Anti-Spam & Anti-Abuse Policy

1. Scope

This policy applies to every VumaCloud service, product, and platform — including but not limited to VumaMail, VumaHost, VumaShops, VumaERP, VumaAPI implementations, and any future service offered under the VumaCloud brand. It applies to all account holders, sub-users, resellers, and any party using VumaCloud infrastructure directly or indirectly.

You are responsible for all activity that occurs under your account, whether performed by you, your employees, contractors, or automated systems. Ignorance of this policy is not a defence.

2. What Constitutes Spam

Spam is any unsolicited or unwanted electronic communication sent in bulk or to recipients who have not given explicit, verifiable, prior consent. This includes but is not limited to:

2.1 Email Spam

• Sending unsolicited bulk email (UBE) or unsolicited commercial email (UCE) of any kind
• Sending email to purchased, rented, scraped, harvested, appended, or co-registration lists
• Sending email to lists where recipients did not explicitly opt in to receive messages from your specific organisation
• Sending email without a visible, functional, one-click unsubscribe mechanism that is honoured within 24 hours
• Using falsified, forged, spoofed, or misleading "From", "Reply-To", or routing headers
• Using deceptive subject lines designed to mislead recipients about the content or purpose of the message
• Sending email from domains without valid SPF, DKIM, and DMARC records
• Operating open relays or open proxies on any VumaCloud-hosted server
• Sending messages that violate CAN-SPAM (US), GDPR (EU), PECR (UK), POPIA (South Africa), the Kenya Data Protection Act 2019, or any applicable anti-spam or data protection legislation in the recipient's jurisdiction

2.2 Messaging Spam (WhatsApp, RCS, SMS)

• Sending WhatsApp, RCS, or SMS messages to contacts who have not opted in
• Sending bulk promotional messages outside the rules set by the platform provider (Meta, Google, carrier)
• Using VumaAPI-implemented messaging integrations to circumvent platform rate limits or template approval processes
• Harvesting phone numbers from websites, social media, or directories for the purpose of sending unsolicited messages

2.3 Comment, Form, and Web Spam

• Using VumaHost or VumaShops to host websites that generate automated comment spam, trackback spam, or referral spam
• Hosting web forms or scripts designed to harvest email addresses or personal data
• Operating websites that redirect users to spam or malicious content

3. What Constitutes Abuse

Abuse is any activity that harms, disrupts, or threatens VumaCloud infrastructure, other customers, or third parties. This includes but is not limited to:

3.1 Malware and Malicious Content

• Distributing, hosting, or linking to viruses, trojans, ransomware, spyware, adware, rootkits, keyloggers, or any other malicious software
• Hosting phishing pages, credential-harvesting sites, or fake login pages (including "typosquatting" domains)
• Hosting or distributing exploit kits, botnet command-and-control infrastructure, or DDoS-for-hire tooling
• Embedding malicious code, cryptominers, or drive-by downloads in websites or email

3.2 Fraud and Deception

• Operating advance-fee fraud (419 scams), romance scams, investment fraud, lottery fraud, or any other confidence scheme
• Impersonating another person, company, government agency, or financial institution
• Using VumaCloud services to support money laundering, terrorism financing, or sanctions evasion
• Creating fake e-commerce stores on VumaShops that do not intend to deliver goods or services
• Issuing fraudulent invoices through VumaERP

3.3 Unauthorised Access and Network Abuse

• Attempting to gain unauthorised access to any VumaCloud system, server, network, or another customer's account or data
• Port scanning, vulnerability scanning, or penetration testing VumaCloud infrastructure without prior written authorisation
• Launching or facilitating denial-of-service (DoS) or distributed denial-of-service (DDoS) attacks from or against VumaCloud infrastructure
• IP spoofing, ARP spoofing, or any form of network-level identity falsification
• Intercepting, monitoring, or sniffing network traffic not intended for your account
• Running network services (IRC servers, open proxies, open resolvers, Tor exit nodes) without written authorisation

3.4 Illegal Content

• Hosting, distributing, or linking to child sexual abuse material (CSAM) — reported immediately to NCMEC and law enforcement
• Hosting content that promotes terrorism, violent extremism, or incites violence
• Hosting content that violates intellectual property rights (pirated software, media, counterfeit goods)
• Hosting content that is illegal under the laws of Kenya, the Republic of South Africa, or the jurisdiction in which the account holder resides
• Selling or distributing controlled substances, weapons, or prohibited items through VumaShops

