Legal

Terms of Service

Effective Date: 27 June 2026

Xacy Inc.

British Virgin Islands

These Terms of Service govern access to and use of Xacy’s managed VPN infrastructure, APIs, network services, documentation, dashboards, and related services. By creating an account, using our API, integrating with our services, or otherwise accessing Xacy, you agree to these Terms. If you are using Xacy on behalf of a company or other legal entity, you confirm that you have authority to bind that entity to these Terms.

1. About Xacy

Xacy is a managed B2B VPN infrastructure provider for companies that offer VPN, privacy, security, or related internet services to their own customers.

Xacy provides secure, API-driven VPN infrastructure using the WireGuard protocol. Our services allow customers to create and delete WireGuard peers, select locations, route traffic through supported countries or servers, and generate VPN configurations without building or managing their own global server infrastructure.

Xacy is not a consumer VPN application. Xacy provides backend VPN infrastructure to business customers.

2. Eligibility

You may use Xacy only if:

  1. You are at least 18 years old.

  2. You are using the services for business or commercial purposes.

  3. You have legal authority to enter into these Terms.

  4. Your use of Xacy complies with all applicable laws, regulations, sanctions rules, export controls, and industry requirements.

  5. You are not prohibited from using the services under applicable law.

Xacy may refuse service, suspend access, or terminate accounts at its discretion if we believe the services are being misused or used in violation of these Terms.

3. Services Provided

Xacy may provide access to:

  1. Managed VPN infrastructure.

  2. WireGuard-based VPN sessions.

  3. API endpoints for adding and deleting peers.

  4. Country, server, nearby-location, or exit-IP selection.

  5. Server routing and network capacity.

  6. Usage-based billing.

  7. Technical documentation and support.

  8. Other related infrastructure features made available by Xacy.

The core API may include, but is not limited to:

POST https://api.xacy.io/add-peer

This endpoint allows customers to submit a client WireGuard public key and receive a WireGuard configuration for establishing a VPN session.

POST https://api.xacy.io/del-peer

This endpoint allows customers to submit a WireGuard public key and request deletion of the related peer.

API authentication may use an X-API-Key header or any other authentication method specified by Xacy.

4. Business Customer Responsibility

You are responsible for your own products, applications, users, customer relationships, pricing, support, marketing, policies, legal compliance, and end-user terms.

You understand and agree that:

  1. Xacy provides infrastructure only.

  2. You are responsible for how your end users access and use your product.

  3. You must provide your own privacy policy, terms of service, acceptable use policy, and support process to your users.

  4. You must not misrepresent Xacy’s services or make false claims about Xacy.

  5. You are responsible for ensuring that your application integrates with Xacy securely.

  6. You are responsible for protecting your API keys and account credentials.

  7. You are responsible for all activity generated through your account, API keys, integrations, and users.

Xacy does not control your end-user relationships and does not act as your end-user support provider unless separately agreed in writing.

5. API Access and Security

You must keep your API keys, tokens, credentials, and account access secure.

You agree not to:

  1. Share API keys publicly.

  2. Embed secret API keys in public client-side code.

  3. Sell, lease, or transfer your Xacy account without approval.

  4. Attempt to bypass rate limits, authentication, billing systems, or access controls.

  5. Interfere with the security or operation of Xacy’s infrastructure.

  6. Reverse engineer, exploit, overload, or abuse Xacy’s services.

If you believe your API key or account has been compromised, you must notify Xacy immediately and rotate your credentials.

Xacy may revoke, rotate, limit, or suspend API keys if we believe there is a security risk, misuse, abuse, billing issue, or violation of these Terms.

6. Acceptable Use

You may not use Xacy directly or indirectly for unlawful, harmful, abusive, fraudulent, or malicious activity.

