Gridheart Acceptable Use Policy

    Version 2025-03

    This Acceptable Use Policy ("AUP") applies to all use of the Gridheart Marketplace, Services, and any software or Third-party Products provided or distributed by Gridheart (together, "Gridheart Offerings"). It forms part of the Gridheart Marketplace and Master Resell Agreement.

    You will not, and will not allow Your End-Users or any third party under Your control to, use any Gridheart Offering in violation of this AUP. Capitalised terms have the meanings given in the Master Resell Agreement.

    1. Prohibited Use - General

    You must not use any Gridheart Offering:

    1. In a way prohibited by applicable law, regulation, governmental order, or decree, including but not limited to GDPR, NIS2, and applicable export control and sanctions regulations.
    2. To violate the rights of others, including intellectual property rights, privacy rights, or rights of personality.
    3. To gain or attempt to gain unauthorised access to any service, device, data, account, or network.
    4. In a way that could harm any Gridheart Offering or impair anyone else's use of it.
    5. To sub-licence, sell, resell, rent, lease, loan, transfer, distribute, time-share, or otherwise make any Gridheart Offering available to third parties, except as expressly permitted under the Master Resell Agreement.
    6. In any application or situation where failure of a Gridheart Offering could lead to death, serious bodily injury, or severe physical or environmental damage.
    7. To reproduce, distribute, display, transmit, or use material protected by copyright, trademark, or other intellectual property right without first obtaining the permission of the rights holder.
    8. To transmit, upload, or distribute any Harmful Code, ransomware, spyware, adware, or other malicious software.

    2. Prohibited Use - Technical

    You must not, and must not allow Your End-Users or any third party under Your control to:

    1. Create derivative works based on, or otherwise modify, any Gridheart Offering.
    2. Disassemble, decompile, or reverse-engineer any Gridheart Offering, except to the extent permitted by applicable law.
    3. Access any Gridheart Offering in order to develop a competing product or service.
    4. Access any Gridheart Offering in a manner intended to avoid incurring fees or to circumvent usage limits.
    5. Remove or modify any copyright or proprietary rights notice in or on any Gridheart Offering.
    6. Disable, hack, or otherwise interfere with any security, digital signing, digital rights management, verification, or authentication mechanism in any Gridheart Offering.
    7. Disrupt the integrity or performance of any Gridheart Offering or any data contained therein.
    8. Access any Gridheart Offering by any means other than the interface provided by Gridheart, unless otherwise agreed in writing.
    9. Conduct vulnerability scanning, penetration testing, or security assessments of any Gridheart Offering or shared infrastructure without prior written authorisation from Gridheart.
    10. Use any Gridheart Offering to mine cryptocurrency or conduct other resource-intensive computational tasks unrelated to the intended purpose of the Service.
    11. Attempt to probe, scan, or test the vulnerability of any system or network accessible through a Gridheart Offering.

    3. Security Obligations

    In connection with Your use of Gridheart Offerings, You shall:

    1. Implement and maintain appropriate technical and organisational security measures for Your own systems, accounts, and End-User environments in accordance with applicable law, including NIS2 where applicable.
    2. Ensure that administrator credentials and API keys are stored securely, rotated regularly, and are not shared or exposed in source code, documentation, or communication channels.
    3. Promptly notify Gridheart at support@gridheart.com if You become aware of any actual or suspected security incident, unauthorised access, or compromise involving any Gridheart Offering or account.
    4. Not use the Services as a vector to attack, probe, or compromise the systems of third parties, Your Customers, or other Gridheart partners.
    5. Ensure that Your Customers are informed of and comply with the obligations in this AUP.

    4. NIS2 and Regulatory Compliance

    Where You or Your Customers are subject to the NIS2 Directive (Directive (EU) 2022/2555) or national implementing legislation, You acknowledge that:

    1. You are responsible for assessing and maintaining Your own compliance obligations under NIS2 and any other applicable sector-specific regulation.
    2. Gridheart may, upon request and subject to applicable terms, provide documentation to assist You in demonstrating the security measures applicable to the Gridheart Offerings You use.
    3. Use of Gridheart Offerings does not, by itself, constitute fulfilment of Your NIS2 obligations. You remain solely responsible for Your own risk management, incident reporting, and supply chain security assessments.

    5. AI Tools and Automated Systems

    Where You use any AI-powered feature, tool, or Third-party Product available through Gridheart:

    1. You are responsible for reviewing and validating any AI-generated output before use, and for ensuring that such use complies with applicable law, including the EU AI Act where applicable.
    2. You must not use AI-powered tools to generate content that is misleading, discriminatory, or otherwise harmful, or to automate decisions that produce legal or similarly significant effects on individuals without appropriate human oversight.
    3. Personal Data must not be submitted to AI tools unless You have a lawful basis for doing so and have verified that the tool processes such data in compliance with GDPR.

    6. Consequences of Violation

    Violation of this AUP may result in:

    • Immediate suspension of Your access to the Marketplace and affected Services upon notice to You
    • Termination of the Master Resell Agreement in accordance with its terms
    • Reporting to relevant authorities where required by applicable law

    Gridheart reserves the right to investigate suspected violations. You agree to cooperate with any such investigation and to provide Gridheart with reasonable access to relevant records and information.

    This AUP may be updated from time to time. Updated versions will be published at gridheart.com/sv/aup and will take effect 30 days after publication, in accordance with the Master Resell Agreement.

    For questions, contact support@gridheart.com.