Important: These Terms govern all purchases and use of services offered under the Yhost brand, including shared web hosting, VPS/Cloud VPS, managed services (if purchased), domains (as a reseller), email services (if offered), SSL, security and monitoring features, backups/snapshots (if purchased), professional services, and any other services we make available (collectively, the "Services").
These Terms are written for a global customer base. They are designed to align with common expectations of banks, payment processors, and infrastructure partners by clearly defining service scope, Self‑Managed boundaries, verification rights, anti‑abuse enforcement, and lawful use obligations. Nothing in these Terms removes non‑waivable rights you may have under Applicable Law.
Capitalized terms have the meanings below. If a term is not defined here, it has its ordinary commercial meaning or the meaning given in the applicable Order Page, service description, knowledge base article, or policy incorporated into these Terms.
References to "including" mean "including without limitation". Headings are for convenience only and do not affect interpretation.
By creating an Account, clicking an "I agree" box, placing an Order, paying an invoice, or using any Service, you enter into a legally binding Agreement with Provider. If you do not agree, do not use the Services. If you are using the Services on behalf of an entity, you represent that you have authority to bind that entity, and "you" and "Customer" refer to that entity.
If there is a conflict, the following order controls: (1) a signed written agreement explicitly overriding these Terms; (2) the DPA (for data protection matters); (3) the Order Page / Order Confirmation and any service‑specific schedule for that Service; (4) these Terms; (5) the AUP; (6) the Refund & Cancellation Policy; (7) the SLA; and (8) any other policies or documentation we expressly incorporate. For Consumers, mandatory consumer protection rights override conflicting clauses.
Marketing pages describe Services in general. The Order Page presented at checkout is the authoritative statement of the plan you purchase (limits, included features, Billing Cycle, and price). Where technical limits are displayed in the client portal (e.g., CPU, RAM, inodes, disk, bandwidth), those limits are part of the Service description for the purchased plan.
We may update these Terms, the AUP, the SLA, or other incorporated policies to reflect legal changes, security requirements, product updates, or operational changes. We will post the updated version on our website and update the effective date/version. If changes are material, we will notify you via email or the client portal at least 30 days before the effective date. Continued use after the effective date constitutes acceptance for Business Customers. For Consumers: material changes that adversely affect your rights or obligations require your affirmative acceptance; if you do not accept, you may terminate the affected Services without penalty before the changes take effect, subject to any minimum term already paid. If you do not accept an updated Agreement, you must cancel before the changes take effect.
We may provide translations for convenience. If there is a conflict, the English version controls unless mandatory local law requires otherwise.
You must be at least 18 years old (or the age of majority in your jurisdiction, if higher) and have legal capacity to enter into this Agreement.
You must provide accurate, complete, and current information, including legal name, physical address, and a working email address. You are responsible for safeguarding Account credentials, enabling available security features (such as 2FA where offered), and for all activity conducted under your Account. All Account actions are recorded in the client portal audit log. Notify us immediately if you suspect unauthorized access.
If you manage Services for end users (e.g., as an agency or reseller), you remain responsible for compliance with this Agreement and the AUP, and for ensuring your end users comply. You must not represent yourself as Provider or create confusion about who provides the Services. If operationally required (e.g., repeated abuse incidents, billing risk, or access separation), we may require you to separate end users into separate Accounts.
Because hosting and VPS services are frequently targeted for fraud and abuse, we apply risk‑based verification controls. To comply with Applicable Law and the requirements of payment processors, banks, and Infrastructure Providers, we may request verification at any time, including proof of identity, proof of address, business registration details, beneficial ownership information, payment method verification, and a description of intended use.
We may delay provisioning, restrict functionality (for example, additional IP allocation or SMTP access), suspend Services, or terminate the Agreement if you do not provide requested information within a reasonable time, if verification fails, or if we reasonably believe the Account poses elevated fraud or abuse risk.
You represent that you are not a person or entity subject to sanctions or export restrictions under UK (including OFSI sanctions), EU, UN, U.S. (including OFAC), or other Applicable Law, and that you are not located in a jurisdiction where providing the Services would be prohibited. You must not use the Services in connection with prohibited end uses (including certain military, nuclear, or surveillance uses where restricted by law). We may refuse or terminate Services to comply with sanctions/export obligations.
Provider offers hosting and related services, which may include: (a) shared web hosting ("Smart Web Hosting" and similar plans); (b) VPS/Cloud VPS (virtual servers with dedicated resource tiers); (c) managed services (only where explicitly purchased); (d) domain registration, renewal, and transfers as a reseller; (e) add‑ons such as backups/snapshots, monitoring, SSL, and security tooling; and (f) professional services (migrations, hardening, troubleshooting) where purchased.
Unless a plan explicitly states "Managed" or includes defined operational responsibilities, Services are provided as Self‑Managed. Self‑Managed means we provide a functioning hosting platform and access credentials, while you are responsible for configuration, updates, application code, content, security hardening, and ongoing maintenance of your workload. Self‑Managed does not include website debugging, custom configuration, malware cleanup inside your application, performance tuning, or development work. If we offer paid support or managed packages, the scope is limited to what is stated on the Order Page or in a statement of work.
