Free Web Hosting Terms and Conditions Template (UK)

What is this document?

This web hosting terms and conditions template is a ready-to-use legal agreement between a hosting provider and its business customers. It sets out the rights and responsibilities of both parties in relation to the provision of web hosting services, including server uptime commitments, data storage, bandwidth allowances, acceptable use policies, and data protection obligations. The template uses clear, plain English and follows current UK legal requirements.

Who needs it?

This template is designed for web hosting companies, IT service providers, digital agencies offering hosting as part of their services, and resellers of hosting services operating under the laws of England and Wales. It is suitable for businesses providing shared hosting, virtual private servers, dedicated servers, managed hosting, or cloud hosting to business clients.

Why is it important?

A well-drafted set of hosting terms and conditions protects both the provider and the customer. It clearly defines service levels so customers know what to expect, limits the provider's liability in the event of outages or data loss, establishes acceptable use rules to prevent misuse of the service, and ensures both parties meet their data protection obligations. Without clear terms, disputes over downtime, data loss, or billing can quickly escalate and become costly.

Key UK legislation

UK General Data Protection Regulation (UK GDPR)Data Protection Act 2018Computer Misuse Act 1990Supply of Goods and Services Act 1982

Template document

Web Hosting Terms and Conditions

This agreement is entered into between [Provider Name] (registered in England and Wales under company number [Company Number]), whose registered office is at [Provider Address] (the "Provider") and the customer identified in the order form or account registration (the "Customer").

These terms and conditions govern the provision of web hosting services by the Provider to the Customer. By placing an order, creating an account, or using the services, the Customer agrees to be bound by these terms.

1. Definitions and Interpretation

1.1 In this agreement, the following definitions apply:

"Acceptable Use Policy" means the rules governing the Customer's use of the services as set out in clause 7.

"Account" means the Customer's hosting account with the Provider.

"Business Day" means any day other than a Saturday, Sunday, or public holiday in England and Wales.

"Confidential Information" means any information disclosed by one party to the other that is marked as confidential or that ought reasonably to be considered confidential.

"Content" means all data, files, software, text, images, and other materials stored on the Provider's servers by or on behalf of the Customer.

"Control Panel" means the web-based interface provided to the Customer for managing the hosting services.

"Data Protection Legislation" means the UK GDPR, the Data Protection Act 2018, and any other applicable data protection laws.

"Fees" means the charges payable by the Customer for the services as set out in the order form or on the Provider's website.

"Hosting Plan" means the specific hosting package selected by the Customer, as described in the order form or on the Provider's website.

"Initial Term" means the initial period of this agreement as specified in the order form, starting on the service commencement date.

"Network" means the Provider's servers, data centre infrastructure, and internet connectivity used to deliver the services.

"Personal Data" has the meaning given to it in the UK GDPR.

"Renewal Term" means each successive period equal in length to the Initial Term following expiry of the Initial Term or any previous Renewal Term.

"Service Level Agreement" or "SLA" means the uptime and performance commitments set out in clause 4.

"Services" means the web hosting services provided by the Provider to the Customer under this agreement.

1.2 References to clauses are to the clauses of this agreement. Headings are for convenience only and do not affect interpretation.

2. Service Description

2.1 The Provider shall provide the Customer with the web hosting services described in the Customer's selected Hosting Plan.

2.2 The services may include, depending on the Hosting Plan: server space, bandwidth, email hosting, database hosting, SSL certificates, domain registration or transfer, control panel access, and such other features as are described in the Hosting Plan.

2.3 The Provider shall use reasonable care and skill in providing the services in accordance with the Supply of Goods and Services Act 1982.

2.4 The Provider reserves the right to change the technical specifications of the services from time to time, provided that any such change does not materially reduce the quality or performance of the services.

3. Account Setup and Access

3.1 To use the services, the Customer must create an account by providing accurate and complete registration information.

3.2 The Provider shall set up the Customer's hosting account within [number] Business Days of receiving payment for the first invoice and all required information from the Customer.

3.3 The Customer is responsible for maintaining the confidentiality of all account login credentials, including passwords and API keys.

3.4 The Customer must notify the Provider immediately if the Customer becomes aware of any unauthorised use of the Customer's account or any breach of security.

3.5 The Customer is responsible for all activity that occurs under the Customer's account, whether or not authorised by the Customer.

4. Service Levels and Uptime

4.1 The Provider shall use commercially reasonable efforts to maintain network uptime of [99.9]% measured on a calendar month basis, excluding scheduled maintenance windows.

