📘

Terms of Service

Ultra.cc Terms of Service

Effective date: 1st July 2026

These Terms of Service apply only to Ultra.cc plans purchased from 1st July 2026, and to any customer who migrates or upgrades into a new plan. If you are on a legacy plan and have not migrated or upgraded, the legacy Terms of Service continue to apply: https://docs.ultra.cc/terms-of-service-legacy.

1. Who we are and how these Terms work

1.1 Ultra.cc is run by SlashN Services Pte. Ltd. In these Terms, "Ultra.cc", "Ultra", "we", "us", and "our" mean SlashN Services Pte. Ltd. trading as Ultra.cc.

1.2 "You", "your", and "customer" mean the person or organisation that creates an account, places an order, pays an invoice, uses a service, or is given access to a service.

1.3 These Terms cover all Ultra.cc websites, customer portals, control panels, app hosting services, slots, applications, support, documentation, security programmes, and related services. We call all of this the "Services".

1.4 You accept these Terms when you create an account, place an order, pay an invoice, renew a service, access a service, or keep using a service.

1.5 If you use the Services for an organisation, you confirm that you can bind that organisation to these Terms.

1.6 You must be at least 18 years old, or the legal age to form a binding contract where you live, whichever is higher.

1.7 You must not create an account, place an order, access a Service, or use the Services if doing so would break any law, sanction, court order, regulatory rule, or legal duty that applies to you, to us, to the Services, to the country where you live, to the country where you use the Services, to the country where the relevant infrastructure sits, or to the country where the content, activity, or transaction has legal effect.

1.8 Ultra.cc is registered in Singapore. These Terms are governed by Singapore law, subject to section 27. The Services may still be used from many countries and run on infrastructure or providers in many countries. You must follow all laws that apply to your use of the Services. We may also follow laws, duties, regulator rules, payment scheme rules, sanctions, court orders, law enforcement requests, and child-safety duties that apply to us, to the Services, to a customer, to the content, to the infrastructure, or to the jurisdiction involved.

1.9 References in these Terms to applicable law, legal duties, regulators, law enforcement, child-safety bodies, data protection law, payment providers, or reporting bodies do not change the governing law of these Terms. They mean we may act when a law, duty, request, process, or risk applies to the situation.

1.10 These Terms replace all earlier Ultra.cc customer policies.

1.11 A separate written agreement signed by an authorised Ultra.cc representative can override these Terms, but only as far as it clearly says so.

1.12 An order, plan description, invoice, or product page may set service-specific limits, such as storage, traffic, region, price, billing cycle, or application support. Those limits apply only to that service.

1.13 The privacy rules in section 16 apply to personal data. If a general clause and a privacy clause conflict, the clause that gives you stronger privacy protection wins, unless relating to child safety or applicable law says otherwise.

1.14 Nothing in these Terms removes rights that cannot legally be excluded. This includes mandatory consumer rights, payment-scheme rights, data protection rights, and rights linked to fraud, unauthorised transactions, death, personal injury, or wilful misconduct.

1.15 We may update these Terms from time to time. If a change is material, we will take reasonable steps to tell customers through the website, client area, email, or another suitable channel.

1.16 If you keep using the Services after updated Terms take effect, you accept the updated Terms.

1.17 Please raise questions about these Terms through the Ultra.cc support ticket system.

2. Definitions

2.1 Account. Your Ultra.cc client area account, control panel account, and any related service account.

2.2 Service. Any Ultra.cc product, slot, hosting service, app hosting service, control panel access, support service, or related feature.

2.3 Slot. An allocated Ultra.cc app hosting environment assigned to a customer.

2.4 Customer Content. Files, media, data, applications, configurations, code, text, torrents, downloads, uploads, databases, logs, and other material that you create, upload, download, store, transmit, publish, share, or process using the Services.

2.5 Hosted Data. Customer Content stored or processed on Ultra.cc infrastructure.

2.6 Account Credit. Credit applied to your Ultra.cc account for use against future eligible Ultra.cc invoices. Account Credit is not cash.

2.7 Publicly Accessible Content. Content that can be reached by the public, by unknown third parties, by users outside your account, or by anyone with a public link, exposed port, public directory, open stream, shared application, or similar method.

2.8 Link-Shared Content. Content not listed publicly but reachable by anyone with a link, token, shared URL, exposed application, or similar access method.

2.9 User-to-User Accessible Content. Content that another user or third party may meet, access, view, download, stream, or receive through the Services.

2.10 CSAM. Child sexual abuse material. This includes any image, video, file, hash match, record, or related content that is illegal because it shows, involves, promotes, facilitates, or links to child sexual abuse or exploitation.

2.11 CSEA. Child sexual exploitation and abuse.

2.12 Abuse. Activity that breaches these Terms, harms us, harms another customer, harms a third party, breaks the law, threatens service stability, threatens security, or creates legal, operational, reputational, or safety risk.

2.13 Support Ticket. A support request sent through an official Ultra.cc support channel.

2.14 Billing Cycle. The period for which a Service is ordered, invoiced, or renewed.

2.15 Plan Group. One of the Ultra.cc product groups used to define the type of storage and applications offered. The Plan Groups are Essential, Metaliux, and Bolt NVMe.

3. Account Responsibilities

3.1 You must give us accurate, current account, billing, tax, and contact details.

3.2 You must keep your email address and account details up to date. We may use your registered email address to send invoices, service notices, legal notices, abuse notices, security notices, and account notices.

3.3 You are responsible for keeping your Account, passwords, SSH keys, application credentials, API keys, and devices secure.

3.4 You must use strong, unique passwords. We strongly recommend turning on two-factor authentication where available.

3.5 You are responsible for activity on your Account or Service, whether you authorised it or not, unless we caused it ourselves.

3.6 You must tell us promptly if you spot unauthorised access, a stolen password, account sharing abuse, malware, suspicious activity, or any other security issue on your Account or Service.

3.7 You must not sell, transfer, assign, trade, or give away your Account or Service without our written permission.

3.8 You must not resell access to your Account, Slot, Service, applications, streams, files, storage, bandwidth, FTP, HTTP, SSH, VPN, or any other part of the Services.

3.9 You may give private access to your own lawful applications or files only when that access is personal, non-commercial, properly secured, and does not breach these Terms.

3.10 If you give another person access to any part of your Service, you are responsible for their actions.

3.11 Usernames are issued on a first-come, first-served basis.

3.12 You may be able to use the same username for several Slots, where our systems and capacity allow.

3.13 Your username may be visible to other customers on the same server in limited technical contexts, such as directory paths or application URLs.

3.14 We may check usernames against internal lists of vulnerable, sensitive, reserved, misleading, or high-risk names.

3.15 We may ask you to change a username if we reasonably believe it creates a privacy, security, abuse, confusion, impersonation, operational, or legal risk.

3.16 We may recycle unused usernames after six months of inactivity.

3.17 You must not reserve, hold, buy, sell, trade, or squat usernames or account names.

3.18 We may rename, remove, suspend, or close accounts that break the username rules.

4. Nature of the Services

4.1 Ultra.cc is an app hosting provider. We are not a dedicated backup, archive, or permanent storage provider.

4.2 Many Services run on shared infrastructure. You must use shared resources fairly.

4.3 Drive failure, software failure, human error, configuration mistakes, abuse enforcement, security incidents, and third-party failures can cause data loss.

