This Acceptable Use Policy describes the activities that are not allowed on the Devise network and defines terms of responsibility. In using the Services provided by Devise Graphics, Customers agree to comply with this policy and also to indemnify Devise and it's suppliers against any claims by third parties arising from violation of this Policy.

Devise reserves the right to make changes to this Acceptable Use Policy at any time, and any changes will be effective immediately upon posting to Devise's web site: www.devisegraphics.co.uk. Devise's Customers are responsible for regularly reviewing the Policy. Continued use of the Services following any changes shall constitute acceptance of the changes.

This policy recognises the fundamental fact that no one owns or controls the Internet. Devise cannot monitor or control all the activities of our Customers. We do not intend to actively screen, review, censor, edit or take responsibility for the activities or content of our Customers.

Definitions can be found in our Terms and Conditions.

The Customer, not Devise Graphics is considered to be the Primary System Administrator and assumes all responsibility relating to their activities including, but not limited to:

• Aspects of the Customer's business
• The security of Customer Hosted Data and of the Customer’s hosted solution in any case where the Customer maintains sole access to or administrative capabilities of a feature or security control, or where the Customer and Devise share administrative capabilities
• Any compliance or regulatory status or matter applicable to the Customer’s solution or business
• Content and data provided by or through a Customer for use with the Services
• Decisions about Customer's computer and communications systems needed to access the Services
• Results obtained from using Devise's Services
• Compliance with all applicable laws and governmental regulations regarding Customer's business or use of the Services
• Administration and protection of confidential data or secrets provided by Devise to the Customer or generated by the Customer including:
• IP addresses intended for use behind DDoS mitigation services
• Customer user accounts, rights and credentials including API tokens
• Use of the Devise's Services by Customer's end users
• Compliance with this Acceptable Use Policy by the Customer and the Customer's end users

Activities conducted on the Internet are subject to many of the same laws and regulations applicable to the offline environment. Customers must exercise a high degree of judgement and responsibility with respect to their use of the Services, including the responsibility to comply with this Acceptable Use Policy.

Illegal Content and Actions

Accounts and the Services therein may not be used to support, engage in or promote fraudulent, abusive or illegal acts, including but not limited to the hosting of any content, behaviour or services that:

• Contains or promotes injury, violence, hate speech or physical harm against any group or individual
• Is in any way related to child exploitation or illegal pornography
• Disseminates, promotes or transmits any form of malware, adware, spyware, phishing attacks and campaigns, internet scamming, illegal data harvesting or password or identity robbery or fraud
• Infringes on copyright, patents, trademarks, trade secrets, or other intellectual property including pirated computer programs, cracker utilities, warez and software serial numbers or registration codes
• Violates any law, statute, ordinance or regulation governing the Customer's business or activities, including without limitation the laws and regulations governing export control, unfair competition, false advertising, consumer protection, issuance or sale of securities, trade in firearms, privacy, data transfer and telecommunications

Further, Devise Customers may not use Devise's Services for:

• Interception, ‘eavesdropping’ or monitoring of data not intended for the Customer
• Unauthorised use of data, access to data or malicious activity including attempted or actual probes, enumeration, port scanning or vulnerability scanning of other networks or to attack, hack, attempt or achieve a breach of those networks.
• Any service, high risk use, conduct, content, website or product that is likely to cause Devise or the Customer’s Devise hosted solution to become the target of retaliation, DDoS attacks, etc.
• Creation of spoofed or otherwise misleading TCP-IP or UDP packets or other network traffic or intentionally omitting, deleting, forging or misrepresenting transmission information, including headers, return addressing information and IP addresses, or using IP addresses which were not assigned to them by Devise
• Maintaining an Open Email Relay/Open Data Relay or allowing any data to be sent through one's server by an unrelated third party, including, but is not limited to, via open email gateways and open proxy servers.
• SPAM or Unsolicited Commercial Email

Devise has zero tolerance for the sending of SPAM or Unsolicited Commercial Email (UCE) over our network. Devise Customers cannot send UCE and cannot host sites or information advertised in UCE. Customers are also responsible for the actions of their clients and must take all reasonable precautions to secure their servers and sites against SPAM exploits (e.g. open email relays and insecure cgi scripts).

