Terms of
service

1. Applicability

1.1 These General Terms and Conditions apply to all offers and agreements between Stategraph and Customer unless expressly agreed otherwise in writing. Provisions or conditions set by Customer that deviate from, supplement, or are not included in these General Terms and Conditions shall only apply to Stategraph if and in so far as they have been expressly agreed to in writing by Stategraph. The applicability of any of Customer's purchase or other terms is explicitly excluded.

1.2 Without prejudice to the provisions of this article, the provisions of these General Terms and Conditions prevail if a conflict should arise about any of the arrangements made by parties. Parties may agree to supplementary or adjusted conditions in the Services Agreement or in a Master Services Agreement. In such cases, the conditions in the Master Services Agreement take precedence over the Services Agreement, and the Services Agreement takes precedence over these General Terms and Conditions. In the event of a conflict between the provisions of different sections of these General Terms and Conditions, the provisions of a prior section apply unless parties have explicitly agreed otherwise.

2. Definitions

2.1 Stategraph: Terrateam B.V., trading under the name Stategraph, with its registered office at Bickerswerf 19, 1013 KV Amsterdam, Chamber of Commerce number 89161955.

2.2 Stategraph Cloud: A hosted version of the Software operated by Stategraph on infrastructure managed by Stategraph, granting Customer access to the Services via a managed cloud platform. Stategraph Cloud is provided on a multi-tenant basis for the Free Plan and on a single-tenant basis for all paid Plans. Stategraph Cloud is hosted in the United States via Northflank as a sub-processor. Stategraph Cloud is available on the Free, Starter, Professional, and Enterprise Plans.

2.3 Stategraph Self-Hosted: The Services provided on-premise via a self-hosted deployment on the own infrastructure of Customer of the Software with access to the features included in the applicable Plan, regular updates to ensure the latest features and security patches, ongoing support to address any issues, and installation support to assist with setting up the Software. Stategraph Self-Hosted is available on the Free and Enterprise Plans only.

2.4 Customer: The legal entity that has concluded an Agreement with Stategraph or to whom Stategraph has issued an offer for this purpose, or that has installed, accessed, or used the Software under the Free Plan.

2.5 General Terms and Conditions: The provisions contained in these Stategraph General Terms and Conditions.

2.6 Services: The services provided by Stategraph to Customer that are described in the Agreement and can include the Software, Stategraph Cloud, Stategraph Self-Hosted, Stategraph BYOC, support, and any other services made available by Stategraph. The Software acts as a control plane for infrastructure as code, replacing the Terraform state file with a PostgreSQL-backed dependency graph and providing parallel plan and apply, resource-level locking, multi-state transactions, queryable inventory, and GitOps orchestration.

2.7 Software: The Stategraph software product, including its server components, command-line interface (stategraph), provider plugins, APIs, and any updates or modifications made available by Stategraph.

2.8 IPR: Intellectual property rights as mentioned hereafter: (a) patents, utility models, designs, copyrights (including software rights), database rights, semiconductor topography rights, trademarks, company trademarks, trade secrets, know-how, and all other intellectual and/or industrial property rights; (b) any registration or application for registration of any of the goods referred to in (a).

2.9 Agreement: The agreement between Stategraph and Customer subject to which Stategraph shall perform the Services consisting of these General Terms and Conditions, the Services Agreement, the SLA, and any applicable Master Services Agreement.

2.10 Services Agreement: The agreement which contains (a description of): the choice between Stategraph Self-Hosted, Stategraph Cloud, or Stategraph BYOC, the choice of Plan (Free, Starter, Professional, or Enterprise) and any BIU packs purchased, the choice for the kind of SLA and the corresponding fees. Furthermore, this agreement mentions the term of the Agreement if this deviates from the term stated in the General Terms and Conditions.

2.11 SLA: The Stategraph Service Level Agreement on support with a retainer including a number of hours (and a possibility to purchase more hours), possibly also consisting of, e.g., custom development and feature requests, cloud migration assistance, and workflow design.

2.12 Content: All data and information held by Customer which is transferred by Customer to or processed by the Software in connection with the Services, including Terraform/OpenTofu state, plans, and HCL.

2.13 Confidential Information: Any information disclosed by a party that is designated as confidential in writing or would appear to a reasonable person to be confidential and that relates to a party's business including its financial information, products, procedures, processes, plans or intentions, developments, trade secrets, know-how, design rights, market opportunities, personnel, customers, and/or Stategraph Customer, and any information derived from it. Stategraph's Confidential Information includes the non-public portions of the Software, the Documentation, the source code, pricing, and product roadmap.

2.14 Plan: The subscription tier purchased by Customer, currently one of: Free, Starter, Professional, or Enterprise, as described at https://stategraph.com/pricing.

2.15 BIU: A Billable Infrastructure Unit, the metering unit used by Stategraph to count chargeable resources managed by the Software. A resource is counted as a BIU if the underlying cloud provider's pricing model includes usage-based, capacity-based, or time-based fees for that resource type, regardless of whether Customer is currently incurring such fees (for example, due to free-tier credits or reserved-capacity discounts). Resources for which the cloud provider does not charge are not counted, including but not limited to IAM policies and roles, security groups, route tables, data sources, locals, outputs, and null_resource. For infrastructure not backed by a third-party cloud-provider bill (for example, on-premises infrastructure, private virtualization platforms such as VMware vSphere, or bare-metal deployments), the metering basis shall be agreed in writing in the Services Agreement.

2.16 Documentation: The published documentation for the Software and Services made available at https://stategraph.com/docs, as updated by Stategraph from time to time.

2.17 Service Data: Usage, telemetry, license, and operational metadata generated by the Software, including BIU counts, version information, and error reports. Service Data does not include Content.

2.18 Stategraph BYOC: A deployment mode, available exclusively on the Enterprise Plan, in which Stategraph deploys, configures, and operates the Software within a cloud provider account designated and provided by Customer. Customer remains responsible for all underlying cloud provider costs and account-level access controls. Stategraph operates the Software via control-plane access granted by Customer in accordance with the Services Agreement.

