Hosting Service Agreement

Last update: 1 September, 2025

By contracting our Mautic SaaS hosting services, the Customer accepts and agrees to all terms established herein. Continued use of the service constitutes express acceptance of these terms.

1. Scope and Description of Services

We provide specialized infrastructure hosting exclusively for the Mautic platform, including the database and all necessary technical components. Each Customer receives a dedicated and isolated Mautic instance with resources allocated according to the contracted plan.

What is included:

  • Mautic instance hosting on high-availability infrastructure
  • Managed database optimized for Mautic
  • Infrastructure maintenance and critical security patches
  • Performance and availability monitoring
  • Automatic daily backups during nighttime hours with retention according to plan
  • Customer support via email/ticket system

What is NOT included:

  • SMTP service for email delivery – Customer must contract their own SMTP provider (we recommend Amazon SES but are not affiliated)
  • Configuration and management of Mautic campaigns
  • Email templates, landing pages, or forms creation
  • Marketing automation strategy or consulting
  • Legal compliance consulting (GDPR, etc.)

Our function is exclusively technical infrastructure provision. We do not monitor or control campaign content, emails, or data processed through the platform. The Customer has total autonomy and responsibility over their use of Mautic.

Customer Benefits

  • Exclusive Partner Discount: All customers receive a 15% discount on services provided by Crafting.email, including email templates, landing page design, form creation, and marketing automation consulting. This is entirely optional – you’re free to manage everything yourself or work with your own team.

2. Acceptable Use Policy

The reputation of our infrastructure’s IP addresses and domains is a shared and critical resource that directly impacts all customers. When one account engages in spam or abusive practices, it doesn’t just affect that single customer – it can severely compromise email deliverability for dozens of other legitimate users, trigger inclusion in international blacklists (Spamhaus, SURBL, etc.), damage sender reputation scores, and ultimately result in sanctions or service termination from our infrastructure providers. This cascading effect can take weeks or months to resolve and affects innocent customers who follow best practices.

For this reason, we maintain a strict zero-tolerance policy for practices that jeopardize our shared infrastructure. Violations result in immediate account suspension without prior warning and without refund. We prioritize protecting the majority of compliant customers over any single violator.

2.1 Strictly Prohibited

Spam and Illegal Email Marketing:

  • Sending unsolicited emails or any form of spam
  • Using purchased, rented, scraped, or harvested contact lists
  • Cold emailing without verifiable opt-in consent
  • Sending to contacts who haven’t explicitly subscribed
  • Continuing to email recipients who requested removal
  • Omitting or hiding unsubscribe options
  • Email spoofing or impersonation

Consent must comply with GDPR requirements: freely given, specific, informed, unambiguous, and demonstrable. You must prove how and when consent was obtained for each contact.

Illegal Content and Activities:

  • Pirated software, malware, viruses, or hacking tools
  • Child exploitation material (immediate law enforcement reporting)
  • Content promoting violence, terrorism, hatred, or discrimination
  • Phishing, fraud, or deceptive schemes
  • Unauthorized access attempts or security scanning
  • DDoS attacks or cryptocurrency mining
  • Unauthorized proxy/VPN services
  • Violation of intellectual property rights

Data Protection Violations:

  • Processing personal data without legal basis
  • Selling or sharing contact data without consent
  • Failing to respond to data subject rights requests
  • Inadequate security measures for personal data

2.2 Customer Obligations

You must:

  • Maintain auditable consent records (date, time, IP, opt-in method)
  • Implement double opt-in for large lists or commercial campaigns
  • Include functional unsubscribe links in all emails
  • Process unsubscribe requests within 24 hours
  • Monitor bounce rates, complaint rates, and spam reports
  • Remove hard bounces and inactive contacts regularly
  • Implement email authentication (SPF, DKIM, DMARC)
  • Respond promptly to spam allegations

3. Payment Terms

3.1 Billing Schedule

Services are billed monthly. Invoices are issued by the 5th day of each month and cover that month’s service. Payment must be made by the last day of the month.

