data or conduct activities in violation of applicable export control laws, economic sanctions, trade compliance laws or anti-money laundering regulations, including the laws and regulations administered by the United States Office of Foreign Assets Control (OFAC), the Australian Department of Foreign Affairs and Trade (DFAT) or any equivalent authority.

2.9 Resource Abuse

Deploy Customer Applications or workloads that consume infrastructure resources disproportionate to their legitimate purpose, that are designed to exhaust Suga Cloud resources or that adversely affect the performance or availability of Suga Cloud for other customers.

2.10 Open Proxies and Relays

Operate open proxies, open mail relays, open recursive DNS resolvers, anonymising services or Tor exit nodes on Suga Cloud, except where expressly permitted by Suga in writing.

2.11 High-Risk Uses Without Safeguards

Use Suga Cloud as the sole infrastructure for safety-critical or life-critical systems (including medical devices, autonomous vehicles, weapons systems, nuclear facilities or air traffic control systems) without implementing appropriate redundancy, failover and safety measures independent of Suga Cloud.

2.12 Transit, Relaying and Content Bypass

Customer must not, and must ensure that End Users do not, use the Service or Suga Cloud to operate workloads whose principal purpose is to:

a. transit, anonymise or relay network traffic on behalf of third parties who are not End Users of a Customer Application, including by operating public or open virtual private network, proxy or tunnel endpoints;

b. retrieve, cache, transform or republish content from third-party servers in a manner designed to circumvent that source's access controls, hotlink protection, signed-URL schemes, geographic restrictions, payment or attribution requirements, robots directives or anti-piracy measures, including by misrepresenting the originating request;

c. systematically scrape, crawl, index or republish content or metadata from third-party sites in violation of the source's terms of service, applicable law or the rights of the source; or

d. accept arbitrary third-party URLs or media references as input and return the fetched content to the caller, where the workload functions as an open intermediary rather than a service with a defined application purpose.

For the avoidance of doubt, this clause does not restrict Customer from operating reverse proxies, ingress controllers, API gateways, edge caches or similar routing components that direct traffic to and from Customer's own Customer Applications or upstream services that Customer is authorised to access. Nor does it restrict the use of private network tunnels or VPN connectivity to link Customer's deployments to Customer's own infrastructure, provided the tunnel is not offered as a transit service to third parties.

This clause is in addition to, and not in limitation of, the prohibition on open proxies and similar services in clause 2.10 and the prohibition on intellectual property infringement in clause 1.6.

2.13 Multiple Accounts and Circumvention of Restrictions

Customer must not, and must ensure that End Users do not:

a. create or maintain multiple Customer accounts or Organisations for the purpose of evading any resource limit, billing obligation, throttling, suspension, ban or other restriction imposed by Suga;

b. coordinate the use of the Service across multiple accounts or Organisations to obtain the cumulative benefit of free, trial or hobby allowances; or

c. evade or attempt to evade enforcement of this AUP or the Agreement, including by re-registering after a suspension or termination using a different identity, payment method or source of network access.

2.14 Tunnel, Relay and Shared-Shell Workloads on the Free Tier

On the free tier of Suga Cloud, Customer must not, and must ensure that End Users do not, deploy or operate any Customer Application or workload whose primary function is to expose an environment, network or shell as a tunnel, relay, proxy or shared session, whether to third parties or to Customer's own infrastructure. This includes, without limitation:

a. software that establishes a network tunnel or virtual private network by opening a TUN/TAP device or equivalent (such as WireGuard, OpenVPN or IPSec);

b. tunnel or ingress-relay clients that expose a deployment through an externally reachable endpoint (such as Cloudflare Tunnel / cloudflared, Argo tunnels, ngrok or frp / frpc / frps); and

c. interactive shell-sharing, remote-desktop or remote-session relays (such as tmate, VNC or similar screen-sharing services).

For the avoidance of doubt, this clause does not restrict: (i) outbound HTTP or HTTPS requests to third-party APIs and services in the ordinary course of a Customer Application's operation; (ii) use of a content delivery network, web application firewall or similar service in front of Suga's gateway; or (iii) tunnel, relay or ingress workloads of the kind described above where operated on a paid plan in a manner otherwise consistent with this AUP.

This restriction applies to the free tier in addition to, and does not limit, the prohibitions in clauses 2.10 and 2.12, which apply on all tiers.

3 Enforcement

3.1 Monitoring

Suga may (but is not obligated to) monitor Customer's use of the Service for compliance with this AUP. Suga does not pre-screen Customer Applications or Customer Material but reserves the right to review any content or application deployed through the Service if Suga reasonably believes a violation of this AUP may have occurred.

3.2 Reporting

If Customer becomes aware of any violation of this AUP by any person (including an End User), Customer must immediately notify Suga at abuse@suga.app.

3.3 Remedial Action

If Suga determines, in its reasonable discretion, that a violation of this AUP has occurred, Suga may take any one or more of the following actions without prior notice:

a. issue a warning to Customer requiring remediation within a specified timeframe;

b. suspend or restrict Customer's access to the Service or Suga Cloud (in whole or in part);

c. remove, disable or restrict access to any Customer Application or Customer Material that violates this AUP;

d. terminate the Agreement in accordance with clause 10.3 of the Customer Agreement; or

e. report the violation to the relevant law enforcement authority or regulatory body.

3.4 Cooperation with Law Enforcement

Suga may disclose Customer information, Customer Material or usage data to law enforcement authorities, regulators or other government bodies where required by law, regulation or legal process, or where Suga reasonably believes disclosure is necessary to prevent imminent harm to any person.

3.5 No Liability for Enforcement

Customer acknowledges that Suga is not liable for any Losses suffered or incurred by Customer arising out of or in connection with Suga's enforcement of this AUP, provided that Suga acts in good faith and in accordance with this clause 3.