4.2 Scheduled maintenance shall be carried out during off-peak hours where reasonably practicable, and the Provider shall give the Customer at least [48] hours' notice of planned maintenance likely to affect the services.

4.3 The uptime commitment in clause 4.1 does not apply to downtime caused by: (a) scheduled maintenance; (b) circumstances beyond the Provider's reasonable control (see clause 19); (c) the Customer's acts or omissions; (d) failure of third-party systems or services not under the Provider's control; or (e) DNS propagation issues.

4.4 If the Provider fails to meet the uptime commitment in clause 4.1 in any calendar month, the Customer may request a service credit equal to [5]% of the monthly fee for each full [1]% of downtime below the guaranteed uptime level, up to a maximum credit of [100]% of the monthly fee for that month.

4.5 Service credits are the Customer's sole and exclusive remedy for the Provider's failure to meet the uptime commitment. To claim a credit, the Customer must submit a written request within [30] days of the end of the affected month.

5. Bandwidth and Storage

5.1 The Customer's Hosting Plan includes the bandwidth and storage allowances specified in the plan details.

5.2 If the Customer exceeds the bandwidth or storage allowance included in the Hosting Plan, the Provider may: (a) charge the Customer for the excess usage at the rates specified on the Provider's website or in the order form; (b) throttle the Customer's bandwidth; or (c) require the Customer to upgrade to a higher-tier Hosting Plan.

5.3 The Provider shall notify the Customer when usage reaches [80]% of the allocated bandwidth or storage allowance for the billing period.

6. Customer Obligations

6.1 The Customer shall: (a) comply with all applicable laws and regulations in connection with the use of the services; (b) ensure that all Content stored on the Provider's servers is lawful and does not infringe any third party's intellectual property rights; (c) keep all software installed on the hosting account up to date with security patches; (d) maintain current and accurate contact information in the account; and (e) co-operate with the Provider in all matters relating to the services.

6.2 The Customer acknowledges that the Provider does not monitor or review the Content stored on its servers and that the Customer is solely responsible for all Content.

7. Acceptable Use Policy

7.1 The Customer shall not use the services to: (a) store, distribute, or transmit any material that is unlawful, harmful, threatening, abusive, defamatory, obscene, or otherwise objectionable; (b) store, distribute, or transmit any material that infringes any intellectual property right, privacy right, or other right of any third party; (c) send unsolicited bulk email (spam), operate mailing lists without proper consent mechanisms, or engage in any form of email abuse; (d) host phishing websites, malware, spyware, or any other malicious software; (e) attempt to gain unauthorised access to any computer system, network, or data, in breach of the Computer Misuse Act 1990; (f) carry out denial-of-service attacks or any activity that disrupts the Provider's network or other customers' services; (g) run cryptocurrency mining software or other processes that consume excessive server resources; (h) host adult content, unless the Hosting Plan expressly permits this; or (i) engage in any activity that is illegal under the laws of England and Wales.

7.2 The Provider may investigate any suspected breach of this clause 7. If the Provider reasonably determines that a breach has occurred, the Provider may take any action it considers appropriate, including suspending or terminating the Customer's account in accordance with clause 13.

8. Data Backup

8.1 The Provider shall perform [daily/weekly] backups of the Customer's Content and retain backup copies for a period of [number] days.

8.2 Backups are provided as a courtesy and the Provider does not guarantee the completeness, accuracy, or availability of any backup.

8.3 The Customer is solely responsible for maintaining independent backups of all Content. The Provider strongly recommends that the Customer maintains its own regular backup routine.

8.4 The Provider shall make reasonable efforts to restore Content from backup at the Customer's request. A restoration fee of [amount] may apply.

9. Security

9.1 The Provider shall implement and maintain reasonable technical and organisational measures to protect the Network and the services against unauthorised access, data loss, and other security threats.

9.2 These measures shall include, as appropriate: (a) firewalls and intrusion detection systems; (b) regular security updates and patching of Provider-managed systems; (c) physical security at the data centre; (d) access controls restricting access to the Provider's systems to authorised personnel; and (e) encryption of data in transit using industry-standard protocols.

9.3 The Customer is responsible for the security of the Customer's own applications, scripts, and Content hosted on the services.

9.4 The Provider shall notify the Customer without undue delay upon becoming aware of any security breach affecting the Customer's data.

10. Data Protection

10.1 Both parties shall comply with the Data Protection Legislation in connection with this agreement.

10.2 To the extent that the Provider processes Personal Data on behalf of the Customer in connection with the services, the Provider shall act as a data processor and the Customer shall act as the data controller (or data processor, as applicable).

