These "Terms and conditions for the use of the Cloud VPS service" set out the conditions under which any person may visit or access the Cloudify.ro site or use the service in any way, and have the value of an agreement, within the meaning of art. 1166 et seq. of the Romanian Civil Code, concluded between ACVILE TECH S.R.L (hereinafter "supplier"), in its capacity as owner and administrator of the site and provider of the Infrastructure as a Service (IaaS) service, and any person who visits or accesses the Site or wishes to use in any way or actually uses the Services (hereinafter "user" or "customer").
The purpose of data collection is: to provide Cloud VPS services according to the current offer, in accordance with Regulation (EU) 2016/679 (GDPR) and Romanian Law no. 190/2018.
ACVILE TECH S.R.L is registered with the National Authority for the Supervision of Personal Data Processing under no. 48288.
ACVILE TECH S.R.L. treats the protection of your personal data responsibly and strictly enforces the legislation in force. Below we present our policy regarding the processing of personal data, which gives you the opportunity to be informed about the protection we guarantee you and the purpose of the collection of personal data.
As a processor (Web Hosting), within the meaning of Regulation (EU) 2016/679, we process only the personal data that you have established, for the time indicated and for the purposes imposed by you as controller. We assure you that your data is safe, remains your property and is stored only on servers located in Romania. The internal back-up system (optional) is implemented within the European Union, and access to these systems is restricted exclusively to authorized technical personnel.
When you register to use our Services, we may collect the following information about you:
– first name, last name, e-mail address, date of birth, place of residence, personal numerical code (CNP), identity document data, telephone number, fiscal identification code (CUI), Trade Register registration.
Depending on the choices you make during authentication to our Services or during the process of subscribing to our Services, you can opt for the following additional personal data: your credit card details if you wish to provide this information, as well as your IBAN account.
It is forbidden to publish on the supplier's servers content or links to such content that: (I) infringes or prejudices in any way the intellectual property rights of other persons or other rights; (II) contains obscene, pornographic or violent content; (III) contains defamatory or slanderous content; (IV) contains racial or discriminatory content; (V) contains viruses, Trojan horses or the like; (VI) contains pirated software or addresses those who pirate software or engage in any similar activity. It is also forbidden to use our servers exclusively as a storage medium (e.g. movies, mp3s, pictures, etc.).
The service provided by the supplier falls under the Infrastructure as a Service (IaaS) category, a model recognized by European cloud computing standards (in particular ISO/IEC 17788, the ENISA cloud security guidelines and Directive (EU) 2022/2555 – NIS2, transposed into Romanian law by Law no. 58/2024 on cybersecurity). Under this model, responsibility for the safe operation of the service is shared between supplier and client, with each party having clearly delineated duties. The parties expressly agree on the following allocation, which constitutes a binding contractual clause within the meaning of art. 1270 of the Romanian Civil Code.
The supplier assumes, as an obligation of means within the meaning of art. 1480 of the Romanian Civil Code, exclusive responsibility for the following components of the service:
(a) Physical infrastructure – physical security of the data center, redundant power supply, equipment cooling, physical access control and hardware integrity;
(b) Storage – availability of the block storage system at hardware and virtualization software level, including internal replication for tolerance of customary hardware faults;
(c) Processing – availability of compute resources (CPU, RAM) allocated to the client through the hypervisor, within the limits of the contracted tariff plan;
(d) Connectivity – provision of Internet connectivity and the internal communications network, within the limits of the uptime guarantee set out in the "Uptime Guarantee" section;
(e) Virtualization layer – application of security patches to the hypervisor, host operating system and cloud orchestration components (OpenStack, KVM, libvirt and similar), in accordance with the supplier's internal vulnerability management policies and the obligations laid down in Romanian Law no. 58/2024.