4.4 You are responsible for keeping your own independent backups of all important data.

4.5 Some applications come from third parties. We do not control every behaviour, bug, security issue, update cycle, or data handling choice in third-party software.

4.6 We may update, change, reinstall, disable, restart, patch, replace, or remove software when we reasonably need to keep the Services running, improve performance, fix issues, protect security, respond to abuse, or follow the law.

4.7 Applications, scripts, tools, or installers that we do not officially support may, at our discretion, receive limited or no support.

4.8 You are responsible for custom configurations, software you install, mounted drives, third-party integrations, and changes you make outside supported defaults.

4.9 We provide support through the official Ultra.cc support ticket system, unless we say otherwise.

4.10 We give support on a reasonable-efforts basis. We do not promise a set response time unless a written agreement says so.

4.11 We may restart, stop, kill, throttle, reconfigure, isolate, suspend, or remove applications that threaten service stability, security, fair use, or other customers.

5. Fair Use

5.1 You must use the Services only for lawful purposes.

5.2 You are responsible for all Customer Content and all activity on your Account or Service.

5.3 You must hold all rights, permissions, licences, and legal authority needed to store, download, upload, stream, share, distribute, or process Customer Content.

5.4 You must follow every law that applies to you, to us, to the Services, to where the infrastructure sits, and to where the Services are accessed or used.

5.5 All customer-run applications, interfaces, directories, tools, dashboards, and resources must use proper authentication, unless we have expressly allowed otherwise.

5.6 Open directories are not allowed. They must be accessible by you only.

5.7 Public file hosting, public streaming, public download services, public media libraries, public dashboards, public indexes, and other public services are not allowed unless we agree in writing.

5.8 You may use private streaming for lawful personal use only when access is limited, authenticated, non-commercial, and not run as a public, paid, IPTV, VOD, or redistribution service.

5.9 You must not resell any part of the Services.

5.10 You must not use the Services to distribute files, media, streams, application access, or storage access in exchange for money, cryptocurrency, goods, services, credits, donations, or any other value.

5.11 The following content and activity is prohibited.

Clause	Prohibited content or activity
5.11.1	CSAM, CSEA, child sexual exploitation, child abuse, grooming, sexual extortion of children, and any related content or activity.
5.11.2	Content or activity that promotes, helps, threatens, or supports terrorism, serious violence, or violent extremism.
5.11.3	Copyright infringement, trademark infringement, piracy, unlawful distribution, unlawful streaming, or any content you have no right to hold, store, download, upload, stream, or share.
5.11.4	IPTV hosting, IPTV sharing, IPTV resale, VOD hosting, VOD sharing, public media streaming, public video libraries, and commercial media access services.
5.11.5	Kodi add-ons, Kodi repositories, or similar tools used to share unlawful content.
5.11.6	Public file hosting, public file indexes, public HTTP directories, public download portals, and public link-sharing services.
5.11.7	Phishing, spoofing, credential theft, fraudulent gateways, fake login pages, scam pages, and social engineering infrastructure.
5.11.8	Spam, mail bombing, bulk unsolicited email, spam scripts, and tools used to send unsolicited messages.
5.11.9	Malware, viruses, worms, ransomware, botnets, trojans, destructive files, malicious scripts, and command-and-control infrastructure.
5.11.10	Hacking tools, exploit kits, unauthorised vulnerability scanners, brute-force tools, password crackers, credential-stuffing tools, and attack automation.
5.11.11	Port scanning, network scanning, denial-of-service activity, SYN floods, packet spoofing, unauthorised monitoring, and attempts to disrupt a network or service.
5.11.12	Tor relays, Tor exit nodes, open proxies, unauthenticated proxies, public VPN services, and peer-to-peer load balancers.
5.11.13	Cryptocurrency mining, proof-of-work mining, Chia farming, XMR mining, and similar resource-heavy mining.
5.11.14	Game servers, unless the specific Ultra.cc service expressly allows them.
5.11.15	Warez sites, unlicensed software distribution, cracking tools, serial-key distribution, and tools made to defeat technical copyright protection.
5.11.16	Illegal gambling, illegal lotteries, illegal arms trafficking, unlawful drug activity, high-yield investment schemes, and other unlawful regulated activity.
5.11.17	Non-consensual intimate imagery, revenge pornography, doxxing, stalking, harassment, hate content, threats, and content that breaks privacy or safety rights.
5.11.18	Content that wrongly exposes trade secrets, confidential information, personal data, access credentials, tokens, API keys, or private information of another person.
5.11.19	Scripts, code, or activity likely to cause hardware faults, storage corruption, excessive load, network instability, or service degradation.
5.11.20	Any activity that could trigger retaliation against us, our network, our providers, our customers, or our staff.
5.11.21	Any other activity that is unlawful, abusive, malicious, fraudulent, harmful, or against these Terms.

5.12 You must not use shared resources in a way that harms other customers, causes instability, eats unfair CPU, RAM, disk I/O, storage, network, or support resources, or bypasses plan limits.

5.13 We may act immediately to protect the Services. This includes stopping applications, adjusting settings, limiting resources, suspending a Service, or terminating a Service.

5.14 You must treat our staff with respect. Abuse, harassment, threats, intimidation, discrimination, or repeated bad-faith behaviour towards staff may lead to support limits, refusal of renewal, suspension, or termination.

5.15 You must not create multiple accounts, use different details, change payment methods, use aliases, or take other steps to dodge these Terms, enforcement, refund limits, plan limits, or abuse controls.

6. Security Responsibilities

6.1 You must take reasonable security precautions for your Account and Service.

6.2 You should use strong, unique passwords for the Client Area, Control Panel, SSH, FTP, applications, and third-party services.

6.3 If support needs access, you should set a temporary application password where possible and change it after the support issue is resolved.

6.4 Some applications may store passwords, API keys, cookies, or tokens in plain text. You use those applications at your own risk.

6.5 You must not share Client Area, Control Panel, SSH, or master account credentials with anyone you do not trust.

6.6 You must tell us promptly if you find unauthorised access, exposed credentials, malware, suspicious files, public directories, or any other security issue.

6.7 We may reset credentials, disable access, rotate secrets, block connections, close sessions, suspend Services, or take other steps when we reasonably need to protect security.

6.8 We strongly recommend you turn on two-factor authentication where available.

7. Support Access and Incidental Discovery

7.1 When you open a Support Ticket about a Service, application, configuration, billing issue, abuse issue, security issue, or other service matter, you authorise our staff to access the account details, service settings, application settings and interfaces, configuration files, logs, filenames, directory listings, metadata, and other technical information reasonably needed to investigate, diagnose, support, secure, operate, or protect the Service.

7.2 Our staff do not routinely browse, open, inspect, or review Customer Content during normal support work.

7.3 If our staff find, identify, or reasonably suspect CSAM, CSEA content, unlawful content, serious abuse, security threats, exposed personal data, or other content or activity that may break these Terms or applicable law while doing legitimate support, security, operational, incident response, or abuse-handling work, we may act under these Terms.

7.4 Action under clause 7.3 may include restricting access, suspending the Service, preserving evidence, escalating the matter internally, limiting further staff access, reporting to an appropriate authority or child-safety body, following legal duties, and taking any other step reasonably needed to protect children, users, us, third parties, the Services, or the public.

