We don't ask who you are. That anonymity exists to protect legitimate privacy — not to shelter the handful of things that harm real people. Here is what you may never host on HushVPS, in plain terms.
Last updated: 14 July 2026
HushVPS exists for journalists, activists, researchers, developers, and anyone who simply doesn't want their infrastructure tied to their real-world identity. Our no-KYC signup and no-logs posture are deliberate privacy features. They are not an invitation to do harm. In fact, minimal data and strong anonymity make us a poor shield for wrongdoing, because we cannot and will not turn those properties into cover for the categories below.
This policy is short on purpose. If you are unsure whether your use case fits, read it carefully, then reach out through our encrypted contact channel before you deploy. The bright lines here are non-negotiable and apply to every plan, every region, and every customer.
The following are banned outright. There is no grey area, no appeal on the merits, and no configuration in which they become acceptable:
This list is illustrative of intent, not an exhaustive catalogue of every unlawful act. If a use is criminal against people under the law of our hosting jurisdiction, treat it as prohibited here.
Understanding the boundary is easier when you separate two ideas that are often confused.
What it does mean: we do not collect government ID, we do not demand your legal name, and we do not build a profile that links your server to your identity. We accept Monero specifically so that payment cannot become a paper trail. We keep the logs we hold to the practical minimum. That is genuine, structural privacy — the kind you can verify rather than merely trust.
What it does not mean: we are not a "bulletproof" host, and we make no promise to ignore every takedown. HushVPS is an offshore-legal, data-minimising provider — not a lawless one. We operate lawfully in our hosting jurisdiction and we respond to valid legal orders from a competent court in that jurisdiction. When such an order arrives, our answer is bounded by exactly one thing: the little data we actually hold. We cannot hand over what we never collected, but we will not pretend the rule of law does not exist.
We act on credible, well-founded abuse reports for the prohibited categories above. Where a violation is confirmed, we may suspend or terminate the service without refund, and CSAM is reported onward without exception. Because we deliberately minimise the data we hold, suspension of the offending service is frequently our most effective remedy — there is rarely a rich account history to mine, so we stop the harm at its source.
We do not fish for reasons to police lawful, private activity. Running a Tor relay, a VPN endpoint, an anonymous blog, or a personal cloud is exactly what this platform is for. Enforcement is reserved for the genuine abuse this policy names.
To report abuse, reach us through the contact page. PGP-encrypted reports are welcome — the contact page has our key and preferred channel. Please include timestamps, the affected IP or hostname, and enough evidence for us to verify the claim.
This policy is one of three documents that govern your account. The terms of service set out the wider agreement between us, and the privacy policy explains the narrow set of data we do and do not keep. Read together, they describe a simple bargain: strong privacy for people acting in good faith, and firm limits against the few uses that hurt others.
Voice line, and the whole point in eight words: you don't exist, we don't ask — but abuse is where anonymity ends.
If you're unsure whether your project fits within this policy, ask before you deploy.