3. Services

3.1 License

3.1.1 Customer is solely granted the rights of use of the Services laid down in the Agreement and in the applicable mandatory legal provisions for the duration of the Agreement. The right of use granted to Customer is non-exclusive, non-transferable, non-pledgeable, non-sublicensable, and revocable. The Software is licensed in object code form only. The Software is licensed, not sold. Stategraph and its licensors retain all right, title, and interest in and to the Software, the Services, and all related IPR.

3.1.2 Customer may only use the Services for its own company or organization for its own business purposes and only insofar as this is necessary for the use intended by Stategraph, up to the BIU and feature limits of the applicable Plan. Customer is not free to allow third parties to use the Services provided by Stategraph, except that Customer may use the Services to manage infrastructure on behalf of its Affiliates and to provide internal infrastructure services to its own end users.

3.1.3 Once the Agreement is in force, Stategraph will proceed to perform the Services as quickly as possible in accordance with the offer. If certain parts of the Services need to be paid for in advance, Stategraph shall not be required to provide these until the payments have been made by Customer.

3.1.4 Customer shall provide Stategraph in a timely manner with all information Stategraph has specified as necessary or that Customer can reasonably be expected to realize is necessary for the performance of the Services, such as a working e-mail address. Customer is responsible for keeping all passwords, license keys, API tokens, and account details relating to the Services confidential. If Customer suspects any unauthorized access to or use of the Services, Customer shall immediately notify Stategraph thereof.

3.1.5 Stategraph is not liable for any damage suffered or costs incurred as a result of the use or misuse that is made of access or identification codes, license keys, or any other security means unless the misuse is the direct result of any intent or deliberate recklessness on the part of Stategraph's management.

3.1.6 Stategraph performs its services with care to the best of its ability. All services provided by Stategraph are performed on the basis of a reasonable efforts obligation unless and insofar as Stategraph has explicitly promised a result in the Agreement and the result concerned has been described in the Agreement in a sufficiently precise manner. Stategraph makes every effort insofar as is reasonable to observe (delivery) deadlines and/or (delivery) dates as much as possible when providing the Services. Unless otherwise agreed, dates and deadlines always serve as an indication and do not bind Stategraph. Even if a deadline has been agreed, Stategraph will only be in breach after Customer has served Stategraph with notice of default except in cases prescribed as mandatory under the law in which default will apply by operation of law. Should a deadline be in jeopardy, Stategraph will consult with Customer to discuss the consequences of the delay on further planning.

3.1.7 Stategraph may continue the performance of the Services using a new or amended version of the underlying Software. Stategraph is not obliged to maintain, change, or add certain properties or functionalities of the Services specifically for Customer unless parties agree otherwise, e.g., in an SLA.

3.1.8 Stategraph provides the Services in accordance with the standards of competence and care that can reasonably be expected of a service provided in the industry. However, Stategraph cannot guarantee that these Services will be uninterrupted or error-free, nor does Stategraph give any guarantees with regards to the results that may be obtained from their use. Stategraph is never obliged to repair corrupted or lost Content. Customer himself remains responsible for compliance with all legal administration and retention obligations applicable to it, and for maintaining backups of Content.

3.2 Free Plan

3.2.1 Stategraph makes the Free Plan available at no charge for use up to 1,000 BIUs and limited to the features described at https://stategraph.com/pricing. The Free Plan is available on Stategraph Self-Hosted and on Stategraph Cloud. On Stategraph Cloud, the Free Plan is provided on a shared, multi-tenant basis with logical isolation between tenants.

3.2.2 The Free Plan is provided "as is" and "as available", without warranty of any kind. The service levels, support commitments, and warranty provisions of these General Terms and Conditions do not apply to the Free Plan.

3.2.3 Stategraph may modify, restrict, suspend, or discontinue the Free Plan at any time with reasonable notice and without liability to Customer.

3.2.4 If Customer's measured BIU consumption exceeds the Free Plan limit, Customer must upgrade to a paid Plan to continue using the Services. Continued use beyond the Free Plan limit without upgrade is a material breach.

3.3 Stategraph Self-Hosted

3.3.1 For Stategraph Self-Hosted, Customer deploys and operates the Software on infrastructure controlled by Customer. Customer is responsible for the security, availability, performance, and operation of its own infrastructure, and for the configuration and operation of the Software on that infrastructure in accordance with the Documentation.

3.3.2 The Software periodically reports anonymized Service Data to Stategraph for the purpose of license compliance, BIU counting, security advisory delivery, and product improvement. Service Data reported does not include resource names, provider credentials, HCL content, or Content. The categories of Service Data reported, and the endpoints used, are described in the Documentation.

3.3.3 Customer on the Enterprise Plan may elect air-gapped operation in lieu of automated Service Data reporting, in which case BIU counts and license attestations are provided by Customer on a quarterly basis in the form prescribed by Stategraph.

3.3.4 Stategraph is not responsible for the availability, performance, or security of Customer's infrastructure, and the SLA, if any, does not extend to events caused by Customer's infrastructure, configuration, or operation.

3.4 Stategraph Cloud

3.4.1 Stategraph Cloud is provided on a multi-tenant basis for the Free Plan with logical isolation between tenants, and on a single-tenant basis with dedicated instances for the Starter, Professional, and Enterprise Plans. Stategraph Cloud may set specific conditions regarding the number of users in the Services Agreement.

3.4.2 Customer shall refrain from hindering other customers or internet users or causing damage to the servers used for Stategraph Cloud. Customer is forbidden to start up processes or programmes, whether or not via the server, of which Customer knows or can reasonably suspect that this will hinder or damage Stategraph, other customers, or internet users.

3.4.3 Stategraph may temporarily take Stategraph Cloud partially or entirely out of operation for preventive, corrective, or adaptive maintenance or other forms of service. Stategraph will not allow the outage to last longer than necessary and if possible will allow it to take place at times when the Services are usually used least intensively. In addition, the Services may be temporarily taken out of use or at least suspended if Stategraph is entitled to do so pursuant to the law or these General Terms and Conditions.

