Acceptable Use Policy (AUP)

Heaven Technology LLC
Effective Date: January 7, 2026

  1. Introduction

This Acceptable Use Policy (AUP) defines the standards of acceptable behavior and usage for all users accessing or interacting with the digital platforms, technology infrastructure, or services provided by Heaven Technology LLC (“Heaven Technology,” “we,” “our,” or “us”).

By accessing or using our website, systems, or services, you agree to comply with this AUP, our Terms of Service, and applicable laws governing network security, data protection, and online conduct.

  1. Purpose

This policy ensures that all systems and technologies managed or hosted by Heaven Technology LLC are used ethically, lawfully, and responsibly. Our goal is to maintain a secure, reliable, and high-performance environment for every customer and partner.

  1. Prohibited Activities

Users must not engage in any behavior that compromises security, integrity, performance, or legal compliance of Heaven Technology’s systems, including but not limited to:

  1. Network and System Abuse
  • Attempting unauthorized access (“hacking”) to Heaven Technology’s servers, databases, or internal systems.
  • Interfering with or disrupting the performance of servers, APIs, or services.
  • Deploying denial-of-service (DoS/DDoS) attacks, flood attacks, or port scans.
  • Circumventing authentication or encryption mechanisms.
  1. Data and Privacy Violations
  • Harvesting or collecting personal data without authorization.
  • Sharing confidential or proprietary data without prior written consent.
  • Introducing data scraping or monitoring tools that violate privacy protections.
  • Using compromised credentials to gain access to other users’ data.
  1. Malware and Exploits
  • Uploading, transmitting, or distributing malicious code, trojans, backdoors, or ransomware.
  • Infecting others’ systems via unsafe content or phishing tactics.
  • Exploiting vulnerabilities or reverse-engineering security functions of our software.
  1. Unlawful or Harmful Content
  • Posting or transmitting hate speech, discriminatory, violent, or sexually explicit material.
  • Engaging in intellectual property infringement or software piracy.
  • Violating U.S. export control restrictions or sanctions regulations.
  1. Resource Misuse
  • Hosting or promoting high-risk content such as SPAM, scams, or unauthorized marketing automation.
  • Excessive script execution, bandwidth abuse, or CPU resource consumption.
  • Using Heaven Technology systems for cryptocurrency mining, botnets, or data farming.
  1. Compliance Responsibility

Users are solely responsible for:

  • Ensuring their content and usage comply with all applicable privacy, IP, and content laws.
  • Monitoring and securing their own credentials and connected systems.
  • Promptly reporting security incidents, suspicious activities, or breaches via official contact channels.

Heaven Technology LLC reserves the right to audit accounts, logs, or configurations to confirm compliance with this AUP.

  1. Enforcement

Violations of this AUP may result in immediate action including:

  • Temporary or permanent account suspension.
  • Termination of services or contracts without refund.
  • Reporting of illegal conduct to legal authorities or cybersecurity regulators.
  • Civil or criminal prosecution where applicable.

We reserve the right to log and monitor network activity for security auditing and incident response.

  1. Reporting Misuse

If you believe your data or systems are being misused, contact our compliance department immediately at:

Email: compliance@myonetech.com
Subject Line: “AUP Violation Report – Urgent”

Provide sufficient details (usernames, timestamps, IP logs, or evidence) for effective investigation.

Cybersecurity & Data Handling Addendum

Heaven Technology LLC
(Aligned with NIST CSF, ISO/IEC 27001, and FTC Safeguards Rule)

  1. Purpose

This Cybersecurity & Data Handling Addendum outlines Heaven Technology LLC’s security framework and user obligations to ensure the protection of information assets, customer data, and digital ecosystems under our administration.
It forms an integral extension of our Privacy Policy and Terms of Service.

 

  1. Security Governance

We follow industry-standard cybersecurity and information governance principles including:

  • NIST Cybersecurity Framework (CSF) — Identify, Protect, Detect, Respond, Recover.
  • ISO/IEC 27001:2022 — Information Security Management System (ISMS) framework.
  • CIS Critical Security Controls — Implementation of layered defense and risk management.
  • FTC and CCPA/CPRA compliance — Consumer privacy and safeguard obligations.