10.3 The Provider shall process Personal Data only on documented instructions from the Customer, including with regard to transfers of Personal Data outside the United Kingdom, unless required to do so by law.

10.4 The Provider shall: (a) ensure that persons authorised to process Personal Data have committed themselves to confidentiality; (b) implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk; (c) not engage another processor without prior specific or general written authorisation of the Customer; (d) assist the Customer in responding to requests from data subjects exercising their rights under the Data Protection Legislation; (e) assist the Customer in ensuring compliance with the obligations relating to security of processing, notification of personal data breaches, data protection impact assessments, and prior consultation; (f) at the Customer's choice, delete or return all Personal Data to the Customer after the end of the provision of services; and (g) make available to the Customer all information necessary to demonstrate compliance with the obligations set out in this clause and allow for and contribute to audits.

10.5 The Provider's data centre is located at [Data Centre Location]. The Provider shall not transfer Personal Data outside the United Kingdom without the Customer's prior written consent and without ensuring that appropriate safeguards are in place in accordance with the Data Protection Legislation.

11. Intellectual Property

11.1 All intellectual property rights in the Customer's Content remain the property of the Customer or the Customer's licensors.

11.2 All intellectual property rights in the Provider's systems, software, network infrastructure, and any materials provided by the Provider remain the property of the Provider.

11.3 The Customer grants the Provider a non-exclusive, royalty-free licence to store, copy, transmit, and display the Customer's Content solely to the extent necessary to provide the services.

12. Fees and Payment

12.1 The Customer shall pay the Fees specified in the order form, on the Provider's website, or in the Customer's account. All Fees are stated exclusive of VAT unless otherwise indicated.

12.2 The Provider shall invoice the Customer [monthly/annually] in advance. Payment is due within [14] days of the date of the invoice, or by the due date specified on the invoice.

12.3 All payments shall be made by [bank transfer, direct debit, credit card, or such other method as the Provider may accept].

12.4 If the Customer fails to make any payment when due, the Provider may: (a) charge interest on the overdue amount at the rate of [4]% per annum above the Bank of England base rate from time to time, calculated on a daily basis from the due date until actual payment; (b) suspend the services in accordance with clause 13; or (c) both.

12.5 The Provider may increase the Fees at any time by giving the Customer at least [30] days' written notice. If the Customer does not accept the increase, the Customer may terminate this agreement by giving notice before the new fees take effect.

13. Suspension of Services

13.1 The Provider may suspend the services immediately, without liability, if: (a) the Customer fails to pay any amount due under this agreement and the payment remains outstanding for [7] days after the due date; (b) the Customer breaches clause 7 (Acceptable Use Policy); (c) the Customer's use of the services poses a security risk to the Network or to other customers; (d) suspension is required by law, by a court order, or by a regulatory authority; or (e) the Provider reasonably believes that the Customer's account has been compromised.

13.2 The Provider shall give the Customer as much notice as is reasonably practicable before suspending the services, unless immediate suspension is necessary to protect the Network, comply with the law, or prevent harm to third parties.

13.3 The Provider shall restore the services as soon as reasonably practicable after the reason for suspension has been resolved.

14. Term and Termination

14.1 This agreement shall commence on the date the Customer's account is activated and shall continue for the Initial Term. After the Initial Term, this agreement shall automatically renew for successive Renewal Terms unless either party gives the other at least [30] days' written notice of termination before the end of the then-current term.

14.2 Either party may terminate this agreement immediately by giving written notice to the other party if: (a) the other party commits a material breach of this agreement and, where the breach is capable of remedy, fails to remedy it within [14] days of receiving written notice requiring it to do so; (b) the other party becomes insolvent, enters into administration, liquidation, or receivership, or makes any arrangement with its creditors; or (c) the other party ceases or threatens to cease carrying on business.

14.3 The Provider may terminate this agreement immediately by giving written notice if the Customer breaches clause 7 (Acceptable Use Policy) and the breach is, in the Provider's reasonable opinion, serious or persistent.

15. Effects of Termination

15.1 Upon termination or expiry of this agreement, the Provider shall continue to store the Customer's Content for a period of [30] days (the "Retrieval Period") to allow the Customer to retrieve the Content.

15.2 During the Retrieval Period, the Customer may download the Content through the Control Panel or request that the Provider provides a copy of the Content in a standard format. The Provider may charge a reasonable fee for providing such a copy.

15.3 After the Retrieval Period, the Provider shall delete all Content from its servers and shall have no further obligation to store or make available the Content, except to the extent that the Provider is required by law to retain any data.