3.4.4 Customer represents and warrants that its use of the Services will not be used to send spam or bulk unsolicited messages, will not interfere with, disrupt, or attack any service or network, will not be used to create, distribute, or enable material that facilitates or operates in conjunction with malware, spyware, adware, or other malicious programs or code.

3.4.5 Transmission or storage of Content that is misleading and/or in violation with Dutch or local legislation or the instructions/guidelines of Stategraph is strictly forbidden. Stategraph reserves the right but not the obligation to monitor and edit Content and/or (partially) terminate or (partially) dissolve the Agreement if Customer sends or stores Content which is misleading and/or in violation with Dutch or local legislation or the instructions/guidelines of Stategraph.

3.4.6 If Stategraph believes that the performance of Stategraph or third-party infrastructures or networks or the services provided by a network are under threat, particularly due to the excessive sending of e-mail or other data, hacking attempts, (D)DoS attacks, poorly secured systems, or activity of viruses, Trojan horses, or similar software, Stategraph shall be entitled to take all measures that it reasonably considers necessary as a careful and competent contractor in order to avert or eliminate the threat without any obligation to provide compensation. If reasonably feasible, Stategraph shall consult with Customer beforehand.

3.4.7 In the event of force majeure, which shall in any case include blackouts or disruptions to the internet or telecommunications infrastructure, (D)DoS attacks, power failures, internal civil commotions, mobilization, war, traffic congestion, strikes, lockouts, business interruptions, pandemics, stagnation in supply, fire, floods, import/export delays, or in the event that Stategraph is unable to provide services due to its suppliers (for any reason whatsoever), meaning Stategraph cannot reasonably be expected to fulfil the Agreement, performance of the Agreement shall be suspended. Should the force majeure situation continue for a period of three (3) consecutive months or longer, each party is entitled to terminate the Agreement without liability for damages by giving notice to the other party in writing. Stategraph will inform Customer of all circumstances that prevent Stategraph from fulfilling its obligations pursuant to the Agreement. Parties will consult with each other to discuss which measures should be taken to minimize the consequences of the force majeure situation.

3.4.8 Without prejudice to the provisions of the preceding articles, Stategraph is entitled to temporarily suspend the provision of Services if Customer fails to fulfil an obligation towards Stategraph with regard to the Agreement and this failure justifies the suspension of Services. The Services will be reactivated if Customer meets his obligations within a reasonable period set by Stategraph. Customer must pay a reconnection fee for putting the service into operation. Stategraph may demand security from Customer prior to the (full) resumption of service levels.

3.4.9 Stategraph will only make the updates of the Services, which Stategraph also generally makes available to its other customers of the Services, available free of charge to Customer, including patches and/or fixes unless agreed otherwise in the SLA.

3.4.10 All modifications to the Services and all work that falls outside the Services and the SLA, whether at Customer's request or as the result of system modifications being necessary for any reason whatsoever, shall be considered additional work (if extra costs are incurred). Additional work will be invoiced to Customer based on subsequent calculation according to Stategraph's standard hourly rates as communicated to Customer.

3.4.11 Stategraph may make changes to the content or scope of the Services. If such changes are substantial and result in a change in the procedures applicable at Customer's, Stategraph will inform Customer of them as soon as possible. The costs of this change will be for Customer's account. In that case, Customer may terminate the Agreement by the date on which the change takes effect unless this change is related to amendments to relevant legislation or other regulations issued by competent authorities or Stategraph bears the costs of this change.

3.5 Stategraph BYOC

3.5.1 Stategraph BYOC is available exclusively on the Enterprise Plan. Under Stategraph BYOC, Stategraph deploys and operates the Software within a cloud provider account designated and provided by Customer.

3.5.2 Customer is responsible for: (a) providing the cloud provider account in which the Software will be deployed; (b) paying all underlying cloud provider costs (compute, storage, network, support, and similar) associated with the Software's operation in that account; (c) granting and maintaining the control-plane access required for Stategraph to deploy, operate, monitor, upgrade, and support the Software; and (d) account-level access controls, identity and access management, and security posture of the cloud provider account outside the Software's deployment boundary.

3.5.3 Stategraph is responsible for: (a) deploying and configuring the Software within Customer's cloud provider account in accordance with the Services Agreement; (b) operating, monitoring, upgrading, patching, and supporting the Software; (c) maintaining the confidentiality of access credentials and operational data accessible through its control-plane access; and (d) where agreed in the Services Agreement, providing service levels for the Software's availability and incident response.

3.5.4 Content processed by the Software in a Stategraph BYOC deployment is stored within Customer's cloud provider account. Customer retains ownership of and direct access to Content at all times.

3.5.5 Stategraph's operational access to the Software in a Stategraph BYOC deployment may include access to Content for the purpose of providing the Services. Stategraph will treat any such Content in accordance with article 9 (Confidential Information) and article 14 (Protection of Personal Data).

3.5.6 The provisions of articles 3.4.3 through 3.4.11 (concerning maintenance, acceptable use, threat response, force majeure, suspension, updates, additional work, and changes to scope) apply to Stategraph BYOC mutatis mutandis, except that references to infrastructure operated by Stategraph shall be read as references to the Software operated by Stategraph within Customer's cloud provider account.

3.5.7 The Service Data telemetry described in article 3.3.2 applies to Stategraph BYOC deployments by default. Customer may elect air-gapped operation, in which case the Software does not transmit Service Data to Stategraph endpoints outside Customer's cloud provider account. Under air-gapped operation, Stategraph obtains BIU counts and operational metrics through its control-plane access to the deployment within Customer's cloud provider account, in accordance with the Services Agreement.

4. Fees and Payment

4.1 As compensation for the sale and delivery of the Services pursuant to the Agreement, Customer will pay the fees to Stategraph as defined in the Services Agreement, including (a) the Plan fee, (b) any BIU pack fees, and (c) any SLA or professional services fees. Prices given via the website are subject to programming, typing, and calculation errors. No liability is accepted for the consequences of such errors.

