Terms & Conditions

Last updated on May 7 2026

For the purpose of these Terms and Conditions, The term "we", "us", "our" used anywhere on this page shall mean AARLABS PRIVATE LIMITED (CIN: U62090PN2026PTC255314, operating under the brand name "AAR Labs"), whose registered office is SR.NO.43 Privet Drive, E-Commercial, Baner Gaon, Haveli, Pune — 411045, Maharashtra, India. "you", "your", "user", "visitor" shall mean any natural or legal person who is visiting our website and/or agreed to purchase from us.

Your use of the website and/or purchase from us are governed by following Terms and Conditions:

The content of the pages of this website is subject to change without notice.
Neither we nor any third parties provide any warranty or guarantee as to the accuracy, timeliness, performance, completeness or suitability of the information and materials found or offered on this website for any particular purpose. You acknowledge that such information and materials may contain inaccuracies or errors and we expressly exclude liability for any such inaccuracies or errors to the fullest extent permitted by law.
Your use of any information or materials on our website and/or product pages is entirely at your own risk, for which we shall not be liable. It shall be your own responsibility to ensure that any products, services or information available through our website and/or product pages meet your specific requirements.
Our website contains material which is owned by or licensed to us. This material includes, but are not limited to, the design, layout, look, appearance and graphics. Reproduction is prohibited other than in accordance with the copyright notice, which forms part of these terms and conditions.
All trademarks reproduced in our website which are not the property of, or licensed to, the operator are acknowledged on the website.
Unauthorized use of information provided by us shall give rise to a claim for damages and/or be a criminal offense.
From time to time our website may also include links to other websites. These links are provided for your convenience to provide further information.
You may not create a link to our website from another website or document without AARLABS PRIVATE LIMITED's prior written consent.
Any dispute arising out of use of our website and/or purchase with us and/or any engagement with us is subject to the laws of India.
We, shall be under no liability whatsoever in respect of any loss or damage arising directly or indirectly out of the decline of authorization for any Transaction, on Account of the Cardholder having exceeded the preset limit mutually agreed by us with our acquiring bank from time to time.

Acceptable Use Policy

SnapDeploy provides container hosting infrastructure for legitimate software deployment. By using our platform, you agree to the rules governing acceptable use of our services. Do not deploy any of the categories listed below. Read this section carefully before deploying — ignorance of this policy is not a defense.

Zero-tolerance summary — if any of the following describes what you intend to deploy, do not sign up:

Tunneling, reverse-shell, web-shell, VPN, or proxy infrastructure of any kind
SSH server, VNC server, RDP server, web-VNC/RDP gateway, or browser-based IDE used as a remote-access pivot
Web proxies that bypass network filters (school, workplace, country) — including the Mercury Workshop / Scramjet / Rammerhead / Interstellar / unblocked-games family
Telegram bot frameworks, video piracy tools, torrent clients, view-manipulation bots, game-server AFK bots
Cryptocurrency miners (CPU or GPU), credential-stuffing or brute-force tools, mass-spam or DDoS infrastructure
Any deployment that attempts to obfuscate, rename, encode, or otherwise hide a binary or payload to evade our scanners

Detection results in immediate account suspension and total forfeiture of any refund or unused-credit balance. SnapDeploy's free tier is not a free hop for traffic that other infrastructure providers have already declined to host.

Prohibited Activities

The following activities are strictly prohibited on SnapDeploy. This list is non-exhaustive — any activity that abuses shared infrastructure, violates applicable laws, or harms other users is grounds for enforcement action. Patterns we have not yet seen will be added as we encounter them; novel evasion attempts are themselves a violation (see section 9).