We may use third‑party Infrastructure Providers to deliver the Services. For example, virtual servers may run on infrastructure supplied by a third‑party datacenter or cloud platform; domains are supplied through registrars/registries; and payment processing is provided by one or more processors. You acknowledge that we may add, replace, or change Infrastructure Providers over time to improve security, reliability, pricing, or availability, and to manage upstream risk. Unless we expressly commit in writing, we do not guarantee the identity of a specific Infrastructure Provider.
Where we advertise a data center region (e.g., "Germany"), that region is intended to describe the primary hosting location for the relevant product line at the time of purchase. Some operational components (for example, billing, support systems, email delivery providers, and processors) may be located in other jurisdictions. We may migrate workloads within the same region or to another region where necessary for security, compliance, capacity, or reliability. Where reasonably practicable, we will provide notice of material region changes for active subscriptions.
Provisioning begins after payment confirmation and completion of any required verification. Some Services are provisioned automatically; others may require manual review (for example, high‑risk orders, requests for additional IPs, or requests that may increase abuse risk). Unless otherwise stated on the Order Page, we guarantee provisioning within up to 48 hours after successful payment and required verification. This guarantee does not apply to delays caused by inaccurate Customer information, pending verification, force majeure, upstream outages, registry delays, or abuse/fraud prevention holds.
We may modify technical implementations (e.g., underlying virtualization technology, control panel, kernel tuning, or caching stack) to improve the Services. If we discontinue a product line, we will provide reasonable notice where practicable and, for recurring subscriptions, refund any unused prepaid recurring Fees for the discontinued Service, excluding non‑refundable items such as domain fees, issued licenses, or professional services already delivered.
Some Services may include or allow access to third‑party software (e.g., control panels, scripts, webmail, or SSL products). Use of third‑party software is subject to the vendor's terms. To the extent we resell third‑party licenses, license fees may be non‑refundable once issued.
If we provide email hosting or enable outbound mail from your Services, deliverability is not guaranteed because it depends on sender reputation, content, authentication (SPF/DKIM/DMARC), and recipient policies. To protect network reputation, we may rate‑limit or block outbound email, restrict high‑risk ports (such as TCP/25), or require additional verification before enabling outbound SMTP, especially on VPS services.
Public IPv4 addresses are scarce. Where plans include or allow "up to" IP addresses, allocation is subject to availability, verification, technical justification, and anti‑abuse controls. We may require additional documentation to allocate extra IPs and may deny or revoke IP allocations where necessary to protect upstream compliance or network reputation.
You are solely responsible for Customer Content, your Websites and applications, and compliance with Applicable Law. Provider is not a publisher of Customer Content and does not proactively monitor content except as necessary for security, abuse prevention, and compliance.
For Self‑Managed Services you are responsible for: (a) installing and maintaining your operating system and applications (for VPS); (b) applying patches and updates; (c) configuring firewalls and access controls; (d) securing CMS/plugins and removing vulnerable extensions; (e) using strong authentication; and (f) maintaining appropriate backups. You must not share credentials with unauthorized persons and must promptly address security advisories that affect your environment.
Each plan includes technical limits (CPU, RAM, disk, bandwidth/transfer, inodes, processes, email sending limits, and similar). You must remain within your plan limits. We may throttle, suspend, or require an upgrade if your usage threatens stability or materially impacts other customers in a multi‑tenant environment. Shared hosting must not be used for inappropriate workloads such as cryptocurrency mining, large‑scale video encoding, open proxies, public file mirrors, or persistent high‑CPU background workers.
You must have all rights and licenses needed for any content or software you upload or run. You will not use the Services to infringe intellectual property, privacy, or other rights.
For domains you register or manage through us, you are responsible for keeping registrant data accurate, configuring DNS correctly, and ensuring timely renewals. Some TLDs impose additional eligibility requirements or verification procedures that you must satisfy.
The AUP is incorporated into this Agreement. AUP violations are Material Breaches and may result in immediate suspension or termination.
You must not use the Services for: malware distribution, phishing, credential theft, spam operations, botnet control, DDoS attacks, port scanning of third parties, exploitation of vulnerabilities, unauthorized access attempts, operating open relays/open proxies, hosting illegal content, or any activity that materially risks the reputation or integrity of Provider's network or its Infrastructure Providers.
We may implement security controls to protect the Services and upstream relationships, including firewalls, WAF rules, rate limits, port restrictions, malware scanning, automated abuse detection, and DDoS mitigation. These controls may block or degrade certain traffic patterns. You must not attempt to bypass them. We may monitor network traffic and system telemetry for security, capacity, and abuse detection, subject to our Privacy Policy and Applicable Law.
