Vultr is now claiming full perpetual commercial rights over all hosted content

Problematic ToS Clause

  • Main focus is a Vultr ToS clause granting the company a perpetual, irrevocable, sublicensable, royalty‑free worldwide license over “user content,” including rights to modify, create derivative works, distribute, and “commercialize” it.
  • Clause ends with “for purposes of providing the Services to you,” but also says “in any way [Vultr] deems appropriate,” which many see as contradictory and dangerously broad.

Interpretations and Legal Debates

  • One camp argues this is standard service-provider boilerplate to legally allow caching, CDN, backups, and similar operations.
  • Others counter that phrases like “perpetual,” “irrevocable,” “commercialize,” and “any way deemed appropriate” go far beyond what is technically necessary.
  • EU‑based commenters say such ToS terms would likely be unenforceable or heavily limited there, but note that legal unenforceability does not prevent misuse or data leaks in practice.
  • Debate over whether “Services” and “User Content” refer only to public community content (forums, marketplace) or also to all data on hosted VMs; text is seen as ambiguous.

Privacy, AI, and Data Use Concerns

  • Strong concern that Vultr could use private data (e.g., SaaS customer data, Nextcloud instances, legal documents, photos) for AI training, resale, or other commercial uses.
  • Some see this as part of a wider trend where hosted data is treated as free input for AI or advertising, even in paid services.

Technical Limits of Protecting VPS Data

  • Discussion notes that encrypting disks on a VPS does not protect against a hostile provider: snapshots can include RAM (and keys), and decrypted data can be inspected in-flight.
  • Conclusion: if you don’t trust the provider, you should self‑host or only send encrypted backups where keys never touch the VPS.

Customer Reactions and Alternatives

  • Several users report planning or starting migrations to other hosts (Hetzner, Linode, DigitalOcean, smaller VPS providers).
  • Hetzner is praised for price and performance but criticized as “ban‑happy” and sometimes unfriendly in support.
  • Some argue that all cloud use ultimately requires trust; others now view Vultr as too risky regardless of legal nuance.

Vultr’s Response and ToS Change

  • Later in the thread, it’s noted that Vultr removed the controversial sentence and published a statement claiming it was meant only for public community content.
  • Many remain skeptical, seeing this as backtracking under pressure rather than evidence of benign intent, and worry it could quietly return.

Broader Reflections on ToS and Legalese

  • Strong sentiment that ToS are too long, vague, and one‑sided for non‑lawyers who must still “agree.”
  • Calls for regulation or norms requiring plain‑language summaries, clearer scoping (e.g., “only what’s technically necessary”), and penalties for overreaching clauses.
  • Some appreciate the backlash as a useful deterrent against stuffing maximalist rights into boilerplate contracts.