1. Tunneling, Remote Shell & Proxy Tools

Running any tool that creates reverse tunnels, remote shells, TCP/UDP proxies, or exposes internal container services to the public internet:

SSH tunneling & shells: sshx, sshx.io, tmate, ttyd, gotty, webssh, shellinabox, shellinaboxd, dropbear, dropbear-server
Tunnel clients: ngrok, pyngrok, cloudflared, Cloudflare Tunnels (trycloudflare), frpc, frps, rathole, chisel, bore, localtunnel, serveo, telebit, zrok, tunnelmole, localhost.run
VPN/proxy panels: 3x-ui, x-ui, V2Ray, Xray, Xray-core, v2ray-core, Trojan, Trojan-Go, Shadowsocks, ShadowsocksR, Clash, Clash Meta, Hysteria, Hysteria2, Sing-Box, NaiveProxy, Brook, WireGuard (wg-easy, wg-access-server), OpenVPN Access Server, Outline Server, REALITY, VLESS, VMess, gost
SSH server & remote-desktop pivots: Installing openssh-server with public root login (PermitRootLogin yes) or hardcoded passwords (chpasswd); VNC servers (x11vnc, tigervnc, tightvnc, vnc4server, TurboVNC); RDP/desktop relays (xrdp, FreeRDP, Xpra, NoMachine); web-VNC/RDP gateways (Apache Guacamole / guacd, noVNC, KasmVNC); IDE-in-browser as access pivot (code-server, Theia, Gitpod self-host); SegFault.org UI (sfui); web-OS pivots (puter, webvm, kasm); arbitrary-shell-as-a-service patterns. Containers exist to run your application, not to provide the operator with an interactive shell or desktop session.
Remote control & C2 agents: Komari, Nezha Agent, or any software that establishes persistent outbound connections to external command-and-control servers for remote command execution

2. Telegram Bot Frameworks & MTProto Clients

Deploying Telegram bots, userbot clients, or MTProto libraries is prohibited. These have been overwhelmingly used for spam, phishing, credential harvesting, and coordinated abuse campaigns on our platform:

Python: pyrogram, pyromod, pyrofork, pyrotgfork, telethon, aiogram, python-telegram-bot, telebot (pyTelegramBotAPI), TgCrypto, tgcrypto
Node.js: telegraf, grammy, grammY, node-telegram-bot-api, telegram-bot-api
Other: Any MTProto implementation, Telegram API client library, or userbot framework in any language

3. Video Piracy & Copyright Infringement Tools

Deploying applications that download, rip, transcode, or redistribute copyrighted video/audio content without authorization:

Video downloaders: yt-dlp, youtube-dl, youtube_dl, pytube, you-get, lux-dl, lux, annie, BBDown, bilix, yutto, streamlink, N_m3u8DL-RE, m3u8, hlsdl
Media servers for pirated content: Any deployment that serves, indexes, or redistributes copyrighted material without rights-holder authorization

4. File Sharing, Torrents & Cloud Storage Relays

Running BitTorrent clients, seedboxes, P2P file-sharing software, or cloud-storage relay frontends that re-expose third-party storage as a public file server:

Torrent clients: qBittorrent, qbittorrent-api, aioqbt, Transmission, Deluge, rTorrent, ruTorrent, aria2 (with BitTorrent), Flood, Jackett, Prowlarr, Sonarr, Radarr, Lidarr
Seedbox software: Any application designed to facilitate bulk torrent downloading or seeding
Cloud storage relays / file-aggregation proxies: Alist (xhofe/alist, alistgo/alist), or any application that fronts third-party cloud storage (Google Drive, OneDrive, Dropbox, S3, Aliyundrive, Baidu Pan, 115 Network Disk, etc.) as a public web/WebDAV interface for unauthorized redistribution or storage-quota arbitrage

5. Bot Farming, View Manipulation & Automation Abuse

Deploying bots or automation scripts that generate fake engagement, manipulate metrics, or conduct credential attacks:

View/engagement bots: feelingsurf, viewbot, autoview, TwitchViewBot, or any tool designed to inflate views, likes, followers, or engagement metrics on any platform
Credential attacks: Credential stuffing, brute-force login attempts, account takeover tools, or password spraying utilities
Social media automation: Mass-follow, mass-like, mass-comment, or mass-DM bots targeting any social platform

6. Anti-Detection & Anti-Bot Evasion Tools

Deploying tools specifically designed to evade bot detection, CAPTCHAs, or anti-scraping protections when used for unauthorized access or abuse:

Anti-detection browsers: undetected-chromedriver, puppeteer-extra-plugin-stealth, playwright-stealth, FlareSolverr, cloudscraper (when used with malicious intent)
CAPTCHA solving: 2captcha, anticaptcha, capsolver, or any automated CAPTCHA-bypass service integration
Note: Playwright, Puppeteer, and Selenium used for legitimate testing, web scraping, or CI/CD are monitored but not automatically blocked. However, combining these with anti-detection tools or using them for unauthorized access will result in enforcement action.