4.2 Unless otherwise specified, the rates are always excluding VAT and any other applicable taxes.

4.3 Customer will pay Stategraph's invoices fully and without discount, deduction, settlement, or counterclaim in the currency specified on the invoice (USD or EUR) within thirty (30) days after the invoice date.

4.4 If there is a periodic payment obligation, Stategraph is entitled to index its prices annually as of April 1 on the basis of the Dutch 'Diensten Prijs Index' (DPI) from the Dutch Central agency for Statistics.

4.5 Stategraph may adjust its fees from time to time:

• For annual plans, fee changes will only apply upon renewal of the Agreement and will be communicated at least thirty (30) days in advance.
• For monthly plans, Stategraph may adjust its fees with notice at least fifteen (15) days prior to the start of the next monthly billing period. Customer may terminate the Agreement before the new fees take effect by providing written notice.
• Fee adjustments may be made due to changes in supplier pricing, applicable law, market conditions, or inflation, but shall not apply retroactively.

4.6 Information from Stategraph's administration, including BIU consumption records generated by the Software, serves as conclusive proof of the performance delivered by Stategraph and the amounts owed by Customer for the delivery of this performance without prejudice to the right of Customer to provide evidence in the contrary.

4.7 Customer is only entitled to settlement or retention of rights if Customer's counterclaims have been legally established, are undisputed, or have been recognised by Stategraph.

4.8 Should Customer not meet its payment obligations on time, then Customer is legally in default and owes interest equal to the statutory interest. The interest due will in no case be lower than an interest of 1.5% (one point five percent) on the due amount per month. The interest on the due amount is calculated from the moment that Customer is in default until the moment that Stategraph has received the due amount in full. The foregoing supplements – and does not replace – the other rights that Stategraph has on grounds of the law or of reasonableness and fairness.

4.9 All judicial and extrajudicial costs incurred by Stategraph to enforce payment of the due amount by Customer will be borne by Customer.

4.10 In the event that: a) Customer is liquidated; b) Customer is seized; c) Customer is declared bankrupt; and/or d) Customer is granted a suspension of payments, the claims of Stategraph on Customer become due and payable immediately.

4.11 If Customer believes that the invoice (or part thereof) is incorrect, Customer shall inform Stategraph of its objections within fourteen (14) days of the date shown on the invoice. Stategraph will then investigate the matter and issue a new invoice if necessary. While such investigations are underway, Customer must still pay the non-contested part of the invoice by the original deadline.

5. IPR and Restrictions

5.1 With the exception of the limited access and rights of use granted pursuant to the Agreement, Customer does not acquire any IPR and/or interest in the Services and/or the Software. The Software is proprietary and is not licensed under any open source license. Customer agrees that all suggestions, requests for improvement, feedback, recommendations, or other information provided by Customer regarding the Services may be used by Stategraph without restriction or obligation to Customer. To the extent that intellectual property on such suggestions, requests for improvement, feedback, recommendations, or other information provided by Customer regarding the Services and/or Software does not belong to Stategraph by operation of law, Customer will provide all cooperation necessary for the transfer of the full IPR to Stategraph.

5.2 The Software includes open-source software and/or third-party supplier software components, which means that Customer's use of the Services shall be subject also to the terms of any third-party license agreements or notices that are provided to Customer in the documentation for such software. A list of such components, together with their licenses, is included with the Software or available on request. Customer undertakes to comply with the terms of such third-party license agreements and rights provided by Stategraph through the Services. These General Terms and Conditions do not modify the terms of those third-party licenses.

5.3 The right to access and use the Services granted to Customer is subject to the following conditions and limitations. Customer shall not, and shall not permit any third party to:

• (i) use the Software other than in connection with the Services and within the BIU and feature limits of the applicable Plan;
• (ii) exceed the number of users specified in the Services Agreement, where such a limit is specified;
• (iii) republish or redistribute any content or material from the Software;
• (iv) copy, modify, develop, translate, or in any other way amend the Services and/or the Software or permit any third party to do so, or reverse-engineer, decompile, or disassemble the Software, or by any other means recreate the Software's source code, or create derivative works of the source code, except for what is permitted under mandatory law;
• (v) sell, resell, rent, lease, sublicense, distribute, time-share, or otherwise make the Software available to any third party, or use the Software to provide services to any third party on a service-bureau or hosted basis, except as expressly permitted in article 3.1.2;
• (vi) remove, obscure, or alter any proprietary notices, labels, marks, license keys, or attribution in or on the Software or its output;
• (vii) use the Software, or any information derived from the Software, to develop, train, or improve a competing product, or to benchmark the Software for publication without Stategraph's prior written consent;
• (viii) circumvent or attempt to circumvent any license, metering, BIU counting, or access-control mechanism in the Software, or under-report BIU consumption;
• (ix) use the Services in any way that is unlawful, illegal, fraudulent, or harmful or in connection with any such purpose or activity.

5.4 Customer may not sell, lease, sublicense, or divest any works developed by Stategraph or grant any restricted rights thereto or make them available to any third party in any way or for any purpose whatsoever, not even if the party in question uses the Software solely for Customer's benefit unless agreed in advance elsewhere between Stategraph and Customer.

5.5 If Content issued to Stategraph by Customer is protected by any IPR, Customer must always ensure that it is in possession of all necessary licenses to issue the Content to Stategraph and for Stategraph to use it in order to provide the Services.

6. BIUs, Metering, and Audit

6.1 The Software measures BIU consumption automatically based on the metering principle set out in article 2.15.

6.2 Cloud providers may add, remove, or reclassify chargeable resource types from time to time. Stategraph will not retroactively recompute BIU counts for prior Subscription Terms. Changes in BIU classification that result from a cloud provider introducing new charges, rather than from changes in Customer's own infrastructure, will take effect at Customer's next renewal and not mid-term.

6.3 If Customer's measured BIU consumption exceeds the Plan limit, Customer shall, within thirty (30) days of notice from Stategraph, either (a) reduce consumption to within the Plan limit or (b) upgrade to a Plan or purchase a BIU pack that accommodates the consumption. Repeated or sustained overage without remediation is a material breach.

