letsbe
/
LetsBeBiz-Redesign
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
LetsBeBiz-Redesign/docs/legal/LetsBe_Biz_Terms_of_Service.md

33 KiB
Raw Blame History

LetsBe Biz — Terms of Service

Version: 1.1 Date: February 26, 2026 Authors: Matt (Founder), Claude (Drafting) Status: Draft — Requires Legal Review Before Publication Companion docs: Security & GDPR Framework v1.1, Pricing Model v2.2, Privacy Policy v1.0, DPA v1.0

Important: This document is a comprehensive draft intended to capture all necessary terms based on LetsBe's architecture, pricing, and compliance posture. It must be reviewed by qualified legal counsel (EU and US) before publication. It is not legal advice.

1. Introduction and Acceptance

1.1 Parties

These Terms of Service ("Terms") constitute a legally binding agreement between:

  • LetsBe Solutions LLC ("LetsBe," "we," "us," "our"), a limited liability company registered in the State of Delaware, USA, with its principal office at 221 North Broad Street, Suite 3A, Middletown, DE 19709, operating the LetsBe Biz platform; and
  • The Customer ("you," "your"), the individual or entity that creates an account and subscribes to the Service.

1.2 Acceptance

By creating an account, subscribing to a plan, or using any part of the Service, you acknowledge that you have read, understood, and agree to be bound by these Terms, our Privacy Policy, and our Data Processing Agreement (DPA). If you are accepting these Terms on behalf of an organization, you represent that you have the authority to bind that organization.

1.3 Eligibility

You must be at least 18 years old and capable of entering into a binding contract in your jurisdiction. The Service is designed for business use. If you are a consumer in the EU, mandatory consumer protection laws of your country of residence apply to the extent they cannot be waived by contract.

1.4 Changes to Terms

We may update these Terms from time to time. We will notify you of material changes at least 30 days before they take effect, via email and an in-app notification. Your continued use of the Service after the effective date constitutes acceptance. If you do not agree to updated Terms, you may cancel your subscription before the effective date and receive a pro-rata refund for the remaining billing period.

2. The Service

2.1 Description

LetsBe Biz is a managed platform that provides:

  • A dedicated virtual private server (VPS) provisioned in your chosen data center region, running containerized open-source business tools (CRM, email, file storage, invoicing, project management, and others);
  • AI agents powered by third-party large language models (LLMs) that operate those tools on your behalf; and
  • A centralized Hub for account management, billing, provisioning, and monitoring.

2.2 Data Center Regions

At signup, you choose a data center region for your VPS:

  • EU region: Netcup data centers in Nuremberg, Germany or Vienna, Austria.
  • NA region: Netcup data center in Manassas, Virginia, USA.

Your VPS region determines the jurisdiction governing your business data at rest. The Hub always operates in the EU (Germany) regardless of your VPS region. Your region selection is made at provisioning and cannot be changed without re-provisioning your server (data migration assistance is available).

2.3 Tools, Software, and Licensing

LetsBe is an infrastructure management and AI orchestration provider, not a software vendor. The tools deployed on your VPS are open-source software maintained by their respective upstream communities. Each tool is subject to its own open-source license (e.g., AGPL-3.0, MIT, Apache 2.0, GPL). LetsBe does not develop, modify, or sublicense these tools — we deploy unmodified upstream releases, configure them for your environment, integrate them with our AI orchestration layer, and manage ongoing updates and maintenance on your behalf.

You are the licensee. Each tool runs on your dedicated server under its original open-source license, as if you had installed it yourself. You have full SSH access to your server and all credentials for every deployed tool. LetsBe's service covers the infrastructure management, deployment, integration, and AI-assisted operation of these tools — not the software itself.

Enterprise licenses. Some tools offer paid enterprise editions with additional features (e.g., advanced dashboards, multi-tenancy, premium support). If you wish to use enterprise features for any tool, you purchase the enterprise license directly from the tool vendor. LetsBe will assist with deployment and configuration of enterprise-licensed tools on your server at no additional charge.

No modification of open-source tools. LetsBe deploys unmodified upstream Docker images. We do not create derivative works of the open-source tools. If we contribute patches upstream, those contributions follow the upstream project's contribution guidelines and license.

We do not guarantee compatibility with future upstream releases or third-party integrations. A complete list of deployed tools, their roles, and their licenses is published on our website.

2.4 AI Agents and Models

AI agents operate your tools by sending instructions through the platform's tool registry. Agent behavior is governed by configurable personality files (SOUL.md) and permission files (TOOLS.md) that you can customize.

AI inference is provided by third-party LLM providers routed through OpenRouter. The specific models available are listed in your account settings and may change over time. We do not develop the underlying AI models — we deploy and route them.

