Acceptable Use Policy

5.1 Telephone Consumer Protection Act and Telemarketing Compliance

You are solely responsible for compliance with the Telephone Consumer Protection Act (TCPA, 47 U.S.C. § 227), the FCC’s implementing rules, the FTC Telemarketing Sales Rule (TSR), and all federal and state Do-Not-Call (DNC) requirements. You must:

• Obtain and maintain documented prior express written consent before placing any call or sending any message that requires such consent under applicable law.
• Scrub all outbound calling lists against the National DNC Registry and applicable state DNC lists, your internal DNC list, and the Reassigned Numbers Database.
• Comply with calling-time restrictions, identification requirements, opt-out mechanisms, and call abandonment limits.
• Maintain records sufficient to demonstrate compliance, and provide them to HCVOIP within five (5) business days upon request.

5.2 STIR/SHAKEN and Caller ID Authentication

HCVOIP participates in the STIR/SHAKEN caller ID authentication framework as required by the TRACED Act and FCC rules. You must:

• Provide accurate origination information for all calls you place through the Services.
• Not attempt to manipulate, falsify, or misrepresent the attestation level (A, B, or C) of any call.
• Cooperate with HCVOIP and law enforcement in tracebacks, including timely responses to Industry Traceback Group (ITG) requests, typically within 24 hours.
• Maintain accurate Robocall Mitigation Database (RMD) filings if you are an originating provider obligated to file.

5.3 Caller Identification

You may not transmit misleading or inaccurate caller ID information with the intent to defraud, cause harm, or wrongfully obtain anything of value, in violation of the Truth in Caller ID Act (47 U.S.C. § 227(e)) and FCC rules. Use of caller ID numbers that you do not own, control, or have express written permission to use is prohibited, except as expressly permitted by FCC rules (e.g., legitimate call-back numbers).

5.4 Robocalls, Autodialers, and Artificial or Prerecorded Voice

• You may not place calls using an automatic telephone dialing system (ATDS), artificial voice, or prerecorded voice to any number without the consent required by the TCPA and FCC rules.
• Calls using AI-generated or cloned voices to deliver prerecorded messages are treated as “artificial or prerecorded” calls under the FCC’s February 2024 declaratory ruling and require the same prior express written consent as other prerecorded calls.
• You may not use the Services to facilitate illegal robocall campaigns, including neighbor spoofing, snowshoeing, or any pattern of behavior designed to evade analytics or law enforcement.

5.5 Toll Fraud, International Revenue Share Fraud, and Traffic Pumping

You are responsible for the security of the credentials, configurations, devices, and systems used to access the Services, including SIP trunking credentials, hosted voice user accounts and PINs, SIP endpoints (IP phones, ATAs, softphones), session border controllers, and any customer-premises or cloud-based equipment that originates, terminates, or transits traffic through the Services. You may not:

• Generate, originate, or knowingly transit International Revenue Share Fraud (IRSF) traffic to high-cost destinations or premium-rate number ranges.
• Participate in access stimulation or traffic pumping schemes intended to inflate intercarrier compensation.
• Generate artificial, simulated, or pumped traffic of any kind, including auto-dialer loops, infinite re-dials, or short-duration call generation designed to test or exploit billing systems.

HCVOIP may suspend service without prior notice if it detects traffic patterns consistent with fraud. You remain liable for all charges incurred prior to suspension, including charges resulting from compromised credentials, endpoints, or systems, unless and to the extent the MSA expressly provides otherwise.

5.6 SMS and A2P Messaging

If you use the Services to send Application-to-Person (A2P) SMS or MMS, you must comply with The Campaign Registry (TCR) 10DLC registration requirements, CTIA Messaging Principles and Best Practices, carrier-specific rules, and applicable law (including the TCPA). Sending unregistered A2P traffic, SHAFT-content (Sex, Hate, Alcohol, Firearms, Tobacco) outside permitted channels, or messages that violate consent requirements is prohibited.

5.7 Call Recording

If you record calls using the Services or any feature provided by HCVOIP, you are responsible for compliance with federal and state recording laws, including obtaining the consent required by two-party (all-party) consent jurisdictions. HCVOIP makes no representation that any recording feature is configured to comply with the laws of any particular jurisdiction.

5.8 E911 and Emergency Services

Voice Services may include access to 911 and Enhanced 911 (E911) emergency services, subject to the limitations described in the MSA, applicable service order, and any required E911 disclosures. You acknowledge:

• VoIP-based 911 service may not function during power outages, internet outages, equipment failures, or if registered location information is inaccurate or out of date.
• You are responsible for registering and maintaining an accurate physical service address for each endpoint, and for notifying end users of E911 limitations.
• You may not use the Services in a manner that disables, bypasses, or misroutes 911 calls, including improperly routing test calls to live PSAPs.

5.9 Fair Use on Flat-Rate and “Unlimited” Plans

Plans marketed as “unlimited” or with bundled minutes are intended for normal business or residential calling patterns. Sustained use that is consistent with auto-dialing, call-center origination, continuous outbound campaigns, conferencing bridges, broadcast, or other commercial telemarketing applications is prohibited on these plans and may be reclassified to a metered or commercial plan, rate-limited, or suspended.

6.1 Customer Responsibility for Hosted Services

You are responsible for the configuration, security, content, and operation of all systems, services, and applications you host on or reachable through any IP address or transport circuit made available to you through the Services. You are responsible for the conduct of any third party to whom you provide access to those resources.