We receive abuse reports from third parties (e.g., rights holders, security researchers, Infrastructure Providers, CERT teams). We investigate in good faith. Depending on severity, we may request corrective action within a defined timeframe, temporarily suspend affected services, block specific traffic/content, or terminate. Where feasible, we will notify you and provide a chance to remediate. For urgent threats (e.g., active phishing), we may act immediately.
If we reasonably believe an Account or Service is being used for activity that threatens others or the platform (including malware, phishing, botnets, DDoS, credential stuffing, or spam), we may take immediate action without prior notice, including suspension, isolation, blocking, or removal of content. Where feasible, we will notify you after containment.
If you discover a security vulnerability affecting our infrastructure, report it responsibly to [email protected]. You must not conduct penetration testing, exploitation attempts, or denial‑of‑service testing against our infrastructure without prior written permission.
We may receive requests from law enforcement, regulators, or other authorities. We will assess requests for validity and scope, preserve information where required, and disclose information when legally compelled. Where legally permitted, we may provide notice to allow you to seek protective measures.
You retain ownership of Customer Content. You grant us a limited license to host, cache, copy, transmit, and process Customer Content solely as necessary to provide the Services, perform support you request, protect the platform, and comply with Applicable Law.
You are responsible for your backups. Unless your plan explicitly includes backups/snapshots, we do not provide backups. Where backups or snapshots are included or purchased, they are provided as a convenience, subject to retention limits and "up to" caps, and are not archival storage. We do not guarantee that a particular backup point will be available or restorable in all circumstances (e.g., ransomware, corruption, customer‑side misconfiguration). You should maintain an independent backup strategy for critical data.
For Customer Content containing personal data, Customer is typically the controller (or "business" under U.S. state privacy law) and we are the processor (or "service provider") providing hosting. We process such personal data only under Customer's instructions as needed to provide the Services, subject to our legal obligations. Separately, we act as controller for Account, billing, fraud prevention, and support communications, as described in our Privacy Policy.
The Data Processing Addendum ("DPA") published at my.yhost.io/legal/dpa applies to all processing of personal data carried out by Provider on Customer's behalf and is incorporated into this Agreement by reference. The DPA sets out the parties' obligations under UK GDPR, EU GDPR, and equivalent data protection laws, including: processing only on documented instructions, confidentiality obligations, security measures, subprocessor controls, assistance with data subject rights, breach notification, data protection impact assessments, and audit and compliance. Customers may request a signed copy of the DPA through the client portal.
Provider will notify Customer without undue delay (and in any event within 72 hours of becoming aware) of any Personal Data Breach affecting Customer Content. The notification will include, to the extent available: (a) the nature of the breach, including the categories and approximate number of records affected; (b) the likely consequences; (c) the measures taken or proposed to mitigate the breach; and (d) the contact point for further information. Provider will cooperate with Customer and take commercially reasonable steps to assist in investigating and remediating the breach. The detailed breach notification process is set out in the DPA.
Provider uses Subprocessors to deliver parts of the Services. The current list of Subprocessors is maintained at my.yhost.io/legal/dpa (or as an annex to the DPA) and includes the name, purpose, and location of each Subprocessor. Customer provides general written authorisation for Provider to engage Subprocessors. Provider will notify Customer at least 30 days before engaging a new Subprocessor or materially changing the role of an existing one. Customer may object on reasonable data protection grounds within 15 days of notification. If Provider cannot reasonably accommodate the objection, Customer may terminate the affected Service without penalty. Provider ensures that Subprocessor contracts impose data protection obligations no less protective than those in the DPA.
Our primary hosting infrastructure for some products may be located in the EU/EEA (e.g., Germany) while corporate operations may be in the UK, and some Subprocessors (including payment processors) may process data in other jurisdictions. Where international transfers occur, we implement appropriate safeguards as required by Applicable Law, including UK International Data Transfer Agreements, EU Standard Contractual Clauses (Commission Decision 2021/914), or equivalent mechanisms as described in the DPA.
We retain different categories of data for different periods: account and billing records are retained as required by tax and accounting laws (typically up to 7 years); security logs may be retained for limited periods for incident investigation and fraud prevention. Customer Content is deleted within 30 days after termination of the relevant Service, unless retention is required by Applicable Law or Customer has requested a different deletion schedule. Specific retention details are described in our Privacy Policy and operational policies.
Provider will make available to Customer, upon reasonable request, all information reasonably necessary to demonstrate compliance with the obligations set out in this Section 7 and the DPA. Provider will allow for and contribute to audits, including inspections, conducted by Customer or a third‑party auditor mandated by Customer, subject to reasonable advance notice (at least 30 days), scope limitations to protect other customers' confidentiality, and no more than one audit per 12‑month period unless required by a supervisory authority. Where available, Provider may satisfy audit requests by providing relevant third‑party audit reports or certifications (e.g., SOC 2, ISO 27001). Customer activity within the client portal is logged in an audit log accessible to Customer.