6.4 Once per twelve (12) month period, on at least thirty (30) days' written notice, Stategraph may request a self-attestation from Customer of BIU consumption and Plan compliance. If Stategraph has reasonable grounds to believe that Customer has materially under-reported BIU consumption, Stategraph may, at its own cost, engage an independent certified auditor (subject to a duty of confidentiality and Customer's reasonable security requirements) to verify Customer's BIU consumption. If the audit reveals under-reporting of more than five percent (5%) of actual BIU consumption, Customer shall reimburse Stategraph for the reasonable cost of the audit and pay the fees corresponding to the under-reported consumption. Audits will be conducted in a manner that minimizes disruption to Customer's business.

7. Liability

7.1 Stategraph, its employees, and third parties hired by Stategraph are under no circumstances liable for indirect damage including but not limited to consequential damage, lost profits, missed savings, reduced goodwill, damage due to business stagnation, for interruption of use, for damage resulting from claims from Customer's customers, damage relating to the use of items, materials, or software from third parties prescribed by Customer to Stategraph, and damage related to the use of suppliers prescribed by Customer to Stategraph. The liability of Stategraph in connection with corruption, mutilation, destruction, or loss of Content is also excluded.

7.2 Per event and per year, the total cumulative liability of Stategraph, its employees, and third parties hired by Stategraph for direct damage is limited to an amount not exceeding the total of the fee owed and actually paid by Customer pursuant to the Agreement in the twelve (12) months prior to the event causing the damage. However, in no circumstances will the total amount of compensation for Customer's direct losses exceed the sum of EUR 50,000 (excluding VAT) per year. Related events are classified as one event.

7.3 The maximum amount referred to in the aforementioned clause shall, however, be cancelled if and in so far as the damage is the consequence of gross negligence or intention on the part of Stategraph's managerial staff.

7.4 Any liability of Stategraph due to an attributable failure in the fulfilment of the Agreement shall only arise if:

• a) Customer immediately and properly declares Stategraph to be in default giving Stategraph a reasonable period in which to remedy the failure, and
• b) Stategraph continues to fail attributably in the fulfilment of its obligations after such period. The notice of default must contain a description of the shortcoming that is as detailed as possible to enable Stategraph to respond effectively.

7.5 Customer's right to claim under Section 6:271 of the Dutch Civil Code is excluded.

7.6 Stategraph shall never be considered liable for damage or loss as the result of force majeure as mentioned in article 3.4.7 of these General Terms and Conditions.

7.7 A right to compensation may only arise if Customer reports the loss to Stategraph in writing within thirty (30) working days after the claim has arisen.

7.8 No liability will be accepted for the consequences of not being able to send, receive, save, or modify data if an agreed limit has been reached for storage space, CPU capacity, memory, data traffic, or BIUs.

7.9 If an excessive amount of data traffic occurs due to an external cause (e.g., a DoS attack), Stategraph shall be entitled to charge the costs to Customer within reasonable bounds.

7.10 Sections 7.1, 7.2, and 7.5 do not apply to the Free Plan, which is provided without any warranty or liability whatsoever, to the maximum extent permitted by law.

8. Indemnification

8.1 Stategraph shall defend Customer and indemnify Customer regarding claims from third parties arising out of a claim that Customer's use of the Services is in breach of or infringes upon a third party's IPR. Stategraph's liability under this article covers all costs, fees, expenses, losses, or damages that affect Customer in accordance with a court ruling or in a settlement ratified by/decided in arbitration or a judgement/arbitration ruling, including reasonable legal fees.

8.2 Stategraph's obligation to indemnify Customer under this article only applies if:

• (i) Customer has used the Services in accordance with all terms of the Agreement;
• (ii) Customer immediately informs Stategraph in writing about the claims raised against Customer;
• (iii) Stategraph is given full control over the legal process and has the sole right to make decisions in settlement negotiations and that the settlement absolves Customer of all liability; and
• (iv) Customer works with Stategraph at the expense of Stategraph and for example follows instructions from Stategraph and provides Stategraph with reasonable assistance regarding the legal process.

8.3 Stategraph is not liable under this article if the claim from the third party is raised due to modifications, integrations, or customizations of the Services not performed by Stategraph or a Stategraph subcontractor, or due to use of the Services in combination with third-party products not authorized by Stategraph where the claim would not have arisen but for such combination.

8.4 In cases of an established infringement of a third party's IPR, Stategraph shall at its own discretion:

• (i) modify the Services so that they are no longer in conflict;
• (ii) replace the Services with functionality that corresponds to the Services;
• (iii) obtain a license for Customer's continued use of the Services; or
• (iv) terminate the Agreement with a refund of any fees paid in advance for the unused portion of the Subscription Term.

8.5 Customer is not entitled to raise any other claims against Stategraph arising from an infringement of a third party's IPR. As such, this article constitutes Stategraph's sole liability to Customer on account of infringements of third party IPR.

8.6 The indemnity in this article 8 does not apply to the Free Plan.

8.7 Customer shall defend and indemnify Stategraph regarding claims from third parties arising out of a claim that Content or Customer's use of the Services is in breach of the Agreement or is in breach of or infringes on a third party's IPR or applicable legislation. Customer's liability under this article covers all costs, fees, expenses, losses, or damages that affect Stategraph in accordance with a court ruling or in a settlement ratified by/decided in arbitration or a judgement/arbitration ruling, including reasonable legal fees.

8.8 Customer's obligation to indemnify Stategraph under this article only applies if:

• (i) Stategraph immediately informs Customer in writing about the claims raised against Stategraph;
• (ii) Customer is given full control over the legal process and has the sole right to make decisions in settlement negotiations and that the settlement absolves Stategraph of all liability; and
• (iii) Stategraph works with Customer at the expense of Customer and for example follows instructions from Customer and provides Customer with reasonable assistance regarding the legal process.

