OrbitalReg

Appearance

OrbitalReg End User License Agreement (EULA)

Status: skeleton — pending counsel review. This document is the v0 template. Every section below carries an [ANWALT-REVIEW] marker and reflects industry-standard practice for self-hosted enterprise software, but the final binding wording will be set by counsel before the first paid commercial license is issued. Do not rely on this draft for contractual purposes.

This EULA governs the use of the OrbitalReg software ("the Software") between OrbitalReg / OrbitalReg GmbH ("Licensor") and the customer organisation that holds a valid license key ("Customer"). It is the post-sales counterpart to the pre-sales NDA (see Vulnerability disclosure) and the Customer Privacy Policy. For the Customer Portal data flow specifically, see also the Data Processing Agreement.

The Free Forever tier (security controls + core hosting — see License tiers) is governed by the Apache-2.0 License that ships with the source tree. Commercial features require this EULA in addition to the Apache-2.0 license.

1. Definitions

[ANWALT-REVIEW] — counsel to confirm definitions are aligned with the License Key issuance flow (Item 67) and the Customer Portal (Item 65).

  • Software means the OrbitalReg server (api/), Web UI (frontend/), CLI (tools/cli/), Kubernetes operator (tools/k8s-operator/), Terraform provider, and accompanying documentation, in object-code or source-code form, as delivered through any of the four release channels (multi-arch container images, Helm chart, air-gapped tarball, OCI bundle).
  • Customer means the legal entity that holds a valid License Key issued by Licensor.
  • License Key means the cryptographically signed Ed25519 envelope produced by tools/license-issuer/ and consumed by api/internal/license/.
  • Documentation means the content published at docs.orbitalreg.com (this site) at the version corresponding to the deployed Software release.
  • Subscription means the time-bounded entitlement to a Commercial-tier License Key, including support and updates for the duration of the term.
  • Authorised Users means natural persons employed by or contracted to Customer who are entitled to access and operate the Software under Customer's account.

2. Grant of License

[ANWALT-REVIEW] — counsel to confirm the per-tier scope language matches the technical enforcement in license.FeatureTier. The intent is: Free Forever is irrevocable for security + core hosting; Commercial is term-bounded and tied to the License Key.

Subject to the terms of this EULA and Customer's payment of all applicable fees:

  1. Free Forever grant. Licensor grants Customer a perpetual, non-exclusive, non-transferable, royalty-free license to install, run, and modify the Free Forever components of the Software for any purpose, including commercial purposes, on any number of instances, in accordance with the Apache-2.0 license terms in the source tree.
  2. Commercial grant. During an active Subscription, Licensor grants Customer a non-exclusive, non-transferable, non- sublicensable license to enable and use the Commercial-tier features of the Software for Customer's internal business operations, on the number of instances and Authorised Users specified on the License Key.
  3. Documentation grant. Customer may reproduce the Documentation internally for the purpose of training Authorised Users.

3. Restrictions

[ANWALT-REVIEW] — standard SaaS / on-prem restriction set; counsel to weigh in on enforceability under German law (BGB §307 ff. on AGB-Inhaltskontrolle) for each clause.

Customer shall not, and shall not permit any third party to:

  1. Resell or sublicense the Commercial-tier features of the Software to a third party as a managed-service or hosted offering without a separate written agreement.
  2. Reverse-engineer the License Key format for the purpose of circumventing the Commercial-tier entitlement gate, except to the extent expressly permitted by mandatory applicable law.
  3. Tamper with telemetry or audit-log mechanisms in a way that compromises the integrity of the security controls described in License tiers.
  4. Use the Software in any application that would require the software's safety or reliability to be guaranteed (life support, nuclear control, air traffic control), absent a separate written agreement that addresses such use.
  5. Remove or alter any proprietary notices, brand marks, or license metadata embedded in the Software or Documentation.
  6. Exceed the License Key entitlements (instance count, Authorised Users, subscription period) without contacting Licensor for an amended License Key.

The Apache-2.0 license that governs the Free Forever components is not restricted by this section.

4. Customer Obligations

[ANWALT-REVIEW] — counsel to confirm the 72-hour security-incident notification window matches insurance / liability assumptions in Section 10. Industry practice ranges 24–96h.

Customer agrees to:

  1. Operate the Software responsibly — apply security updates within the cadence published in the Versioning & Upgrade Cadence policy (Versioning) and follow the hardening guidance in the operations runbooks.
  2. Maintain License Key secrecy. The License Key is bound to Customer's organisation and must not be shared outside Authorised Users.
  3. Notify Licensor of compromise within 72 hours of becoming aware of any unauthorised disclosure of the License Key, any confirmed compromise of an Authorised User's credentials with admin scope, or any other material incident affecting the Software's integrity.
  4. Provide reasonable cooperation during incident response when a coordinated-disclosure-eligible vulnerability is discovered in the deployed Software (see Vulnerability disclosure).
  5. Comply with applicable laws including export control, sanctions, data-protection (DSGVO / GDPR), and industry-specific regulation that applies to Customer's use of the Software.