Fees are stated on the Order Page in the currency presented at checkout and are generally payable in advance. You authorize us and our payment processors to charge your payment method for the Fees, renewals, and any usage‑based charges you approve. We may accept multiple payment methods and may change payment options over time.
Fees may be exclusive of VAT/GST/sales tax unless stated otherwise. You are responsible for applicable taxes and government charges, except taxes on our income. We may request tax identification numbers or exemption documentation and may apply reverse‑charge rules where applicable.
Recurring Services auto‑renew unless you cancel before the renewal date in the client portal. Renewals are billed at the then‑current rate unless a fixed‑price term is explicitly stated for the renewal. We will send a renewal reminder to the email address on file before the renewal date. The auto‑renewal terms, including Billing Cycle and price, are disclosed at the time of purchase. Cancellation is available at any time through the client portal. Where required by Applicable Law (including U.S. state automatic renewal laws), we will obtain your affirmative consent to auto‑renewal terms before the initial charge and will provide the disclosures required by such laws.
If payment is not received by the due date, we may suspend Services. Continued non‑payment may result in termination and data deletion as described in Section 9.
If you believe a charge is incorrect, contact us promptly via the client portal. If you initiate a chargeback or payment dispute without first attempting good‑faith resolution with us, we may suspend Services to mitigate fraud risk. We may recover reasonable processor fees and costs charged to us (where permitted by law). Nothing here limits mandatory consumer protections for unauthorized transactions.
Promotional prices, "Save" percentages, and discounts may be time‑limited and may be changed or withdrawn at any time, except where prohibited by law. Promotions may apply only for the initial term and may not apply to renewals. The price shown at checkout applies for the selected Billing Cycle for that Order.
Some entry‑level plans (including a "Blog" plan where offered) may be available only on annual pre‑paid billing and not purchasable monthly. The Billing Cycle will be displayed on the Order Page before purchase.
We may change prices for new orders and renewals to reflect costs, exchange rates, licensing, fraud/abuse risk, and product improvements. Price changes do not apply retroactively to a term already paid. Where required, we will provide notice before renewal.
We may suspend any Service immediately if: (a) you violate the AUP; (b) your Service poses a security, legal, or reputational risk; (c) payment is overdue; (d) we receive a credible abuse report; or (e) we are required by Applicable Law or a competent authority.
You may cancel subscriptions through the client portal. Unless otherwise stated in the Refund & Cancellation Policy or required by consumer law, cancellation stops future renewals and does not create a right to a refund for prepaid time.
We may terminate for Material Breach (including repeated AUP violations, fraud, or non‑payment). Where feasible, we may provide notice and an opportunity to cure for minor issues, but we may act immediately where required to protect the platform or comply with law.
You are responsible for exporting Customer Content before termination. After termination, we will delete Customer Content within 30 days and will not be able to restore it after deletion. We may retain limited logs and billing records for compliance, fraud prevention, and enforcement of our rights as described in the Privacy Policy. Upon request made before termination, we will make Customer Content available for export in a standard format.
Domain registrations are not automatically cancelled when hosting is cancelled. Domains remain subject to their registration term and registry rules, and fees may be non‑refundable. You remain responsible for renewals unless you transfer the domain away or explicitly disable renewals.
Provider and its licensors own all rights in the Services, platform software, documentation, and branding. Except for permitted use to access the Services, you may not copy, reverse engineer, or create derivative works from Provider software except to the extent permitted by law.
You retain rights in Customer Content. You represent you have the rights necessary to host and distribute it.
We respond to valid notices of alleged copyright infringement. Instructions for notices and counter‑notices are in Appendix E. We may remove or disable access to content and may terminate repeat infringers where appropriate. For the purposes of 17 U.S.C. § 512, copyright notices should be sent to [email protected].
We may request evidence of rights and may suspend or remove content where required by law or where misuse is clear and creates material risk for the platform.
Each party may receive non‑public information from the other that is marked or reasonably understood to be confidential ("Confidential Information"). The receiving party will protect Confidential Information with reasonable care and use it only to perform under this Agreement. Confidential Information does not include information that becomes public without breach, was already known to the receiving party, was independently developed, or was lawfully obtained from a third party without restriction.
We will provide the Services with reasonable care and skill. Other than express warranties stated in this Agreement and non‑waivable statutory warranties, the Services are provided "as is" and "as available".
To the maximum extent permitted by Applicable Law, we disclaim warranties of merchantability, fitness for a particular purpose, non‑infringement, and uninterrupted or error‑free operation. We do not warrant that the Services will be secure against all threats or that data loss will never occur.
Support is provided through the channels and hours described for your plan. For Self‑Managed Services, support is limited to platform access, billing, and platform‑wide availability incidents. Support does not include development work, SEO, custom code review, application debugging, or third‑party plugin conflicts, unless explicitly included in a paid managed/support package.
We are not responsible for failures caused by third‑party networks, registries, software vendors, or Infrastructure Providers, except to the extent required by law or covered by the SLA.
