Managed WordPress Hosting Services

Issued by	Image Concepts (Yorkshire) Ltd (Company No. 08161985)
Version	1.0 (issued April 2026)
Applies to	All customers using our managed WordPress hosting services
Incorporated into	Hosting Terms and Conditions — this AUP forms part of your contract with us
Report abuse	abuse@imageconcepts.co.uk
General contact	info@imageconcepts.co.uk \| 01423 900590

This policy sets out what you may and may not do using our hosting services. Breaching it may result in suspension or termination of your account.

1. Purpose and Scope

This Acceptable Use Policy (“AUP”) is issued by Image Concepts (Yorkshire) Ltd and applies to all customers who use our managed WordPress hosting services. It forms part of your contract with us and is incorporated by reference into our Hosting Terms and Conditions.

The purpose of this AUP is to protect the integrity and security of our hosting infrastructure, protect our other customers, protect third parties, and ensure that our services are not used for unlawful or harmful purposes.

By using our hosting services, you agree to comply with this AUP. You are also responsible for ensuring that anyone who accesses or uses your hosted website or hosting account — including your employees, contractors, and end users — complies with it.

We reserve the right to take action against breaches of this AUP, including suspension or termination of your hosting account, as set out in section 9.

2. Prohibited Content

You must not use our hosting services to store, publish, transmit, or make available any content that:

Absolute prohibitions — no exceptions Is, depicts, or facilitates the sexual abuse or exploitation of children or minors (CSAM). We are legally required to report any such material to the Internet Watch Foundation (IWF) and relevant law enforcement, and will terminate the account immediately without notice.Facilitates, promotes, or glorifies terrorism, acts of mass violence, or organisations proscribed under the Terrorism Act 2000 or any successor legislation.Constitutes hate speech or incitement to hatred on the grounds of race, religion, sex, sexual orientation, disability, or other protected characteristic under the Equality Act 2010.

You must also not use our hosting services to host content that:

Defamatory content — makes false statements of fact about an identifiable individual or organisation;
Infringing content — infringes the copyright, trade marks, database rights, or other intellectual property rights of any third party;
Fraudulent content — is designed to deceive users, impersonate another person or organisation (phishing), or facilitate financial fraud;
Malicious software — contains or distributes viruses, malware, ransomware, spyware, or any other harmful code;
Privacy violations — publishes private personal data about individuals without lawful basis, or facilitates unlawful surveillance;
Unlawful content — violates any applicable law of England and Wales or any jurisdiction to which your website is directed.

3. Prohibited Activities

You must not use our hosting services to carry out, enable, or facilitate any of the following activities:

3.1 Network and infrastructure abuse

DDoS attacks — launching or participating in distributed denial-of-service attacks against any target, whether within or outside our network;
Port scanning and probing — conducting unauthorised scans or probes of any computer system or network;
Unauthorised access — accessing or attempting to access any computer system, account, or data without authorisation;
Traffic amplification — exploiting services to amplify malicious traffic, including DNS amplification or NTP reflection attacks;
Network interference — interfering with or disrupting the services of other customers or third parties sharing our infrastructure.

3.2 Email and messaging abuse

Spam — sending unsolicited bulk email or messages to recipients who have not opted in to receive communications from you;
Phishing and spoofing — sending email that impersonates another sender, falsifies routing information, or is designed to deceive recipients into disclosing credentials or personal data;
Malware distribution — sending emails containing malicious attachments or links designed to compromise recipients’ systems;
Bypassing restrictions — using our infrastructure to relay email in a way that circumvents spam filters or blacklists, or to send email from IP addresses or domains not associated with your hosting account.

Email sending — important All transactional email from websites hosted on our platform must be sent through Postmark (AC PM LLC), our approved email delivery provider. Sending high-volume email directly from the server — bypassing Postmark — is not permitted and may result in immediate suspension. All outbound email must pass SPF and DKIM authentication. We configure these records for new accounts; you must not modify them in a way that breaks authentication. Bulk marketing email (newsletters, campaigns) must not be sent through the hosting infrastructure. Use a dedicated email marketing platform such as Mailchimp, Campaign Monitor, or equivalent.