Devise does not permit:

• The sending of bulk emails, defined as the sending of the same email, or emails which are substantially the same, unless recipients have agreed to double-opt in to the mailing list. Proof may be required of the subscription opt-in process. Devise does not permit the sending of bulk email to recipients whose details have been obtained from third-party sources.
• Hosting content on a Devise account/server which is advertised or linked to by a bulk email campaign, even if this campaign is not run from a Devise account/server.
• Violating our UCE or SPAM policy will result in penalties. Upon detection or notification of a violation of our UCE policy, Devise will initiate an immediate investigation. During this time, outgoing mail may be suspended from the offending ip address to prevent further violations. If a client is found to be in violation of our UCE policy, Devise will impose penalties and/or, at its discretion, restrict or terminate the offending account and the Customer's access to our network. Repeated or serious violations may result in the immediate termination of the account. SPAM is a very serious matter. PLEASE DO NOT SPAM. EDUCATE YOUR CLIENTS and TAKE ALL PRECAUTIONS against SPAM EXPLOITS.

Devise Administrative Login and Management Software

To facilitate network/server management, inventory and related activities, all Devise Servers and Services include a Devise administrative account, Devise agent or other method of Devise administration. Reasonable precautions are taken by Devise to maintain the security of these tools and the privacy of client data. Customers should not tamper, hinder, delete, or in any way change the functioning of these Devise administration methods. To do so intentionally will breach the Devise Terms and Conditions and may affect our ability to deliver the service.

Licensing

The Customer is responsible for the appropriateness and accuracy of licensing of any software, including the licensing of individual users that is not sold or explicitly licensed by Devise. Where Devise has sold or provided licensed software to the Customer, the Customer must on an on-going basis provide updates of user numbers, software installed and any other licensing data requested to Devise such that accurate licensing can be maintained. The Customer is liable to Devise for any financial impact where Devise's licensing is inaccurate under Devise's various Service Provider or Reseller License Agreements as a result of Customer action or inaction.

Customers purchasing or otherwise using Microsoft products are additionally bound by the Microsoft EULA, for which they (the Customer), are solely responsible for reviewing and implementing the necessary controls to meet the requirements of the EULA.

Customer Penetration Testing and Vulnerability Scanning

No penetration testing, vulnerability scanning or assessment or target reconnaissance or enumeration of Devise systems and networks or a Devise Customer solution and Services is by any Customer or third party permitted without written authorisation by Devise. This will typically be provided in the form of a Devise Customer Security Testing Consent Agreement, to be mutually agreed and executed by Devise, the Customer and Customer’s third parties.

Cooperation with Law Enforcement Organisations, Investigations and Civil or Legal Proceedings

Devise may, without prior notification to the Customer, alert the relevant authorities to any activity occurring on the Customer solution that is obviously in contravention of the laws under which Devise operates.

The Customer provides consent where Devise is required by law to cooperate with or permit investigation by relevant authorities including Law Enforcement Organisations, including the disclosure of Customer personal data or personal information or the interception or monitoring of Customer data or traffic. Where Devise is permitted to, we will make reasonable endeavours to inform and alert the Customer.

Where Devise receives notice of civil actions, DMCA takedown notices or other legal matters relating to the Customer’s hosted data, content or activities, the Customer consents that Devise may reasonably provide the issuer of such notices with the identity of or contact details for the Customer’s organisation.

Fair Usage of Shared, Burstable Resources

For some shared resources we require that customers do not continuously use an unreasonable excess of those resources. Examples of an excess might include running software that deliberately uses all available CPU resource constantly or continuously using many times the base-allocation of unmetered bandwidth. In such circumstances we reserve the right, at our discretion, to request that the client cease such activities or be forcibly upgraded to a more suitable package or, in the case of excess use of unmetered bandwidth, be moved to a metered bandwidth connection.

Consequences of Breach of the Devise AUP

Should the Customer breach the Devise AUP, Devise reserves the right to immediately blackhole or null-route, intercept or block traffic to or from the Customer’s Services, suspend and/or completely terminate the customer’s account in order to protect Devise's or Devises’s Customers’ Services, availability or reputation. No credit or compensation is available for service interruptions resulting from breach of the Devise AUP.

Account Cancellation

This Acceptable Use Policy (AUP) is not exhaustive. Devise has the right to refuse service to anyone at any time WITHOUT WARNING OR PRIOR NOTICE. No refunds of fees paid will be made if account termination is due to a violation of the Acceptable Use Policy as outlined above.

Policy Changes

Although most changes are likely to be minor, Devise Graphics may change its policies from time to time. Devise Graphics encourages visitors to frequently check this page for any changes to its policies. If we make changes, we will notify you by revising the change log below, and, in some cases, we may provide additional notice (such as adding a statement to our homepage or sending you a notification through e-mail or your dashboard). Your continued use of the Services after any change in this policy will constitute your consent to such change.

Change Log

21st May 2018 Initial version.