To the maximum extent permitted by Applicable Law, Provider is not liable for indirect, incidental, special, consequential, or punitive damages, including loss of profits, business interruption, loss of goodwill, or loss of data.
To the maximum extent permitted by law, Provider's total aggregate liability for all claims relating to a specific Service will not exceed the Fees paid for that Service during the twelve (12) months immediately preceding the event giving rise to the claim.
Nothing in this Agreement excludes or limits liability for death or personal injury caused by negligence, fraud, fraudulent misrepresentation, Provider's wilful default, or any liability that cannot be excluded under Applicable Law. For Consumers, limitations apply only to the extent permitted. Nothing in this Agreement limits either party's liability for breaches of data protection law to the extent such liability cannot be excluded under Applicable Law.
Business Customers agree to defend, indemnify, and hold harmless Provider and its affiliates, officers, employees, and agents from third‑party claims arising from (a) Customer Content; (b) Customer's use of the Services; (c) Customer's breach of this Agreement; or (d) Customer's violation of law, including privacy or IP law. Provider will notify Customer and allow Customer to control the defense, subject to Provider's right to participate with its own counsel.
Consumers are not required to indemnify Provider except where permitted by Applicable Law.
This Section applies if you are a Consumer and mandatory consumer protection law applies. If you are a Business Customer, this Section does not apply except where a mandatory rule states otherwise.
In many jurisdictions (including the UK and EU), consumers buying services online generally have a right to cancel within 14 days of contract conclusion (the "cooling‑off period"), subject to exceptions and conditions. Where this right applies, you may cancel within the cooling‑off period without giving a reason by using the cancellation mechanism in your client portal or by sending a clear statement of cancellation to us.
If you request that we start providing the Services during the cooling‑off period, you acknowledge that you may be required to pay for the portion of Services provided up to the time you cancel, and you may lose the right to a full refund once performance begins, to the extent permitted by law. Where the law requires it, we will obtain your express request and acknowledgment at checkout.
Nothing in these Terms limits statutory rights you may have where Services are not provided with reasonable care and skill or where digital content/services are defective, including remedies required by Applicable Law.
If you are a Consumer in the European Union, you may use the European Commission's Online Dispute Resolution platform at https://ec.europa.eu/consumers/odr. Our email for ODR purposes is [email protected].
Before filing a claim, you agree to contact us through the client portal and attempt to resolve the dispute informally. Provide Account details, a description of the issue, and the relief requested.
If you reside in or are established under the laws of the United States, Appendix A applies and generally requires individual arbitration for most disputes, with limited exceptions (such as small claims court).
If you are a Consumer, nothing prevents you from bringing claims in courts that have mandatory jurisdiction under your local law.
For customers outside the United States, this Agreement is governed by the laws of England and Wales. Subject to mandatory consumer rights, the courts of England and Wales have exclusive jurisdiction. This choice of law does not deprive Consumers of any mandatory protections afforded by the law of their habitual residence.
For U.S. customers, Appendix A applies and the Federal Arbitration Act governs arbitration interpretation and enforcement.
To the extent Provider qualifies as a "hosting service" provider under the EU Digital Services Act (Regulation (EU) 2022/2065), this Section sets out our compliance commitments.
Provider stores information provided by recipients of its hosting services. The DSA obligations applicable to hosting service providers apply to the extent Customer Content is made available to recipients located in the European Union.
Provider's single point of contact for EU Member State authorities, the European Commission, and the European Board for Digital Services is: [email protected]. For recipients of the service (including EU users), the contact point is: [email protected]. Communications may be conducted in English.
As Provider is established outside the European Union and offers services to persons in the EU, Provider will designate a legal representative in a Member State. Details of the designated representative will be published at my.yhost.io/legal and updated as they become available. [Note: Provider is in the process of appointing an EU legal representative in accordance with DSA Article 13. This section will be updated with the representative's name, address, and contact details upon appointment.]
Any individual or entity may notify us of the presence of specific items of information that the notifier considers to be illegal content. Notices should be submitted to [email protected] and should contain: (a) a sufficiently substantiated explanation of the reasons why the content is alleged to be illegal; (b) a clear indication of the exact electronic location of the information (e.g., URL); (c) the name and email address of the submitting individual or entity; and (d) a statement confirming the good faith belief that the information and allegations are accurate and complete. We will process notices in a timely, diligent, non‑arbitrary, and objective manner.
Where we restrict or remove Customer Content, suspend or terminate an Account, or otherwise impose restrictions in response to illegal content or a terms‑of‑service violation, we will provide the affected Customer with a clear and specific statement of reasons, including: (a) the restriction applied; (b) the facts and circumstances relied upon; (c) the legal basis or contractual ground; and (d) information about available redress mechanisms.
Where we become aware of any information giving rise to a suspicion that a criminal offence involving a threat to the life or safety of a person or persons has taken place, is taking place, or is likely to take place, we will promptly inform the relevant law enforcement or judicial authorities.