5. Source-Code Escrow (Enterprise tier)

[ANWALT-REVIEW] — escrow is currently aspirational; counsel to confirm the trigger conditions are well-formed and that the "insolvency / cessation" language is enforceable under the German Insolvenzordnung (InsO).

For the Enterprise sub-tier of Commercial, Licensor agrees to deposit a complete buildable copy of the Software's source tree at the release tag corresponding to Customer's deployed version with a mutually-agreed independent escrow agent. Customer is entitled to release of the deposit upon any of the following triggers:

  • Licensor enters insolvency proceedings or formally ceases operations;
  • Licensor materially breaches its support obligations under this EULA and fails to cure within 60 days of written notice;
  • Licensor sells the OrbitalReg product line to a third party that declines to honour Customer's outstanding Subscription term.

The deposit, once released, is governed by the Apache-2.0 license terms — Customer obtains the right to fork and self-maintain. Standard Commercial customers do not receive escrow rights; Enterprise customers do.

6. Updates and Support

[ANWALT-REVIEW] — counsel to confirm the SLA targets are defensible in court if Customer alleges breach. Today's targets are operationally realistic but should be revised before the first paid contract.

During an active Subscription, Licensor shall:

  • Provide updates to the Software, including security patches, bug fixes, and minor releases, in accordance with the cadence published in the Versioning policy.
  • Provide support through the channels listed on Customer's License Key (typically email + portal + Slack-Connect for Enterprise). Initial response targets: 4 business hours for P1, 1 business day for P2, 3 business days for P3.
  • Maintain backward compatibility for one major version on the REST API, the Terraform provider, and the Helm chart values schema (CalVer-aligned — see Versioning).

Customer is responsible for installing the updates; Licensor is not liable for issues caused by running an unpatched version older than the supported window.

7. Term and Termination

[ANWALT-REVIEW] — boilerplate term/termination; counsel to align the Vertragsverlängerung default with German B2B norms (auto-renew opt-in vs. opt-out).

  1. Term. This EULA enters into force on the date Customer first activates a License Key and continues until terminated as provided below.
  2. Renewal. Commercial Subscriptions renew at the end of each term unless either party gives written notice of non-renewal at least 60 days before the end of the current term.
  3. Termination for cause. Either party may terminate this EULA with immediate effect upon material breach by the other party that is not cured within 30 days of written notice.
  4. Termination for insolvency. Either party may terminate this EULA with immediate effect upon the other party's insolvency, bankruptcy, or cessation of business.
  5. Effect of termination. Upon termination of a Commercial Subscription:
    • Customer's License Key transitions to licensed_expired and Commercial-tier features become inaccessible (the Free Forever security controls + core hosting remain).
    • Customer may retain a read-only copy of the Software for migration purposes for 90 days.
    • Sections 8 (Confidentiality), 10 (Liability), and 13 (Governing Law) survive termination.

8. Confidentiality

[ANWALT-REVIEW] — confidentiality clause needs to be tight enough to protect roadmap leaks and License Key technicalities, but not so broad that it captures content already on docs.orbitalreg.com. Counsel to draw the scope.

Each party (the "Receiving Party") shall hold the other's Confidential Information in strict confidence and shall not use it for any purpose other than performance under this EULA. "Confidential Information" includes, without limitation: License Key issuance details, non-public roadmap content, security incident details under Customer Obligations §4.3, and pricing terms.

If Customer signed a separate Mutual NDA with Licensor (typical for pre-sales evaluation), that NDA continues to govern any Confidential Information disclosed before the License Key was issued; this section governs disclosures during the Subscription term.

9. Warranties and Disclaimers

[ANWALT-REVIEW] — disclaimer language must be ALL CAPS to satisfy the visibility requirement under §305 BGB (AGB) and the UCC §2-316 in US contexts. Counsel to finalise wording.

LICENSOR WARRANTS THAT, FOR THE DURATION OF THE SUBSCRIPTION TERM, THE SOFTWARE WILL CONFORM IN ALL MATERIAL RESPECTS TO THE DOCUMENTATION. CUSTOMER'S SOLE REMEDY FOR BREACH OF THIS WARRANTY IS, AT LICENSOR'S OPTION, EITHER (A) USE OF COMMERCIALLY REASONABLE EFFORTS TO CORRECT THE NON-CONFORMITY, OR (B) TERMINATION OF THE SUBSCRIPTION AND A PRO-RATA REFUND.

EXCEPT FOR THE LIMITED WARRANTY ABOVE, THE SOFTWARE IS PROVIDED "AS IS". LICENSOR DISCLAIMS ALL OTHER WARRANTIES, EXPRESS OR IMPLIED, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT, TO THE EXTENT PERMITTED BY APPLICABLE LAW.

Free Forever components are governed by the Apache-2.0 license, which contains its own disclaimer.

10. Liability Cap

[ANWALT-REVIEW] — liability cap at 12 months of fees is the industry default for B2B SaaS, but German law (§309 Nr. 7 BGB) prohibits limiting liability for Vorsatz und grobe Fahrlässigkeit or for Verletzung von Leben, Körper, Gesundheit. Counsel to insert the carve-outs.

