This Acceptable Use Policy (“AUP”) governs the use of all services provided by Digital Network Access Communications Inc. d/b/a DNA Communications (“DNA”), including but not limited to internet access, voice services, telecommunications services, transport services, managed services, hosted services, data storage, backup services, security services, and any hosted or colocated equipment (collectively, the “Services”).
This AUP applies to all customers, users, employees, contractors, administrators, agents, and any third parties accessing or using the Services through a customer account. Customers are responsible for the compliance of all such individuals.
DNA is a competitive local exchange carrier (“CLEC”) and is subject to applicable federal and state telecommunications regulations. Use of the Services must comply with all applicable laws and regulatory requirements.
DNA will maintain the then-current version of this AUP on its website. The applicable version is the version in effect at the time of the relevant use of the Services, except to the extent a written agreement expressly provides otherwise. Prior versions may be archived and made available upon request.
Customers must use the Services:
Customers are responsible for all activity occurring under their accounts, including activity by their employees, contractors, and authorized users.
Wholesale and Reseller Customers. Customers who resell or otherwise provide the Services to end users (“Resellers”) are solely responsible for the compliance of their downstream users with this AUP. DNA may hold the Reseller’s account responsible for any AUP violation by a downstream user, regardless of whether the Reseller has imposed equivalent obligations on that user. DNA reserves the right to enforce this AUP directly against the Reseller account of record without regard to any downstream arrangement. Upon DNA’s request, the Reseller shall promptly cooperate with DNA’s investigation of any suspected violation, provide information about the relevant downstream user or activity to the extent legally permissible, and suspend or terminate access for any downstream user or traffic source that DNA has identified as the source of a violation, to the extent legally and technically feasible.
The following activities are strictly prohibited:
Child Exploitation Reporting. DNA may immediately suspend or terminate Services, and may remove, preserve, or block access to material or account information, where DNA obtains actual knowledge of facts or circumstances indicating CSAM or related violations. DNA will report such material or information to the National Center for Missing and Exploited Children (“NCMEC”) CyberTipline where required by law, including 18 U.S.C. § 2258A, and may report to law enforcement or other authorities where permitted by applicable law. Such action may be taken without prior notice to the customer. Nothing in this AUP requires DNA to affirmatively monitor, screen, or search customer content except as required by applicable law.
Multi-Line Telephone Systems. Customers operating, managing, administering, or controlling a multi-line telephone system (“MLTS”) — including hosted PBX, UCaaS, or SIP trunking configurations where customer equipment, customer administration, customer locations, customer endpoints, or customer-provided data affect emergency calling — are responsible, to the extent within their control, for complying with applicable MLTS requirements, including direct 911 dialing access, required notifications, accurate callback information, and dispatchable-location accuracy per extension as required by Kari’s Law, RAY BAUM’S Act, and other applicable law. DNA’s E911 routing may depend on location, endpoint, callback, and user information provided or maintained by the customer. Customers must provide and maintain accurate information required for emergency calling. Nothing in this AUP limits any non-waivable emergency-service obligation imposed on DNA by applicable law. Detailed E911 obligations for specific services are governed by the applicable Service Schedule.
DNA may cooperate with lawful requests from regulatory authorities and law enforcement as required by applicable law.
Where Services involve hosted or colocated equipment or physical access to DNA facilities or third-party facilities used by DNA, the following are prohibited:
This AUP does not grant any physical access rights. Physical access rights, if any, are governed solely by an applicable Facility Schedule or Service Order.
Customers must ensure that their employees, agents, contractors, and authorized users interact with DNA personnel in a lawful and professional manner. A single credible threat, act of intimidation, stalking, discriminatory harassment, or conduct creating a safety or security risk constitutes a material violation of this AUP. Sustained, directed, or repeated verbal abuse or harassment also constitutes a material violation.