6.2 IP Address Assignment, rDNS, and Abuse Contacts

• IP addresses made available through the Services are allocated by HCVOIP’s upstream providers or partner carriers (collectively, “Allocating Carriers”). Addresses are assigned to you only while you remain an active Customer in good standing and may be reclaimed by HCVOIP or at the direction of an Allocating Carrier upon termination, reassignment, or for operational reasons.
• You may not announce, advertise, or route IP space provided through the Services outside of HCVOIP’s network or the Allocating Carrier’s network without prior written authorization from HCVOIP.
• If you operate publicly reachable services on assigned IPs, you must maintain a working role-based abuse contact (e.g., abuse@yourdomain.example) and respond to abuse complaints in good faith and without undue delay.
• Reverse DNS (PTR) records are managed by HCVOIP or coordinated with the Allocating Carrier by default; delegation may be available on request and is subject to Allocating Carrier approval. PTR records must accurately reflect the host’s identity.

6.3 Network Reputation and Blocklists

You are responsible for the reputation of services you operate on assigned IPs. If any IP address provided to you through the Services is listed on a recognized industry blocklist (e.g., Spamhaus SBL/XBL/PBL, SORBS, Barracuda, Proofpoint) as a result of your activity or activity by users you authorize, HCVOIP may require you to remediate, may reassign the affected IPs, or both. Persistent or unresolved listings that affect HCVOIP’s or an Allocating Carrier’s broader network reputation may result in suspension.

6.4 DDoS Amplification and Reflection

You may not knowingly operate, and must take commercially reasonable steps to prevent inadvertent operation of, services that can be exploited for distributed denial-of-service amplification, including but not limited to:

• Open DNS resolvers.
• Misconfigured NTP servers responding to monlist queries.
• Open SNMP, SSDP, memcached, CLDAP, Chargen, or similar services exposed to the public internet.

HCVOIP may scan IP space assigned to you (or coordinate with an Allocating Carrier to do so) for these conditions and may rate-limit, filter, or null-route traffic to remediate active or imminent attack conditions.

6.5 Routing Announcements

If HCVOIP (or an Allocating Carrier through HCVOIP) accepts BGP announcements from you, you must announce only IP prefixes you are authorized to originate, maintain accurate Internet Routing Registry (IRR) objects and, where applicable, valid Route Origin Authorizations (ROAs). Route hijacking, leaks, or unauthorized announcements are prohibited.

7.1 Unsolicited Bulk Email

You may not send, cause to be sent, or relay unsolicited bulk email (UBE), whether commercial or non-commercial. A message is unsolicited if any of the following apply:

• The recipient’s address was not obtained through a personal or business relationship with the sender.
• The recipient did not affirmatively consent to receive communications from the sender.
• The recipient previously opted out of receiving communications from the sender.

7.2 CAN-SPAM and List Hygiene

All commercial email must comply with the CAN-SPAM Act (15 U.S.C. §§ 7701 et seq.), and, where applicable, Canada’s Anti-Spam Law (CASL), the EU GDPR and ePrivacy Directive, and other applicable law. You must:

• Use accurate “From,” “To,” “Reply-To,” and routing information.
• Use a subject line that accurately reflects the content of the message.
• Identify the message as an advertisement where required.
• Include a valid physical postal address.
• Provide a functional, conspicuous opt-out mechanism and honor opt-out requests promptly and permanently.
• Maintain documented consent records and remove invalid, complaining, or hard-bouncing addresses on an ongoing basis.

7.3 Mail Server Configuration

• You may not operate an open mail relay or open proxy.
• You must publish valid SPF records, sign outbound mail with DKIM, and publish a DMARC policy consistent with your sending practices.
• You may not forge or obscure email headers, transmit email with invalid or non-existent domain names, or use techniques designed to disguise the origin of a message.

7.4 Vulnerability Testing of Mail and Network Services

HCVOIP reserves the right, without prior notice, to perform vulnerability tests on systems residing on IP space provided through the Services (including mail servers, proxies, and DNS resolvers) to identify open relays, amplification vectors, and similar conditions. HCVOIP will use commercially reasonable efforts to avoid impact to legitimate service. You may be required to remediate identified vulnerabilities or suspend operation of any compromised system.

11.1 Notice and Opportunity to Cure

Except as set forth in Section 11.2, if HCVOIP believes you have violated this AUP, HCVOIP will provide written notice (which may be by email to your account contact) describing the violation and a reasonable period (typically not less than five (5) business days, and not less than 24 hours for active abuse) to cure. If the violation is not cured within the stated period, HCVOIP may suspend or terminate affected Services.

11.2 Immediate Action

HCVOIP may suspend, filter, rate-limit, null-route, or terminate Services without prior notice when, in HCVOIP’s reasonable judgment:

• Continued operation poses an imminent risk of harm to HCVOIP’s network, other customers, or third parties.
• HCVOIP is compelled by court order, subpoena, regulatory directive, or other legal process.
• There is credible evidence of fraud, including toll fraud, IRSF, traffic pumping, illegal robocalls, or compromised credentials or equipment.
• Continued operation would expose HCVOIP to material liability.

HCVOIP will notify you of any such action as soon as reasonably practicable.

11.3 Cooperation and Cost Recovery

You agree to cooperate with HCVOIP’s investigation of any suspected violation. You are responsible for HCVOIP’s reasonable costs of investigating and remediating violations caused by you or by users you authorize, including engineering time, legal costs, and any pass-through charges from upstream providers.

11.4 No Waiver

HCVOIP’s failure to enforce any provision of this AUP in any particular instance does not waive HCVOIP’s right to enforce that provision or any other provision in the future.