Important limitations of AI agents:

  • AI agents may produce incorrect, incomplete, or inappropriate outputs. You are responsible for reviewing agent actions that affect your business operations, particularly external communications (emails, published content, customer-facing messages).
  • AI agents operate within configurable autonomy levels and permission boundaries, but no AI system is infallible. Critical business decisions should involve human review.
  • LetsBe implements a four-layer security architecture — (1) Sandbox (container isolation), (2) Tool Policy (per-agent allow/deny lists), (3) Command Gating (autonomy-level approval for sensitive operations), and (4) Secrets Redaction (credential stripping before any data reaches an LLM provider) — plus an External Communications Gate requiring human approval for outbound messages. These are designed to minimize risk but do not eliminate it entirely.

2.5 Service Availability

We target 99.5% uptime for the Hub and provisioned VPS infrastructure. This is a goal, not a guarantee. We do not offer a formal Service Level Agreement (SLA) at this time. Scheduled maintenance windows will be communicated at least 48 hours in advance. Emergency maintenance may occur without notice.

3. Account and Access

3.1 Account Registration

You must provide accurate, complete, and current information when creating your account. You are responsible for maintaining the confidentiality of your account credentials and for all activity that occurs under your account.

3.2 Administrative Access

LetsBe maintains SSH access to your VPS for the purposes of:

  • Service delivery, maintenance, and updates
  • Security patching and incident response
  • Customer support (when requested)
  • Monitoring and backup operations

This access is logged and auditable. We will not access your data for purposes other than service delivery and support. Advanced users may request to manage their own SSH access (at which point LetsBe support capabilities will be limited).

3.3 Account Security

You are responsible for:

  • Keeping your login credentials secure
  • Notifying us immediately if you suspect unauthorized access
  • Ensuring that any users you invite to your server comply with these Terms

4. Subscription, Pricing, and Payment

4.1 Subscription Plans

LetsBe Biz offers tiered subscription plans (currently: Lite, Build, Scale, Enterprise) that differ in server resources and included AI token allotments. Plan details, pricing, and feature comparisons are published on our website and may be updated from time to time. The plan in effect at the time of your subscription or renewal governs your entitlements for that billing period.

4.2 Pricing

Current subscription prices are:

Plan VPS (Shared Cores) RS (Dedicated Cores)
Lite (available during onboarding only) €29/mo €35/mo
Build €45/mo €55/mo
Scale €75/mo €89/mo
Enterprise €109/mo €149/mo

Prices are in Euros (€). Applicable taxes (VAT, sales tax) are added at checkout based on your billing address. Prices may vary slightly by data center region (approximately ±€1-2/mo). An annual billing option is available at a 15% discount, paid upfront.

4.3 AI Token Usage

Each plan includes a monthly pool of AI tokens for use with included models. Token usage is pooled across all agents and does not roll over between billing periods.

Premium AI models (e.g., Claude Sonnet, GPT 5.2, Claude Opus) are metered separately and billed to your payment method at published per-token rates. Premium model usage requires a credit card on file. Current premium pricing is displayed in your account settings.

Overage on included models: When your included token pool is exhausted, included model usage either pauses until the next billing cycle or, if you have opted into overage billing, continues at a marked-up per-token rate.

4.4 Payment Terms

Payments are processed by Stripe. By subscribing, you authorize recurring charges to your payment method. Subscriptions are billed monthly (or annually, if selected) in advance. Premium AI usage and overage charges are billed monthly in arrears.

If a payment fails, we will attempt to charge your payment method up to three times over seven days. If all attempts fail, your account may be suspended. You will be notified before suspension and given the opportunity to update your payment method.

4.5 Price Changes

We may change subscription prices with at least 60 days' written notice. Price changes take effect at your next renewal date after the notice period. If you do not agree to a price change, you may cancel before the renewal date.

4.6 Refunds

Monthly subscriptions may be cancelled at any time. No refunds are provided for partial billing periods, except where required by applicable law (see §4.7).

Annual subscriptions may be cancelled at any time. If cancelled within the first 14 days, you receive a full refund. After 14 days, the subscription continues until the end of the annual term and is not renewed.

4.7 EU Consumer Right of Withdrawal

If you are a consumer in the European Union, you have the right to withdraw from this contract within 14 days of purchase without giving any reason ("cooling-off period"), in accordance with EU Directive 2011/83/EU. To exercise this right, notify us at [support email] with a clear statement of your decision. We will reimburse all payments within 14 days.

If you have expressly requested that the Service begin during the withdrawal period (by using your provisioned VPS), you acknowledge that you may lose the right of withdrawal once the Service has been fully performed, and you may be liable for charges proportional to the service provided up to the point of withdrawal.

4.8 Founding Member Program

The Founding Member Program offers enhanced terms (currently: 2× included AI token allotment) for a limited number of early customers. Founding member benefits are valid for 12 months from the date of enrollment. Founding member pricing (subscription rate) is locked for the duration of the founding period. Specific founding member terms are communicated at enrollment and supplement these Terms.