9. Confidential Information

9.1 Any party receiving Confidential Information from the other party shall be obligated to keep such information confidential and:

• (i) to use the disclosing party's Confidential Information solely for the performance of its obligations under the Agreement;
• (ii) keep the Confidential Information secure and apply no lesser security measures or degree of care to protect the disclosing party's Confidential Information than the receiving party uses for its own Confidential Information, and in no event less than reasonable care; and
• (iii) not to disclose the disclosing party's Confidential Information to any third party unless there is a binding court order or the prior written consent of the disclosing party.

9.2 The obligations in this article do not apply to information that (i) is or becomes publicly available without breach of these obligations; (ii) is rightfully received from a third party without confidentiality obligations; (iii) was already known to the receiving party without confidentiality obligations; or (iv) is independently developed without use of Confidential Information.

10. Duration, Suspension, Termination, and Dissolution

10.1 Unless otherwise agreed in writing, the Agreement shall commence on the effective date specified in the Agreement. If Customer subscribes to an annual plan, the Agreement will remain in force for twelve (12) months and automatically renew for successive 12-month periods unless terminated in accordance with these General Terms and Conditions. If Customer subscribes to a monthly plan, the Agreement will automatically renew on a month-to-month basis and may be terminated by either party at any time, with such termination taking effect at the end of the then-current monthly billing period. The Free Plan may be terminated by either party at any time with immediate effect.

10.2 Parties have the right to terminate the Agreement at any time subject to a notice period of one (1) month. The termination will take effect at the end of the then-current term.

10.3 Stategraph is at all times entitled to suspend the fulfilment of its obligations pursuant to the Agreement or to (partially) terminate or dissolve the Agreement if:

• Customer does not fully and/or timely fulfil its obligations as defined in the Agreement;
• Stategraph becomes aware of circumstances which give it reasonable grounds to fear that Customer will only partly or improperly fulfil their obligations pursuant to the Agreement, in which cases suspension of the Agreement is only permitted to the extent that the shortcoming justifies such an action.

10.4 Stategraph is further entitled to terminate or dissolve the Agreement if circumstances arise which are of such a nature that fulfilment of the Agreement becomes impossible or that maintaining the Agreement can no longer be reasonably expected of Stategraph.

10.5 Should the agreement be terminated or dissolved on the basis of this article, the claims of Stategraph on Customer become due and payable immediately. Should Stategraph suspend the fulfilment of their obligations, it retains its rights pursuant to applicable law and the Agreement.

10.6 Either party may terminate the Agreement in writing, in whole or in part, without notice of default being required and with immediate effect if the other party is granted a suspension of payments, whether or not provisional, a petition for bankruptcy is filed against the other party, or the company of the other party is liquidated or dissolved, other than for restructuring purposes or for a merger of companies. Stategraph may also terminate the Agreement in whole or in part without notice of default being required and with immediate effect if a direct or indirect change occurs in the decisive control of Customer's company. Stategraph is never obliged to repay any sum of money already received or pay any sum of money in compensation because of termination as referred to in this article. If Customer is irrevocably bankrupted, its right to use the Software and the Services ends without Stategraph being required to cancel these rights.

10.7 Upon termination or expiry of the Agreement for any reason, Customer shall: (a) immediately cease all use of the Software and the Services; (b) uninstall and destroy all copies of the Software in Customer's possession or control; and (c) on request, certify in writing to Stategraph that it has done so. License keys issued to Customer will be revoked.

10.8 All parts of the Agreement that by their nature should continue to apply after termination of the Agreement, including but not limited to the accrued rights to payment, confidentiality obligations, indemnity claims, limitations of liability, IPR provisions, and use restrictions, remain in full force and effect after termination of the Agreement.

10.9 Despite the previous clauses, Stategraph always reserves the right to claim compensation in the event of suspension, (partial) termination, or dissolution.

11. Transition Services

11.1 For Stategraph Self-Hosted deployments, Customer's Content (including Terraform state) is stored on Customer's own infrastructure. Upon termination, Customer retains all such Content and is responsible for migrating away from the Software at its own cost. Stategraph provides documented procedures for exporting Stategraph-managed state back to standard Terraform .tfstate format at no charge, to facilitate exit.

11.2 For Stategraph Cloud deployments, the parties agree that in the event of termination of the Services for any reason, they will immediately discuss the continuation of services by third parties or by Customer itself. Stategraph will support Customer with this transition at the rates applicable at that time. Stategraph shall not be obliged to provide Customer with a copy of the Content stored on the systems of Stategraph at that moment unless in view of continuation of the Services specified otherwise in an exit scheme agreed between parties. In such case, the copy will be provided in a machine-readable format, including export to standard Terraform .tfstate format. Any exit scheme must be agreed in writing, further to which Stategraph can provide a copy of the Content. Customer itself remains responsible for compliance with all legal administration and retention obligations applicable to it. All costs associated with these transition services will be reimbursed by Customer, except where these costs are required to fulfil mandatory legal obligations.

11.3 For Stategraph BYOC deployments, Content remains stored within Customer's cloud provider account throughout the Subscription Term and after termination. Upon termination, Stategraph shall: (a) cease all control-plane and operational access to the Software; (b) provide Customer with a documented handover of the deployment, including configuration, credentials issued by Customer, and any operational artefacts necessary for Customer to continue operating or to decommission the Software; and (c) on Customer's request, support the export of Stategraph-managed state to standard Terraform .tfstate format. Customer is responsible for the ongoing operation, security, and cloud provider costs of the deployment after the handover. Stategraph may charge for handover and transition support at the rates applicable at that time, except where these costs are required to fulfil mandatory legal obligations.

12. Final Provisions

12.1 Parties shall always inform one another in writing immediately of any changes to their name, postal address, e-mail address, telephone number, and if requested, bank account number.

12.2 The received or saved version of any communications received by Stategraph shall be considered authentic unless Customer can supply evidence to the contrary.

12.3 Stategraph may use Customer's name and logo in Stategraph's promotional materials and on Stategraph's website relating to Customer's use of the Services. Otherwise, neither party may use the name, logo, or other trademarks of the other party for any purpose without the other party's prior written approval.

