Legal
Status: skeletons — pending counsel review. The three documents linked from this page are v0 templates. Every binding clause carries an
[ANWALT-REVIEW]marker that must be cleared by counsel before the first paid commercial license is issued.
This section holds the post-sales contract surface for Customers who hold (or are about to hold) a Commercial-tier OrbitalReg License Key. It is distinct from:
- the marketing-site privacy policy, which covers website visitors and pre-sales contacts; and
- the Vulnerability disclosure policy, which is open to the general public regardless of contract.
Pages
- End User License Agreement (EULA) — the license grant for the Software. Defines the Free Forever vs. Commercial-tier scope, restrictions, customer obligations, source-code escrow for Enterprise tier, warranty disclaimer, liability cap, and governing law.
- Customer Privacy Policy — what the Software does with Customer data when self-hosted. Lists every outbound network call, how each can be turned off, and what data, if any, leaves the Customer's installation.
- Terms of Service — the broader commercial relationship: subscription terms, fees, payment, support and service-level targets, acceptable use of the Customer Portal, force majeure, and assignment.
- Data Processing Agreement (DPA) — the DSGVO Art. 28 Auftragsverarbeitungsvertrag covering the Customer Portal only (the self-hosted Software does not place OrbitalReg GmbH in a processor role; see the Customer Privacy Policy for that framing). Lists sub-processors, TOMs, data-subject-rights procedures, breach-notification SLAs, audit rights, and data-return obligations.
How the four documents fit together
| Document | What it covers | When it kicks in |
|---|---|---|
| EULA | The license grant for the Software itself | On License Key activation |
| Customer Privacy Policy | Data handling by the Software running on Customer infra | Always (governs the Software's behaviour) |
| Terms of Service | The commercial relationship beyond the license | On Subscription start (order confirmation) |
| Data Processing Agreement (DPA) | OrbitalReg GmbH's processor obligations for the Customer Portal under DSGVO Art. 28 | On License Key activation, narrow scope |
A Mutual NDA, signed pre-sales for evaluation, governs Confidential Information disclosed before the License Key is issued. The four documents above govern the post-sales relationship.
The Free Forever tier (security controls + core hosting) is governed by the Apache-2.0 license in the source tree and does not require any of these documents to be in force. They apply once a Customer activates a Commercial-tier License Key.
Counsel review status
None of the documents linked from this page have been reviewed by counsel. They reflect industry practice for self-hosted enterprise software (Aiven, Elastic, GitLab, Snowplow self-hosted, Posthog) but the final binding wording is pending.
Customers reviewing these drafts pre-activation should contact legal@orbitalreg.com for the latest counsel-reviewed version.
What's not here yet
- Master Service Agreement (MSA). Enterprise-tier customers with bespoke procurement requirements typically sign an MSA that attaches the EULA + Privacy + Terms as exhibits. The MSA template is on the roadmap but tracked separately from the v1 launch blockers.
- Master Service Agreement (MSA) Annex C — sub-processor notification distribution list. A subscriber-managed list for customers who want to receive sub-processor change notifications by email rather than checking the published list on this site. Out of scope for v1 — covered by the manual notification obligation in the DPA §5.3 in the meantime.
- Reseller / Partner agreements. Out of scope for v1 — the initial commercial channel is direct sales only.
Contact
- General legal inquiries:
legal@orbitalreg.com - Privacy questions:
privacy@orbitalreg.com - Security incidents:
security@orbitalreg.com(see Vulnerability disclosure)