15.4 Termination or expiry of this agreement shall not affect: (a) any rights or liabilities that have accrued before termination; (b) the coming into force or continuation of any clause that is expressly or by implication intended to come into force or continue after termination, including clauses 10, 11, 16, 17, and 20.

15.5 Any Fees paid in advance for the period after the effective date of termination shall be refunded on a pro-rata basis, except where termination is due to the Customer's breach of this agreement.

16. Limitation of Liability

16.1 Nothing in this agreement limits or excludes either party's liability for: (a) death or personal injury caused by its negligence; (b) fraud or fraudulent misrepresentation; or (c) any other liability that cannot be limited or excluded by applicable law.

16.2 Subject to clause 16.1, the Provider shall not be liable to the Customer, whether in contract, tort (including negligence), breach of statutory duty, or otherwise, for: (a) any loss of profits, revenue, business, or anticipated savings; (b) any loss of data or corruption of data; (c) any loss of goodwill or reputation; (d) any indirect, special, or consequential loss; or (e) any loss arising from the Customer's failure to maintain independent backups of the Content.

16.3 Subject to clause 16.1, the Provider's total aggregate liability to the Customer in respect of all claims arising under or in connection with this agreement in any twelve-month period shall not exceed an amount equal to the total Fees paid by the Customer in the twelve-month period immediately preceding the date on which the first claim arose.

17. Indemnification

17.1 The Customer shall indemnify and hold harmless the Provider against all claims, losses, damages, costs, and expenses (including reasonable legal fees) arising out of or in connection with: (a) the Customer's Content; (b) the Customer's breach of clause 7 (Acceptable Use Policy); (c) the Customer's breach of any applicable law or regulation; or (d) any third-party claim relating to the Customer's use of the services.

18. Complaints

18.1 If the Customer wishes to make a complaint about the services, the Customer should contact the Provider at [complaints email address].

18.2 The Provider shall acknowledge complaints within [2] Business Days and shall use reasonable efforts to resolve complaints within [10] Business Days.

19. Force Majeure

19.1 Neither party shall be liable for any failure or delay in performing its obligations under this agreement to the extent that the failure or delay is caused by a Force Majeure Event.

19.2 A "Force Majeure Event" means any event beyond the reasonable control of the affected party, including but not limited to: acts of God, fire, flood, earthquake, storm, or other natural disaster; epidemic or pandemic; war, terrorism, riot, or civil unrest; government action, sanctions, or embargo; power failure; failure of telecommunications networks or internet services not caused by the affected party; and cyberattack affecting the wider internet infrastructure.

19.3 The affected party shall notify the other party as soon as reasonably practicable of the Force Majeure Event and shall use reasonable efforts to mitigate its effects.

19.4 If a Force Majeure Event continues for more than [60] days, either party may terminate this agreement by giving [14] days' written notice to the other party.

20. Notices

20.1 Any notice given under this agreement shall be in writing and may be delivered: (a) by hand or by pre-paid first-class post to the registered office or principal place of business of the other party; or (b) by email to the email address specified in the order form or account details.

20.2 A notice shall be deemed received: (a) if delivered by hand, at the time of delivery; (b) if sent by pre-paid first-class post, at 9:00am on the second Business Day after posting; or (c) if sent by email, at the time of transmission, provided no delivery failure notification is received.

21. Variation

21.1 The Provider may update these terms and conditions from time to time. The Provider shall give the Customer at least [30] days' written notice of any material changes.

21.2 If the Customer does not agree to the updated terms, the Customer may terminate this agreement by giving written notice before the updated terms take effect. Continued use of the services after the updated terms take effect constitutes acceptance of the updated terms.

21.3 No other variation of this agreement shall be effective unless it is in writing and signed by or on behalf of both parties.

22. General

22.1 This agreement constitutes the entire agreement between the parties in relation to its subject matter and supersedes all previous agreements, understandings, and arrangements between the parties, whether written or oral.

22.2 The Customer may not assign or transfer any rights or obligations under this agreement without the Provider's prior written consent. The Provider may assign this agreement to any successor to its business or assets.

22.3 A waiver of any right or remedy under this agreement is only effective if given in writing and shall not be deemed a waiver of any subsequent right or remedy.

22.4 If any provision of this agreement is found by any court or authority to be invalid or unenforceable, the remaining provisions shall continue in full force and effect.

22.5 Nothing in this agreement is intended to create a partnership, agency relationship, or joint venture between the parties.

22.6 A person who is not a party to this agreement shall not have any rights under the Contracts (Rights of Third Parties) Act 1999 to enforce any of its terms.