All software and configuration components inside the virtual instance (VPS) are the exclusive responsibility of the client, without exception. These include, without limitation:
(a) Guest operating system – installation, configuration, maintenance and updating of the operating system installed in the VPS, regardless of whether it was deployed from a standard image provided by the supplier or from a custom client image. The provision of a standard image does not transfer responsibility to the supplier;
(b) Applications, libraries and software – any application, framework, web server, database server, container, runtime, CMS or library installed or executed in the VPS;
(c) Security configuration – firewall settings (both at VPS level and through the security groups available in the control panel), SSH access rules, TLS/SSL certificates, password policy and multi-factor authentication;
(d) Credentials and access keys – safekeeping of passwords, SSH keys, API tokens, control panel access keys and any other sensitive information granting access to the account or virtual instances;
(e) Data and content – the legality, integrity and protection of data stored in the VPS, including compliance with personal data protection legislation (Regulation (EU) 2016/679 – GDPR and Romanian Law no. 190/2018) and with the content policy set out in section 1;
(f) Performing external backups of data, in accordance with the dedicated section below.
The customer is responsible for updating the contact information in the billing control panel whenever necessary. The supplier cannot be held liable for the consequences of a missed or erroneous communication that results directly from the customer's failure to perform such updates.
The customer is responsible for keeping the username, passwords, SSH keys, API tokens and any other credentials or sensitive information that grant access to the account or virtual instances secure. The supplier cannot be held liable for the consequences of the compromise of such credentials resulting from an act or omission of the customer.
The price for automated backup is 20% of the server value. The backup is performed automatically every 12 hours or can be created on demand by the customer from the administration interface. Restoration from backup is also performed from the interface and involves stopping the service until the operation is completed.
The customer expressly declares that they understand and accept that responsibility for performing external backups of data stored in the VPS belongs entirely to the customer. "External backup" means any copy of the data stored in a physical or logical location distinct from the supplier's infrastructure, such that the total loss of the supplier's infrastructure would not result in the loss of the customer's data.
The supplier offers, as an optional paid service, an internal automated backup system (snapshots stored within the supplier's own infrastructure). This service represents an additional technical facility and does NOT substitute the customer's obligation to perform independent external backups. The internal backup protects against accidental customer errors (deletions, unwanted changes) but does not guarantee data recovery in the event of catastrophic incidents simultaneously affecting the virtual instance and the internal backup system.
The supplier is expressly released from any liability – contractual, tortious or otherwise – for the loss, damage, alteration or unavailability of the customer's data, in the following situations, without limitation: (i) the customer did not configure their own external backup system; (ii) the customer disabled, modified or refused the optional internal backup service offered by the supplier; (iii) data was deleted, encrypted or altered as a result of an action by the customer, by a third party authorized by the customer, or by an attacker who gained access through credentials, vulnerabilities or configurations within the customer's responsibility; (iv) data was lost as a result of account or service expiry under the conditions set out in the "Payment and Billing Terms" section; (v) data was lost as a result of a CVE-type security vulnerability in the guest operating system or in software installed by the customer.
Definition: CVE (an acronym from English meaning "Common Vulnerabilities and Exposures") represents an international, public and standardized system for cataloguing security vulnerabilities in software and hardware, administered by the non-profit organization MITRE Corporation with the support of the U.S. Cybersecurity and Infrastructure Security Agency (CISA). Each discovered and confirmed vulnerability is assigned a unique identifier in the format CVE-YYYY-NNNNN (where YYYY is the year of publication and NNNNN is a sequence number). These vulnerabilities are published in the National Vulnerability Database (NVD, accessible publicly at nvd.nist.gov) and in the European EUVD database operated by the European Union Agency for Cybersecurity (ENISA). The CVE system is recognized in European legislation through Directive (EU) 2022/2555 – NIS2, transposed in Romania by Law no. 58/2024 on cybersecurity.
Examples: (i) a flaw in the source code of an operating system (Linux, Windows) allowing an attacker to escalate privileges; (ii) a flaw in a web server (Apache, Nginx) allowing remote code execution; (iii) a flaw in a cryptographic library (OpenSSL) allowing the leakage of sensitive information; (iv) a flaw in a CMS (WordPress, Drupal) allowing code injection or unauthorized database access.
Within the shared responsibility model described in the previous section, CVE vulnerabilities are classified into two categories: (a) CVEs affecting the supplier's infrastructure layer (hypervisor, host OS, cloud orchestration software) – in this case the supplier undertakes, as an obligation of means, to apply security patches within a reasonable time, in accordance with its internal vulnerability management policies and the obligations laid down in Romanian Law no. 58/2024; (b) CVEs affecting the layer under the customer's responsibility (guest operating system, applications, libraries, frameworks, CMS and any other software installed or executed by the customer in the VPS) – in this case, responsibility lies entirely and exclusively with the customer.