3.5 Resource Abuse

• Cryptocurrency mining on any VumaCloud server or hosting plan
• Running processes that deliberately consume excessive CPU, memory, disk I/O, or bandwidth to the detriment of other customers
• Using VumaCloud services as a file storage or distribution platform (non-website content)
• Creating multiple accounts to circumvent plan limitations or enforcement actions

3.6 Reselling and Misuse of Accounts

• Reselling, sublicensing, or redistributing VumaCloud services without a written reseller agreement
• Sharing account credentials with unauthorised third parties
• Providing false identity information during KYC or account registration

4. Monitoring and Detection

VumaCloud employs automated monitoring systems and reserves the right to:

• Monitor outbound email volume, bounce rates, spam complaint rates, and blacklist status for VumaMail accounts
• Scan websites hosted on VumaHost for malware, phishing pages, and prohibited content
• Monitor server resource usage (CPU, memory, disk, bandwidth) across all hosting accounts
• Inspect network traffic patterns for anomalies consistent with attacks or abuse
• Review abuse reports submitted by third parties, ISPs, blocklist operators, and law enforcement
• Act on automated threat intelligence feeds and industry blocklists (Spamhaus, Spamcop, SURBL, etc.)

You acknowledge that VumaCloud may access and review account data, email content, hosted files, and log data as necessary to investigate suspected violations of this policy or applicable law.

5. Enforcement — One Strike Policy

5.1 Immediate Actions

Upon detecting or receiving a confirmed report of a violation, VumaCloud will, at its sole discretion, take one or more of the following actions without prior notice:

• Immediate account suspension — all services (email, hosting, ERP, shops, API integrations) are disabled instantly
• Permanent account termination — the account is closed and cannot be reinstated
• Content removal — offending websites, emails, or data are deleted without backup
• IP and domain blacklisting — offending IPs and domains are blocked across all VumaCloud infrastructure
• Null-routing — network traffic to/from the offending account is dropped at the network edge

5.2 No Refunds

Accounts terminated for policy violations forfeit all prepaid fees, credits, and deposits. No refunds, pro-rata credits, or compensation of any kind will be issued. This applies regardless of how recently the account was funded or how much unused credit remains.

5.3 Data Retention and Deletion

Upon termination, VumaCloud will delete all account data within 7 days. We are under no obligation to provide data exports or backups for terminated accounts. If you are terminated, you will not be given access to retrieve your data.

5.4 Permanent Ban

Terminated users are permanently banned from all VumaCloud services. Any new accounts created by the same individual or organisation will be identified and terminated immediately. This ban extends to accounts created using different names, email addresses, payment methods, or proxies.

6. Law Enforcement and Legal Reporting

VumaCloud cooperates fully with law enforcement and regulatory authorities. We will:

• Report child sexual abuse material (CSAM) to NCMEC and local law enforcement immediately upon detection
• Report suspected terrorism-related content to relevant national security agencies
• Report suspected fraud, money laundering, or financial crime to the relevant financial intelligence unit
• Comply with valid court orders, subpoenas, and lawful data requests
• Preserve evidence and account data as required by law, even after account termination
• Share IP addresses, access logs, account details, and email headers with law enforcement as permitted by applicable law

7. Your Liability

You are solely responsible for ensuring that your use of VumaCloud services complies with this policy and all applicable laws. If your account is used by a third party (employee, contractor, hacker) to violate this policy, your account is still subject to immediate termination. It is your responsibility to secure your account credentials, keep your software updated, and monitor activity under your account.

You agree to indemnify VumaCloud against any claims, damages, costs, or legal fees arising from your violation of this policy.

8. Reporting Abuse

To report spam or abuse originating from VumaCloud services, email [email protected] with:

• Full email headers (for email spam)
• The URL or IP address involved
• Screenshots or evidence of the abuse
• Timestamps (with timezone)
• Your contact details for follow-up

VumaCloud investigates all abuse reports and aims to respond within 24 hours. We take every report seriously.

9. Changes to This Policy

VumaCloud reserves the right to update this policy at any time. Changes take effect immediately upon publication on this page. Continued use of VumaCloud services after a policy update constitutes acceptance of the updated terms. It is your responsibility to review this policy periodically.

10. Contact

For questions about this policy: [email protected]
To report abuse: [email protected]
VumaCloud Ltd.