23. Governing Law and Jurisdiction

23.1 This agreement and any dispute or claim arising out of or in connection with it or its subject matter or formation (including non-contractual disputes or claims) shall be governed by and construed in accordance with the laws of England and Wales.

23.2 The courts of England and Wales shall have exclusive jurisdiction to settle any dispute or claim arising out of or in connection with this agreement or its subject matter or formation.

This document was created using a template from website-contracts.co.uk

Clause-by-clause guide

Plain English explanations of the key sections.

Clause 4 sets out the Provider's uptime commitment, typically expressed as a percentage of availability per calendar month. The placeholder default is 99.9%, which is a common industry standard. You should set this figure based on what your infrastructure can realistically deliver. The clause also provides for service credits as the sole remedy for downtime, which is standard practice in the hosting industry and helps to cap your exposure.

Clause 7 defines what the Customer may and may not do with the hosting services. This is one of the most important clauses for a hosting provider because it gives you the right to suspend or terminate accounts that cause problems. The prohibited activities listed include sending spam, hosting malware, attempting unauthorised access to systems (which is a criminal offence under the Computer Misuse Act 1990), and hosting illegal content. You should review this list and adjust it to match the types of hosting you offer.

Clause 8 makes clear that while the Provider may perform backups, the Customer is ultimately responsible for maintaining independent copies of their data. This is essential because it limits your liability if backups fail or are incomplete. You should fill in the backup frequency and retention period to match your actual backup schedule.

Clause 10 addresses data protection obligations under the UK GDPR and the Data Protection Act 2018. As a hosting provider, you will typically act as a data processor for your customers. This clause sets out the minimum requirements for a data processing agreement as required by Article 28 of the UK GDPR. You should ensure that the data centre location is accurate and that you have appropriate safeguards in place for any international data transfers.

Clause 12 deals with how and when the Customer pays for the services. It includes provision for interest on late payments and the right to suspend services for non-payment. It also gives you the right to increase prices with notice. You should set the payment terms, billing cycle, and interest rate to match your business practices.

Clause 16 is critical for managing the Provider's risk. It excludes liability for indirect and consequential losses, including loss of data and loss of profits, and caps total liability at the fees paid in the preceding twelve months. The exclusions do not apply to liability for death, personal injury, or fraud, as these cannot be excluded under English law. You should review the liability cap to ensure it is appropriate for the value of your hosting contracts.

Frequently asked questions

Not necessarily. This template is designed to work across different types of hosting, including shared, VPS, dedicated, and cloud hosting. The specific details of each hosting plan, such as storage, bandwidth, and pricing, can be set out in the order form or on your website, with these terms and conditions applying as the overarching legal framework. However, if you offer significantly different service types with very different risk profiles, you may want to create separate terms or add service-specific schedules.

The most common industry standard is 99.9% uptime, which allows for approximately 43 minutes of downtime per month. Some providers offer 99.95% or even 99.99%. You should set a figure that your infrastructure can realistically achieve on a consistent basis. Promising more than you can deliver creates legal risk, while a reasonable guarantee builds trust with customers. Remember that the SLA excludes scheduled maintenance and events outside your control.

The data protection clause in this template includes the key provisions required by Article 28 of the UK GDPR for a data processing agreement. However, compliance with data protection law depends on your specific circumstances, including what personal data you process, where your data centres are located, and whether you use sub-processors. You should review the data protection clause carefully, fill in the specific details for your business, and consider taking specialist legal advice if you process large volumes of personal data or sensitive data.

Yes, but you will need to ensure that appropriate safeguards are in place for international data transfers in accordance with the UK GDPR. If your data centre is in a country that does not have an adequacy decision from the UK government, you will need to put in place additional transfer mechanisms such as standard contractual clauses. The data protection clause in this template requires you to specify the data centre location and obtain the customer's consent before transferring data abroad.

The template gives you the right to investigate suspected breaches and to suspend or terminate the customer's account. In practice, for minor or first-time breaches, it is usually best to contact the customer first and give them an opportunity to remedy the issue. For serious breaches, such as hosting malware, sending spam, or illegal activity, you may need to suspend the account immediately to protect your network and other customers. You should document your actions and keep records of any breaches.

Under English law, limitation of liability clauses in business-to-business contracts are generally enforceable provided they are reasonable. The clause in this template excludes liability that cannot lawfully be excluded (death, personal injury, fraud) and caps other liability at the fees paid in the preceding twelve months. Courts will consider whether the clause was freely negotiated, whether the parties had equal bargaining power, and whether the cap is proportionate. For high-value customers, you may wish to negotiate the cap on a case-by-case basis.