Legal Documents | Terms and Conditions

Terms and Conditions

Version 1.0 • Updated: March 2024

1. Definitions

"Company" refers to SC CLOUD FOREST INFRASTRUCTURE SRL, VAT: 46309790, headquartered in Buzău, Romania.

"User" refers to the natural or legal person who uses the web hosting services offered by the company.

"Services" refers to the web hosting plans offered by the company through the roleaf.ro platform.

"Account" refers to the user account created for access to web hosting services.

"Login credentials" refers to identification information, such as username and password, used for access to the web hosting account.

2. Account Creation and Management

Users are responsible for providing correct and complete information during the account registration process.

Users are responsible for the security of their login credentials and must keep them confidential. Any suspicious or unauthorized activity must be reported immediately to the company.

3. Use of Services

Users agree to use the services only for legal purposes and in accordance with these Terms and Conditions, as well as all applicable laws and regulations.

Use of services in the manner described in the Acceptable Use Policy is prohibited.

The company reserves the right to suspend or terminate the user's account in case of violation of these Terms and Conditions or the Acceptable Use Policy.

4. Affiliate Program

Users can register as affiliates on our hosting platform where they can recommend our services and earn a 10% commission in the form of credit that can be used to pay invoices for services we offer. The commission applies repeatedly, for each payment made by the referred customer.

5. Payments and Billing

Users agree to pay applicable fees for web hosting services according to the selected plan and billing period.

Invoices must be paid in advance, according to the terms and payment methods specified by the company.

6. Warranty and Money-Back Guarantee

According to the withdrawal right guaranteed to consumers under EU consumer protection law (Directive 2011/83/EU, transposed into Romanian law by OUG 34/2014), individual consumer customers have the right to a refund of the amount paid for web hosting services within 14 calendar days from the date the contract is concluded, without giving a reason.

Customers who want a refund must submit a formal request through the electronic channels provided (email/ticketing system) within the 14-day period.

In accordance with EU consumer protection regulations (Art. 16(c) of Directive 2011/83/EU), domain registration is not subject to the money-back guarantee, as it constitutes the supply of a personalised product or service that cannot be returned.

No refund will be issued — partial or full — for services suspended or terminated as a result of a violation of the Acceptable Use Policy or any other provisions of these Terms and Conditions. This includes, without limitation: spam, network scanning, malware distribution, DDoS attacks, operating Tor nodes, phishing, hosting copyright-protected material without authorisation, or any other prohibited activity. Any amount paid for the remaining period is forfeited in full.

For VPS services, a specific refund policy applies — please refer to the VPS Terms, art. 6 section of this document.

7. Uptime Guarantee

The company guarantees 99.9% uptime for all web hosting and VPS services, as detailed in the Service Level Agreement (SLA).

If this guarantee is not met, customers may request account credits according to the compensation table in the SLA section. Requests must be submitted via a support ticket within 14 days of the incident.

8. Account Suspension and Termination

The company reserves the right to suspend or terminate the user's account in case of violation of these Terms and Conditions or the Acceptable Use Policy, without prior notice.

In case of account suspension or termination, users may lose access to data stored on the company's servers. The company is not responsible for any data loss or damages resulting from account suspension or termination.

9. Limitation of Liability

The company is not responsible for any data loss, damages or service interruptions caused by improper use of services by users or events beyond the company's control.

In no case shall the company be liable to users or third parties for any indirect, special, incidental or consequential damages.

10. Changes to Terms and Conditions

The company reserves the right to modify these Terms and Conditions at any time, with immediate or subsequent effect, by publishing an updated version on the roleaf.ro website.

Users are responsible for periodically reviewing these Terms and Conditions and accepting them before continuing to use the services.

11. Contact

For questions or clarifications regarding these Terms and Conditions, please contact us at office[at]cloudforest.ro or through the ticketing system in the client area.