The supplier is expressly released from any liability – contractual, tortious, civil or otherwise – for: (i) direct or indirect damages caused to the customer as a result of the exploitation of a CVE vulnerability in software installed or executed by the customer in the VPS; (ii) compromise of the virtual instance through the exploitation of a known vulnerability (published in the CVE database) or unknown vulnerability (zero-day) in the guest operating system or in the customer's applications; (iii) damages resulting from the loss, leakage, alteration or encryption (including ransomware attacks) of the customer's data, where the compromise occurred through the exploitation of a vulnerability in the layer under the customer's responsibility; (iv) damages caused to third parties through the customer's virtual instance, where its compromise is due to a vulnerability in the layer under the customer's responsibility; (v) costs of remediation, restoration, digital forensic investigation or notification of data subjects (in the event of a personal data breach under articles 33 and 34 of GDPR).
Courtesy notifications: the supplier reserves the right, without assuming any legal obligation, to send customers informational notices regarding critical vulnerabilities published in the CVE database that may affect the standard operating systems made available through its images. Such notices are purely informational and provided in good faith (commercial courtesy), without generating any additional legal obligations on the supplier. The absence of such a notice does not constitute grounds for any claim against the supplier.
Fortuitous event / force majeure character: a zero-day vulnerability (not publicly known at the time of exploitation) constitutes, by agreement of the parties and in accordance with art. 1351 par. (3) of the Romanian Civil Code, an unforeseeable and unavoidable event, treated as a fortuitous event and releasing the supplier from liability regardless of the affected layer, until the official patch is published.
In addition to the delineations established in the sections on the shared responsibility model, backup responsibility and CVE exoneration, the supplier cannot be held liable for damages caused by the temporary unavailability of our servers, regardless of the reason. This provision also includes damages resulting from damage or loss of data. The customer agrees to guarantee and to hold the supplier harmless in connection with any claims and damages, including, without limitation, damages caused to third parties, resulting as a consequence of the customer's use of the services.
The user declares that they understand and accept that, in any situation in which the user claims damages of any kind from the supplier, the total amount of damages claimed by the user for any reason and which could be paid by the supplier shall not, in any way and in any case, exceed the total amount of fees (charges) paid by the user to the supplier in the 12 months preceding the event giving rise to the claim.
Cloudify.ro guarantees an annual average of 99.5% availability for the internet network and the servers installed in the data center.
The following situations are excepted:
– Force majeure situations in which the supplier cannot have any influence, such as: wars, natural disasters, unavailability or interruption of communications, fire, viruses, cyber attacks, zero-day vulnerabilities, malfunction of software offered by another source (free scripts, e-commerce software or online payment processors), floods, earthquakes, embargoes, actions of legal authorities.
– Announced maintenance work or maintenance in critical situations, server upgrades.
– Domain Name System (DNS) and other issues that cannot be controlled by Cloudify.ro.
Cloudify.ro reserves the right to send notifications regarding the services offered as well as announcements from third parties, when these may be of benefit to users.
The customer agrees to pay for our services in advance, by topping up the account with Cloud Credit. The credit can be used for any period, the services being charged per hour.
Prices displayed in Euro are calculated in RON at the BNR exchange rate on the date of payment; in accordance with the legislation, all invoices and payments are processed in RON.
When the balance falls below EUR 0, the customer is repeatedly notified to top up the account. If within 15 days from the moment the balance reached 0 the customer does not top up the account, the services will be suspended. After another 30 days from suspension, the services will be permanently deleted from the Cloudify servers, without the possibility of being restored.
Each purchased service benefits from technical support.
Cloudify.ro provides customers with an e-mail address and a live-chat interface through which they can talk to technical operators for assistance.
The products are exclusively electronic services (VPS). Their delivery is instant, takes place online, and is performed through the user interface of the Cloudify.ro site.
Customers can request a refund within 30 days. If applicable, the services active at the time of return will be deactivated.
We reserve the right to make additions, cancellations or changes to these Terms and Conditions, to prices and on the site at any time, with notification being made through the site or the customer control panels.