Upon any such violation, and subject to Section 6, DNA may restrict or suspend Services; require that all future customer interactions with DNA be conducted in writing only; or terminate the customer’s service agreement. Where DNA reasonably determines that conduct presents a safety, security, legal, or operational risk, DNA may act immediately under Section 6.1 without prior notice.
Customers using DNA’s internet access, hosting, VM hosting, email or domain hosting, backup, storage, or colocation services may not:
Copyright and Repeat Infringers. DNA may remove, block, disable access to, suspend, or terminate Services associated with alleged or actual copyright infringement. DNA may terminate, in appropriate circumstances, accounts of customers or downstream users who are repeat copyright infringers. Customers may not interfere with standard technical measures used by copyright owners to identify or protect copyrighted works as contemplated by 17 U.S.C. § 512. Copyright complaints and takedown notices must be submitted in accordance with DNA’s posted Copyright and DMCA Policy.
Customers may not use, export, re-export, transfer, or make the Services available in violation of U.S. export controls, sanctions, embargoes, restricted-party rules, or similar trade-control laws, including regulations administered by the U.S. Department of Commerce, the U.S. Department of the Treasury Office of Foreign Assets Control (“OFAC”), and the U.S. Department of State.
Customers are solely responsible for:
Recording, Monitoring, and Surveillance. Customers who use the Services for call recording, voicemail recording, transcription, monitoring, hosted video, audio capture, analytics, surveillance, or similar activities are solely responsible for providing all legally required notices and obtaining all legally required consents. This includes compliance with the Illinois Eavesdropping Act, 720 ILCS 5/14-1 et seq., and any other applicable federal, state, local, or international recording, wiretap, eavesdropping, privacy, workplace-monitoring, surveillance, and data-protection laws. This obligation applies regardless of whether calls or communications cross state lines.
HIPAA and Electronic Protected Health Information. DNA’s standard services are not designed, configured, or warranted for the creation, receipt, maintenance, storage, processing, or transmission of electronic protected health information (“ePHI”) subject to the Health Insurance Portability and Accountability Act (“HIPAA”). Customers that are covered entities or business associates under HIPAA may not use DNA’s standard hosted, managed, storage, backup, email, VM, or similar services to create, receive, maintain, store, process, or transmit ePHI unless DNA has expressly agreed in a signed, written service addendum and the parties have executed a Business Associate Agreement (“BAA”). DNA does not offer BAAs for standard service offerings. Customers are solely responsible for determining whether their use of the Services requires a BAA or other HIPAA controls, and must not use the Services in a manner that would cause DNA to become a business associate without DNA’s prior written agreement. DNA makes no representation that its standard services satisfy any HIPAA requirement.
Biometric Data. To the extent the customer deploys, controls, configures, or uses the Services in connection with the customer’s collection, storage, transmission, or processing of biometric identifiers or biometric information as defined under applicable law, the customer is solely responsible for compliance with the Illinois Biometric Information Privacy Act, 740 ILCS 14/, and all other applicable biometric data privacy laws, including providing required notices, obtaining required written consents, and maintaining required retention and destruction policies. This paragraph does not apply to biometric systems that DNA independently controls for DNA’s own facility security or access-management purposes, which are governed by DNA’s applicable privacy, biometric, or facility access policies.
Regulated Data Generally. Customers may not use DNA’s standard hosted, managed, storage, backup, email, VM, colocation-support, security, or similar services to store, process, host, maintain, or intentionally make available regulated data categories — including ePHI, payment card data subject to PCI DSS, government-classified information, or export-controlled technical data — unless the applicable Service Schedule expressly authorizes that use and the parties have executed any required written addendum or compliance agreement. This restriction does not prohibit ordinary encrypted transmission of customer-selected traffic over DNA internet access, transport, or other conduit services, provided that DNA is not engaged to host, store, manage, inspect, process, or secure that regulated data as part of the applicable Service.
Nothing in this AUP limits DNA’s rights, as described in the MSA, applicable Service Schedules, Privacy Policy, or other applicable policies, to perform lawful operational, security, abuse-prevention, network-management, signaling, fraud-prevention, regulatory-compliance, or service-delivery activities, subject to applicable law.