Privacy Policy

Version 2.0 • Updated: March 2026

Our website complies with the General Data Protection Regulation ("GDPR"), Regulation (EU) 2016/679. The data protection policy is based on the general mandatory principles of the act:

Processing in a lawful, fair and transparent manner
Collection only for specific legitimate purposes
Adequate, relevant and limited to what is necessary use
Data must be accurate and up to date
Stored only as long as necessary
Security, integrity and confidentiality appropriately ensured

1. Data Controller

Data controller: SC CLOUD FOREST INFRASTRUCTURE SRL, VAT: RO46309790, with registered office in Buzău, Romania, registered with the Trade Register under number J10/768/2022.

Data protection contact: office[at]cloudforest.ro

This policy informs you about our practices regarding the collection, use and protection of personal data of users of roleaf.ro and associated services.

2. Types of Data Collected

Data provided directly by the user (when creating an account and ordering services):

First and last name
Email address
Phone number
Physical address (street, city, county, postal code, country)
National ID number (exclusively for .ro domain registration, per mandatory RoTLD requirements)
Billing information (VAT number for legal entities)
Payment information (processed exclusively through PCI-DSS certified payment providers; RoLeaf.ro does not store card data)

Data collected automatically (by accessing the website and services):

IP address
Date and time of access
Browser and operating system
Pages accessed (server access logs)

3. Purpose and Legal Basis for Processing

Purpose	Legal Basis (GDPR Art. 6)
Creating and managing the customer account	Art. 6(1)(b) — contract performance
Processing orders and providing services	Art. 6(1)(b) — contract performance
Issuing invoices and archiving tax documents	Art. 6(1)(c) — legal obligation
.ro domain registration (transmission to RoTLD)	Art. 6(1)(c) — legal obligation
Technical support and customer service	Art. 6(1)(b) — contract performance
Communications about services, outages and important updates	Art. 6(1)(b) — contract performance
Server access logs (security, troubleshooting, abuse prevention)	Art. 6(1)(f) — legitimate interest

4. Data Retention Periods

Account and contract data — for the duration of the contractual relationship + 3 years after account closure
Tax documents and invoices — minimum 10 years, pursuant to Romanian Accounting Law no. 82/1991
Server access logs (IP, timestamp, browser) — maximum 90 days, after which they are automatically deleted
Support tickets — 3 years from ticket closure

5. Data Recipients (Third Parties)

Personal data may be transmitted exclusively to:

RoTLD (ICI București) — for the registration and management of .ro domains (legal obligation)
Payment processing providers (PCI-DSS certified) — only data necessary for the transaction
Public authorities — when there is a legal obligation (tax authority, courts, etc.)

We do not transfer personal data outside the European Economic Area (EEA). We do not use third-party analytics services (e.g. Google Analytics). Our infrastructure is located entirely in Romania.

6. Rights of Data Subjects

Under GDPR, you have the following rights, exercisable by written request to office[at]cloudforest.ro:

Right of access (Art. 15) — you may request a copy of the personal data we hold about you
Right to rectification (Art. 16) — correction of inaccurate or completion of incomplete data
Right to erasure (Art. 17) — deletion of data ("right to be forgotten"), where no legal retention obligations exist
Right to restriction of processing (Art. 18) — temporary limitation of data processing
Right to data portability (Art. 20) — receiving data in a structured, commonly used and machine-readable format
Right to object (Art. 21) — objecting to processing based on legitimate interest

We will respond to requests within a maximum of 30 days of receipt.

You also have the right to lodge a complaint with the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP):
Website: www.dataprotection.ro · Phone: +40.318.059.211

7. Data Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss or destruction, including: encrypted communications (HTTPS/TLS), role-based access control, regular backups and security monitoring.

8. Policy Changes

We reserve the right to update this policy. The current version is always available on this page. Significant changes will be communicated by email to active customers.

Acceptable Use Policy

Version 1.0 • Updated: March 2024

1. Introduction

The Acceptable Use Policy (AUP) establishes the conditions and restrictions applicable to the use of web hosting services offered by SC CLOUD FOREST INFRASTRUCTURE SRL through the roleaf.ro platform.

