PUBLISHED DOCUMENT

Acceptable Use Policy

AUP v1.0 · 2026-06-10 · Permia SAS

§ 1 · Parties and purpose

This Acceptable Use Policy ("AUP") governs use of the hosted development environments supplied by Permia SAS ("Permia") to its customers. It forms part of the service agreement and of the Data Processing Agreement. It states what the service is, what it is not, and what use of it Permia accepts.

§ 2 · Scope of service

Permia supplies the hosted environment and the infrastructure it runs on: the server, the persistent terminal session, the storage and the network path to them, operated in a datacenter in France. Permia supplies no access to any AI model, resells no model API, and holds no credential to any model account. Any model a customer’s agent calls is reached with the customer’s own keys, under the customer’s own contract with the model provider of their choice.

§ 3 · Customer credentials and model accounts

Customers authenticate their agents with their own credentials. Those credentials authenticate the customer's account with the customer's model vendor, not Permia's. Permia does not use them and commits, through this policy and the access controls described in § 5, not to access them. They are not stored outside the customer's environment, and nothing in the service agreement can suspend the customer's model access, because Permia never held it.

§ 4 · Operational access

As the host, Permia holds operational access for provisioning, backup and incident response. That access is logged, and the log is retained for twelve months. Permia does not read customer code in the course of operations.

§ 5 · Security measures

Permia implements the following technical and organisational measures. Isolation per environment: one customer, one dedicated instance, with its own filesystem; no shared tenancy on the dev line beyond the dedicated instance, and single-tenant hardware on the regulated line. Secrets files in the environment carry restrictive permissions (0600). Traffic is encrypted in transit (TLS). Administrative access follows least privilege: key-based access only, no root SSH by default, and the operational-access logging of § 4. Resource quotas and egress controls address technical abuse without inspecting the content of customer code, prompts or credentials. At-rest protection depends on the offer. On the plans sold today (Solo, Pro, Team and the Regulated line), each environment is a dedicated instance, and protection at rest relies on that isolation, the restrictive permissions and the operational access controls above: Permia commits by these organisational measures, rather than by a claim of technical impossibility, not to access customer data at rest. Where a plan's environment is provisioned as an isolated micro-VM with an encrypted volume, a configuration stated in the plan's documentation when it applies, the volume is encrypted at rest with a key not held by the operator.

§ 6 · Acceptable use

Customers may not use the service to attack third-party systems, to distribute malware, to infringe the rights of others, or to violate French or EU law. In addition, the following uses of the service are prohibited: crypto-asset mining, proof-of-work computation or any intensive workload unrelated to development; deliberate saturation of CPU, RAM, I/O or network, or circumvention of resource quotas; hosting unsolicited third-party services (botnets, command-and-control, scanners, spam relays, open proxies); circumventing a model vendor's rate limits, quotas, anti-abuse or authentication measures; operating proxies, relays or gateways that redistribute model access, or pooling, sharing or reselling credentials between several people; using rotating VPNs or proxies or any technique that masks origin to evade a model vendor's or Permia's controls; spoofing identifiers, telemetry or agent-binary signatures, or modifying or wrapping official agent binaries; mass non-interactive automation on a consumer model subscription contrary to its terms (for automated workloads, the vendor's API key under its commercial terms is the appropriate route, under the customer's responsibility); and creating or operating multiple accounts to circumvent limits. Permia may suspend an environment that is the source of abuse, after notice where notice is practicable, and says so in writing with the log entries that justified it.

§ 7 · Abuse reports (notice and action)

Anyone can report illegal content or abusive use of a hosted environment to abuse@permia.eu. A report should identify the content or behaviour, give sufficiently substantiated reasons why it is considered illegal or abusive, state its precise location (URL, IP or environment identifier, with a timestamp where possible), include the reporter's name and email address (except for reports concerning offences against minors, which may be made anonymously), and contain a statement that the report is made in good faith (Art. 16 DSA). Permia confirms receipt, reviews every report diligently and objectively, acts on it as § 6 describes where action is warranted, and informs both the reporter and the affected customer of the decision and its reasons.

§ 8 · Appeals

A customer whose environment was suspended, or a reporter whose report was declined, can contest the decision in writing at appeals@permia.eu within six months. Appeals are reviewed by a human, not by the person who took the original decision where staffing allows, and answered in writing with reasons.

§ 9 · Changes

Permia publishes every version of this AUP at this address, with its version number and date. Material changes are notified to customers thirty days before they take effect.