Example: October invoice issued by October 5th, covers October 1-31, payment due October 31st.

3.2 Payment Methods

We accept payments via bank transfer, PayPal, or cryptocurrency. All transactions are processed in Euros (€) or US Dollars (USD), according to the daily exchange rate. Customers are responsible for any applicable bank or processing fees.

3.3 Late Payment Process

Grace Period (5 days):

  • If payment not received by month end, you have 5 additional calendar days
  • Service remains fully operational during this period
  • No penalties or late fees applied
  • Email reminders will be sent during that time

After 5 Days (Service Suspension):

  • Service automatically suspended – instance becomes inaccessible
  • No emails sent, no automations executed
  • Data remains stored but inaccessible
  • Can be reactivated by paying overdue invoice(s)

After 30 Days of Non-Payment (Permanent Deletion):

  • Account permanently canceled
  • All data irreversibly deleted – files, database, campaigns, contacts
  • All backups permanently deleted
  • No possibility of recovery regardless of payment offered

Chronic Late Payment: If you consistently exceed the 5-day grace period, we reserve the right to cancel the service with 30 days advance notice to allow time to migrate to another provider.

We assume no responsibility for data loss due to non-payment. Maintain your own backups.

3.4 Price Changes

We may adjust prices periodically. Changes communicated 30 days in advance via email. You may cancel before changes take effect if you disagree. Continued use after effective date constitutes acceptance.

4. Service Cancellation

4.1 Cancellation by Customer

You may cancel anytime by sending written notice to our support email, preferably with 30 days advance notice. After cancellation:

  • Service remains active until end of paid period
  • No partial refunds for unused time
  • You have 15 days after service end to export data
  • After 15 days, all data permanently deleted

We recommend exporting all data before canceling.

4.2 Immediate Suspension for Policy Violations

We reserve the right to immediately suspend or cancel accounts without notice or refund for:

  • Spam or mass unsolicited email sending
  • Use of purchased/illegitimate contact lists
  • Multiple spam complaints from recipients
  • IP blacklisting due to account activity
  • Malware, hacking, or unauthorized access attempts
  • Illegal content hosting or distribution
  • Any activity violating this policy or applicable laws

Process:

  1. Immediate suspension to prevent further damage
  2. Email notification explaining the violation
  3. 48 hours to respond with explanations/evidence
  4. We review and make final decision on reactivation or permanent cancellation

Consequences:

  • No refunds for canceled accounts
  • Data export available within 7 days (an administrative fee may apply)
  • After 7 days, permanent data deletion
  • Possible reporting to authorities for illegal activities
  • May share violation information with infrastructure providers and anti-spam organizations

4.3 Abuse Detection

While we respect privacy and don’t proactively monitor content, we implement automated systems detecting anomalous patterns:

  • Abnormal email sending volumes
  • High bounce/complaint rates
  • Spam-characteristic patterns
  • Excessive resource consumption
  • Suspicious access attempts

We investigate all external complaints including spam reports, ISP notifications, blacklist alerts, and abuse reports from organizations like Spamhaus.

5. Service Guarantees and Limitations

5.1 Uptime

We target 99.5% monthly uptime excluding scheduled maintenance and force majeure. Scheduled maintenance communicated 48 hours in advance, typically performed during low-usage periods (early morning/weekends).

5.2 Backups

Automatic daily backups performed during nighttime hours, stored in geographically separate location. Retention: 7 days (standard plans), 30 days (premium plans).

Important: Our backups are for disaster recovery, not a replacement for your own backups. We don’t guarantee complete data recovery in all circumstances. Backup restoration may incur 200€ fee and take 4-24 hours.

Backup limitations:

  • Corruption affecting backups
  • Undetected backup system failures
  • Data created/modified after last backup
  • Customer-initiated deletion

You must maintain your own backups by regularly exporting contacts, campaigns, templates, and configurations using Mautic’s export features.

