Legal

Acceptable Use Policy

Effective date: March 13, 2026  ·  Last updated: March 13, 2026

Purpose

This Acceptable Use Policy ("AUP") describes the types of data and activities that are permitted and prohibited when using Stoneline Data's managed data custody and storage services. This AUP is incorporated into the Terms of Service and applies to all clients and users.

Permitted Uses

Stoneline Data is designed for lawful data custody, backup, and archival purposes, including:

  • Business records, financial documents, and operational data
  • Legal records, client files, and case documentation
  • Medical records and health information held under a signed Business Associate Agreement
  • Educational records held in compliance with applicable law
  • Personal documents including estate materials, financial records, and family media
  • Creative and professional works including photographs, video, audio recordings, design files, and manuscripts
  • Software source code and development assets
  • Data covered by a regulatory retention requirement where Stoneline Data's controls are appropriate

We encourage clients to contact us before onboarding unusual data types to confirm that our service is a suitable fit for their use case.

Prohibited Content and Activities

The following types of content and uses are prohibited:

  • Illegal content. Any content that is illegal under applicable federal, state, or local law, including material that violates export controls or trade sanctions.
  • Child sexual abuse material. Any content that sexualizes minors. Accounts found to contain such material will be immediately suspended, reported to the National Center for Missing and Exploited Children, and referred to law enforcement. There are no exceptions.
  • Content that violates third-party rights. Content that infringes the intellectual property rights, privacy rights, or publicity rights of others without authorization.
  • Malicious software. Deliberate storage or distribution of malware, ransomware, spyware, or any software designed to harm systems or users.
  • Fraudulent use. Providing false information to obtain service, using the service to facilitate fraud, or misrepresenting the nature of data submitted for custody.
  • Unsolicited mass communications. Using our service infrastructure to support spam campaigns, phishing operations, or other unsolicited bulk communications.
  • Regulated data without required agreements. Storing Protected Health Information (PHI) without a signed Business Associate Agreement, or other regulated data categories where specific contractual controls are legally required, without those controls in place.
  • Circumventing controls. Attempting to access, interfere with, or compromise the storage accounts or data of other clients or of Stoneline Data's internal systems.

Data Types Requiring Prior Agreement

The following data types require a written agreement specifying applicable controls before storage begins:

  • Protected Health Information under HIPAA
  • Student education records under FERPA
  • Classified or government-controlled information
  • Biometric data subject to state biometric privacy laws
  • Payment card data subject to PCI DSS

If you are unsure whether your data falls into a regulated category, contact us before submitting data and we will help you determine the appropriate controls.

Enforcement

We review potential violations of this AUP when they are brought to our attention. We reserve the right to investigate any account suspected of violating this policy.

Violations may result in:

  • A written warning and opportunity to cure the violation within a specified period
  • Temporary suspension of service while the violation is investigated
  • Immediate termination of service for severe or repeated violations, or where law enforcement involvement is warranted

We will follow the offboarding process described in the Terms of Service for terminated accounts, except in cases involving illegal content where data may be preserved for law enforcement purposes.

Reporting Violations

If you believe content stored on our service violates this AUP or applicable law, please notify us via the Contact page with sufficient detail to allow us to investigate. We take all such reports seriously and will respond within 2 business days.

Changes to This Policy

We may update this AUP from time to time. Material changes will be communicated to active clients by email at least 30 days before taking effect.