CAOS Ltd. ("We", CAOS AG, or simply CAOS), with head office in Teufener Strasse 19, 9000 St. Gallen, Switzerland, offers "Identity and Access Management as service" with the brand name "ZITADEL Cloud Services" and all of our Websites (Services or ZITADEL Cloud).
The customer relationship (Framework Agreement or The Agreement) is created by the Customer ("you") by creating a user or organization within the ZITADEL Cloud Service. On the basis of this Framework Agreement you may then choose to make use of payable services (Subscription) as you wish, i.e. you may book services, options and packages yourself at any time (Booking, Purchase Order) and subsequently terminate them.
The terms of service ("TOS") outlined in this document establish the most important points of this Framework Agreement – independently of the use of any services.
This Agreement has the following appendices. When you enter the Agreement with us, you accept these agreements.
- Data Processing Agreement - How we process personal data on behalf of you
- Service Level Description - What service levels do we guarantee you
- Support Service Descriptions - How we provide support services to you
The following policies complement the TOS. When accepting the TOS, you accept these policies.
- Acceptable Use Policy - What we understand as acceptable and fair use of our Services
- Rate Limit Policy - How we avoid overloads of our services
This Agreement is extended with additional terms, in case your Subscription requires a Dedicated Instance. When you enter the Agreement with us, you accept these additional agreements.
- Dedicated Instance Terms - How we provide our services for a dedicated instance
- Annex to the Dedicated Instance Terms - Describe differences of services and guarantees with different providers
Any provisions which deviate from these TOS must be agreed in writing between the Customer and us. Such agreements shall take precedence over the TOS outlined in this document.
You may only transfer the Framework Agreement or Services used in the context of the Framework Agreement to third parties with our prior written consent.
Type and scope of the services
We provide the Services under the conditions stated on our websites at the time of booking.
Modifications of services offered
We are entitled to offer new services, to withdraw existing services (Termination) or to modify the specifications and prices of existing services (Modification) at any time. If the modification or termination affects a service that you are using at that time, we will inform you via email that said service will be automatically modified and/or is no longer available after a period of 30 days.
Modification of services booked by you
You may change or terminate Services or Subscriptions booked by you at any time. You may, where applicable, add more Services (e.g. add-ons) to your existing Services at any time.
We take all appropriate physical and electronic precautions to ensure the security and availability of our infrastructure and the service offered thereupon, in particular to protect against unauthorized access to data, data loss, failures and misuse.
The Annex of the data processing agreement outlines the measures we take in more detail.
We offer Support Services directly related to the use of our Services. The Description of Support Services is available as Annex to this document.
Customers without a Subscription or a Subscription plan that does not include Support Services should post inquiries and issues regarding ZITADEL from customers to our GitHub Discussions, whenever feasible.
If you need support integrating or setting up ZITADEL, please contact our consulting team.
Be advised that the scope of our influence is limited. For example, the actual accessibility of a service is also dependent on the connection to and between various Internet Service Providers ("ISPs"). Portions of our services, i.e. software components, may also be beyond our influence and be subject to their own contractual conditions. You accept that in such cases we reject any responsibility.
Customers with a Subscription may be eligible for a SLA as outlined in our Service Level Description.
Inclusion of third parties
At our request you will provide your truthful contact information and keep it updated at all times. You must also ensure that you actually receive messages, in particular emails, intended for you.
You will ensure that the use of our Websites and Services by you or third parties complies with all applicable legislation, these these TOS, and our Acceptable Use Policy at all times.
You will take appropriate measures to prevent any misuse of the services you booked. These include, for example, securing the software used and the prompt installation of security updates as well as using suitably secure passwords.
We take care of the necessary disaster recovery measures. The goal is to maintain a maximum 24h old restore point off all the vital data.
Any liability for damages, indirect or direct, in case of data loss is explicitly rejected.
You will immediately report any knowledge of a misuse of your booked services.
If the maintenance of service quality requires your cooperation, for example to remedy errors in the services you use, you will provide said cooperation promptly and free of charge.
Third party obligations
You will ensure that your vicarious agents, customers and third parties fulfill these obligations as well.
Credit and payment
Signup to our Services does not require you to open a payment account. However, a payment account is required for the purchase of our Subscriptions. The costs for the services you have purchased will be debited periodically and in advance from your payment account.
If payment upon invoice is agreed, the payment deadline shall be 30 days after receipt of the invoice.
Offsetting against a counterclaim is prohibited.
In the event of default we reserve the right to transfer our claim to a collections agency. You will bear any resulting costs insofar as legally permissible.
Termination by you
You may terminate the Framework Agreement at any time by ceasing your use of the services and deleting your customer account on our website.
Termination by us
We may terminate the Framework Agreement at any time via email message with a notice period of 90 days. Any use of the services will cease at the end of this period and the Framework Agreement will be terminated.
If you have neither used services nor made payment for a period of 3 years, the Framework Agreement will be considered automatically terminated at the end of this period.
Any remaining credit shall automatically expire upon termination of the Framework Agreement.
Termination of services
We are entitled to suspend and terminate services used by you if
- Your credit has been used up by services and/or any applicable credit limit has been reached;
- You are in default in the payment of open invoices and/or prompt payment seems unlikely (i.e. in the event of insolvency proceedings);
- Your services were used illegally or in breach of contract, or if there is reasonable suspicion of such use (i.e. in the event of complaints or abuse reports);
- Other customers' services are being negatively affected in breach of the fair use provision, including in the event of your services being subject to attacks by third parties (i.e. DoS/DDoS attacks);
- We consider the suspension or termination of the services to be necessary for the protection of ourselves, our infrastructure or other customers.
We reserve the right to immediately terminate the Framework Agreement in such cases.
Deletion of data
In the event of the termination of the contract, we reserve the right to irrevocably delete all of your data.
We and/or third parties which we involve are only liable for demonstrably willful or grossly negligent damages. Our liability per damage event is limited to the value of the services used during the previous contractual year. Any liability in other cases, for consequential damages or lost profits is hereby excluded.
You are liable for all damages and costs arising from the illegal or non-contractual use of the services which you have booked. We in particular reserve the right to invoice you for any additional costs incurred by us in this context.
You acknowledge that we may be partially or entirely unable to provide our services during and/or as a result of events beyond our influence. These include events such as natural disasters, war, terrorism, sabotage, attacks on our infrastructure (i.e. DoS/DDoS attacks), failure of electrical or data connections and unexpected official requirements. We are not liable for any damages in such cases.
The Framework Agreement is subject to Swiss law.
Place of jurisdiction
The exclusive place of jurisdiction is St. Gallen, Switzerland.
Should any provision of these TOS be or become invalid, this shall not affect the validity of the remaining TOS. The invalid provision will be replaced by a valid one which approximates the invalid one as much as possible.
Entry into force
These TOS shall enter into force as of 16.06.2021.
Last revised: July 20, 2021
We are entitled to unilaterally amend these TOS at any time. The current version is accessible via our website. We will inform you of any amendments via email. These amendments shall be considered as accepted upon booking additional services or at the latest after 30 days. In the case of a rejection on your part we reserve the right to terminate the Framework Agreement.