Acceptable Use Policy

You may not use any Orkids-operated system to violate Philippine law or the law of any jurisdiction that applies to you. Prohibited activity includes, without limitation:

• Storing, transmitting, or processing content that is unlawful, defamatory, or infringes another party's intellectual property or privacy rights.
• Distributing malware, ransomware, or any code designed to disrupt, damage, or gain unauthorized access to systems or data.
• Phishing, fraud, or impersonation, including the misuse of personal data in violation of RA 10173.
• Any use that would cause Orkids to breach a regulatory obligation (BIR, BSP, NPC, DOH) or a third-party agreement.

Shared and client-dedicated infrastructure must be used reasonably. You may not:

• Mine cryptocurrency or run unrelated bulk workloads on infrastructure provisioned for your engagement.
• Deliberately consume disproportionate compute, storage, or bandwidth in a way that degrades service for others.
• Circumvent rate limits, quotas, or billing controls, or attempt to access resources beyond your authorized scope.
• Conduct load, penetration, or vulnerability testing against Orkids-operated systems without prior written authorization.

Orkids serves multiple clients on shared platforms and managed cloud accounts. You may not attempt to access, probe, or interfere with another client’s data, environment, or service. You may not attempt to defeat tenant isolation or escalate privileges beyond your own organization’s scope.

You are responsible for the content and data you upload, process, or transmit through an Orkids-operated system, and for ensuring you have the rights and the lawful basis to do so under RA 10173 and any sector-specific regulation that applies to you (for example, BSP rules for financial institutions, or DOH and PhilHealth rules for health data). You must not process special-category, regulated, or patient data outside the scope agreed in your engagement contract and Data Processing Addendum. If you are unsure whether a use is in scope, ask us before you proceed.

Keep credentials confidential, use the multi-factor authentication we provide, and report any suspected vulnerability or compromise promptly to security@orkids.ph. Our vulnerability-disclosure process is described on the Trust Center.

If you become aware of a violation of this policy — by you, your staff, or a third party — report it promptly to hello@orkids.ph or, for a security issue, to security@orkids.ph. We treat reports confidentially and investigate in good faith.

If we reasonably believe use violates this policy, we may suspend the affected activity to protect the platform and other clients, giving notice where practical. For serious or repeated violations we may terminate the engagement under the relevant contract. We will act proportionately and prefer to resolve issues by contacting you first.

Where your use violates this policy and causes loss, or gives rise to a third-party or regulator claim, you are responsible for that misuse as set out in your engagement contract, and you agree to cooperate with any resulting investigation. Orkids will cooperate with lawful requests from Philippine authorities while protecting client confidentiality to the fullest extent the law allows.

We may update this policy as our services, the threat landscape, and applicable Philippine regulation evolve. Material changes will be reflected in the “last updated” date below. Continued use of an Orkids-operated system after a change takes effect constitutes acceptance of the updated policy.

Questions about acceptable use: hello@orkids.ph. For a suspected security issue, write to security@orkids.ph.