3.3 Resource abuse

Excessive CPU and memory use — running processes that consume a disproportionate share of server resources, impairing the performance of other customers on shared hosting plans;
Cryptocurrency mining — using hosting resources to mine or generate cryptocurrency of any kind without our prior written consent;
File storage abuse — using your hosting account primarily as a file storage or backup repository, rather than to serve a website;
Bandwidth abuse — deliberately generating excessive bandwidth consumption with no legitimate business purpose, including through automated scraping, high-volume video streaming hosted directly on the server, or similar activities.

Resource usage on shared plans Shared hosting plans (Starter, Business, Ecommerce) operate in a shared environment. If your website consistently consumes resources that degrade the experience for other customers, we may contact you to discuss upgrading to a more appropriate plan.We will always contact you before taking action for resource overuse unless the usage is causing active harm to other customers.

3.4 Security violations

Running vulnerable software — knowingly operating a website with known critical vulnerabilities that could be exploited to compromise the server or other customers’ environments;
Backdoors and shells — installing web shells, backdoors, or remote access tools on the hosting environment;
Proxy and VPN services — operating open proxy services, VPN exit nodes, or anonymisation services that could be used to mask the origin of abusive traffic;
Brute-force attacks — conducting or facilitating brute-force attacks against login systems or authentication mechanisms.

4. WordPress-Specific Obligations

Because we provide a managed WordPress hosting service, the following additional obligations apply:

Core, plugin, and theme updates — you are responsible for keeping your WordPress core installation, plugins, and themes up to date, unless you have purchased a WordPress updates add-on or are on a Dedicated plan where updates are included. Running significantly outdated software is a security risk and may be treated as a breach of this AUP if it results in compromise of the hosting environment.
Nulled or pirated software — you must not install “nulled” (pirated) themes or plugins. These frequently contain hidden malware and are a leading cause of WordPress compromise. We may scan for and remove such software without notice.
Abandoned websites — if a website has been inactive for an extended period and presents a security risk due to outdated software, we may contact you to request remedial action. If no action is taken within 14 days, we may suspend the website pending resolution.
Staging environments — staging environments (where available on your plan) must be kept private and not made publicly accessible with sensitive data. You must not use a staging environment as a second live production website.

5. Data Protection and Privacy

You are the data controller for all personal data collected through your hosted website. You must:

have a lawful basis under UK GDPR for all personal data you collect through your website;
publish an accurate privacy policy on your website that complies with UK GDPR Articles 13 and 14;
implement appropriate technical measures (such as SSL/TLS encryption, which we provide) and organisational measures to protect personal data;
not use your hosting account to collect personal data in a manner that constitutes unlawful processing, including the collection of special category data (such as health data or biometric data) without explicit consent and a documented lawful basis; and
comply with all subject access requests, deletion requests, and other data subject rights requests in accordance with UK GDPR.

Our role as data processor in respect of personal data stored in your hosting environment is governed by our Data Processing Agreement. A breach of this AUP that involves the mishandling of personal data may also constitute a breach of the Data Processing Agreement.

6. Third-Party Services and Integrations

Where your website integrates with third-party services (such as payment gateways, CRM systems, or social media platforms), you are responsible for ensuring that those integrations comply with applicable law and the terms of those third-party providers.

You must not use your hosting account to facilitate services that are themselves prohibited under this AUP. For example, you must not host a website that acts as a front-end for a third-party service engaged in prohibited activities.

If a third-party integration causes a security incident or resource issue affecting our infrastructure, we may require you to disable the integration pending investigation.

7. Intellectual Property

You must ensure that all content hosted on our infrastructure and all software installed in your hosting environment is either owned by you or used with the express permission of the owner. In particular:

do not install or use WordPress themes, plugins, or other software without a valid licence;
do not publish content (including images, video, music, or text) that you do not have the right to publish; and
respond promptly to any intellectual property infringement notices we forward to you from rights holders. We will co-operate with rights holders in accordance with applicable law and may be required to take down infringing content on receipt of a valid notice.

