This Abuse Handling Policy outlines how the Operator processes and responds to reports of abuse originating from its proxy infrastructure. The Operator is committed to responsible network operation and takes all abuse reports seriously.

The Operator cooperates with abuse reports in good faith and aims to resolve all legitimate complaints promptly and transparently. This policy applies to all reports received regarding IP addresses, services, or infrastructure managed by the Operator.

This policy should be read in conjunction with the Acceptable Use Policy (AUP), which defines permitted and prohibited uses of the Service.

If you have observed abusive activity originating from our proxy infrastructure, please submit a report using the contact information below.

Primary contact: abuse@hex.gg

Include the following information in your report: • Affected IP address(es) — the specific IP(s) from which the abusive activity originated • Date and time of the incident — include the timezone (UTC preferred) for accurate correlation • Description of the abusive behavior — a clear, factual account of what was observed • Logs or evidence supporting the report — access logs, packet captures, screenshots, or other relevant documentation • Your contact information — an email address or other method by which we can reach you for follow-up

Additional reporting channels: Reports may also be submitted via the RIR (Regional Internet Registry) abuse contact listed in the WHOIS records for the relevant IP range. The Operator monitors all registered abuse contacts.

Please provide as much detail as possible to facilitate a timely investigation. Incomplete reports may result in delays.

The Operator is committed to responding to abuse reports in a timely manner. Typical timelines are as follows:

• Initial acknowledgment — We aim to acknowledge receipt within 1 business day. • Investigation kickoff — Initial review typically begins within 2 business days, depending on report completeness and severity. • Resolution or status update — We provide updates as investigations progress; timing varies based on complexity and evidence availability. • Complex investigations — Multi-account or law-enforcement-sensitive cases may require additional time. We will provide periodic updates while the investigation remains active.

These timelines are targets, not guarantees. We prioritize reports involving severe or ongoing abuse.

Each abuse report undergoes a structured investigation process designed to ensure accuracy, fairness, and accountability.

Step 1 — Validate Report The Operator confirms that the IP address(es) referenced in the report belong to our network and verifies the evidence provided. Reports referencing IP addresses outside our allocation are forwarded to the appropriate network operator when possible.

Step 2 — Identify Responsible Customer Using internal IP assignment records, the Operator identifies the customer account to which the relevant IP address(es) were assigned at the time of the reported incident.

Step 3 — Review Traffic Metadata The Operator reviews traffic metadata (connection timestamps, volume, destination patterns) associated with the identified account. The Operator does not inspect traffic content. This review is limited to metadata necessary to confirm or rule out the reported abuse.

Step 4 — Apply Enforcement Action Based on the findings, the Operator applies the appropriate enforcement action in accordance with the tiered enforcement system defined in the Acceptable Use Policy. Actions range from a written warning (Tier 1) to immediate termination and law enforcement referral (Tier 4).

Step 5 — Notify Reporter The reporter is notified of the outcome of the investigation within the confidentiality limits that apply. The Operator does not disclose customer identity or internal account details to reporters but will confirm what action, if any, was taken.

The Operator applies enforcement actions proportional to the severity and frequency of the violation. The following actions may be taken:

• Warning — For first-time minor violations. The customer is notified via email and given a defined period to remediate the issue and confirm compliance. • Service suspension — For repeated violations or moderate offenses. The customer's access is suspended until they acknowledge the Acceptable Use Policy and confirm cessation of the violating activity. • Immediate termination — For severe violations, including but not limited to Tier 3 and Tier 4 offenses as defined in the AUP. The customer's account is permanently terminated, and no refund is issued. • Law enforcement referral — For criminal activity, including but not limited to CSAM distribution, active DDoS attacks coordinated through the Service, and terrorism-related activity. The Operator may preserve relevant data and cooperate with authorized law enforcement agencies.

The Operator reserves the right to escalate directly to a higher enforcement level when the severity of the violation warrants immediate action, regardless of whether prior warnings have been issued.

The Operator maintains a strict zero-tolerance policy regarding child sexual abuse material (CSAM).

Upon detection or credible report of CSAM-related activity:

• The associated account is immediately terminated without prior notice to the customer. • All relevant account data, traffic metadata, and associated records are preserved in full for investigative purposes. • The matter may be reported to the appropriate authorities, including the National Center for Missing & Exploited Children (NCMEC) when applicable. • The Operator cooperates fully with any resulting investigation conducted by law enforcement.

No prior warning or opportunity to remediate is provided. CSAM-related violations are classified as Tier 4 under the Acceptable Use Policy, and enforcement decisions in these cases are final and not subject to appeal.

The Operator periodically reviews and updates its detection capabilities and cooperates with industry initiatives aimed at combating the exploitation of children online.

The Operator cooperates with lawful requests from authorized law enforcement agencies in accordance with applicable law.

Scope of cooperation: The Operator will respond to valid legal instruments, including subpoenas, court orders, search warrants, and other lawful requests issued by competent authorities. The Operator evaluates each request for legal validity before disclosure.

Data available for disclosure: Subject to a valid legal instrument, the Operator may disclose account registration information, billing records, IP assignment logs, and traffic metadata. The Operator does not log or store traffic content and therefore cannot provide payload data.

Process: Law enforcement agencies should refer to the Law Enforcement Guidelines published by the Operator for detailed information on accepted legal instruments, submission procedures, required formatting, and expected response times.

Emergency requests: In cases involving imminent danger to life or physical safety, the Operator may expedite disclosure without a formal legal instrument, subject to verification of the requesting agency's identity and the nature of the emergency.

The Operator is committed to transparency in its abuse handling practices. Aggregate abuse statistics may be published in periodic Transparency Reports.

Published statistics include: • Total number of abuse reports received during the reporting period • Number of reports that resulted in enforcement action • Number of accounts terminated due to abuse violations • Breakdown of violations by category (where doing so does not compromise ongoing investigations)

Confidentiality: Individual case details are confidential and are not disclosed in the Transparency Report or to third parties, except as required by law or as necessary to resolve the reported abuse. Customer identities are never disclosed to reporters.

The Transparency Report is published on the Platform when available. Historical reports, if published, are archived and remain available for review.

Customers who believe that an enforcement action was applied in error may submit an appeal.

Appeal process: • Appeals must be submitted in writing to legal@hex.gg within 14 calendar days of the enforcement action. • The appeal should include the customer's account identifier, a description of the enforcement action being appealed, and any evidence or context supporting the appeal. • Appeals are reviewed by senior staff who were not involved in the original enforcement decision. • The Operator aims to issue a decision within 5-10 business days of receipt.

Limitations: Decisions regarding Tier 4 violations (CSAM, terrorism, active DDoS attacks) are final and not subject to appeal. The Operator's determination in such cases is conclusive.

If the appeal is successful, the Operator will reinstate the customer's account and restore service as promptly as possible. Any service credits for downtime during the appeal period will be evaluated on a case-by-case basis.