7. Cryptocurrency Mining

Using containers to mine cryptocurrency of any kind, including but not limited to XMRig, PhoenixMiner, T-Rex, NBMiner, lolMiner, GMiner, or any CPU/GPU mining software.

8. Network Abuse & Malicious Traffic

Launching DDoS attacks, sending spam, performing unauthorized port scanning, running open proxies/relays, or any activity that disrupts other users or external services.

9. Circumventing Security Controls

Attempting to bypass build-time or runtime security scans, obfuscating prohibited binaries (e.g., base64-encoding blocked tools), renaming executables to evade pattern matching, using multi-stage builds to hide dependencies, or encoding malicious payloads to evade detection. Attempts to circumvent detection are treated as the most severe violation category.

10. Unauthorized AWS Access

Using platform-provided IAM roles, credentials, or metadata endpoints to access AWS services beyond the scope of your deployment. This includes querying the instance metadata service (IMDS), accessing other users' resources, or attempting privilege escalation.

11. Web Proxies & Browser-Based Circumvention

Deploying browser-side or server-side web proxies designed to bypass network filters (school, workplace, ISP, country-level). These shift bandwidth and reputational liability to our infrastructure while enabling third-party policy violations:

Mercury Workshop ecosystem: any package under the @mercuryworkshop/* namespace (Scramjet, Bare-Mux, Wisp-JS, libcurl-transport, etc.), scramjet, bare-server-node, bare-server
Rammerhead family: rammerhead, testcafe-hammerhead, Rammerhead1, browserproxy
Unblocked-games / school-bypass frontends: Interstellar, 55GMS, UBGdir, tools-unblocked, PGIS (Play Games In School), or any deployment whose purpose is to provide unfiltered web access to circumvent a network operator's policies
Generic open proxies / relays: Squid configured as an open proxy, mitmproxy / mitmweb run as a service, generic HTTP/HTTPS proxy servers exposed to the public internet without authentication

12. Game Server Automation & AFK / Idle-Bypass Bots

Deploying bots that connect to third-party game servers (Minecraft, Aternos, etc.) to maintain artificial activity, bypass idle-shutdown mechanisms, or automate gameplay. These violate the target game-host's terms of service and use our compute as a 24/7 game-bot farm:

Minecraft bots: mineflayer, prismarine-* (any package), node-minecraft-protocol, bedrock-protocol, mineflayer-pathfinder
Aternos / free-host bypass bots: any deployment forked from Aternos24-7-HostingBot, AternosKeepAlive, or similar templates whose stated purpose is to keep an idle game server awake on a free game-hosting provider
Decoy server pattern: wrapping a non-web workload (game bot, scraper, mining client, etc.) in a minimal Express/Flask listener purely to satisfy our port-detection while the real workload runs out of band. The decoy itself is also a violation when the underlying workload is prohibited.

Resource Limits

Free Deploy and Hobby tier containers are hard-capped at 256 vCPU units / 512 MB RAM at the platform level. Higher resource ceilings (Starter, Pro, Business, Enterprise) are tied to the corresponding paid plan. Attempts to request CPU or memory beyond your tier's ceiling via the API are rejected before the container is created. Multi-account abuse to circumvent these limits (creating multiple free-tier accounts to deploy related workloads) is itself a policy violation.

Network Egress Restrictions

User containers run inside a restrictive network security group that blocks outbound traffic to high-risk port ranges commonly associated with abuse: cryptocurrency mining stratum ports (3333), Tor SocksPort range (9000–9099), and unprivileged port ranges (27018–65535) often used by tunneling daemons and proxy panels. Standard HTTP/HTTPS, database, and well-known service ports remain available. If your legitimate application requires an outbound port outside these allowed ranges, contact [email protected] with the specific port and use case.