7.5 Staff access must stay limited to what is reasonably needed for the support, security, operational, legal, or abuse-handling purpose. Staff must not open or review media files during routine support unless our internal abuse, safety, legal, or escalation process expressly allows it.

8. Enforcement

8.1 We may investigate suspected breaches of these Terms, abuse reports, security alerts, copyright notices, law enforcement requests, CSAM/CSEA matches, payment issues, fraud signals, or service stability concerns.

8.2 An investigation may include reviewing account information, billing records, support tickets, service configuration, installed applications, logs, metadata, public content, link-shared content, user-to-user accessible content, and Customer Content where legally allowed and reasonably needed.

8.3 We do not take on a general duty to monitor all Customer Content.

8.4 Clause 8.3 does not stop us from using targeted, automated, or manual measures for security, abuse prevention, legal compliance, copyright handling, CSAM/CSEA detection, service operation, or safety.

8.5 If we believe you have breached these Terms or created risk, we may take one or more of the following actions.

Clause	Enforcement action
8.5.1	Warn you.
8.5.2	Ask you to remove content or change your behaviour.
8.5.3	Disable, stop, restart, throttle, or remove an application.
8.5.4	Restrict ports, protocols, processes, directories, links, or access.
8.5.5	Suspend a Service.
8.5.6	Suspend an Account.
8.5.7	Terminate a Service.
8.5.8	Terminate an Account.
8.5.9	Preserve, restrict, or isolate content or records where legally required or reasonably needed.
8.5.10	Report suspected illegal content or activity to an appropriate authority.
8.5.11	Refuse future service.
8.5.12	Refuse a refund where these Terms allow.

8.6 We will normally try to give notice before we act. We may act without notice if the issue is urgent, serious, unlawful, harmful, security-related, abuse-related, CSAM/CSEA-related, payment-related, or where notice could increase risk.

8.7 Services suspended or terminated for breach of these Terms are not eligible for a refund.

8.8 If we suspend or terminate a Service, we may allow you to retrieve lawful data where this is safe, lawful, and technically practical.

8.9 We will not let you retrieve content we reasonably believe is illegal, harmful, subject to legal preservation, or linked to serious abuse.

8.10 We may preserve records, logs, metadata, hashes, content, or account information where the law requires it, a lawful authority requests it, or we reasonably need to for security, abuse, child safety, legal claims, or dispute handling.

8.11 If we find suspected illegal content, we may restrict access and preserve evidence rather than delete it immediately, where this is required or appropriate.

9. Copyright and Content Abuse

9.1 You must not use the Services to store, download, upload, stream, distribute, or share copyrighted material unless you have the legal right to do so.

9.2 Rights holders and other complainants may report alleged abuse or infringement to abuse@ultra.cc or through another abuse channel we publish.

9.3 A copyright or infringement notice should include the following.

Clause	Required information
9.3.1	The copyrighted work or protected material said to be infringed.
9.3.2	The allegedly infringing material, with the URL, IP address, port, path, filename, or other information needed to find it.
9.3.3	The complainant's name, organisation, email address, and contact details.
9.3.4	A statement that the complainant honestly believes the disputed use is not authorised by the rights holder, its agent, or the law.
9.3.5	A statement that the information in the notice is accurate and that the complainant is the rights holder or authorised to act for the rights holder.
9.3.6	A physical or electronic signature.

9.4 We may check a notice for completeness, credibility, authority, legal sufficiency, and operational impact.

9.5 Where it is appropriate, we may tell the customer and ask them to remove or disable access to the reported content.

9.6 Unless the issue is urgent, serious, unlawful, a repeat abuse case, or one where the law requires faster action, we may give the customer up to 24 hours to remove or disable access to the reported content.

9.7 If the customer does not act within the required time, we may suspend or terminate the Service.

9.8 We may suspend or terminate customers who repeatedly infringe, repeatedly receive valid infringement notices, repeatedly fail to remove reported content, or show a pattern of infringing behaviour.

9.9 If you believe a complaint is wrong, you may send us a counter-notice with enough information to explain your position. We do not act as a legal mediator between you and the complainant.

9.10 Complainants are responsible for false, misleading, abusive, or bad-faith notices.

9.11 We may also accept and act on reports about malware, phishing, fraud, exposed personal data, non-consensual intimate images, CSAM/CSEA, terrorism, network abuse, or other unlawful content.

10. CSAM and Child Safety

10.1 CSAM and CSEA content or activity is strictly prohibited.

10.2 This ban applies to all Customer Content and all use of the Services.

10.3 This includes content that is public, shared, link-shared, user-to-user accessible, private, stored, backed up, cached, hidden, encrypted, archived, renamed, or otherwise present on a Service.

10.4 We may suspend or terminate any Account or Service linked to CSAM or CSEA immediately and without refund.

10.5 We may use automated hash-matching or similar safety technology to help detect known or suspected CSAM.

10.6 These checks are limited to child-safety purposes. We do not use CSAM hash-matching for advertising, profiling, customer analytics, general file browsing, or ordinary content review.

10.7 Automated CSAM hash-matching may apply to relevant user-generated image and video content on the Services.

10.8 This may include relevant image and video content that is uploaded, downloaded, stored, backed up, cached, processed, made public, shared, link-shared, user-to-user accessible, or otherwise present on a Service.

10.9 Automated CSAM hash-matching does not mean that Ultra.cc staff routinely browse, open, watch, inspect, or manually review private Customer Content.

10.10 Where reasonably practical, automated CSAM checks will use hashes or similar digital fingerprints rather than sending or exposing the original file.

10.11 Where reasonably practical, we will generate and compare hashes locally or in another privacy-preserving way.

10.12 We will use trusted hash sources where reasonably practical.

10.13 We will not send ordinary customer files, filenames, paths, URLs, or account identifiers to a third-party hash provider unless this is legally required, needed for a report, needed for child safety, needed to verify or handle a match, or clearly disclosed in our privacy information.

10.14 A hash, match record, report, log, or review record may be personal data where it is linked or linkable to an Account, Service, file, person, report, or enforcement action.

10.15 We will treat CSAM/CSEA-related hashes, match records, reports, logs, and review records as sensitive information.

10.16 If an automated check creates a potential match, we may review the minimum information reasonably needed to assess it.

10.17 Human review must be limited to what is reasonably needed to assess a potential match, meet a legal duty, respond to a report, protect safety, prevent harm, or act under these Terms.

10.18 Only trained and authorised staff or leadership with a need to know may handle potential CSAM matches.

10.19 General support staff must not open, play, view, copy, download, or review suspected CSAM media.

10.20 If staff find or reasonably suspect CSAM while doing legitimate support, security, abuse, legal, operational, or safety work, we may act under these Terms.

10.21 We may restrict access, suspend or terminate the Account or Service, preserve evidence, limit staff access, escalate internally, block content, create match records, report to an appropriate authority or child-safety body, or take any other reasonable step needed to protect children, users, us, third parties, the Services, or the public.

10.22 Where appropriate or required, we may preserve content, hashes, logs, account details, service details, support records, review records, and related evidence.

10.23 We may restrict, quarantine, disable, remove, block, or prevent access to content we suspect or confirm to be CSAM.