EXCEPT FOR (A) BREACHES OF SECTION 8 (CONFIDENTIALITY), (B) INDEMNIFICATION OBLIGATIONS UNDER SECTION 11, (C) GROSS NEGLIGENCE OR WILLFUL MISCONDUCT, AND (D) INJURIES TO LIFE, BODY, OR HEALTH, EITHER PARTY'S TOTAL CUMULATIVE LIABILITY UNDER THIS EULA SHALL NOT EXCEED THE FEES PAID BY CUSTOMER IN THE 12 MONTHS PRECEDING THE EVENT GIVING RISE TO THE CLAIM.

NEITHER PARTY SHALL BE LIABLE FOR INDIRECT, CONSEQUENTIAL, INCIDENTAL, OR PUNITIVE DAMAGES, INCLUDING LOST PROFITS OR LOST DATA, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

11. Indemnification

[ANWALT-REVIEW] — indemnification is asymmetric in favour of Licensor in the standard B2B template. Counsel to weigh whether a mutual indemnity is more appropriate for enterprise customers.

  1. Licensor indemnifies Customer against third-party claims that the Software, when used as permitted by this EULA, infringes a third party's intellectual-property rights. If a court enjoins Customer's use of the Software, Licensor shall, at its option, either (a) procure for Customer the right to continue use, (b) modify the Software to be non-infringing, or (c) terminate the Subscription and refund the unused portion of fees.
  2. Customer indemnifies Licensor against third-party claims arising from Customer's use of the Software in violation of this EULA, including but not limited to violations of Section 3 (Restrictions) and Section 4.5 (Compliance with Laws).

The indemnifying party's obligations are conditional on the indemnified party (i) promptly notifying the indemnifying party of the claim, (ii) granting sole control of the defence and settlement, and (iii) providing reasonable cooperation.

12. Compliance with Laws

[ANWALT-REVIEW] — counsel to add specific export-control regime references applicable to OrbitalReg's likely customer base (EU Dual-Use Regulation 2021/821, US EAR, etc.) and to address sanctions exposure if Customer operates in restricted jurisdictions.

  1. Export Control. The Software contains cryptographic functionality (Sigstore verification, License Key Ed25519 verification, S3 + LDAP TLS) and is subject to applicable export control law. Customer shall not export, re-export, or transfer the Software to any restricted jurisdiction or entity.
  2. Sanctions. Customer represents that it is not, and is not acting on behalf of, any party subject to sanctions by the EU, the United States, the United Kingdom, or any other applicable authority.
  3. Anti-Bribery. Each party shall comply with applicable anti- bribery and anti-corruption laws, including the German Strafgesetzbuch §§331–337 and the US Foreign Corrupt Practices Act.

13. Governing Law and Jurisdiction

[ANWALT-REVIEW] — governing-law / jurisdiction is the most- litigated clause in cross-border B2B contracts. Counsel to confirm the Dresden venue is acceptable for the customer base targeted by the OrbitalReg GmbH entity, and to consider whether ICC arbitration is preferable for non-EU customers.

This EULA is governed by the laws of the Federal Republic of Germany, excluding its conflict-of-laws principles and excluding the UN Convention on Contracts for the International Sale of Goods (CISG).

The exclusive place of jurisdiction for any dispute arising out of or in connection with this EULA is Dresden, Germany, provided that Licensor reserves the right to bring proceedings against Customer at Customer's principal place of business.

14. General Provisions

[ANWALT-REVIEW] — boilerplate. Counsel to confirm the Schriftform requirement under §126 BGB is satisfied by digitally-signed PDFs.

  1. Severability. If any provision of this EULA is held unenforceable, the remainder shall continue in full force.
  2. Entire Agreement. This EULA, together with the License Key metadata, the Customer Privacy Policy, and the Terms of Service, constitutes the entire agreement between the parties with respect to the Software and supersedes all prior or contemporaneous communications.
  3. Amendments. Amendments to this EULA require the written agreement of both parties. Licensor may publish revised editions on docs.orbitalreg.com; the version in force is the one referenced on Customer's License Key issuance metadata.
  4. Notices. Notices to Licensor go to the postal address of OrbitalReg GmbH and copy to legal@orbitalreg.com. Notices to Customer go to the contact email recorded on the License Key.
  5. Assignment. Customer may not assign this EULA without Licensor's prior written consent. Licensor may assign this EULA to a successor entity in connection with a merger or sale of the OrbitalReg product line.
  6. No waiver. Failure to enforce a provision of this EULA does not waive the right to enforce it later.
  7. Force Majeure. Neither party is liable for delay or failure to perform caused by events beyond its reasonable control, including acts of God, war, terrorism, civil unrest, network outages affecting upstream providers, or governmental action.

Document control

  • Draft version: v0 (skeleton, pending counsel review).
  • Last edited: see this page's "last updated" footer.
  • Counsel review status: not yet reviewed. All [ANWALT-REVIEW] markers must be cleared before this document is binding.
  • Effective date for issued License Keys: TBD on first paid release.

See Customer Privacy Policy and Terms of Service for the companion documents.

Released under the Apache-2.0 License.

Copyright © 2025 OrbitalReg contributors. Documentation built with VitePress.