Security Policy

Raidbox (Global | Jurisdiction-Neutral)

1. Purpose and Disclaimer of Guarantee

This Security Policy describes the security measures and practices implemented by Raidbox to protect its infrastructure and services.
This policy is provided for informational purposes only and does not constitute a guarantee, warranty, or representation that security incidents, service disruptions, data loss, or unauthorized access will never occur.

While we implement commercially reasonable and industry-standard safeguards, no system can be guaranteed to be fully secure. By using our services, customers acknowledge and accept the inherent risks associated with digital infrastructure, internet communications, and third-party dependencies.

2. Scope and Limitation of Responsibility

This policy applies solely to systems and infrastructure directly controlled and operated by Raidbox.

Raidbox is not responsible or liable for security incidents, data exposure, service interruption, or misuse resulting from:

• Customer actions, misconfigurations, or negligence

• Compromised credentials, weak passwords, or lack of customer security hygiene

• Third-party software, integrations, plugins, APIs, or external services

• Actions of upstream providers, network carriers, cloud platforms, registrars, or certificate authorities

• Malware, zero-day vulnerabilities, or exploits beyond reasonable detection or prevention

• Lawful or unlawful actions by third parties, including governmental or regulatory authorities

• Force majeure events, including but not limited to cyber warfare, sanctions, infrastructure failures, or acts beyond our reasonable control

3. Security Principles

Our security framework is guided by the following principles, without creating any obligation of absolute protection:

• Confidentiality: Access is restricted to authorized personnel based on operational necessity.

• Integrity: Reasonable measures are taken to prevent unauthorized alteration of systems and data.

• Availability: We strive to maintain service availability but do not guarantee uninterrupted access.

• Accountability: Internal processes exist to manage and review security-related decisions.

4. Regulatory and Legal Neutrality

Raidbox designs its security practices to align with widely recognized international standards and applicable data protection principles, including but not limited to GDPR where relevant.

However:

• This policy does not submit Raidbox to the exclusive jurisdiction or authority of any single government or regulator

• Compliance obligations vary based on customer location, service usage, and legal context

• Customers remain solely responsible for determining whether the services meet their own legal, regulatory, or compliance requirements

5. Security Controls (Reasonable Measures)

5.1 Access Management

• Role-based access controls (RBAC)

• Least-privilege enforcement

• Authentication safeguards for internal systems

5.2 Encryption

• Encryption in transit using industry-standard protocols

• Encryption at rest where technically and operationally appropriate

5.3 Monitoring and Incident Handling

• Automated and manual monitoring for abnormal activity

• Incident response procedures designed to mitigate impact, not eliminate risk

Important: Monitoring does not guarantee detection of all threats or attacks.

5.4 Audits and Reviews

• Periodic internal reviews and assessments

• External audits may be conducted at our discretion, not as an obligation

6. Abuse, Misuse, and Enforcement

Prohibited activities are defined in the Acceptable Use Policy (AUP).

Raidbox reserves the sole and absolute right to:

• Investigate suspected violations

• Restrict, suspend, or terminate services during investigations

• Remove or disable access to data, services, or accounts

We are not obligated to provide advance notice, evidence, justification, or appeal mechanisms, except where explicitly required by applicable law.

7. Content and Data Responsibility

Raidbox does not proactively monitor customer content and does not assume responsibility for data stored, processed, transmitted, or hosted by customers.

Customers retain full legal responsibility for:

• The legality of their data and activities

• Compliance with applicable laws

• Responses to law enforcement or regulatory inquiries

8. Government and Legal Requests

Raidbox may respond to lawful requests from authorities only to the extent required by applicable law.

We are not responsible for:

• Government-mandated access, disclosure, seizure, or service restriction

• Legal consequences arising from customer activities

• Conflicts between customer expectations and external legal demands

9. Know Your Customer (KYC)

Raidbox may require identity verification in certain situations to mitigate risk, abuse, or legal exposure.

• KYC is conducted via third-party providers

• Raidbox does not retain KYC data beyond verification results

• Failure to complete KYC may result in immediate service restriction or termination

KYC may be required as a mandatory prerequisite to dispute or appeal enforcement actions.

10. Customer Security Obligations

Customers are solely responsible for:

• Securing access credentials

• Maintaining secure configurations

• Updating software and systems

• Implementing backups and recovery strategies

Failure to do so releases Raidbox from responsibility for resulting incidents.

11. No Liability, No Warranty

To the maximum extent permitted by law:

• Services are provided “as is” and “as available”

• Raidbox disclaims all warranties, express or implied

• Raidbox shall not be liable for indirect, incidental, consequential, or punitive damages

• Total liability, if any, is strictly limited as defined in the Terms of Service

12. Policy Updates

This policy may be modified at any time without prior notice.
Continued use of the services constitutes acceptance of the current version.