10.24 Where required or legally permitted, we may report detected, suspected, or confirmed CSAM or CSEA to an appropriate authority, law enforcement agency, regulator, reporting portal, or child-safety body.

10.25 If we believe there is a current or imminent risk to a child or another person, we may contact emergency services, a law enforcement agency, or another appropriate authority.

10.26 We may withhold notice to a customer where notice is prohibited by law, could prejudice an investigation, could increase risk, could interfere with child safety, could expose a victim, or would be counterproductive.

10.27 A customer may challenge a wrongful takedown, suspension, termination, or false positive.

10.28 We will not reinstate content we believe is illegal.

10.29 Appeals must not be used to request, describe, transmit, access, recover, preserve, or share CSAM.

10.30 Our safety measures do not guarantee that all CSAM, CSEA, unlawful content, or abuse will be found or removed.

10.31 We do not guarantee that automated checks can detect encrypted, password-protected, hidden, renamed, modified, corrupted, archived, or otherwise inaccessible content.

10.32 Before we launch or materially change automated CSAM detection or similar safety technology, we will complete and keep an appropriate privacy, safety, and legal risk assessment.

10.33 The assessment will cover necessity, proportionality, lawful basis, data minimisation, access controls, retention, false positives, reporting, staff safety, customer privacy, technical safeguards, and the laws that apply.

10.34 Where CSAM detection, abuse handling, fraud handling, security investigation, or legal compliance involves criminal-offence data, child-safety data, highly sensitive data, or other protected information, we will restrict access, document the purpose, apply suitable safeguards, and keep the information only for as long as required or appropriate under applicable law and these Terms.

10.35 Where applicable law requires a specific internal policy document, processing record, impact assessment, safeguarding record, or similar compliance document, we will keep that document for the relevant processing.

10.36 We may keep records of potential matches, confirmed matches, false positives, takedowns, reports, decisions, access to evidence, appeals, and related actions.

10.37 We will not use CSAM detection records for unrelated purposes unless required or permitted by applicable law, needed to protect the Services, needed to protect children or other people, or needed for legal claims, security, abuse handling, or compliance.

10.38 Nothing in this section limits our right to comply with applicable law, court orders, law enforcement requests, regulator requests, reporting duties, child-safety duties, or urgent safety risks.

11. Customer Content and Intellectual Property

11.1 You keep ownership of any Customer Content you already own.

11.2 You are responsible for making sure Customer Content is lawful and that you have all the rights you need.

11.3 You grant us a limited, non-exclusive, worldwide licence to host, store, copy, transmit, process, cache, back up, secure, troubleshoot, migrate, display to you, and otherwise handle Customer Content only as reasonably needed to provide, support, secure, operate, improve, enforce, or comply with law in relation to the Services.

11.4 We do not claim any general right to publicly display, publicly perform, sell, resell, publish, exploit, or commercialise Customer Content.

11.5 We may make technical changes to Customer Content where we reasonably need to transmit, store, back up, secure, migrate, scan, quarantine, or deliver it.

11.6 We may preserve, restrict, disclose, or remove Customer Content where the law allows or requires it, in line with legal process, safety duties, abuse handling, or these Terms.

11.7 You confirm you have the rights, permissions, licences, and authority needed for your Customer Content and for the licence in clause 11.3.

11.8 We or our licensors own all rights in the Services, websites, branding, control panel, documentation, software, systems, designs, and related intellectual property, except for Customer Content.

11.9 You must not copy, reverse engineer, decompile, disassemble, scrape, clone, resell, or misuse any Ultra.cc software, system, interface, documentation, website, or service except where the law expressly allows it.

11.10 If you give us feedback or suggestions, we may use them without owing you payment, unless we agree otherwise in writing.

12. Billing, Payments and Taxes

12.1 Services are normally billed and paid in advance.

12.2 We normally issue renewal invoices 10 days before the due date.

12.3 We may send invoice reminders before and after the due date.

12.4 You are responsible for paying all invoices on time.

12.5 If an invoice is unpaid after midnight UTC on the due date, we may suspend the related Service.

12.6 We may send reminders on the 1st, 2nd, and 5th day after the due date.

12.7 If an invoice is unpaid after midnight UTC on the 5th day after the due date, we may terminate the Service and permanently delete its data.

12.8 A payment made after a Service has been terminated for non-payment may create a new Service. It does not guarantee that we will restore the old Service or its data.

12.9 A new Service created after non-payment termination does not reset your first order refund eligibility.

12.10 Third-party payment processors handle payments. We do not store full card details.

12.11 We are not responsible for payment refusal, reversal, card checks, bank restrictions, processor issues, or other payment provider decisions.

12.12 You are responsible for taxes, duties, charges, and other amounts that apply to your purchase, unless the law requires us to collect them.

12.13 You must give us accurate tax location, billing, and account information.

12.14 We may change prices, storage amounts, traffic allowances, network rates, network capacity, plan names, computational resources, and features.

12.15 Price changes normally apply to new orders or renewals, unless we say otherwise.

12.16 We may change, withdraw, or limit promotional prices, discounts, goodwill credits, referral credits, and other non-cash credits.

12.17 We may ask for extra information or restrict service if we reasonably suspect fraud, payment abuse, identity abuse, or policy evasion.

13. Cancellations

13.1 You may ask to cancel a Service at any time through the Client Area or another official method we provide.

13.2 We may offer two cancellation types: immediate cancellation and end-of-billing-period cancellation.

13.3 Immediate cancellation may terminate and wipe the Service shortly after we process the request. Data may not be recoverable.

13.4 End-of-billing-period cancellation normally terminates the Service when the current paid billing period ends.

13.5 You may ask us to remove a cancellation request before the Service is terminated, but we cannot guarantee we can do this.

13.6 Cancelling a Service does not cancel any PayPal subscription, card subscription, pre-approved payment, standing payment, or other recurring payment with your payment provider.

13.7 You are responsible for cancelling recurring payment arrangements you no longer need.

13.8 You should back up any data you want to keep before you cancel a Service.

14. Refund Policy

14.1 We want new customers to feel confident when they try our service. This section explains when refunds are available, how we work them out, and which payments cannot be refunded.

First order refund eligibility

14.2 We offer a first order refund only.

14.3 You may claim a first order refund only on your first paid order with us, and only within 7 days of the original purchase date.

14.4 The first order refund applies once per customer.

14.5 To request a first order refund, you must cancel the Service and open a Support Ticket within 7 days of the original purchase date.

14.6 We do not give refunds after 7 days, except for accidental payments, duplicate payments, or overpayments under clauses 14.22 to 14.31.

14.7 The first order refund does not apply to the following.

Clause	Not eligible for first order refund
14.7.1	Later orders.
14.7.2	Additional slots.
14.7.3	Upgrades.
14.7.4	Renewals.
14.7.5	Repeat purchases.
14.7.6	Orders placed using another account, email address, payment method, or other details to avoid this policy.
14.7.7	Cryptocurrency payments.

14.8 We may refuse a refund where we reasonably believe a customer is trying to bypass or abuse this policy, including by using multiple accounts, different email addresses, different payment methods, or repeat orders to get extra refunds.

How we work out the refund

14.9 We work out first order refunds using the upload traffic used during the refund window.

14.10 We do not count download traffic.

14.11 We count upload traffic only for the Service included in your first paid order.

14.12 Services bought later, including additional slots, upgrades, renewals, and repeat purchases, are not eligible.

14.13 If the first paid order has more than one Service, we may use the total upload traffic of all Services in that first order.