Prohibited use includes, but is not limited to:

  1. Cyberattacks, hacking, unauthorized access, credential theft, phishing, or malware distribution.

  2. Botnets, spam, mass abuse, platform manipulation, or automated account creation.

  3. DDoS attacks, traffic flooding, port scanning, vulnerability scanning without authorization, or network abuse.

  4. Distribution or access to illegal content.

  5. Child sexual abuse material or any exploitation of minors.

  6. Terrorism, violent extremism, or credible threats of harm.

  7. Fraud, scams, impersonation, payment abuse, or identity theft.

  8. Harassment, stalking, doxxing, or targeted abuse.

  9. Copyright infringement or large-scale intellectual property abuse.

  10. Sanctions violations, export control violations, or use by prohibited parties.

  11. Any activity that damages Xacy’s infrastructure, IP reputation, network partners, upstream providers, or other customers.

Xacy may investigate abuse reports and may suspend, block, rate-limit, disable, or terminate access where necessary to protect the network, customers, partners, or legal interests.

7. No-Log Policy and Privacy

Xacy follows a strict no-log policy for VPN activity.

Xacy does not save, track, or share VPN activity, including the websites visited, content accessed, DNS activity, application activity, or browsing behavior of VPN users.

However, to operate a B2B infrastructure service, Xacy may process limited business, account, billing, API, technical, security, and operational information, such as:

  1. Customer account information.

  2. API authentication information.

  3. Billing and payment records.

  4. Usage volumes required for billing, such as egress traffic.

  5. Infrastructure health, uptime, and performance metrics.

  6. Security events necessary to protect the service.

  7. Support communications.

  8. Legal or compliance records required for business operations.

Xacy does not use operational data to create VPN activity profiles of end users.

Customers are responsible for making accurate disclosures to their own users about how their product works, what data they collect, and how Xacy’s infrastructure is used.

8. Customer Data

You retain ownership of the data, materials, public keys, integration data, and other information you submit to Xacy.

You grant Xacy the limited right to process such data only as necessary to:

  1. Provide the services.

  2. Authenticate API requests.

  3. Create, manage, and delete VPN peers.

  4. Route traffic through selected infrastructure.

  5. Calculate usage and billing.

  6. Provide support.

  7. Protect the security and reliability of the services.

  8. Comply with legal obligations.

You must not submit sensitive personal data to Xacy unless it is necessary for your use of the services and legally permitted.

9. Network Locations and Capacity

Xacy may provide VPN infrastructure in multiple countries, including but not limited to the USA, UK, Germany, France, Brazil, Singapore, Japan, Australia, South Africa, and India.

Xacy may also provide access to 500+ servers, 10 Gbps per-server capacity, and total infrastructure capacity of up to 5 Tbps.

Unless expressly stated in a separate written agreement or service-level agreement, server counts, locations, exit IPs, capacity, and routing availability are not guaranteed and may change due to maintenance, demand, provider changes, legal requirements, abuse prevention, or network conditions.

Xacy may add, remove, replace, throttle, reroute, or suspend servers, countries, locations, or exit IPs when necessary.

10. Service Availability

Xacy will use commercially reasonable efforts to provide reliable, secure, and high-performance infrastructure.

However, Xacy does not guarantee uninterrupted service, specific speeds, continuous availability of any server or country, or permanent access to any specific exit IP unless agreed separately in writing.

Service may be interrupted due to:

  1. Maintenance.

  2. Network failures.

  3. Provider outages.

  4. Abuse mitigation.

  5. Security incidents.

  6. Legal or regulatory issues.

  7. Force majeure events.

  8. Customer misconfiguration.

  9. Capacity constraints.

  10. Changes to upstream infrastructure.

Xacy is not responsible for downtime, latency, packet loss, routing issues, blocked IPs, third-party restrictions, or service interruptions outside its reasonable control.

11. Pricing and Billing

Xacy charges customers on a pay-as-you-go basis unless otherwise agreed in writing.

Pricing may be based on egress traffic, while ingress traffic may be free. Pricing may start as low as USD 0.01 per GB, subject to plan, volume, region, infrastructure type, customer agreement, or future pricing changes.

You agree to pay all fees incurred through your account, API keys, users, and integrations.