Provider will publish an annual transparency report in accordance with DSA Article 15, including information on content moderation activities, orders received from Member State authorities, and notices processed. Transparency reports will be published at my.yhost.io/legal.
Our AUP and these Terms describe the restrictions, tools, and policies we apply to Customer Content. We will ensure that terms of service information is presented in clear, plain, and unambiguous language and is publicly available.
This Section applies to the extent that U.S. state privacy laws (including the California Consumer Privacy Act as amended by the California Privacy Rights Act, "CCPA/CPRA", the Virginia Consumer Data Protection Act, the Colorado Privacy Act, and other similar state laws, collectively "U.S. State Privacy Laws") apply to Provider's processing of personal information on Customer's behalf.
With respect to personal information contained in Customer Content, Provider acts as a "service provider" (CCPA/CPRA) or "processor" (other U.S. State Privacy Laws) on Customer's behalf. Provider processes such personal information solely for the purpose of providing the Services as described in this Agreement (a "business purpose") and does not sell, share (as defined under CCPA/CPRA), or otherwise use personal information for any purpose other than providing the Services.
Provider will: (a) not sell or share (as defined under CCPA/CPRA) personal information received from or on behalf of Customer; (b) not retain, use, or disclose personal information for any commercial purpose other than providing the Services; (c) not retain, use, or disclose personal information outside the direct business relationship between Provider and Customer, except as permitted by Applicable Law; (d) comply with Applicable Law and provide the same level of privacy protection as required by U.S. State Privacy Laws; and (e) notify Customer if Provider determines it can no longer meet its obligations under U.S. State Privacy Laws.
Provider will reasonably assist Customer in responding to verifiable consumer requests exercising rights under U.S. State Privacy Laws (such as access, deletion, or correction requests), including by providing mechanisms to facilitate data retrieval and deletion. Customer is responsible for determining and communicating the instructions for processing such requests.
Provider certifies that it understands and will comply with the restrictions and obligations set forth in this Section and will treat personal information in accordance with the requirements of U.S. State Privacy Laws as applicable.
We may send notices to the email address on your Account or via the client portal. You must keep contact details up to date. Notices to Provider regarding legal matters should be sent to [email protected]. General notices should be sent via the client portal or to [email protected] unless a policy specifies a different address.
You may not assign this Agreement without our prior written consent. We may assign this Agreement as part of a merger, acquisition, or sale of assets, provided the assignee assumes all obligations under the Agreement.
Neither party is liable for failure or delay caused by events beyond reasonable control, including natural disasters, war, civil unrest, government action, fiber cuts, large‑scale DDoS attacks, pandemics, or upstream outages, provided the affected party: (a) uses reasonable efforts to mitigate; and (b) notifies the other party promptly after the event occurs and provides updates as reasonably practicable. If a force majeure event continues for more than 60 consecutive days, either party may terminate the affected Services upon written notice, and Provider will refund any prepaid Fees for the period of non‑performance.
If any provision is unlawful or unenforceable, the remaining provisions remain in effect and will be interpreted to best achieve the original intent.
This Agreement constitutes the entire agreement regarding the Services and supersedes prior discussions. Sections relating to Fees, data protection, suspension/termination, IP, confidentiality, disclaimers, liability, indemnification, dispute resolution, and provisions that by their nature should survive, survive termination.
Our use of cookies and similar tracking technologies is described in the Cookie Policy.
Important: This Schedule forms part of the Agreement. Limits and conditions shown on product pages, Order Pages, or in the client portal are incorporated and apply to your subscription.
Smart Web Hosting is a shared (multi‑tenant) hosting service. Because multiple customers share underlying systems, we enforce per‑account limits and may apply automated controls (process limits, throttling, caching, rate limiting) to maintain stability. If your workload outgrows a shared plan, we may require an upgrade to VPS or other dedicated resources.
Smart Web Hosting is Self‑Managed unless explicitly sold as Managed. Self‑Managed means we provide a working hosting environment and keep the underlying platform available; you are responsible for your site/application, updates, plugins/themes, configuration, content, security practices, and application‑level backups. Support for Self‑Managed hosting is limited to account access and platform availability incidents affecting the hosting service itself.
The entry plan described as "Blog" (where offered) is available only on annual pre‑paid billing and is not offered monthly. The Billing Cycle is displayed at checkout.
All discount percentages and "Save" labels are promotional and may change or be withdrawn at any time for new orders and renewals. The checkout price applies for the selected term for that Order.
Cloud VPS provides a virtual server with dedicated resource tiers (vCPU, RAM, disk). Unless explicitly sold as Managed, Cloud VPS is Self‑Managed: you are responsible for OS administration, firewall configuration, patching, application setup, backups, and security hardening of your workloads. We provide access credentials and the underlying virtualization/platform availability.
Plan elements such as "up to" snapshots, "up to" backups, or "up to" IP addresses are subject to platform capabilities, retention rules, verification, and anti‑abuse constraints. We may adjust technical limits for security and platform integrity.
