Acceptable Use Policy

Last updated: April 5, 2026

This policy applies to lynox Managed Hosting ("the service") — dedicated infrastructure provisioned and maintained by lynox on your behalf. It supplements our Terms of Service.

1. How the service works

lynox Managed Hosting provisions a dedicated server for each customer. Your data, knowledge graph, conversations, and API keys exist exclusively on your server. There is no shared infrastructure between customers.

The Starter tier uses your own API key (BYOK) — lynox does not intermediate, store, or have access to your API key or the data processed through it. The Managed EU tier includes AI via our AWS Bedrock account (Frankfurt). In both cases, your prompts and AI responses are processed directly between your instance and the AI provider — we have no access to this content.

2. What we monitor

We monitor your server's system health metrics to ensure uptime and performance:

• CPU usage, memory usage, disk usage
• System uptime and load averages
• Application version and process status
• Network reachability (health endpoint response)
• Session and thread counts (numbers only)
• Aggregate AI token usage per billing period (Managed EU tier only — see Fair Use Policy)

This is standard infrastructure monitoring — the same data any hosting provider collects. We never access the content of your prompts or AI responses.

3. What we do not access

In normal operation, we do not access, read, scan, or monitor:

• Your knowledge graph content
• Your conversations or thread contents
• Your files, workflows, or playbooks
• Your API keys, vault secrets, or credentials
• Your AI provider requests or responses

We operate as an infrastructure provider, not a content platform. Your business data is yours — we have no visibility into it and no interest in changing that.

Exception: We may access conversation data on your instance solely in response to abuse reports, legal requests, or automated safety alerts, as described in our Privacy Policy and Section 7 of this policy. API keys and vault secrets are never accessed — they remain encrypted and inaccessible to us.

4. Your responsibilities

You are responsible for all content, data, and activity on your managed instance. This includes data entered by you and any users you grant access to.

5. Prohibited use

You may not use the service to:

• Break the law — any activity that violates applicable law in your jurisdiction or Switzerland
• Store or distribute illegal content — including but not limited to child sexual abuse material (CSAM), content that incites violence, or material that violates intellectual property rights
• Distribute malware — develop, store, or distribute malicious software, viruses, or exploit kits intended to harm others
• Run attack infrastructure — use the server for DDoS attacks, brute-force attacks, phishing, spam, or as a command-and-control node
• Circumvent provider policies — use the service to bypass the acceptable use policies of your AI provider (Anthropic, AWS, Google, etc.)
• Resell access — offer the managed instance as a service to third parties, in accordance with the Elastic License 2.0
• Abuse resources — use the server for cryptocurrency mining, torrent seeding, or purposes unrelated to running lynox
• Exceed fair use — sustained AI usage beyond what is covered by the Fair Use Policy (Managed EU tier)

6. AI provider policies

Your AI provider (Anthropic, AWS Bedrock, Google Vertex AI, etc.) has its own acceptable use policy. Since you hold the API key and the direct contractual relationship, you are responsible for complying with their terms. Most providers enforce content policies at the model level — requests that violate their policies will be refused by the provider, not by lynox.

7. How we handle reports

Abuse handling is complaint-driven. We do not proactively scan your data. If we receive a report:

1. Report received — via [email protected] or a legal notice
2. Assessment — we evaluate the report based on available metadata and the nature of the complaint. We do not inspect your data unless legally compelled.
3. Notification — we inform you about the report and give you a reasonable timeframe to respond (typically 7 days), unless immediate action is legally required.
4. Action — depending on the outcome: no action, content removal request, instance suspension, or account termination.

For content that is manifestly illegal (e.g. CSAM), we are required by law to act immediately and report to the relevant authorities. In such cases, we may suspend the instance without prior notice.

8. Suspension and termination

If you violate this policy:

• We may suspend your instance (read-only or fully stopped) pending investigation.
• We may terminate your subscription and delete your server after the notice period.
• Before termination, we offer a data export window (minimum 7 days) unless the content is manifestly illegal.

Suspension for abuse is separate from suspension for non-payment (see Terms of Service).

9. Reporting abuse

To report abuse of the lynox Managed Hosting service:

[email protected]

Include the subdomain or instance identifier, a description of the issue, and any supporting evidence. We will respond promptly.

10. Changes

We may update this policy. Active subscribers will be notified at least 14 days in advance of material changes. The latest version is always available at this URL.