Xacy may invoice or charge you based on:

  1. Egress traffic.

  2. Selected regions or servers.

  3. Dedicated or special exit IPs.

  4. Additional infrastructure services.

  5. Support plans.

  6. Custom enterprise arrangements.

  7. Taxes, duties, or payment processing charges where applicable.

Xacy may change pricing by providing notice through the website, dashboard, email, invoice, or other reasonable method. Continued use of the services after a pricing change means you accept the updated pricing.

Failure to pay may result in suspension, rate limiting, termination, or deletion of service access.

12. Taxes

Fees are exclusive of taxes unless stated otherwise.

You are responsible for all applicable taxes, duties, levies, withholding taxes, or government charges related to your use of Xacy, except taxes based on Xacy’s income.

If withholding is required by law, you must gross up payments so that Xacy receives the full amount owed, unless otherwise required by applicable law or agreed in writing.

13. Suspension and Termination

Xacy may suspend or terminate your access immediately if:

  1. You violate these Terms.

  2. You fail to pay fees when due.

  3. Your use creates security, legal, network, or reputational risk.

  4. Your account is involved in abuse, fraud, spam, attacks, or unlawful activity.

  5. Your API keys are compromised.

  6. You become subject to sanctions or legal restrictions.

  7. Xacy is required to do so by law, court order, regulator, provider, or upstream network partner.

  8. Continued service would expose Xacy to unacceptable risk.

You may stop using Xacy at any time. You remain responsible for all charges incurred before termination.

Upon termination, Xacy may disable API access, revoke keys, remove peers, stop routing traffic, delete service configurations, and close the account, subject to legal and billing retention requirements.

14. Customer End Users

Your end users are your responsibility.

You must ensure that your end users comply with acceptable use standards that are at least as protective as these Terms.

If Xacy receives abuse complaints, legal notices, provider complaints, or network reports related to your users, Xacy may require you to investigate, suspend, block, delete, or restrict the relevant user, peer, public key, or traffic source.

If you fail to respond appropriately, Xacy may suspend or terminate your account.

15. Legal Requests and Compliance

Xacy may respond to valid legal requests, court orders, subpoenas, law enforcement requests, sanctions requirements, regulatory obligations, or other legally binding demands.

Because Xacy follows a strict no-log policy for VPN activity, Xacy may not possess VPN activity logs to provide in response to such requests.

Xacy may disclose customer account, billing, support, or operational information if legally required or necessary to protect Xacy, its customers, its infrastructure, or the public.

Customers are responsible for responding to legal requests related to their own users, applications, and services.

16. Confidentiality

Each party may receive confidential information from the other party, including API credentials, pricing, infrastructure details, technical documentation, business information, and non-public product information.

Each party agrees to protect confidential information using reasonable care and not disclose it except as necessary to perform obligations under these Terms, comply with law, or with prior written permission.

Confidentiality obligations do not apply to information that is public, independently developed, lawfully received from another source, or required to be disclosed by law.

17. Intellectual Property

Xacy retains all rights, title, and interest in its services, software, APIs, documentation, infrastructure, systems, trademarks, logos, designs, and technology.

These Terms do not transfer any ownership rights to you.

You may use Xacy’s APIs and documentation only as necessary to integrate with and use the services in accordance with these Terms.

You may not copy, modify, reverse engineer, resell, sublicense, or create derivative works from Xacy’s technology except as expressly permitted in writing.

18. Branding and Marketing

You may not use Xacy’s name, logo, trademarks, or branding in public marketing materials without prior written approval, except to accurately identify Xacy as your infrastructure provider where permitted by Xacy.

Xacy may identify you as a customer in marketing materials unless you request otherwise in writing or unless a separate agreement states otherwise.

19. Third-Party Providers

Xacy may use third-party hosting providers, data centers, network providers, payment processors, software vendors, and other service providers to deliver the services.

Xacy is not responsible for failures, restrictions, outages, routing issues, blocking, or policy changes caused by third-party providers, internet service providers, platforms, governments, or network operators outside Xacy’s reasonable control.