5.3 Limitation of Liability

Our maximum liability is limited to total amount paid in the last 3 months. We are not responsible for:

  • Data loss from any cause
  • Lost revenue, profits, or business opportunities
  • Indirect or consequential damages
  • Email deliverability – depends on sender reputation, DNS configuration, content, and recipient server policies
  • Email blocking/filtering by providers (Gmail, Outlook, etc.)
  • Blacklisting from customer practices
  • Third-party infrastructure provider issues
  • DDoS attacks, intrusions, or malware
  • Force majeure events

Email deliverability depends fundamentally on your practices. We cannot guarantee inbox delivery even with proper technical configuration.

5.4 Support

Customer Support (Included):

  • Available via email/ticket system
  • Hours: Monday-Friday, 9 AM – 6 PM (Lisbon time), excluding Portuguese holidays
  • Average response: 24 business hours (normal priority)
  • Critical issues: <4 business hours
  • Covers: availability, access, infrastructure performance, DNS/authentication setup, backup restoration, upgrades/migrations

Technical Support (80€/hour):

Server-specific tasks not covered by standard support (custom configurations, advanced troubleshooting, etc.) billed at 80€/hour.

Not Covered:

  • Marketing consulting or campaign strategy
  • Mautic automation/workflow configuration
  • Template/email/landing page creation
  • Mautic features training
  • Marketing metrics interpretation
  • Legal/GDPR compliance advice (consult lawyer)

For Mautic functionality questions, consult mautic.org documentation or community. For professional assistance with templates and automation, consider our partner discount at Crafting.email (15% off, entirely optional).

6. GDPR and Data Protection

6.1 Roles and Responsibilities

You are the Data Controller – you determine purposes and means of processing. We are the Data Processor – we provide infrastructure where processing occurs.

Our obligations:

  • Implement appropriate security measures
  • Process data only per your documented instructions
  • Ensure staff confidentiality commitments
  • Provide information for GDPR compliance demonstration
  • Allow and contribute to audits if requested
  • Delete or return data when service ends

Data Processing Agreement (DPA) available upon request.

6.2 Your Compliance Obligations

You must comply with applicable laws including GDPR, ePrivacy Directive, CAN-SPAM (USA), CASL (Canada), and other regional laws. Specifically:

  • Obtain valid GDPR-compliant consent before collecting personal data
  • Provide transparent privacy information to data subjects
  • Enable data subject rights (access, rectification, deletion, portability, objection)
  • Keep only necessary data for legitimate purposes
  • Delete data when no longer needed or consent withdrawn
  • Implement appropriate security measures
  • Report data breaches to authorities and affected individuals
  • Appoint DPO if required

We don’t provide legal advice. Consult a data protection lawyer for compliance guidance.

7. Data Ownership

You retain full ownership of all data (contacts, campaigns, analytics, configurations). We will not access, use, share, or sell your data except as necessary to provide service or comply with legal obligations.

Upon cancellation, you have 30 days to export data using Mautic’s native export features. After this period, all data permanently deleted per our retention policy.

8. Changes to Terms

We may modify these terms anytime. Significant changes communicated 30 days in advance via email. Continued use after effective date constitutes acceptance. You may cancel before changes take effect if you disagree.

Minor changes (typos, clarifications, contact updates) may be made without notice.

9. Governing Law

These terms governed by Portuguese law. Disputes subject to exclusive jurisdiction of Portuguese courts, regardless of customer location.

10. Contact Information

  • General Support: Please use the contact form

Abuse reports investigated within 24 hours.

11. Entire Agreement

These Terms of Service and any signed DPA constitute the complete agreement, superseding all prior agreements or understandings. If any provision is invalid, remaining provisions remain in effect.

By using our service, you declare having read, understood, and accepted these Terms of Service and Acceptable Use Policy.