14.14 If the first paid order has Services from more than one Plan Group, we may use the highest Plan Group purchased.

14.15 The thresholds are as follows.

Clause	Plan Group	100% refund	50% refund	No refund
14.15.1	Essential	Up to 250GB upload.	Over 250GB up to 500GB upload.	Over 500GB upload.
14.15.2	Metaliux	Up to 500GB upload.	Over 500GB up to 1TB upload.	Over 1TB upload.
14.15.3	Bolt NVMe	Up to 750GB upload.	Over 750GB up to 1.5TB upload.	Over 1.5TB upload.

14.16 We work out refunds on the amount actually paid by the customer. We do not include Account Credit, promotional credit, goodwill credit, referral credit, or other non-cash discount.

Longer billing cycles on first orders

14.17 We strongly recommend new customers buy a monthly plan for their first order. That lets you test the Service during the first 7 days before committing to a longer cycle.

14.18 If you are happy with the Service and want a longer billing cycle, open a Support Ticket and we can help.

14.19 A first order on a longer billing cycle is still subject to the 7-day first order refund policy.

14.20 We will deduct non-refundable payment processing fees from any approved refund of a billing cycle longer than one month.

14.21 Non-refundable processing fees may include charges from PayPal, Stripe, card processors, cryptocurrency processors, or other payment providers.

Accidental payments, duplicate payments, overpayments, and forgotten subscriptions

14.22 An accidental payment means a clear payment mistake, such as clicking pay twice, paying the wrong invoice, paying the wrong account, or paying the wrong amount.

14.23 A duplicate payment means paying the same invoice or charge more than once.

14.24 An overpayment means paying more than the amount due on the invoice or Service.

14.25 A forgotten recurring payment means a payment made by an active PayPal subscription, card subscription, pre-approved payment, standing payment, or similar arrangement that you forgot to cancel.

14.26 A forgotten recurring payment is not an accidental payment, duplicate payment, or overpayment only because you forgot to cancel the recurring payment.

14.27 You may request a refund for a true accidental payment, duplicate payment, or overpayment within 3 months of the payment date.

14.28 After 3 months, accidental payments, duplicate payments, and overpayments are not eligible for a cash refund, except where applicable law requires it.

14.29 Where we refund an accidental payment, duplicate payment, or overpayment, we will deduct any non-refundable transaction fees the payment processor has charged us.

14.30 If we have already applied an accidental payment, duplicate payment, or overpayment to future invoices or Services, we may reduce any refund to reflect that.

14.31 We may ask for information we reasonably need to verify an accidental payment, duplicate payment, overpayment, or forgotten recurring payment.

Subscriptions and recurring payments

14.32 We cannot cancel or manage PayPal subscriptions, card subscriptions, pre-approved payments, standing payments, or other recurring payment arrangements for you.

14.33 You are responsible for cancelling any recurring payment you no longer need.

14.34 If you cancel a Service, you must also cancel any related recurring payment with your payment provider.

14.35 Payments made through an active subscription or recurring payment are not automatically refundable. We may still refund them if they qualify as a true accidental payment, duplicate payment, or overpayment, if applicable law requires it, or if we approve a goodwill exception.

Refund exceptions

14.36 We do not give refunds for the following.

Clause	Refund exception
14.36.1	Cryptocurrency payments.
14.36.2	Add funds / credit balance
14.36.3	Traffic add-ons.
14.36.4	Accounts or Services that breach these Terms.
14.36.5	Renewals.
14.36.6	Upgrades.
14.36.7	Additional slots.
14.36.8	Repeat orders.
14.36.9	Refund requests made more than 7 days after the first purchase.
14.36.10	Accidental payments, duplicate payments, or overpayments older than 3 months.
14.36.11	Any customer who tries to abuse or bypass this Refund Policy.
14.36.11	Forgotten recurring payments that do not qualify as true accidental payments, duplicate payments, or overpayments.

Account Credit and dormant accounts

14.37 Account Credit is not a cash balance, deposit account, bank account, or stored-value payment account.

14.38 You may only use Account Credit towards future Ultra.cc invoices, renewals, upgrades, or additional eligible Services.

14.39 Account Credit cannot be withdrawn, transferred, sold, exchanged for cash, or refunded except where applicable law requires it or these Terms expressly allow it.

14.40 If we do not refund an accidental payment, duplicate payment, or overpayment, we may apply the amount as Account Credit.

14.41 If you want a cash refund of an accidental payment, duplicate payment, or overpayment, you must ask within 3 months of the payment date.

14.42 After 3 months, the amount stays as Account Credit only. It is not eligible for cash refund, except where applicable law requires it.

14.43 We may treat an Account as dormant if it has no active Services for 12 consecutive months.

14.44 If a dormant Account has unused Account Credit, we may send a notice to the email address on the Account.

14.45 If you do not use the credit or contact us within 30 days of that notice, the unused Account Credit may expire.

14.46 Expired Account Credit cannot be restored, transferred, exchanged for cash, or refunded, except where applicable law requires it.

14.47 Promotional credit, goodwill credit, referral credit, compensation credit, and any other non-cash credit has no cash value and is not refundable.

Chargebacks and payment disputes

14.48 Please contact us first about billing issues, duplicate payments, accidental payments, overpayments, forgotten recurring payments, service problems, or refund requests.

14.49 Opening a PayPal dispute, card chargeback, bank dispute, or other payment dispute without contacting us first may delay resolution.

14.50 We may treat a dispute as a breach of these Terms where the dispute is abusive, misleading, fraudulent, or made in bad faith.

14.51 Clause 14.50 does not limit any legal rights you may have, or any rights your payment provider, card issuer, bank, or payment scheme gives you for unauthorised transactions, fraud, or other protected claims.

14.52 If a customer disputes a payment that we have already applied as Account Credit, we may suspend use of that credit while we investigate.

14.53 Payment gateways do not let us process refunds while a dispute is open.

14.54 If a dispute or chargeback turns out to be abusive, misleading, fraudulent, or in bad faith, we may restrict the Account, recover dispute fees or losses where the law allows, and refuse future service.

Final refund decision

14.55 We reserve the right to make the final decision on all refund requests.

14.56 We may refuse a refund where we reasonably believe the request is fraudulent, abusive, linked to a breach of these Terms, or an attempt to bypass this Refund Policy.

15. Service Level Agreement and Service Credits

15.1 This section explains how we handle downtime, maintenance, drive failure, and service credits.

15.2 Server downtime, maintenance, hardware issues, network issues, and third-party provider issues can happen.

15.3 We will normally announce scheduled maintenance in advance through email, the status page, the client area, or another suitable channel.

15.4 Scheduled maintenance does not qualify for service credit.

15.5 We may carry out emergency or unannounced maintenance to protect security, stability, data, infrastructure, or service quality.

15.6 Downtime of customer-installed applications, customer configurations, unsupported applications, third-party mounts, third-party services, or customer-caused issues does not count as server downtime.