20. Beta Features

Xacy may offer beta, experimental, preview, or early-access features.

Beta features are provided “as is” and may be modified, limited, suspended, or discontinued at any time. Beta features may be unstable, incomplete, or subject to additional limitations.

You should not rely on beta features for critical production use unless Xacy confirms otherwise in writing.

21. Disclaimers

The services are provided on an “as is” and “as available” basis.

To the maximum extent permitted by law, Xacy disclaims all warranties, whether express, implied, statutory, or otherwise, including warranties of merchantability, fitness for a particular purpose, non-infringement, uninterrupted operation, error-free performance, specific speed, specific uptime, specific routing, or availability of any server, country, exit IP, or network path.

Xacy does not guarantee that the services will prevent all security incidents, abuse, censorship, blocking, surveillance, or network restrictions.

22. Limitation of Liability

To the maximum extent permitted by law, Xacy will not be liable for indirect, incidental, special, consequential, exemplary, or punitive damages, including lost profits, lost revenue, loss of customers, business interruption, loss of goodwill, loss of data, service downtime, or cost of substitute services.

To the maximum extent permitted by law, Xacy’s total liability for any claim related to the services will not exceed the amount paid by you to Xacy in the three months before the event giving rise to the claim.

Some jurisdictions do not allow certain limitations of liability, so some limitations may not apply where prohibited by law.

23. Indemnification

You agree to defend, indemnify, and hold harmless Xacy, its affiliates, directors, officers, employees, contractors, providers, and partners from any claims, damages, liabilities, losses, costs, and expenses arising from:

  1. Your use of the services.

  2. Your products, applications, customers, or end users.

  3. Your violation of these Terms.

  4. Your violation of applicable law.

  5. Abuse, fraud, illegal activity, or network harm caused through your account.

  6. Your data, content, configurations, or integrations.

  7. Your misrepresentation of Xacy or the services.

  8. Any claim that your product or service infringes third-party rights.

24. Changes to the Services

Xacy may modify, improve, replace, limit, or discontinue any part of the services at any time.

Where practical, Xacy may provide notice of material changes, but urgent changes may be made immediately for security, abuse prevention, legal compliance, provider requirements, or operational reasons.

25. Changes to These Terms

Xacy may update these Terms from time to time.

If changes are material, Xacy may provide notice by email, dashboard notice, website update, invoice notice, or other reasonable method.

Continued use of the services after updated Terms become effective means you accept the updated Terms.

26. Governing Law

These Terms are governed by the laws of the British Virgin Islands, without regard to conflict-of-law principles.

Unless otherwise required by applicable law or agreed in writing, the courts of the British Virgin Islands will have exclusive jurisdiction over disputes arising from or related to these Terms or the services.

27. Force Majeure

Xacy will not be liable for delay or failure to perform due to events beyond its reasonable control, including natural disasters, war, terrorism, civil unrest, labor disputes, internet failures, data center outages, power failures, cyberattacks, government actions, sanctions, legal restrictions, provider failures, or other force majeure events.

28. Assignment

You may not assign or transfer these Terms without Xacy’s prior written consent.

Xacy may assign or transfer these Terms in connection with a merger, acquisition, restructuring, sale of assets, change of control, or transfer of business operations.

29. Severability

If any provision of these Terms is found invalid or unenforceable, the remaining provisions will remain in effect. The invalid or unenforceable provision will be interpreted as closely as possible to its original intent.

30. Entire Agreement

These Terms, together with any applicable order forms, invoices, service agreements, privacy policies, data processing agreements, acceptable use policies, or written addenda, form the entire agreement between you and Xacy regarding the services.

If there is a conflict between these Terms and a signed written agreement, the signed written agreement will control to the extent of the conflict.

Xacy

Company Registration Number: 2161939

Intershore Chambers, Road Town, Tortola, British Virgin Islands - VG1110.

© 2026 Xacy Inc. All Rights Reserved.

Terms of Service

Privacy Policy