This policy is designed to ensure a safe and respectful experience for all customers and to protect the integrity and performance of our infrastructure.

2. Appropriate Use of Resources

Users are responsible for the appropriate use of resources offered, in accordance with the specifications of the chosen hosting package and all applicable laws.

Excessive or abusive use of resources (CPU, memory, bandwidth) that may affect server performance or other users is prohibited.

3. Prohibited Content

Publication or distribution of the following is strictly prohibited:

Pornographic or adult content
Pirated software or materials that infringe copyright
Content that promotes violence, hatred or discrimination
Malware, viruses or other harmful programs
Phishing or fraudulent websites
Any content illegal under Romanian law

Any illegal activity will be reported to the competent authorities.

4. Spam and Unsolicited Emails

Sending unsolicited emails (spam) through our servers is prohibited. This includes:

Sending unsolicited commercial messages
Promoting services through spam
Using email lists purchased or obtained without consent

Users must comply with electronic communications legislation and obtain recipient consent.

5. Account Security

Users are responsible for the security of their account and must keep login credentials confidential.

Attempting to gain unauthorized access to other accounts or systems is prohibited, including:

Password brute-force attempts
Exploiting security vulnerabilities
Port scanning or attacks on other servers

6. Shared Resources

Web hosting plans offer resources in a shared environment. Users must use their resources responsibly, without negatively affecting other users or overall server performance.

7. Consequences of Violation

Violation of this Policy may result in:

Warning and request for remediation
Temporary account suspension
Account termination without right to refund
Reporting to authorities in case of illegal activities

8. Contact

For questions or reports related to this policy, contact us at office[at]cloudforest.ro.

Terms and Conditions — VPS Servers

Version 1.1 • Updated: March 2026

This document establishes the specific terms and conditions applicable to Virtual Private Server (VPS) services offered by SC CLOUD FOREST INFRASTRUCTURE SRL through the roleaf.ro platform. By purchasing or using a VPS service, the customer expressly accepts these terms, which supplement the General Terms and Conditions and the Acceptable Use Policy.

1. Definitions

"VPS Service" refers to the virtual private server allocated to the customer, running on the company's own physical infrastructure located in Romania.

"Customer" refers to the natural or legal person who is the holder of the VPS service contract.

"Network Traffic" refers to the totality of data transmitted and received by the VPS server, regardless of protocol or destination.

"IDS" (Intrusion Detection System) refers to the automated systems used by the company to detect intrusions and abusive activities for monitoring its infrastructure.

"Abuse" refers to any use of the VPS service contrary to this document, applicable legislation, or generally accepted internet usage norms.

2. Customer Rights and Responsibilities

The customer has full root access to the allocated VPS server and is solely responsible for its configuration, administration and security.

The customer is fully responsible for all activities carried out on the VPS server, including activities of third parties to whom access has been granted.

The customer agrees to use the service exclusively for lawful purposes, in compliance with Romanian law, EU regulations and applicable international electronic communications standards.

The customer is responsible for updating and securing the software installed on the VPS server, including promptly remedying security vulnerabilities.

3. Strictly Prohibited Activities

Use of VPS services for any of the activities listed below is strictly prohibited and constitutes grounds for immediate suspension or termination of the service:

3.1. Spam and Unsolicited Communications

Sending unsolicited bulk emails (spam), regardless of volume or frequency
Operating mail servers configured as open relays
Using address lists obtained without recipient consent
Any other form of large-scale unsolicited communication (bulk SMS, instant messaging, web forms)

3.2. Network Scanning and Reconnaissance

Scanning ports or networks of third parties without the explicit consent of the owner
Running network scanners, vulnerability scanners or service enumeration tools against external infrastructure
Aggressive automated data collection (scraping) that affects the availability of third-party services

3.3. Malware and Malicious Code

Hosting, distributing or operating malware, viruses, ransomware, spyware, adware or any other malicious code
Operating command-and-control (C&C / C2) servers for botnets or other malicious networks
Participating in coordinated cyberattack operations
Hosting exploit kits or pages for automatic malware distribution

