---
layout: handbook-page-toc
title: Acceptable Use Policy Violations
category: Security
---

## On this page
{:.no_toc .hidden-md .hidden-lg}

- TOC
{:toc .hidden-md .hidden-lg}

### When violations are identified that we do not yet have a process for dealing with.

1. Create a private issue, because we will inevitably discuss usernames
   or email addresses in it.
1. Copy/Paste the following markdown to create a checklist.

```
1. [ ] Determine if we need to set a specific limit to prevent this type of abuse.
1. [ ] If we do decide to add a limit, communicate it [here](/pricing#gitlab-com)
1. [ ] Determine what to do to make sure users abide by the limit, if a GitLab
   feature is required to enforce this automatically, create a feature request,
   probably on [EE](https://gitlab.com/gitlab-org/gitlab-ee/issues)
1. [ ] Determine what to do with the current users, if nothing, stop here,
   if we will be asking them to take action or have data deleted, please follow
   the user data deletion checklist carefully.
```

### Only delete user data after carefully following this process

1. Create a private issue or add this to an existing private issue, because we
   will inevitably discuss usernames or email addresses in it.
1. Copy/Paste the following markdown to create a checklist.

```
1. [ ] Get a list of all the offending user accounts, email addresses and
   projects from someone on the Infrastructure team or from a senior Support Engineer.
1. [ ] Ask the Marketing Operations Manager to help, or assign someone to help
   you send out the campaign. Arrange with them if they decide to add you to Marketo
   or if they want to just send it for you.
1. [ ] Sent out a first warning, explaining why it was considered resource abuse.
   With a link to our Acceptable Use Policy. Include a date, 3 weeks in the
   future, when resources will be deleted, and what can be done to come within
   our fair use policy and prevent deletion.
1. [ ] Send a second warning, two weeks later, one week before deletion.
1. [ ] Only 3 weeks after the first warning, and one week after the second
   warning went out, work carefully on a list of resources that needs to be
   deleted. Make sure that we don't accidentally delete a resource where the user
   made changes to prevent deletion. If you need help from someone on the
   infrastructure team or a senior Support Engineer, ask for their help with
   **Compiling A List of things that needs to be deleted**, do not send them
   the original list and ask to delete under certain conditions. A
   miscommunication here could be catastrophic for our users, so just do it in
   two steps.
1. [ ] Get someone to delete the resources that need to go.
```