To protect network reputation, outbound email restrictions may apply by default. We may block TCP/25 or impose rate limits. Enabling outbound SMTP may require additional verification and compliance checks.
Unless stated otherwise on the Order Page, we guarantee activation within up to 48 hours after successful payment and completion of any required verification. If we are unable to provision within that time due to reasons within our control, you may request cancellation and a refund of initial hosting Fees paid for that Order. This does not apply to non‑refundable items (domains, issued licenses) or delays outside our control.
If you purchase backups/snapshots, the scope (what is captured), retention (how long we keep copies), and restore options (self‑service or ticket‑based) are described on the Order Page or in service documentation. Backups are not archival storage and may be pruned. You are responsible for verifying application integrity after restore.
We may offer paid professional services such as migrations, security hardening, malware remediation, or custom configuration. Professional services are delivered on a best‑effort basis and may require a statement of work (scope, prerequisites, timelines, fees). Unless explicitly agreed, professional services do not include ongoing managed support after completion.
We provide domain registration, renewal, transfer, and related services as a reseller through third‑party registrars/registries (currently including ResellerClub and/or its affiliates, and the applicable registry/registrar for each TLD). Domain services are subject to: (i) this Agreement; (ii) registry/registrar and ICANN rules; and (iii) any third‑party provider terms applicable to the transaction.
You must provide and maintain accurate registrant contact information. Some registries require periodic verification. Failure to verify may result in suspension or deletion by the registry/registrar.
Domains are registered for fixed terms. You are responsible for renewing before expiration. If auto‑renew is enabled, we will attempt renewal using your saved payment method before expiry; failed payments may lead to expiration. After expiration, domains may enter grace or redemption periods with additional fees, or may be auctioned or reassigned per registry rules. We are not responsible for loss of a domain due to failure to renew or maintain accurate contact details.
Transfers depend on registry and registrar processes and may be subject to transfer locks and timing rules. We do not guarantee transfer completion times.
Domain registration, renewal, transfer, redemption, and registry fees are generally non‑refundable once submitted to the registrar/registry, except where mandatory law requires otherwise or a registry explicitly permits a refund.
Domains may be subject to dispute procedures (e.g., UDRP/URS or ccTLD dispute policies). You agree that domains may be locked, suspended, transferred, or cancelled if required by a registry decision, court order, or applicable dispute policy.
Purpose: This Schedule provides additional operational detail and compliance clarifications that commonly matter for infrastructure partners, payment processors, and security handling. It does not reduce any non‑waivable rights under Applicable Law.
We may communicate incidents, maintenance windows, and platform advisories via the client portal, email, and/or a status page. "Incident" includes availability events, security events, abuse events, upstream routing problems, registry incidents, or emergency maintenance. You agree to keep contact details current and to monitor notices we publish.
If we request Customer action (for example, disabling a vulnerable plugin, rotating credentials, updating DNS, removing malicious content, or validating outbound email), you will respond promptly. Incident response can be time‑sensitive; we may apply temporary restrictions, isolation, rate limits, or suspension to contain harm. Where feasible, we will provide (a) affected scope, (b) mitigation steps applied, and (c) next steps for Customer.
Without limiting the AUP, you must not use the Services to host or distribute malware, phishing, credential theft, botnet infrastructure, spam operations, unauthorized access tools, or content that is illegal in the jurisdiction where it is hosted or accessed. You must not operate open relays, open proxies, or publicly accessible services primarily designed to conceal identity for unlawful purposes. You must not run sustained scanning of third‑party networks, or attempt to bypass security controls. If an activity is technically possible but creates a material risk to our network reputation or payment processing relationships, we may restrict or prohibit it.
Examples of high‑risk patterns include: bulk account creation, rapid scaling of outbound mail, hosting "download" mirrors that trigger abuse complaints, public paste services without moderation, and traffic patterns consistent with credential stuffing or brute‑force activity. Where local law permits certain content, we may still refuse it if it creates disproportionate upstream risk.
Some plan characteristics are expressed as "up to" because performance and capacity depend on hardware scheduling, workload mix, and upstream conditions. For example, "up to" snapshots or backups are subject to platform capabilities, retention policies, and abuse controls. Transfer/traffic allowances can be affected by mitigation filtering (e.g., dropped attack traffic is not useful "throughput"). CPU scheduling and storage performance can vary with file system caching, database tuning, and application behavior.
Unless explicitly guaranteed by the SLA in writing, we do not warrant specific throughput, latency, IOPS, or request‑per‑second values. You are responsible for selecting an appropriate plan tier and designing applications with proper caching, rate limiting, and redundancy.
We apply risk‑based verification to prevent fraud and abuse. Enhanced due diligence may be required for certain patterns, including high‑risk geographies, rapid bulk purchasing, requests for additional IP addresses, requests to enable outbound SMTP on port 25, high‑volume proxy/VPN use cases, high‑traffic public services, or prior abuse signals. Verification may include proof of identity, proof of address, business registration, beneficial ownership information, payment method verification, and a use‑case explanation.