3.4. DoS / DDoS Attacks

Launching or facilitating Denial of Service (DoS) or Distributed Denial of Service (DDoS) attacks against any systems
Participating in amplification attacks (DNS amplification, NTP amplification, etc.)
Using the VPS server as a reflector or amplifier of malicious traffic
Any activity that generates network traffic intended to overload or disrupt third-party systems

3.5. Tor Network and Anonymous Proxies

Operating Tor exit nodes, entry/guard nodes or Tor relays
Operating proxies or VPNs for the purpose of anonymising illegal traffic or circumventing legal blocks
Hosting services dedicated exclusively to anonymising illicit traffic

3.6. Copyrighted Material and Illegal Content

Hosting, distributing or indexing copyright-protected content without authorisation from the rights holders (movies, music, software, games, books, etc.)
Operating torrent tracker sites, warez platforms or illegal file-sharing platforms
Any content that infringes the intellectual property rights of third parties
Child sexual abuse material (CSAM) — in which case the company will immediately notify the competent authorities (Romanian DIICOT, Europol)

3.7. Fraud and Deceptive Activities

Hosting phishing pages that impersonate banking services, payment platforms or other online services
Operating carding schemes, financial fraud or online scams
Impersonating legitimate entities for fraudulent purposes
Any activity intended to deceive users or third parties

3.8. Unauthorised Access to Systems

Attempts to gain unauthorised access to third-party computer systems (offensive hacking)
Brute-force attacks against external services
Exploitation of software vulnerabilities in third-party systems without authorisation

3.9. Abusive Cryptocurrency Mining

Using VPS resources for cryptocurrency mining in an abusive manner, consistently exceeding 80% of the allocated CPU capacity for extended periods, compromising infrastructure stability

4. Monitoring and IDS Systems

The company uses automated intrusion and abuse detection systems (IDS — Intrusion Detection Systems) that continuously monitor network traffic and server behaviour across its own infrastructure.

These systems analyse traffic patterns, abnormal data volumes, known signatures of malicious activities and other indicators of compromise or abuse, without accessing the personal content of the customer's data.

Alerts generated by IDS systems, corroborated with traffic data and system logs, constitute the documented basis for any decision to suspend or terminate service. The company retains this data as evidence in the event of reports filed with authorities.

The company may also act on complaints received from third parties (ISPs, anti-abuse organisations, authorities) submitted through standard channels (abuse@, CERT-RO, Spamhaus, AbuseIPDB, etc.).

5. Service Suspension and Termination Policy

The company reserves the right to immediately suspend or terminate any VPS service, without prior notice, in any of the following situations:

Detection of prohibited activities through IDS systems or through reports received from third parties
Activity that jeopardises the integrity or availability of the company's own infrastructure or that of third parties
Non-compliance with this document or the General Terms and Conditions
Legal obligations requiring suspension (court orders, CERT-RO requests, DIICOT, etc.)

In serious cases (DDoS, active malware, phishing, CSAM), suspension is carried out immediately, without any grace period or prior warning.

In less serious cases, the company may, at its sole discretion, send a warning notification with a reasonable remediation deadline before suspension.

Data stored on a VPS server suspended or terminated due to abuse may be permanently deleted without possibility of recovery.

6. Refund Policy for VPS Services

6.1 Consent to Immediate Performance and Loss of Withdrawal Right

VPS services are activated and delivered immediately upon payment confirmation. By activating the VPS service — regardless of the means by which this is done (control panel, API, provisioning confirmation email) — the individual consumer customer expressly declares and confirms that:

they have requested and consent to the immediate commencement of service delivery before the expiry of the 14-calendar-day period provided under EU consumer protection law (OUG 34/2014);
they acknowledge that, once service delivery has begun with their prior express consent, they lose the legal right of withdrawal under Art. 9 of OUG 34/2014, pursuant to Art. 16(a) of OUG 34/2014 (transposing Art. 16(a) of Directive 2011/83/EU of the European Parliament and of the Council).