8. Legal Compliance

You are responsible for ensuring that your website and its content comply with all laws applicable to your business and to the jurisdictions in which your website is accessible. This includes (without limitation):

the Computer Misuse Act 1990 (UK);
the Communications Act 2003 (UK) — including prohibitions on sending grossly offensive or menacing messages;
the Defamation Act 2013 (UK);
the Consumer Protection from Unfair Trading Regulations 2008, where your website sells goods or services to consumers;
the Payment Card Industry Data Security Standard (PCI DSS), where your website processes payment card data;
applicable financial services regulations, where your website provides regulated financial services or information; and
all applicable sanctions and export control laws.

We are not responsible for advising you on the legal requirements applicable to your business. If you are uncertain whether your website complies with applicable law, we recommend you seek independent legal advice.

9. What Happens if You Breach This Policy

We take AUP breaches seriously. The action we take will depend on the severity and nature of the breach. Our general approach is set out in the table below, but we reserve the right to depart from it where circumstances require.

Action	When we use it	What it means for you
Warning	Minor or first-time breach with no immediate harm to others. Example: resource overuse on a shared plan; minor AUP violation.	We notify you of the breach and the steps required to remedy it. No service interruption unless the breach continues.
Suspension with notice	Ongoing or repeated breach not remedied after warning; or a moderate breach causing potential harm. Example: running known vulnerable software after notification; spam complaints.	We give you 5 days’ written notice of suspension. You can remedy the breach within that period to avoid suspension. Your website is unreachable during suspension.
Immediate suspension	Breach posing active risk of harm to us, other customers, or third parties. Example: active malware distribution; DDoS attack originating from your account; phishing site detected.	We suspend the Services without prior notice and notify you as soon as practicable. We will investigate and may restore services if the breach is remedied.
Termination	Persistent, serious, or irremediable breach; or any breach involving absolutely prohibited content (see section 2). Example: CSAM detected; continued spam after suspension; repeated security compromises.	We terminate the Services on written notice (or immediately for absolute prohibitions). Our liability for termination in these circumstances is excluded to the fullest extent permitted by law.

Where we suspend or terminate your account due to a breach of this AUP, you will not be entitled to a refund of any prepaid Charges. We reserve the right to recover from you any costs we incur as a result of your breach, including the reasonable costs of investigation and remediation.

Suspension or termination under this AUP does not affect any other rights or remedies available to us under your contract or applicable law.

10. Reporting Abuse

If you believe that a website hosted on our infrastructure is being used in breach of this AUP, or if you wish to report a security vulnerability, please contact us:

Abuse contact Email: abuse@imageconcepts.co.uk (monitored during business hours; urgent reports are prioritised) General contact: info@imageconcepts.co.uk | 01423 900590 We aim to acknowledge all abuse reports within one business day and to take appropriate action within five business days. For reports of CSAM or imminent risk of serious harm, we will act immediately.

Please include in your report: the URL of the content or website in question; a description of the alleged breach; and, where relevant, evidence (such as screenshots or log extracts). We will keep your report confidential to the extent possible.

We co-operate with law enforcement agencies and regulatory authorities in the investigation of unlawful activity on our infrastructure. Where we are legally required to report activity, we will do so without notifying the account holder.

11. Changes to This Policy

We may update this AUP from time to time to reflect changes in our services, technology, or applicable law, or to address new types of misuse. We will notify you of material changes to this AUP by email at least 14 days before they take effect. The current version will always be available at www.imageconcepts.co.uk/acceptable-use-policy.

Continuing to use our hosting services after a change to this AUP takes effect constitutes acceptance of the updated policy. If you do not accept a material change, you may terminate your hosting contract in accordance with clause 16.2 of the Hosting Terms and Conditions.

Image Concepts (Yorkshire) Ltd | Company No. 08161985 | VAT: GB 153340047 | Abuse: abuse@imageconcepts.co.uk