Xelora · Legal

Acceptable Use Policy

Last updated 9 May 2026

Operator: Xelora Pty Ltd (ACN 692 975 107, ABN 96 692 975 107), incorporated in Australia on 18 November 2025, trading as Xelora Abuse contact: abuse@xelora.host Last updated: 2026-05-09

1. Purpose and scope

This Acceptable Use Policy (“AUP”) sets out the rules that apply when you use Xelora’s hosting, domain, and AI website builder services (the “Services”). It is incorporated by reference into the Terms of Service, and a breach of this AUP is a breach of the Terms.

This AUP applies to: - everything you upload, host, or transmit through the Services (“Customer Content”); - everything you generate using the AI Builder (“AI Output”) and choose to publish or retain; - anything done by your end users, contractors, or anyone you give account access to.

You are responsible for all activity on your account, including activity by others you authorise.

2. Prohibited content and conduct

You must not use the Services to host, transmit, generate, link to, or facilitate any of the following:

2.1 Illegal material

  • Child sexual abuse material (CSAM) or any content that sexualises minors.
  • Material depicting non-consensual sexual conduct or non-consensual intimate images.
  • Content that incites, promotes, or provides operational support for terrorism, mass violence, or violent extremism.
  • Material classified RC (Refused Classification) under the National Classification Code or otherwise prohibited by Australian law.
  • Content infringing copyright, trade marks, or other intellectual property rights.
  • Material that breaches Australian privacy, consumer, or anti-discrimination laws, the Online Safety Act 2021 (Cth), or equivalent foreign law.

2.2 Abuse, fraud, and harm

  • Phishing, credential harvesting, scam pages, fake-storefronts, or impersonation of brands, individuals, or government agencies (including impersonation of Xelora itself or use of the Xelora trade mark in a way that suggests endorsement or affiliation that does not exist — see Terms of Service § 8.2).
  • Malware, ransomware, exploit kits, command-and-control servers, RATs, or botnet infrastructure.
  • Cryptojacking or unauthorised cryptocurrency mining on Xelora infrastructure.
  • Spam, unsolicited commercial messages, mailing-list abuse, or violations of the Spam Act 2003 (Cth) or CAN-SPAM.
  • Doxxing, harassment campaigns, threats, or coordinated targeting of individuals.

2.3 Network and platform abuse

  • Probing, scanning, or testing the vulnerability of any system without explicit authorisation.
  • Denial-of-service attacks, traffic amplification, or stress-testing services without prior written consent from Xelora.
  • Attempts to bypass tenant isolation, access other customers’ data, or escalate privileges on shared infrastructure.
  • Reselling raw resources without an applicable reseller agreement, or running services materially inconsistent with the plan you purchased (e.g. running a high-volume mail relay on a website publishing plan).

2.4 Adult / regulated content

Lawful adult content requires written approval and may be restricted to specific plans. Gambling, firearms, pharmaceuticals, and other regulated industries must comply with all applicable Australian and destination-market laws.

3. AI Builder (Xelora AI) — specific rules

The AI Builder is a powerful generation tool. The following rules apply in addition to section 2:

3.1 You are responsible for AI Output. Once you choose to publish or retain AI Output, it is treated as your Customer Content. You must review it for accuracy, legality, and appropriateness before publication.

3.2 You must not prompt the AI Builder to generate content that would breach section 2, including but not limited to: - malware, exploit code, or instructions to attack systems; - phishing pages, fraudulent storefronts, or counterfeit-brand websites; - defamatory statements about identifiable individuals; - impersonation of real individuals without consent; - non-consensual sexual content, CSAM, or content that sexualises minors; - detailed instructions to commit serious crimes or to make weapons capable of mass harm.

3.3 No circumvention. You must not attempt to bypass safety filters, jailbreak the models, exfiltrate system prompts, or otherwise undermine the AI Builder’s protective measures.

3.4 Disclosure. Where Australian or destination-market law requires disclosure that content is AI-generated (for example, certain political-advertising or consumer-protection contexts), you are responsible for that disclosure.

3.5 Scanning. As described in the Privacy Policy, Xelora may automatically scan prompts and AI Output for safety, abuse, and policy compliance. We may quarantine or refuse to serve content that triggers our safety systems.

3A. Rebuild from URL — specific rules

The rebuild-from-URL feature retrieves and processes content from a website you specify, and uses it to generate a new website on the Services. The rules in section 3 apply, plus the following:

3A.1 You must own or have all necessary rights to every asset on the Source Site you submit — including text, images, fonts, videos, logos, code, and any third-party content embedded on the Source Site. If you don’t own it, you must hold a transferable licence broad enough to cover Xelora’s processing and your republication on a new domain.