VPS activation constitutes proof of the customer's express consent to immediate service delivery and acknowledgement of the loss of the right of withdrawal.

6.2 Voluntary Money-Back Policy

As a voluntary commercial policy and at the company's sole discretion, the company offers the possibility of a refund within 14 calendar days from the date of VPS activation, subject to the cumulative fulfilment of all of the following conditions:

The refund request is submitted through the electronic channels provided (email/ticketing system) within the 14-calendar-day period from activation;
The server has not been used in an abusive, unlawful, or Acceptable Use Policy-violating manner;
No prohibited activities have been confirmed under this document or related policies.

This voluntary commercial facility does not constitute acknowledgement of the existence of a legal right of withdrawal after service activation and may be withdrawn by the company at any time without prior notice.

6.3 Absolute Exclusions from Refund

No refund will be issued — partial or full — in any of the following circumstances:

Prohibited activities have been confirmed on the VPS server: spam, network scanning (port scanning / vulnerability scanning), malware distribution, DDoS attacks or botnet participation, operating Tor nodes or hidden services (.onion), phishing, CSAM, computer hacking, or any other prohibited activity under the Acceptable Use Policy;
The service has been suspended or terminated as a result of a violation of this document, the Acceptable Use Policy, or any other applicable terms;
There is evidence that the server was used to commit computer crimes, fraud, or other illegal acts;
Semi-annual or annual subscriptions are terminated due to abuse — no proportional refund will be issued for unused months.

Confirmation of abusive activities is based on data collected by IDS systems, network logs, internal technical analysis, and/or reports received from third parties (CERT-RO, Spamhaus, AbuseIPDB, etc.), which constitute sufficient evidence for the refusal of any refund.

A customer who has used the VPS service for prohibited activities forfeits all right to a refund, including for unused periods of service, regardless of the duration of the paid subscription and regardless of whether the refund request is made within or after the 14-day period.

7. Traffic Limits and Resource Usage

Each VPS plan includes a monthly traffic allowance as specified in the chosen plan. Exceeding this limit may result in automatic suspension of network access or the application of additional charges, at the company's discretion.

Persistent use of CPU, RAM or storage resources at maximum capacity, to the detriment of infrastructure stability, may constitute grounds for requesting a plan upgrade or, in case of refusal, for suspension of the service.

8. Cooperation with Authorities

The company cooperates with competent authorities (Romanian Police, DIICOT, CERT-RO, Europol, ANCOM) in investigations concerning illegal activities carried out through VPS services.

Upon request from authorities or based on court orders, the company may provide customer identification data, traffic logs and any other information relevant to an investigation.

The company is under no obligation to inform the customer of an authority request if there is a legal prohibition to do so.

9. Abuse Reporting

Any abuse identified on our servers can be reported to abuse[at]cloudforest.ro. Reports are reviewed within 24 hours on business days.

The company subscribes to the generally accepted principles of combating internet abuse and collaborates with organisations such as Spamhaus, AbuseIPDB and CERT-RO.

10. Changes to This Document

The company reserves the right to modify this document at any time. The updated version will be published on the roleaf.ro website with the revision date noted. Continued use of the VPS service after publication of changes constitutes implicit acceptance of the new terms.

11. Contact

For questions related to this document or to report abusive activities, contact us at abuse[at]cloudforest.ro (abuse reports) or office[at]cloudforest.ro (general enquiries).

Cookie Policy

Version 2.0 • Updated: March 2026

1. What are cookies?

Cookies are small text files stored on the user's device when accessing a website. Under Romanian Law no. 506/2004 (transposing the ePrivacy Directive) and the GDPR, non-essential cookies require prior and explicit user consent.

2. Cookies used on roleaf.ro

On the public website roleaf.ro we use only essential cookies, necessary for the technical operation of the site. We do not use tracking, advertising or third-party analytics cookies.