15.7 Service credits are as follows.

Clause	Downtime length	Service credit
15.7.1	Up to 6 hours.	At our discretion.
15.7.2	More than 6 hours and up to 12 hours.	1 day.
15.7.3	More than 12 hours and up to 24 hours.	2 days.
15.7.4	More than 24 hours and up to 48 hours.	3 days.
15.7.5	More than 48 hours.	Double the downtime period. For example, 3 days of qualifying downtime may receive 6 days of credit.

15.8 SLA compensation is given as service credit, account extension, or Account Credit. It is not a cash refund.

15.9 If a drive failure affects your Slot and we cannot recover your data, you may be eligible for one month of service credit.

15.10 The credit in clause 15.9 is your only SLA remedy for unrecoverable data loss caused by drive failure, to the fullest extent the law allows.

15.11 Data removed by you, your authorised users, your applications, your scripts, or your configuration is not eligible for compensation, unless we find a system error caused by us.

15.12 To claim an SLA credit, you must open a Support Ticket within 30 days of the event.

15.13 SLA credits do not cover downtime or loss caused by your breach of these Terms, force majeure, law enforcement action, legal compliance, abuse handling, non-payment, scheduled maintenance, third-party software, customer configuration, customer devices, customer internet connectivity, or unsupported applications.

16. Privacy and Data Handling

16.1 We only collect and store the information we reasonably need to provide, support, secure, bill, improve, and protect the Services, and to follow the law.

16.2 We act as data controller for customer account, billing, payment, support, security, abuse, and service administration data.

16.3 Third-party payment processors handle payment processing. We do not store full card numbers or full financial details.

16.4 We may process the following categories of personal data.

Clause	Category	Examples
16.4.1	Account information	Name, email address, country, billing address, username, login credentials.
16.4.2	Payment information	Transaction IDs, payment IDs, payment hashes, last four card digits, card expiry, invoice records, payment confirmations.
16.4.3	Service information	Service plan, server, installed applications, usage data, configuration, support history.
16.4.4	Technical information	IP addresses, browser data, device data, authentication logs, connection details, security logs.
16.4.5	Support information	Ticket content, attachments, troubleshooting steps, customer-provided logs, communications.
16.4.6	Abuse and safety information	Abuse reports, copyright notices, security alerts, CSAM hash matches, enforcement records, legal request records.

16.5 Depending on the processing and the applicable law, our lawful basis or justification may include contract performance, legal obligation, legitimate interests, consent where required, vital interests, public safety, fraud prevention, network and information security, protection of children, prevention or detection of unlawful acts, legal claims, or another basis recognised by applicable law.

16.6 Our legitimate interests may include service delivery, fraud prevention, network security, abuse prevention, service improvement, customer support, legal claims, and protecting us, our customers, children, and the public.

16.7 We do not sell customer personal data.

16.8 By opening a Support Ticket, you accept that our staff may access relevant account details, service configuration, installed applications, and logs strictly to diagnose and resolve the issue.

16.9 Our staff will not access user-created files unless you ask us to, the law allows it, it is reasonably needed for the support you have requested, or access is needed for a legal, abuse, CSAM, security, or urgent safety reason.

16.10 The ticket system records customer support interactions, troubleshooting steps, account details where relevant, and an audit history for compliance, dispute resolution, and training.

16.11 Ticket text and attachments may be stored in clear text in our ticketing system.

16.12 Only you and our staff handling your request or the relevant process can access your tickets.

16.13 We purge normal ticket contents and attachments after 365 days, unless longer retention is reasonably needed for billing, legal compliance, abuse handling, security, fraud prevention, dispute resolution, tax, accounting, or legal claims.

16.14 We may keep minimal ticket metadata, such as ticket ID, timestamps, status, and category, for compliance and audit without keeping message content.

16.15 We use your email address as a login identifier, contact point, ticket contact, billing contact, and service notice address.

16.16 We may keep email addresses and account records for as long as we reasonably need them for service, billing, tax, accounting, security, fraud prevention, abuse handling, CSAM handling, dispute handling, legal claims, or legal compliance. If an Account has no active Services for 7 consecutive years, we may close the Account and delete or anonymise account records, including the email address, where the law and our operations allow. We may keep minimal records for longer where we need them for the reasons listed in this clause.

16.17 Your username identifies you in our systems, names your Slot, and may be used by installed applications.

16.18 Your username may be semi-public in limited technical contexts, such as server directories or application URLs.

16.19 We use your country to work out taxes, legal requirements, and service eligibility.

16.20 We store the Ultra.cc Client Area password using secure hashing. Staff can reset it but cannot view the plain text password.

16.21 We store the Ultra.cc Control Panel password using secure hashing. Staff can reset it but cannot view the plain text password.

16.22 Some application passwords may be stored in plain text because of technical limits. You can see them, and our support staff may see them when support access is needed.

16.23 Some third-party applications may store passwords, API keys, cookies, or other secrets in plain text. The application controls this, not us.

16.24 We keep payment records for at least the period needed for tax, accounting, compliance, dispute, and legal purposes.

16.25 We use logs and analytics as follows.

Clause	Log or data type	Use and retention
16.25.1	Server metrics	Support, performance, capacity planning, and abuse investigation. May be kept for an extended period.
16.25.2	VPN logs	Operational metadata only. No traffic content. Rotated.
16.25.3	FTP logs	Operational metadata only. Rotated for troubleshooting, abuse, and security investigations.
16.25.4	Authentication logs	Security and abuse investigations. Rotated periodically.
16.25.5	SSH logs	Security and abuse investigations. Rotated periodically.
16.25.6	System logs	Security, performance, support, and incident response.
16.25.7	Application logs	Kept until the application is uninstalled, deleted by you, or otherwise removed.
16.25.8	Bash history	Kept until cleared by you or removed with the Service.

16.26 Installed applications may store core files and configurations they need to run.

16.27 You access Hosted Data. Our staff access stays limited to support you have asked for, security, abuse, legal compliance, CSAM handling, or urgent safety reasons.

16.28 Hosted Data stays until you remove it, the Service is terminated, you cancel, we delete for non-payment, we remove it for abuse or legal reasons, or it is otherwise deleted under these Terms.

16.29 Lawful abuse, copyright, CSAM, or legal requests may require content to be removed, restricted, preserved, or reported.

16.30 We use subprocessors and third-party providers to deliver the Services.

16.31 Where a subprocessor processes personal data on our behalf, we remain responsible for appropriate safeguards and contractual controls.

16.32 Our current subprocessor categories are as follows.

Clause	Provider or category	Purpose
16.32.1	Infrastructure providers	Hosting, servers, network, rack space, storage, and service delivery.
16.32.2	Payment processors	Processing payments, refunds, chargebacks, and transaction records.
16.32.3	Email and workspace providers	Customer and internal communications, ticket routing, and administration.
16.32.4	Monitoring providers	Error reporting, application monitoring, service diagnostics, and security monitoring.
16.32.5	Collaboration providers	Internal project management, workflow, and operational tracking.
16.32.6	Analytics providers	Website analytics, product analytics, performance, and service improvement where lawful.
16.32.7	Abuse and safety bodies	Abuse handling, CSAM reporting, copyright handling, law enforcement, and legal compliance where required or appropriate.

