Skip to content

Acceptable use policy

This is an English convenience translation. The German version is binding.

As of 2026-07-10

This acceptable use policy forms part of the service description and sets out the purpose of use and the conditions of use of the contractual services (clause 1.1 SaaS Bitkom). It supplements the terms of service; where they conflict, the service description prevails.

This policy governs use of the PaaSbox platform: the console, the API, and the control plane that provisions and operates Kubernetes clusters.

The compute, storage and network resources — worker nodes, load balancers, volumes and adopted servers — are created in the customer’s own Hetzner project, on the customer’s own contract with Hetzner, and are billed by Hetzner directly to the customer (clause 2.3 of the service description). Hetzner’s terms apply to those resources, and to the workloads running on them, directly between the customer and Hetzner. The customer must comply with them; breaching them also breaches this policy.

The provider does not monitor the content of the customer’s workloads and is not obliged to do so. The customer holds full cluster-admin rights; the provider accesses the customer’s Hetzner project solely on the customer’s instructions, via the API token the customer supplies.

The agreed contractual purpose is the operation of the customer’s containerized applications on Kubernetes in a business context (clause 2.1 of the service description).

The contractual services may be used only by the customer and only for that purpose (clause 2.1 SaaS Bitkom). The customer is responsible for its users and obliges them to observe this policy.

You may not use the platform to

(a) break the law — in particular to distribute unlawful content, to infringe third-party rights (notably copyright, trade marks, and personality rights), or to breach export-control or sanctions rules;

(b) endanger security or integrity — to access, or attempt to access, systems, data or accounts of the provider, of other customers, or of third parties without authorisation; to circumvent access, usage or metering controls; to distribute malware; to scan or flood third-party networks; or to carry out or direct attacks on the availability of systems;

(c) misuse the platform — to share access credentials; to materially exceed the use permitted to you (clause 2.5 SaaS Bitkom); to offer the platform, or access to it, to third parties as a service of your own, whether for a fee or free of charge, or otherwise make it accessible to them (clause 2.2 SaaS Bitkom); or to circumvent the documented API usage limits by automated means;

(d) send unsolicited messages — spam, phishing, or comparable bulk messaging;

(e) exceed the fair-use principles — see fair use and clause 2.10 of the service description;

(f) put personal data where it does not belong — cluster metadata (in particular the names, identifiers and labels of clusters, nodes and projects) is not intended for personal data. It is not covered by Annex 1 of the data processing agreement (DPA).

Any use that breaches Hetzner’s terms (clause 1), or the rules of the payment provider the provider engages (clause 9), is likewise prohibited.

The platform is not designed or intended for uses in which a failure or malfunction could foreseeably lead to death, personal injury, or severe environmental damage. These include in particular:

  • the operation of nuclear facilities,
  • air traffic control, and the navigation or communication of aircraft,
  • life-support systems and medical devices within the meaning of Regulation (EU) 2017/745,
  • weapons systems,
  • emergency, rescue and civil-protection services, including the routing of emergency calls,
  • the control of autonomous vehicles or other safety-critical control systems.

Such uses fall outside the agreed contractual purpose (clause 1.1 SaaS Bitkom). Damage arising from such a use is therefore neither typical for the contract nor foreseeable within the meaning of clause 6.2 AV Bitkom.

If the customer intends such a use, it requires a prior, individually negotiated written agreement, usually against separate remuneration (clause 6.2, final paragraph, AV Bitkom). Without such an agreement the use is prohibited.

The provider’s liability under clause 6.1 AV Bitkom — for intent and gross negligence, under the Produkthaftungsgesetz, and for damage arising from harm to life, body or health — remains unaffected by this clause. It is neither excluded nor limited in amount. This clause describes the agreed purpose of use; it is not a limitation of liability.

The customer is responsible for the selection, configuration, operation, content and lawfulness of the applications run on the cluster, and for backing them up (clause 2.3 of the service description, clause 5.3 SaaS Bitkom).

Use by third parties, and making the services accessible to third parties, are prohibited (clause 2.2 SaaS Bitkom); any use beyond that requires the provider’s prior written consent (clause 2.1 SaaS Bitkom). Where the provider consents, the customer imposes the restrictions of this policy on the third party; on a permissible transfer of usage rights, clause 1.5 AV Bitkom applies.

Please report abuse, security incidents and infringements to support@paasbox.com.

On a breach, the provider first seeks a conversation with the customer and sets a reasonable period to cure. If the breach persists, the provider may

  • suspend access in whole or in part (clause 2.12 of the service description; without prior notice where security is acutely endangered or the provider is legally compelled),
  • terminate the contract by ordinary termination (clause 2.7) or extraordinarily for cause (clause 9.3 SaaS Bitkom),
  • claim damages where the services were used without authorisation (clause 6 SaaS Bitkom).

The measure is limited to what is necessary. The customer is entitled to have access restored once they have shown that the breach has ceased and will not recur (clause 2.7 SaaS Bitkom).

The limit of enforcement. Suspending the control plane does not, as such, interrupt workloads already running on worker nodes (clause 2.12(d) of the service description). Against continuing abuse originating from the resources in the customer’s own Hetzner project, the provider therefore retains termination and, where necessary, notifying Hetzner.

The provider may amend this policy where a change in the law, a new form of abuse, or a third party’s requirements (clause 9) gives cause. Amendments are announced to the customer at least 30 days before they take effect, in text form or via the console. Where an amendment is not insignificantly adverse to the customer, the customer may terminate the contract with effect from the date it takes effect.

The provider engages a payment provider to process payments (clause 2.6 of the service description). That provider’s rules on prohibited business models apply in addition; the customer may not use the platform for a business model excluded under them.

This policy is a draft and must be reviewed by counsel before publication.