12.4 Customer shall give Stategraph irrevocable permission to transfer all rights and responsibilities under the Agreement to third parties. However, Customer may only transfer its rights and responsibilities under the Agreement to third parties subject to the prior explicit written approval of Stategraph.

12.5 Postponing or neglecting to demand strict compliance from Customer by Stategraph or to exercise another right to which Stategraph is entitled will not constitute a waiver of rights. Neither single nor partial exercise of a right or legal remedy as defined in these General Terms and Conditions shall prevent further exercise of that right or legal remedy or the execution of another right or legal remedy.

12.6 If any provision of these General Terms and Conditions should be null and void or is annulled, the other provisions of these General Terms and Conditions remain fully applicable and effective. In that case, Stategraph and Customer consult as to arrange for new provisions which have the same purport as much as possible and that will replace the provisions that are null and void or that have been annulled.

12.7 These General Terms and Conditions and the Agreement are governed by Dutch law.

12.8 In the event of disputes arising from or related to the General Terms and Conditions and/or the Agreement and any non-contractual obligations arising out of or in connection with it, the parties will first enter into consultations and strive for an amicable solution. Should parties be unable to do so, the dispute will be submitted to the competent judge of the Amsterdam District Court.

13. Security

13.1 Security protection provided by Stategraph with respect to its systems and infrastructure (including Stategraph Cloud and Stategraph BYOC deployments operated by Stategraph) meets the specifications on security parties have agreed upon in writing. Stategraph does not guarantee the security provisions are effective under all circumstances. If the Services Agreement does not include explicitly defined security, the security features provided meet a level that is not unreasonable and adequate in view of the state of the art, the implementation costs, the nature, scope, and context as known to Stategraph of the data to be secured, the purposes and the standard use of the Services, and the probability and seriousness of foreseeable risks.

13.2 For Stategraph Self-Hosted deployments, security of the deployment environment, including operating system, container runtime, network, and underlying database, is the responsibility of Customer. Stategraph publishes security guidance for self-hosted deployments in the Documentation and will, on a best-efforts basis, notify Customer of security advisories relevant to the Software.

14. Protection of Personal Data

14.1 Parties will at all times comply with the obligations arising from Dutch legislation on the protection of personal data and other relevant (national, European, and international) legislation regarding the protection of personal data that apply to the implementation of the Agreement.

14.2 Roles

14.2.1 The Software is designed to manage infrastructure resources and does not require Customer to submit personal data as Content. Customer shall not submit personal data to the Software except as strictly necessary for the operation of the Services (for example, the names and email addresses of Customer's users authorized to access the Software).

14.2.2 For Stategraph Self-Hosted deployments, Stategraph does not have access to Content. To the extent the Software processes personal data of Customer's users (for example, names, email addresses, and IP addresses for authentication and audit logging) on Customer's infrastructure, such processing is performed by the Software under Customer's control, and Stategraph is not a processor of such personal data, except as set out in article 14.2.5 with respect to Service Data.

14.2.3 For Stategraph Cloud deployments, Stategraph hosts and operates the Software on infrastructure managed by Stategraph and processes personal data on Customer's behalf as a processor within the meaning of the GDPR.

14.2.4 For Stategraph BYOC deployments, the Software is deployed within Customer's cloud provider account but is deployed and operated by Stategraph. Stategraph has operational and control-plane access to the Software and, in that capacity, processes personal data on Customer's behalf as a processor within the meaning of the GDPR. Content and personal data remain stored within Customer's cloud provider account.

14.2.5 In all deployment modes, Stategraph processes Service Data. Service Data is processed by Stategraph as a controller for its own legitimate business purposes, including license compliance, BIU metering, security, support, and product improvement. Where Service Data includes personal data, Stategraph processes such personal data in accordance with its privacy notice published at https://stategraph.com/privacy.

14.2.6 The provisions of articles 14.3 to 14.10 (the data processing terms) apply where Stategraph processes personal data as a processor under articles 14.2.3 and 14.2.4.

14.3 Standard Clauses for Processing

14.3.1 The provisions set forth in this article shall in addition to the general provisions of these General Terms and Conditions apply if in the context of the performance of the Services, Stategraph processes personal data for the benefit of the controller(s) as a (sub)processor (data processor) as referred to in the legislation on the protection of personal data. This article, together with practical arrangements for processing in the Agreement, constitute a processor's agreement as referred to in article 28 paragraph 3 of the General Data Protection Regulation (GDPR).

14.4 General

14.4.1 Stategraph shall process the personal data on behalf of Customer in accordance with Customer's written instructions agreed with Stategraph.

14.4.2 Customer is a controller within the meaning of the GDPR and therefore has control over the processing of personal data and has determined the purpose and means of processing personal data.

14.4.3 Stategraph is a processor within the meaning of the GDPR and therefore has no control over the purpose of and means for processing the personal data and does not take decisions regarding the use of personal data among other things.

14.4.4 Stategraph implements GDPR as laid down in this article and in the Agreement (together the processor agreement). It is up to Customer to assess based on this information whether Stategraph offers adequate guarantees regarding the application of appropriate technical and organisational measures so that the processing meets the requirements of the GDPR and the protection of the rights of data subjects is sufficiently guaranteed.

14.4.5 Customer guarantees Stategraph that it acts in accordance with the GDPR, that it secures its systems and infrastructure at all times adequately, and that the content, use, and/or processing of the personal data are not unlawful and do not infringe any right of a third party.

14.4.6 Customer is not entitled to recover from Stategraph an administrative fine imposed on it by the supervisory authority as referred to in the GDPR on any legal grounds whatsoever.

14.5 Security

14.5.1 Stategraph will take the technical and organizational security measures as described in the Agreement. In taking the technical and organizational security measures, Stategraph has considered the state of the art, the implementation costs of the security measures, the nature, scope, and context of the processing, the nature of its products and services, the processing risks, and the risks varying in terms of probability and seriousness to the rights and freedoms of data subjects which Stategraph may expect in view of the use of the Services.

14.5.2 Unless explicitly stated otherwise in the Agreement, the Services are not designed for the processing of special categories of personal data or data relating to criminal convictions or offences.