All Heaven Technology staff, contractors, and affiliates receive annual cybersecurity and compliance training.

  1. Data Classification and Handling

We apply strict controls to ensure information integrity and confidentiality:

Data Type

Examples

Classification

Protection Controls

User-identifiable data

Names, contact details, login credentials

Confidential

Encrypted in transit (TLS 1.3) and at rest (AES-256)

Transactional data

Payment history, order details

Sensitive

Encrypted, tokenized, and restricted to financial processors

Technical data

IP addresses, device fingerprints

Internal

Pseudonymized and retained for limited durations

Public-facing content

Blog material, user comments

Public

Moderated and sanitized for security

Deletion or anonymization occurs once data retention obligations are met.

 

  1. System Security Controls

Our IT and hosting environment employ:

  • AES-256 and TLS 1.3 encryption for data security.
  • Multi-factor authentication (MFA) for administrative accounts.
  • Role-based access control (RBAC) for user permissions.
  • Intrusion detection and prevention systems (IDS/IPS).
  • Routine vulnerability assessments and patch management.
  • Daily offsite encrypted backups and disaster recovery measures.

All data centers and cloud providers adhere to SOC 2 and ISO 27001 compliance certifications.

  1. Incident Management and Breach Response

In the event of a potential data breach:

  1. Immediate containment measures are activated (account suspension, isolation of affected systems).
  2. An internal security response team conducts forensic investigation and documentation.
  3. Notification is issued to impacted users and regulators (as required under law).
  4. Systems are remediated, monitored, and tested before restoration.

Users must also notify Heaven Technology LLC immediately of any suspected breach of their credentials or systems integrating our tools.

  1. Third-Party Data Processors

We carefully select and monitor third-party service providers to ensure compliance with security and privacy requirements. Providers such as Square, Amazon Pay, Google for WooCommerce, and MailPoet implement encryption, isolation, and SOC 1/2/3 compliant controls.

All vendors are vetted through due diligence assessments and contractual data protection obligations.

  1. Data Retention and Disposal

Personal data is retained only as long as necessary to fulfill contractual, regulatory, or operational requirements. When no longer needed:

  • Digital data is securely deleted using DoD 5220.22-M or NIST SP 800-88 standards.
  • Physical media are destroyed via certified shredding or degaussing.

Users may request deletion under applicable privacy laws, subject to verification.

  1. Business Continuity and Disaster Recovery

In case of service disruption (e.g., cyberattack, natural disaster, or system failure):

  • Business continuity procedures ensure restoration of core services within defined RTO/RPO targets.
  • Redundant infrastructure and geo-distributed backups minimize downtime.
  • Periodic testing validates recovery mechanisms and incident logging accuracy.
  1. Regulatory Compliance

Heaven Technology LLC maintains readiness to align with:

  • U.S. Federal Trade Commission (FTC) cybersecurity guidelines.
  • California Consumer Privacy Act (CCPA/CPRA).
  • General Data Protection Regulation (GDPR) data subject rights (for international visitors).
  • Payment Card Industry Data Security Standard (PCI DSS) for transaction integrity.
  • Future data protection frameworks as they evolve globally.
  1. Liability and Acknowledgment

While Heaven Technology LLC implements industry-leading protections, users acknowledge that no digital platform can guarantee absolute immunity from intrusion or data leakage. By continuing to use our systems, users agree to:

  • Maintain secure configurations on user devices.
  • Refrain from transmitting unencrypted or unlawful data.
  • Report suspicious anomalies promptly.

Heaven Technology LLC disclaims liability for losses resulting from user negligence, third-party breaches, or events beyond reasonable control.

  1. Contact and Security Coordination

Security and compliance inquiries, vulnerability disclosures, or data handling concerns should be directed to:

Heaven Technology LLC – Security & Compliance Division
Email: security@myonetech.com
Subject: “Cybersecurity Inquiry / Incident Report”
Response time: Within 48 business hours of receipt.