Dependency & Package Scanning

SnapDeploy automatically scans dependency manifests (requirements.txt, setup.py, pyproject.toml, package.json, Pipfile) for prohibited packages during the build process. If a prohibited dependency is detected, the build is rejected before any container image is created. This includes all packages listed in the categories above.

Automated Enforcement

SnapDeploy employs multi-layer automated security measures to enforce this policy:

L0 — Network egress restriction: User containers run in a restrictive security group that blocks outbound traffic to high-risk port ranges (mining stratum, Tor SOCKS, unprivileged ranges commonly used by tunneling daemons).
L1 — Dockerfile & script scanning: Dockerfiles, shell scripts, and entrypoint commands are scanned for prohibited tool names, package install patterns, configuration markers (e.g., PermitRootLogin, hardcoded chpasswd), download URLs, and installation commands before the build begins.
L1c — Dependency manifest scanning: Package manifests (requirements.txt, package.json, etc.) are scanned for prohibited libraries. Builds containing blocked dependencies are automatically rejected.
L2 — Binary hash verification & layer-diff signature scan: After the container image is built, a layer-diff scan identifies files added by your build (excluding inherited base-image bytes) and runs SHA-256 hash matching against a list of known-prohibited binaries. A complementary signature scan flags suspicious binaries for administrative review without blocking the build.
L3 — Runtime log monitoring: Container logs are continuously monitored via CloudWatch for signatures of prohibited tools, tunnel session IDs, and abuse patterns. Violations detected at runtime result in immediate account suspension.
L4 — Resource quota enforcement: CPU and memory requests are validated against your subscription tier before the container is created. Requests beyond your tier's ceiling are rejected at the API layer.

Consequences of Violations

SnapDeploy's enforcement is automated, fast, and not negotiable on the first response. Specifically:

Build-time violation: The build is rejected and the deployment fails immediately. The container image is never created. Repeated build-time violations escalate to account suspension.
Runtime violation: Your account is suspended immediately and without warning. All running containers are forcibly stopped, all linked repository auto-deploy hooks are disabled, all active sessions are invalidated, and your GitHub OAuth integration is revoked. There is no graceful shutdown or data-export window prior to suspension.
Security circumvention: Any attempt to bypass detection (binary obfuscation, base64-encoding, executable renaming, multi-stage hide layers, build-arg substitution to evade scanners, multi-account abuse to bypass per-account limits) is treated as the most severe violation tier — immediate suspension and permanent ban on first detection, regardless of prior history.
No refunds — total forfeiture: A suspension or termination for AUP violation forfeits all refund rights entirely. This includes the 3-day money-back guarantee, any unused portion of a paid subscription period, any unused GPU credit balance, any unused add-on purchases, and any pro-rata refund that would otherwise apply on cancellation. Payments connected to policy-violating deployments may additionally be disputed with the payment processor as abusive use. See the Refund & Cancellation Policy.
Forensic preservation: Source code, container images, deployment metadata, and access logs from suspended accounts are retained for forensic and legal purposes. We share this material with law enforcement and downstream infrastructure providers (AWS, GitHub, payment processors) when warranted by the violation type.
Permanent ban & cross-account enforcement: Banned account holders may not create new accounts. Detected attempts to circumvent a ban (new email, new payment method, new GitHub account, IP rotation) are treated as a fresh policy violation and grounds for additional enforcement action against any new account, payment method, or GitHub identity used.
Data retention: Source code, container images, and deployment configuration are retained for 30 days after suspension. Reinstatement is at SnapDeploy's sole discretion and is not guaranteed even if you appeal. Data not reinstated within 30 days may be permanently deleted.

Appeals

If you believe your account was suspended in error, you may appeal by emailing [email protected] with the subject line "Account Suspension Appeal". Include your account email and deployment ID. Appeals are reviewed within 2 business days.

Contact Information

AARLABS PRIVATE LIMITED
CIN: U62090PN2026PTC255314
SR.NO.43 Privet Drive, E-Commercial, Baner Gaon
Haveli, Pune — 411045
Maharashtra, India

Email: [email protected]
Phone: +91 9004233112