16.33 Our current named subprocessors include the following.

Clause	Subprocessor	Purpose
16.33.1	Hetzner	Website hosting provider.
16.33.2	MailerSend	Email service provider.
16.33.3	Google Workspaces	Customer ticketing mail service provider.
16.33.4	Hetrix	Application monitoring provider.
16.33.5	Notion	Team collaboration and project management platform.
16.33.6	Slack	Team collaboration.
16.33.6	Stripe	Payment provider.
16.33.6	PayPal	Payment provider.
16.33.7	DataPacket	Server network and rack space provider.
16.33.8	Digital Reality	Server network and rack space provider.
16.33.9	BDx	Server network and rack space provider.

16.34 We may add, remove, or replace subprocessors. We will update published information where required.

16.35 We may transfer personal data internationally. Where required, we use suitable safeguards such as Standard Contractual Clauses or equivalent mechanisms.

16.36 Depending on the data protection law that applies, you may have rights to access, correct, update, erase, restrict, object to, port, or withdraw consent for certain personal data.

16.37 You may exercise data protection rights through the Support Ticket system.

16.38 Data protection rights may be limited where we must keep data for legal, tax, accounting, fraud prevention, security, abuse, CSAM, dispute, or legal claim reasons.

16.39 We may use cookies and similar technologies for login sessions, security, fraud prevention, service operation, performance, analytics, and user experience.

16.40 Cookies may be session cookies or persistent cookies.

16.41 Session cookies stay in your browser only during the current browser session.

16.42 Persistent cookies last beyond the current browser session. They remain until they expire or you delete them.

16.43 Strictly necessary and security cookies are needed for the Services to work and protect accounts.

16.44 We may use the following strictly necessary and security cookies.

Clause	Cookie	Purpose
16.44.1	`__cfduid`	Used with Cloudflare to recognise trusted web traffic and help improve page load times.
16.44.2	`WHMCSAutoRefresh`	Refreshes the Client Area session and helps keep you logged in until you close the tab.
16.44.3	`WHMCSFD`	Stores Client Area session information needed for the Client Area to work.
16.44.4	`csrftoken`	Helps protect the Control Panel against cross-site request forgery.
16.44.5	`sessionid`	Identifies a Control Panel session and uses the HTTPOnly flag to reduce client-side script access.
16.44.6	`bookstack-session`	Maintains sessions on the documentation site.
16.44.7	`XSRF-TOKEN`	Helps protect the documentation site against cross-site request forgery.

16.45 We may use analytics or performance cookies where the law allows, and where required, with your consent.

16.46 We may use the following analytics and performance cookies.

Clause	Cookie	Purpose
16.46.1	`_ga`, `_gat_gtag`, and `_gid`	Used by Google Analytics to measure visitor, session, and campaign data, and to help manage request rates.
16.46.2	`__utma`, `__utmb`, `__utmc`, `__utmt`, and `__utmz`	Used by Google Analytics to understand how visitors use our websites and improve the visitor experience.

16.47 We aim to limit access, minimise data, apply security controls, and keep personal data only as long as we reasonably need.

16.48 Where CSAM detection, abuse handling, fraud prevention, security investigation, or legal compliance creates or involves criminal-offence data, child-safety data, highly sensitive data, or other protected information, we will restrict access, document the purpose, apply suitable safeguards, and keep the information only for as long as required or appropriate under applicable law and these Terms.

16.49 Where applicable law requires notification of a qualifying security incident or personal data breach, we will notify the relevant regulators, authorities, providers, affected customers, affected individuals, or other required parties without undue delay. Where applicable law sets a GDPR-style deadline, we will aim to notify the relevant regulator within 72 hours after we become aware of the breach, unless the law allows or requires a different deadline.

16.50 You may complain to us through a Support Ticket. You may also have the right to complain to a relevant data protection authority.

17. Sensitive Data Removal Policy

17.1 Sensitive data means information that should have been kept confidential, or information whose public availability creates a specific or targeted privacy or security risk.

17.2 Examples of sensitive data include the following.

Clause	Example
17.2.1	Usernames combined with passwords.
17.2.2	Access tokens.
17.2.3	API keys.
17.2.4	Private credentials.
17.2.5	Personal data exposed in URLs or service names.
17.2.6	Other information that creates a specific privacy or security concern.

17.3 You may ask to remove or change a username where you have a valid privacy or security reason only.

17.4 Because of infrastructure limits, we may not be able to rename an existing Service. We may instead issue a new Service with the new username.

17.5 You may move data yourself, or ask support to help with migration where it is feasible.

17.6 Once migration is complete, we may securely erase the old Service.

17.7 You may ask to change the email address on your Account through a Support Ticket.

17.8 Because of infrastructure, billing, legal, and compliance requirements, we may not be able to fully delete a Client Area account.

17.9 Where full deletion is not possible, we may replace personal information with randomised or null details where the law and our operations allow.

17.10 You should be logged into your Ultra.cc Client Area before you make a sensitive data removal request.

17.11 Sensitive data removal may be limited by tax, accounting, billing, security, fraud, abuse, CSAM, legal, or dispute retention requirements.

18. Security Incidents and Service Protection

18.1 Security incidents can happen even with reasonable precautions.

18.2 During a suspected or confirmed incident, we may close connections, disable services, block access, reset credentials, isolate infrastructure, suspend accounts, revoke tokens, restrict support access, or take other urgent action.

18.3 Protective action may temporarily affect access to the Services.

18.4 Where appropriate, we may publish updates through our website, status page, Client Area, email, Discord, or another communication channel.

18.5 Where appropriate or required, we will notify affected customers.

18.6 We assess third-party providers for fit and security risk based on the services they provide.

18.7 We may use network segmentation, private networking, access controls, monitoring, logging, and other safeguards to protect the Services.

18.8 You help protect the Services by using strong passwords, enabling two-factor authentication, keeping credentials private, limiting account sharing, and reporting suspicious activity.

18.9 Please report unauthorised account use, suspected data breaches, vulnerabilities, or security events through a Support Ticket.

18.10 Security research and vulnerability reports are covered in the separate No access.

19. Legal Requests and Law Enforcement

19.1 We may preserve, restrict, disclose, or provide information where required or allowed by applicable law, legal process, court order, regulator request, law enforcement request, payment-provider process, child-safety reporting process, emergency safety request, or other competent authority request.

19.2 Legal requests should be clear, specific, and identify the information requested.

19.3 We may reject, narrow, or challenge legal requests that are vague, overbroad, informal, defective, or inconsistent with applicable law.

19.4 We may preserve account records, logs, metadata, content, hashes, or other information when we receive a valid preservation request, or when we reasonably anticipate legal, abuse, CSAM, security, or dispute needs.

19.5 We may notify affected customers of legal or regulatory requests unless the law prohibits it, it is inappropriate, it is unsafe, it concerns child safety, it concerns CSAM or CSEA, it concerns an emergency, it could prejudice an investigation, or it could increase legal, security, operational, or safety risk.

19.6 We may disclose information without ordinary process where we reasonably believe disclosure is needed to prevent death, serious harm, child abuse, exploitation, security compromise, or another urgent threat.

19.7 Where the law allows, we may seek reimbursement for the reasonable costs of responding to legal requests.

19.8 Accepting legal requests by email, ticket, or post is for convenience and does not waive any objection, right, or requirement.

20. Availability, Backups, and Data Loss

20.1 We do not guarantee uninterrupted, error-free, or loss-free service.

20.2 We are not responsible for the privacy, integrity, or availability of content transmitted over the public internet, third-party networks, third-party services, or customer-controlled systems.