If verification is not provided within a reasonable time, we may cancel the Order. Where cancellation occurs, we will refund payments not consumed by non‑refundable third‑party costs or services already delivered.
Security is a shared responsibility model. We are responsible for maintaining the security of managed infrastructure layers (for example: physical security, hypervisor and base platform security, network‑level firewalling, platform monitoring, and patching of components we control). You are responsible for the security of your workloads (for example: OS patching on VPS, application configuration, CMS/plugin updates, credential management, access control, and secure development practices). We may provide tools and guidance, but you remain responsible for outcomes on Self‑Managed Services.
We may use one or more payment processors and gateways and may change processors over time. Processors and banking partners may require that we enforce strong AUP controls, verify customer identities, maintain clear refund rules, and prevent prohibited activity. You agree to cooperate with verification and to avoid behavior that creates chargeback or fraud risk. If a payment is reversed or disputed, we may suspend related Services while investigating to prevent further loss.
We may maintain records needed for tax, accounting, fraud prevention, and compliance with Infrastructure Provider requirements. Where reasonably necessary to investigate abuse or comply with legal obligations, we may request information from you about your use case (for example, confirming that you control the domain you send email from, or that you have rights to host particular content). We will request only what is reasonably necessary for the stated purpose.
Applicability: This Appendix applies only if you reside in or are established under the laws of the United States.
Except for small‑claims matters and requests for injunctive relief to stop unlawful use of the Services or protect intellectual property, you and Provider agree that disputes arising out of or relating to the Services or this Agreement will be resolved by final and binding individual arbitration administered by the American Arbitration Association (AAA) under its applicable rules.
Claims may be brought only in an individual capacity, not as a plaintiff or class member in any class, consolidated, or representative proceeding. The arbitrator may not consolidate more than one person's claims.
If you are a U.S. Consumer, you may opt out within 30 days of first purchase by emailing [email protected] with your Account email and "Arbitration Opt‑Out" in the subject line.
AAA fees are governed by AAA rules. Arbitration may be conducted by phone, video, or in person depending on circumstances.
The Federal Arbitration Act governs interpretation and enforcement of this arbitration provision.
Provider uses the following categories of Subprocessors to deliver the Services. The current list of specific Subprocessors (including entity name, purpose, and processing location) is maintained as part of the DPA and available at my.yhost.io/legal/dpa. Changes to Subprocessors are notified in accordance with Section 7.6.
Customer grants general authorisation to Provider to engage the Subprocessors listed in the DPA. Provider will notify Customer at least 30 days before engaging a new Subprocessor or materially changing the processing activities of an existing one. Customer may object in accordance with Section 7.6.
This Appendix is informational and does not create additional warranties. It is intended to provide a high‑level overview of Provider's security and resilience practices.
Security controls may include: network‑level firewalling, web application firewall (WAF) rules, DDoS mitigation, malware scanning, patching of managed components, encryption of data in transit (TLS), and logging for incident response. Customers remain responsible for application security and updates, especially for Self‑Managed Services.
Provider maintains business continuity and disaster recovery measures proportionate to the Services provided, including: redundant infrastructure components, regular backup processes for platform‑level data, incident response procedures, and the ability to restore critical platform functions. Specific recovery time objectives and recovery point objectives (where committed) are described in the SLA.
Provider's security practices are designed to align with recognized frameworks. For Customers subject to the EU NIS2 Directive (Directive (EU) 2022/2555), Provider will provide reasonable cooperation and information to assist Customer in meeting its supply‑chain security obligations, upon written request.
Model cancellation notice: To Apefo Ltd (Yhost), 24-26 Regent Place, City Centre, Birmingham, United Kingdom, B1 3NJ / [email protected]. I hereby give notice that I cancel my contract for the provision of the following service(s): [insert service], ordered on [date]. Name: [your name]. Address: [your address]. Email: [your email]. Date: [date].
If you believe that content hosted on our Services infringes your copyright, please send a notice to [email protected] including:
If you believe that material was removed or disabled as a result of mistake or misidentification, you may submit a counter‑notice to [email protected] including:
Upon receipt of a valid counter‑notice, Provider will forward it to the complaining party and inform them that the removed material may be restored after 10 business days. Unless the copyright owner files a court action seeking a restraining order against the content provider, Provider may restore the material between 10 and 14 business days after receipt of the counter‑notice.
Provider maintains a policy of terminating the accounts of users who are repeat infringers of copyright in appropriate circumstances. Repeated valid notices of infringement may result in Account termination.
For content removal requests that are not based on copyright (for example, illegal content under EU law), please use the notice‑and‑action mechanism described in Section 18.4 of these Terms.
Subscribe to get Exclusive offer & updates in your Email
Yhost Hosting provider uses the most up-to-date technologies in order to provide you with the most powerful, high-performing servers possible. Best Web & VPS Hosting Services, Cloud & NVMe VPS.
Copyright © 2014‐2026 Yhost. All Rights Reserved