Cookie	Purpose	Duration	Type
PHPSESSID	PHP session — maintaining authentication state in the client panel (clienti.roleaf.ro)	Session (deleted on browser close)	Essential

Essential cookies are permitted without explicit consent, pursuant to Art. 5(3) of the ePrivacy Directive and Recital 25 thereof, as they are strictly necessary to provide the service requested by the user.

3. Third-party services and data transfers

The roleaf.ro website does not embed third-party tracking scripts (Google Analytics, Facebook Pixel, Hotjar, etc.). No third-party cookies are placed through our main website.

Note: the client platform clienti.roleaf.ro may use additional cookies for its functionality; these are governed separately upon accessing that platform.

4. Managing cookies

You can control and delete cookies through your browser settings:

Note: blocking essential cookies may affect authentication functionality in the client panel.

5. Contact

For questions regarding the use of cookies, contact us at office[at]cloudforest.ro.

Service Level Agreement (SLA)

Version 1.0 • Updated: March 2026

1. Scope

This Service Level Agreement (SLA) applies to all shared web hosting and VPS server services provided by Cloud Forest Infrastructure SRL through the RoLeaf.ro platform.

The SLA is an integral part of the General Terms and Conditions and the VPS Terms and Conditions.

2. Availability Guarantee (Uptime)

The company guarantees an availability level of 99.9% per calendar month for:

Shared web hosting — availability of the web server, database, and email services
VPS servers — availability of the physical infrastructure (hardware, network, hypervisor). Does not include software installed and managed by the customer

An uptime of 99.9% corresponds to a maximum downtime of approximately 43 minutes per month.

3. Availability Calculation

Monthly availability is calculated using the following formula:

Uptime (%) = (Total minutes in month − Downtime minutes) ÷ Total minutes in month × 100

Downtime is calculated from the moment the unavailability is reported or automatically detected until full service restoration.

4. Exclusions

The following situations are not considered downtime and are excluded from the SLA calculation:

Scheduled maintenance — notified at least 48 hours in advance via email or the client area
Force majeure — natural disasters, unforeseeable events beyond the company's control
DDoS attacks — unavailability caused by massive distributed cyberattacks
Customer actions — misconfigurations, faulty code, excessive resource consumption, or AUP violations
Third-party services — unavailability of domain registrars, external DNS providers, or other services not operated by the company
Emergency maintenance — critical security interventions requiring immediate action

5. Compensation

If monthly availability falls below 99.9%, customers are entitled to account credits according to the following table:

Monthly Uptime	Approximate Downtime	Credit Issued
99.0% – 99.9%	43 min – 7.3 hours	10% of monthly invoice
95.0% – 99.0%	7.3 hours – 36 hours	25% of monthly invoice
90.0% – 95.0%	36 hours – 72 hours	50% of monthly invoice
Below 90.0%	Over 72 hours	100% of monthly invoice

For semi-annual or annual subscriptions, the monthly value is calculated by dividing the total amount paid by the number of months in the period.

6. Claim Procedure

To request SLA credit, the customer must follow these steps:

Open a support ticket in the client area (clienti.roleaf.ro)
The request must be made within 14 calendar days of the downtime incident
The ticket must include: the affected service, and the approximate date and time of the outage

The company will review the request and issue the credit within 5 business days of confirming the incident.

7. Compensation Limitations

The maximum credit issued in a calendar month cannot exceed 100% of the monthly value of the affected service
Credits apply exclusively to future invoices and cannot be converted to cash
Credits are non-transferable between accounts or different services
Unused credits expire automatically after 12 months from the date of issuance

8. Company Obligations

The company commits to:

Continuously monitor service availability
Notify customers as soon as possible in the event of a major outage
Restore services in the shortest time possible
Notify any scheduled maintenance at least 48 hours in advance

9. SLA Modifications

The company reserves the right to modify this SLA with at least 30 days' notice, by notifying active customers via email and publishing the updated version on the website.

Modifications do not apply retroactively to incidents that occurred before the effective date.

10. Contact

For any questions regarding the SLA or to report an incident, contact us at office[at]cloudforest.ro or through the support ticket system in the client area.