14.5.3 Stategraph shall endeavour to ensure that the security measures to be taken by it are appropriate for the use of the Services intended by Stategraph.

14.5.4 Stategraph may make changes to the security measures taken if in its opinion this is necessary in order to continue to offer an appropriate level of security. Stategraph will record important changes and will inform Customer of these changes where relevant.

14.5.5 Customer may request Stategraph to take further security measures. Stategraph is not obliged to implement changes in its security measures in response to such a request. Stategraph may charge Customer for the costs related to the changes made at Customer's request. Only after the amended security measures requested by Customer have been agreed in writing by the parties will Stategraph be obliged to actually implement these security measures.

14.6 Personal Data Breaches

14.6.1 Stategraph does not guarantee that the security measures will be effective under all circumstances. If Stategraph discovers a personal data breach, it shall inform Customer without unreasonable delay.

14.6.2 It is up to Customer to decide whether the personal data breach about which Stategraph has been informed must be reported to the supervisory authority or to the data subject. Reporting personal data breaches remains at all times the responsibility of Customer.

14.6.3 Stategraph shall, if necessary, provide further information on the personal data breach and shall cooperate in providing the necessary information to Customer for the purpose of a report to the supervisory authority or the data subjects.

14.6.4 Stategraph may charge the reasonable cost it incurs in this connection to Customer at its then current rates.

14.7 Confidentiality

14.7.1 Stategraph shall ensure that the persons processing personal data under his responsibility have a duty of confidentiality.

14.7.2 Stategraph is entitled to provide personal data to third parties if and insofar as provision is necessary pursuant to a court order, a statutory regulation, on the basis of an authorized order given by a government body, or for the proper execution of the agreement.

14.8 Obligations and Termination

14.8.1 In the event that the processor agreement ends, Stategraph shall remove all personal data in its possession and received from Customer within the period stipulated in the Agreement in such a way that it can no longer be used and is no longer accessible (rendered inaccessible) or if agreed, shall return a copy of it to Customer in a machine-readable format.

14.8.2 Stategraph may charge any costs incurred in the context of the provisions of the previous paragraph to Customer. Further arrangements in this regard may be laid down in the Agreement. The last mentioned provisions shall not apply if a statutory regulation prevents Stategraph from deleting or returning the personal data in whole or in part. In such a case, Stategraph shall only continue to process the personal data insofar as necessary on account of its statutory obligations.

14.9 Data Subject Rights, Data Protection Impact Assessment (DPIA), and Audit Rights

14.9.1 Stategraph shall, where possible, cooperate with reasonable requests from Customer in connection with rights of data subjects invoked with Customer. If Stategraph is approached directly by a data subject, it shall, where possible, refer the data subject to Customer.

14.9.2 If Customer is obliged to do so in accordance with the GDPR, Stategraph shall, following a reasonable request to that effect, cooperate in a data protection impact assessment (DPIA) or subsequent prior consultation.

14.9.3 At Customer's request, Stategraph shall make available all information reasonably required to demonstrate compliance with aforementioned provisions regarding the processing of personal data, for example by means of a certificate, an audit report (Third Party Memorandum) drawn up by an independent expert on the instructions of Stategraph, or by means of other information to be provided by Stategraph. If despite this, Customer has reason to believe that the processing of personal data does not take place in accordance with aforementioned provisions, Customer may, at Customer's expense, have an audit of this carried out no more than once a year by an independent certified external expert who has demonstrable experience in the type of processing carried out on the basis of the Agreement. Stategraph has the right to refuse an expert if in Stategraph's sole opinion the expert affects his competitive position. The audit will be limited to verifying compliance with the agreements regarding the processing of personal data as laid down in the Agreement. The expert shall have a duty of confidentiality with regard to what he finds and shall only report to Customer that which constitutes a shortcoming in the fulfilment of Stategraph's obligations under the Agreement. The expert shall provide a copy of his report to Stategraph. Stategraph may refuse an expert audit or instruction if in its sole opinion this is in violation of the GDPR or other legislation or constitutes a breach of the security measures it has taken.

14.9.4 Parties will consult on the results of the report as soon as possible. Parties shall comply with the proposed improvement measures set out in the report in so far as this can reasonably be expected of them. Stategraph will implement the proposed improvement measures in so far as these are appropriate in its opinion, considering the processing risks associated with the Services, the state of the art, the implementation costs, the market in which it operates, and the intended use of the product or service.

14.9.5 Stategraph shall be entitled to charge Customer for the costs he incurs in connection with the provisions of this article.

14.10 Sub-processors

14.10.1 Stategraph engages the following sub-processors for the operation of Stategraph Cloud: Northflank Inc. (cloud platform; United States). Stategraph may engage additional sub-processors for specific deployments or services, in which case such sub-processors will be stated in the Services Agreement or notified to Customer in accordance with article 14.10.3.

14.10.2 For Stategraph BYOC deployments, the cloud provider designated by Customer is not a sub-processor of Stategraph; Customer maintains the direct relationship with that provider.

14.10.3 Customer gives Stategraph permission to use other sub-processors for the performance of its obligations under the Agreement. Stategraph shall inform Customer of any change in the third parties engaged by Stategraph. Customer has the right to object to the aforementioned changes by Stategraph.

15. Amendments to the General Terms and Conditions

15.1 Stategraph reserves the right to amend or supplement these General Terms and Conditions.

15.2 Amendments shall also apply to previously concluded agreements with due observance of a period of thirty (30) days after the announcement of the amendment on the Stategraph website or via email. Amendments of lesser importance may be implemented with immediate effect.

15.3 If Customer does not wish to accept an amendment to these General Terms and Conditions that works to its detriment, it must inform Stategraph of such prior to the date on which the new conditions enter into force. Stategraph may then withdraw the amendment in question, after which it shall no longer apply to Customer. If Stategraph does not wish to withdraw the amendment, Customer shall be entitled to terminate the Agreement on the date of the amendment, or if the amendment has already taken effect, on the date that notification of termination was received.