Running a reseller hosting business without written terms is asking for trouble. Customers eventually do things you didn’t anticipate (spam, copyright violation, hacking, fraud). When that happens, your terms determine whether you can suspend their account and refuse refund, or whether you’re in a vague dispute. This guide covers the core components of an Acceptable Use Policy (AUP) and Terms of Service (TOS) for reseller hosting, plus the iWebVault upstream rules you must pass through to your customers.
Two documents, two purposes
- Terms of Service (TOS) — Business relationship terms. Payment, refunds, suspension procedures, liability limits, dispute resolution.
- Acceptable Use Policy (AUP) — Specific things customers may not do with hosting. Spam, illegal content, attacks, etc.
Often combined into one document but conceptually distinct.
Core TOS sections
1. Services provided
What you sell. Hosting, email, support level, resource limits. Specific is better than vague — “shared cPanel hosting with 10GB disk and 100GB bandwidth” beats “professional web hosting.”
2. Payment terms
- Billing cycle (monthly, annual).
- Auto-renewal policy.
- Accepted payment methods.
- Late payment consequences (grace periods, suspension timing).
- Currency and pricing changes.
3. Refund policy
- Money-back guarantee window (typically 7-30 days from initial signup).
- What’s refundable (hosting fee), what’s not (domain registration, setup fees, third-party services).
- How refunds are processed.
- Cancellation procedures.
4. Service availability and SLA
- Uptime commitment (or honest “best effort” if you can’t guarantee 99.9%).
- Scheduled maintenance windows.
- Service credits for downtime exceeding commitment.
- Force majeure exclusions.
5. Customer responsibilities
- Backup their own data (you may also back up; customer shouldn’t rely solely on you).
- Keep contact information current.
- Maintain software security (update WordPress, plugins, themes).
- Notify of compromised credentials.
6. Suspension and termination
- Grounds for suspension (AUP violation, payment failure, abuse).
- Notice requirements (when reasonable to give notice; when immediate suspension is justified).
- Process to dispute or appeal.
- Data retention after termination (e.g. 30 days, then deletion).
7. Liability limits
- Cap on damages — typically limited to fees paid in last 12 months.
- Exclusion of indirect/consequential damages.
- Disclaimer of warranties beyond what’s required by consumer protection law.
Local consumer protection law may override some limitations. Get legal advice for jurisdiction-specific drafting.
8. Dispute resolution and jurisdiction
- Choice of law (your jurisdiction).
- Venue for disputes.
- Optional arbitration clause.
Core AUP sections
1. Prohibited content
- Child sexual abuse material — absolute zero tolerance.
- Content advocating violence against people or groups.
- Content infringing intellectual property of others.
- Content depicting illegal activity (specific to your jurisdiction).
- Phishing / scam content.
2. Prohibited activities
- Spam (unsolicited bulk email).
- Network attacks (DDoS, port scanning, brute force).
- Hosting malware or exploits.
- Sending mail bombs.
- Reselling without permission.
- Cryptocurrency mining.
- Running public tor exit nodes (varies by host).
- Running open proxies / VPN services without specific approval.
3. Resource usage
- Reasonable use of CPU/memory/IO. Customer can’t monopolize shared resources.
- Specific limits if any (e.g. process count, concurrent connections).
- Right to suspend for resource abuse with notice.
4. Email sending
- Acceptable mail patterns (transactional, opt-in newsletters).
- Maximum send rates per hour.
- Required opt-in for mailing lists.
- Forbidden patterns (purchased lists, scraped addresses).
5. Reporting and enforcement
- How abuse should be reported (your abuse@ address).
- Investigation procedures.
- Penalties — warning, suspension, termination.
- Cooperation with law enforcement under valid legal process.
iWebVault constraints you must pass through
You’re a reseller of iWebVault services. iWebVault’s AUP applies to your customers transitively. Your AUP cannot be more permissive than iWebVault’s. Common items you MUST forbid:
- Whatever iWebVault forbids on its main AUP page.
- Any specific carve-outs in iWebVault reseller terms.
- Content/activity that violates the law in jurisdictions iWebVault operates from.
If iWebVault suspends your reseller account for customer abuse, you bear responsibility — even if your AUP didn’t address it.
Practical implementation
Where to publish
- Public page on your site (yourdomain.com/terms, yourdomain.com/aup).
- Linked from order page.
- Acceptance checkbox during signup (signed digital agreement).
- Linked in welcome email.
Versioning
- Date each revision. “Last updated: 2026-03-15.”
- Archive old versions accessible if customer asks.
- Notify customers of material changes (especially to refund policy, AUP, payment terms).
Plain language
Legalese feels safe but isn’t more enforceable. Customers don’t read it. Write clearly. Lawyers can review for genuine issues.
Enforcement consistency
A policy you don’t enforce becomes unenforceable when you finally try. If you tolerate Customer A’s resource abuse for months, suspending Customer B for the same thing creates a discrimination claim.
Be consistent — enforce uniformly or update the policy to match reality.
Where customers actually fight
From experience running reseller hosting, disputes cluster around:
- Refunds beyond stated window. “I want a refund for the year I paid for, even though it’s been 6 months.” Strong refund policy with explicit timing avoids dispute.
- Pro-rated cancellations. “I’m leaving 2 months early — refund those 2 months.” Policy should state whether mid-period refunds are pro-rated.
- Suspension without notice. Customer caught spamming, suspended immediately. They claim no warning. AUP must allow immediate suspension for serious violations.
- Data after termination. Customer claims they need a backup AFTER you deleted their account. Retention policy must be explicit.
- Downtime credit. Customer claims SLA breach; demands refund. Have measurable uptime tracking; clear credit calculation.
Templates to start from
Don’t write from scratch. Templates from:
- WHMCS marketplace — hosting-specific TOS/AUP packages.
- termsfeed.com — generator with hosting-friendly clauses.
- Examining well-known hosting providers’ published AUPs (without copying verbatim).
Have a lawyer in your jurisdiction review before final publishing. Hosting AUP/TOS isn’t standard — local consumer law affects what’s enforceable.
Common questions
“My business is tiny. Do I really need this?” Yes — disputes happen regardless of size. Small business with no terms is more vulnerable, not less.
“Customer didn’t read the terms — can I still enforce?” Generally yes if terms were accessible and signup involved acceptance (checkbox, email). Specific enforceability varies by jurisdiction.
“Customer breached AUP. Refund anyway?” Your policy. Many resellers don’t refund post-violation; some refund prorated minus violation period.
“Can I change terms whenever?” Existing customers usually need notice + option to cancel. New customers accept current terms at signup.
“Law enforcement asking about a customer — what do I do?” Verify legitimate legal process (subpoena, court order). Comply with valid orders. Notify customer if not prohibited by order. Consult lawyer for ambiguous requests.
What’s next
- Reseller customer acquisition: First 10 customers.
- Pricing structures: Pricing reseller plans.
- Payment failure handling: Failed payment recovery.
Solid AUP and TOS turn ambiguous disputes into clear ones. Customers know what they agreed to; you have explicit grounds for suspension when needed. Templates plus 1-2 hours of customization plus a lawyer review covers nearly all reseller scenarios. The investment pays off the first time a customer’s site gets compromised and you need to act fast without a “but you didn’t tell me” argument.
Was this helpful?
Thanks for your feedback!