3A.2 You must not direct Xelora to retrieve a Source Site you do not have rights to, including: - a competitor’s website you have no relationship with; - a website behind a login, paywall, or robots.txt disallow that you are not authorised to bypass; - a website where the visible footer indicates “All rights reserved” by a party other than you, unless you have written permission; - any government, educational, or non-profit site whose content licence prohibits commercial republication; - any site that contains photographs of identifiable individuals you do not have releases for.

3A.3 Photographs of people, customer testimonials, employee bios. If you submit a URL containing such material, you warrant that you have the consents required by Australian privacy law (and equivalent foreign law) for that material to be republished.

3A.4 Fonts, stock images, premium plugins. Many fonts and stock images are licensed under terms that do not permit re-hosting on a new domain. Examples include Adobe Fonts (most weights non-transferable), Getty/Shutterstock licences (per-account), font foundries (WOFF files served from a specific domain). You must obtain the appropriate licence on your new domain before publishing. Xelora will not check this and is not your licensing agent.

3A.5 Right to refuse a rebuild. Xelora may automatically reject, or strip from your project, any material we recognise as obviously infringing — for example, content from a known stock-photo library where we have no record of a corresponding licence on your account. This is a courtesy filter only; the absence of a refusal does not mean we have approved the content.

3A.6 Indemnity. You indemnify Xelora against any claim arising from your rebuild request, on the terms set out in section 13 of the Terms of Service. This applies whether the claim is brought against you, against Xelora, or against both.

4. Resource use and platform constraints

4.1 Platform model. Xelora hosts websites that are generated by the AI Builder and stored as a controlled set of templates and pages. Customer accounts on standard plans do not have: - shell or SSH access to the underlying server; - the ability to upload and execute arbitrary server-side scripts (e.g. customer-uploaded PHP, Python, Node.js binaries); - cron access or the ability to schedule background jobs; - the ability to install software packages or background daemons.

As a result, classes of abuse that affect general-purpose hosting platforms — for example, cryptocurrency mining, BitTorrent clients, IRC bouncers, denial-of-service botnets, port scanners, mail relays open to third parties, large-scale crawler infrastructure — are technically prevented by the platform itself. If we detect attempts to circumvent these constraints, we may suspend the account.

4.2 What customer sites do support. Customer sites can serve generated pages, accept form submissions through Xelora’s controlled form handler, send and receive email through the Customer’s mailboxes, and serve static assets (images, CSS, JavaScript) generated by the AI Builder. Specific resource quotas — disk usage, mailbox count, email volume, form-submission rate — are set out on the plan page applicable to your subscription.

4.3 General resource rule. You must not use the Services in a way that materially degrades performance or stability for other customers, including by: making unrealistic numbers of API requests; abusing form submission to send unsolicited mail; or running the AI Builder in a tight loop to consume tokens.

4.4 If you exceed the resource limits of your plan, we may throttle, suspend, or invoice for overage at the rates published on the plan page.

4.5 The general prohibitions in section 2 still apply to all Customer Content and AI Output regardless of how the platform is technically configured.

5. Domain registration conduct

5.1 You must comply with the policies of each registry you register a domain in (including auDA’s .au policies).

5.2 You must not register domains in bad faith, including for the purpose of cybersquatting, typosquatting, or impersonating a brand.

6. Reporting abuse

6.1 To report abuse — including phishing, malware, copyright infringement, or AI-generated harm — email abuse@xelora.host with: - the URL or IP address concerned; - the nature of the abuse and supporting evidence; - your contact details (for follow-up).

We aim to acknowledge abuse reports within 2 business days.

6.2 Copyright complaints. Australian copyright owners may submit notices to abuse@xelora.host. International rights-holders may also submit notices following equivalent procedures (e.g. DMCA-style notices); we will act in accordance with applicable law.

6.3 CSAM. Material believed to be child sexual abuse material is reported to the relevant authorities (eSafety Commissioner / law enforcement) and removed immediately on detection.

7. Enforcement

7.1 We may, at our discretion and without prior notice where the risk warrants: - remove or disable access to specific Customer Content or AI Output; - block specific prompts, IPs, or features; - throttle or rate-limit usage; - suspend or terminate accounts; - preserve and disclose information to law enforcement where required.

7.2 We will, where reasonable and lawful, give you notice and an opportunity to remedy a breach before suspension, except for serious or imminent harms.

7.3 Termination for AUP breach does not entitle you to a refund of pre-paid Fees, subject to the Refund and Cancellation Policy and the ACL Disclosures.

8. Cooperation with authorities

We will cooperate with valid Australian legal process. We may also voluntarily disclose information where we form a reasonable belief that disclosure is necessary to prevent serious harm.

9. Updates

We may update this AUP from time to time. The “last updated” date at the top reflects the current version. Material changes will be notified.

10. Contact

  • Abuse: abuse@xelora.host
  • General support: support@xelora.host

Questions about this document? Email support@xelora.host.

Xelora
Online

Before we start, could you share your name and email so we can follow up if needed?

How was this chat?

Thanks for the feedback!

Powered by Xelora