Subject to applicable law — including customer proprietary network information (“CPNI”) requirements under 47 U.S.C. § 222, the Stored Communications Act, CALEA, applicable privacy and data-protection laws, and any other applicable federal or state legal constraints — DNA may preserve, disclose, or provide customer information, account information, traffic data, signaling information, content, records, facilities, or assistance when required or permitted by applicable law, subpoena, warrant, court order, regulatory directive, emergency request, lawful intercept obligation, NCMEC CyberTipline report, or other valid legal process.
DNA will provide notice to customers of such disclosures only to the extent required or permitted by law and where DNA determines that notice would not violate legal process, compromise an investigation, create a safety or security risk, or interfere with DNA’s legal or regulatory obligations.
DNA may suspend Services immediately and without prior notice where DNA determines, in its reasonable discretion, that suspension is necessary to:
For violations of this AUP that do not require immediate action under Section 6.1, DNA will provide written notice identifying the violation and a reasonable opportunity to cure. The standard cure period is ten (10) days from the date of written notice. DNA may, in its reasonable discretion, shorten the cure period where the nature, recurrence, operational impact, regulatory risk, or third-party impact of the violation warrants faster action. If the violation is not cured within the applicable cure period, DNA may suspend or terminate Services without further notice.
In addition to suspension or termination, DNA may:
Enforcement actions taken under this Section:
Enforcement under this Section is subject to applicable law, ICC and FCC regulatory requirements, and any mandatory notice, emergency-service, or discontinuance procedures applicable to a particular regulated Service.
DNA’s election not to enforce this AUP in any particular instance does not waive DNA’s right to enforce this AUP later or against any other customer. DNA may make enforcement decisions based on the facts and circumstances known to DNA at the time, including severity, recurrence, risk, regulatory obligations, and operational feasibility. No enforcement decision creates an obligation of identical or uniform enforcement.
This AUP is incorporated by reference into DNA’s Master Services Agreement (“MSA”) and governs all Services provided thereunder. In the event of any conflict, the following order of precedence applies:
A Service Order does not override a Schedule or the MSA with respect to liability, indemnification, warranties, or other legal and risk terms. A Service Order may override only the commercial and transactional terms expressly stated in that Service Order.
Notwithstanding the foregoing order of precedence, the suspension rights and enforcement timelines set forth in Section 6 of this AUP control for AUP violations, regardless of general default or termination timelines in the MSA, except to the extent applicable law, tariffs, or ICC or FCC regulatory requirements mandate a different procedure for a particular regulated Service.
If this AUP conflicts with another incorporated policy, the policy more specifically addressing the subject matter controls. For privacy, CPNI, monitoring, and data-handling disclosures, the Privacy Policy and applicable privacy terms control over this AUP.
This AUP does not modify pricing, service commitments, or SLA obligations, which are governed exclusively by the MSA and applicable Service Orders and Schedules.
DNA may modify this AUP from time to time by posting an updated version with an updated effective date. Changes will not apply retroactively. For material changes, DNA will provide at least thirty (30) days’ advance notice by email to the customer’s account administrator, customer portal notice, or invoice notice. DNA may also post updated versions on its website, but website posting alone does not constitute notice of a material change to existing customers. A revised AUP will not modify pricing, term length, SLA obligations, warranties, indemnities, limitations of liability, dispute-resolution provisions, or other legal and risk terms except to the extent expressly permitted by the MSA and applicable Schedules.
Continued use of the Services after the effective date of a revised AUP constitutes acceptance of the revised terms. Customers who object to a material change must notify DNA before the effective date. The customer’s rights, if any, to terminate or avoid a material change are governed by the MSA and applicable Service Orders or Schedules.
Digital Network Access Communications Inc. d/b/a DNA Communications
This policy is incorporated by reference into all DNA service agreements.