20.3 You are responsible for keeping your own backups.

20.4 Unless a specific written service description says otherwise, we do not guarantee backups, backup frequency, backup retention, backup restoration, or recovery of Customer Content.

20.5 To the fullest extent the law allows, we are not liable for data loss, except for the service credits expressly set out in section 15.

20.6 We are not responsible for data loss caused by your action, your configuration, your scripts, applications you install, credential compromise, third-party software, or users you authorise.

21. Disclaimers and Limitation of Liability

21.1 We provide the Services on an "as is" and "as available" basis.

21.2 To the fullest extent the law allows, we disclaim implied warranties, including merchantability, fitness for a particular purpose, non-infringement, and uninterrupted availability.

21.3 To the fullest extent the law allows, we are not liable for indirect, incidental, special, punitive, consequential, or exemplary loss.

21.4 To the fullest extent the law allows, we are not liable for loss of income, profit, revenue, business, goodwill, opportunity, data, use, or anticipated savings.

21.5 To the fullest extent the law allows, our total liability for any claim about a Service is limited to the amount you paid for the affected Service during the 3 months before the event that caused the claim.

21.6 Nothing in these Terms excludes or limits liability where it would be unlawful to do so, including liability for fraud, fraudulent misrepresentation, death, personal injury caused by negligence, or other liability that cannot be excluded by law.

21.7 Nothing in these Terms reduces mandatory consumer rights that apply to you.

21.8 The service credits and account credits described in these Terms are your only remedies for qualifying downtime, drive failure, and service credits, unless applicable law requires otherwise.

22. Indemnity

22.1 You agree to defend, indemnify, and hold us, our officers, staff, contractors, providers, and affiliates harmless from claims, losses, liabilities, costs, damages, and reasonable legal fees arising from your breach of these Terms, your Customer Content, your use of the Services, your users, your customers, your unlawful activity, or third-party claims about your Service.

22.2 Clause 22.1 includes claims about copyright infringement, privacy violations, unlawful content, abuse, resale, security incidents you caused, payment fraud, and misuse of the Services.

22.3 We may control the defence of any claim involving us. You must cooperate reasonably.

22.4 This indemnity applies only as far as the law allows.

23. Force Majeure

23.1 We are not liable for failure or delay caused by events outside our reasonable control.

23.2 Force majeure events include natural disasters, extreme weather, fire, flood, power failure, cable cuts, provider outages, internet routing failures, DDoS attacks, war, terrorism, riot, civil unrest, government action, legal orders, labour disputes, supply shortages, hardware shortages, sanctions, pandemics, and other events beyond our reasonable control.

23.3 Force majeure does not excuse payment for Services already provided, unless applicable law requires otherwise.

24. Notices

24.1 We may send notices by email, Client Area message, Support Ticket, website notice, status page, control panel notice, or another reasonable method.

24.2 A notice sent to your registered email address counts as received when sent, unless we receive a delivery failure.

24.3 You may contact us through the Support Ticket system unless we publish another required contact method.

24.4 Send legal notices through the contact method we publish for legal or abuse matters.

24.5 We may publish service status notices on the Ultra.cc status page.

25. Confidentiality

25.1 Confidential information includes non-public technical, business, security, pricing, vulnerability, incident, customer, or operational information that one party shares with the other.

25.2 We will treat customer account information, support information, and Hosted Data as confidential, subject to these Terms and applicable law.

25.3 Security researchers must keep vulnerability details confidential as required by the separate No access.

25.4 Confidentiality does not apply to information that is public, independently developed, already known without a duty of confidence, lawfully received from a third party, or required to be disclosed by law.

25.5 Confidentiality may apply to individually negotiated commercial agreements, discounts, or private contract terms where agreed in writing.

25.6 This section does not stop a customer from exercising legal rights, seeking advice, reporting unlawful activity, making a protected disclosure, or contacting a regulator.

26. Relationship, Assignment, and Third Parties

26.1 We and the customer are independent contracting parties.

26.2 These Terms do not create a partnership, joint venture, employment relationship, agency, franchise, or fiduciary relationship.

26.3 You must not assign, transfer, or delegate your rights or obligations under these Terms without our written permission.

26.4 We may assign or transfer our rights and obligations as part of a merger, acquisition, restructuring, sale of business, sale of assets, change of control, or similar transaction.

26.5 We may use third-party providers and subprocessors to deliver the Services.

26.6 Unless these Terms say otherwise, no third party may enforce these Terms.

27. Governing Law and Disputes

27.1 These Terms are governed by the laws of Singapore.

27.2 Subject to mandatory rights that cannot be excluded, disputes about these Terms or the Services will be handled by the courts of Singapore.

27.3 Nothing in this section stops us from following applicable laws, legal duties, reporting duties, regulator duties, payment-scheme rules, court orders, law enforcement requests, or child-safety duties in another jurisdiction where those duties apply.

27.4 Before starting formal proceedings, you should contact us through a Support Ticket so we can try to resolve the issue.

27.5 We handle billing issues, refund requests, accidental payments, duplicate payments, and overpayments under section 14.

27.6 Either party may seek urgent court relief where needed to protect security, confidential information, intellectual property, child safety, legal rights, or service stability.

27.7 Nothing in this section limits rights that cannot be limited by contract.

28. General Legal Terms

28.1 These Terms, any applicable order details, and any signed written agreement form the full agreement between you and us for the Services.

28.2 If part of these Terms is invalid or unenforceable, the rest stays in force. The invalid part will be replaced or limited to the minimum needed to make it enforceable.

28.3 If we do not enforce a clause immediately, that does not waive our right to enforce it later.

28.4 Headings are for convenience and do not affect interpretation.

28.5 Clauses that by their nature should continue after termination will continue. This includes clauses on payment, refunds, account credit, intellectual property, privacy, abuse, CSAM, legal requests, disclaimers, liability, indemnity, confidentiality, and disputes.

28.6 These Terms are written in English. If translated, the English version controls, unless applicable law requires otherwise.

28.7 Please raise questions about these Terms through the Ultra.cc Support Ticket system.

Ultra.cc Terms of Service
1. Who we are and how these Terms work
2. Definitions
3. Account Responsibilities
4. Nature of the Services
5. Fair Use
6. Security Responsibilities
7. Support Access and Incidental Discovery
8. Enforcement
9. Copyright and Content Abuse
10. CSAM and Child Safety
11. Customer Content and Intellectual Property
12. Billing, Payments and Taxes
13. Cancellations
14. Refund Policy
First order refund eligibility
How we work out the refund
Longer billing cycles on first orders
Accidental payments, duplicate payments, overpayments, and forgotten subscriptions
Subscriptions and recurring payments
Refund exceptions
Account Credit and dormant accounts
Chargebacks and payment disputes
Final refund decision
15. Service Level Agreement and Service Credits
16. Privacy and Data Handling
17. Sensitive Data Removal Policy
18. Security Incidents and Service Protection
19. Legal Requests and Law Enforcement
20. Availability, Backups, and Data Loss
21. Disclaimers and Limitation of Liability
22. Indemnity
23. Force Majeure
24. Notices
25. Confidentiality
26. Relationship, Assignment, and Third Parties
27. Governing Law and Disputes
28. General Legal Terms