5. Data Ownership, Processing, and Privacy

5.1 Your Data

You own your data. All business data stored on your VPS — including but not limited to CRM records, emails, files, invoices, project data, AI conversation transcripts, and tool configurations — belongs to you. LetsBe does not claim any ownership, license, or interest in your data.

5.2 Data Processing

LetsBe processes your data as a data processor (GDPR Art. 28) acting on your instructions. The specific terms of data processing are governed by the Data Processing Agreement (DPA), which is incorporated into these Terms by reference. The DPA covers:

  • Categories of data processed
  • Purposes and legal bases for processing
  • Subprocessor list and change notification process
  • Technical and organizational security measures
  • Data subject rights support
  • Breach notification procedures
  • Data return and deletion upon termination

The DPA is available in your account dashboard and is accepted as part of signup.

5.2a Breach Notification

In the event of a personal data breach affecting your data, LetsBe will:

  1. Notify you (the customer) without undue delay, and in any event within 48 hours of confirming the breach
  2. Assist you in notifying the relevant supervisory authority within 72 hours of becoming aware of the breach (GDPR Art. 33)
  3. Provide details including: nature of the breach, categories and approximate number of data subjects affected, likely consequences, and measures taken or proposed to address the breach
  4. Cooperate with you in meeting your own notification obligations as data controller

Breach detection is supported by the Safety Wrapper audit logs, Hub monitoring, and anomaly detection (see Security & GDPR Framework §3.7 for the full breach response plan).

5.3 AI and Data Privacy

When AI agents operate your tools, the following data flows occur:

  • On your VPS (local): Agents read and write data in your tools. This data stays on your server.
  • To LLM providers (external): Agent prompts — containing task context and tool outputs — are sent to third-party LLM providers for inference. Before transmission, the Safety Wrapper strips all credentials, API keys, and secrets from the prompts. Configurable PII scrubbing is also available.
  • LLM providers do not train on your data. We use API-tier access with contractual prohibitions on training. See the DPA and our Subprocessor List for details.

5.4 Subprocessors

We use third-party subprocessors to deliver the Service. The current list includes:

  • Netcup GmbH — VPS hosting (EU and US regions)
  • OpenRouter — LLM API aggregation
  • Anthropic — LLM inference (Claude models)
  • Google — LLM inference (Gemini models)
  • DeepSeek — LLM inference (DeepSeek models; opt-in only with mandatory enhanced redaction due to China data transfer requirements — see DPA §12.5)
  • Stripe — Payment processing
  • Poste Pro (self-hosted) — Delivery of system emails from the Hub. Self-hosted on LetsBe infrastructure; not a third-party subprocessor. If a third-party relay service is adopted in the future, it will be added to this list with 30 days' advance notice.

The complete, current subprocessor list is published in our Security documentation and updated with at least 30 days' notice before adding a new subprocessor. You may object to a new subprocessor within that notice period; if we cannot accommodate your objection, you may terminate your subscription.

5.5 Data Portability and Export

You can export your data at any time using the tools directly (e.g., CRM export, file download) or via SSH access to your VPS. LetsBe does not impose technical barriers to data portability. Upon termination, you have 30 days to export your data before your VPS is deprovisioned (see §10).

This is consistent with the requirements of the EU Data Act regarding SaaS data portability and switching.

5.6 Privacy Policy

Our processing of personal data is further governed by our Privacy Policy, which is incorporated into these Terms by reference. The Privacy Policy describes how we collect, use, and protect personal data in connection with the Service, including the Hub (account data, billing, telemetry).

6. Acceptable Use

6.1 Permitted Use

The Service is intended for lawful business purposes. You may use the Service to operate your business tools, communicate with your customers and contacts, store business data, and leverage AI agents to automate business operations.

6.2 Prohibited Use

You may not use the Service to:

  • Violate any applicable law, regulation, or third-party right
  • Send spam, phishing emails, or other unsolicited bulk communications
  • Host or distribute malware, exploit kits, or other malicious software
  • Engage in cryptocurrency mining, brute-force attacks, or other resource-abusive activities
  • Store or process illegal content (as defined by the law of your VPS region's jurisdiction and the law of Germany, where the Hub operates)
  • Attempt to circumvent the Safety Wrapper, secrets firewall, or other security controls
  • Resell, sublicense, or white-label the Service without our prior written consent
  • Use the AI agents to generate content that violates the acceptable use policies of the underlying LLM providers (Anthropic, Google, DeepSeek, etc.)
  • Interfere with the operation of the Service or other customers' servers

6.3 Enforcement

If we reasonably determine that you are violating this section, we may:

  1. Issue a warning with a deadline to cure the violation
  2. Suspend your account pending investigation
  3. Terminate your account (see §10)

We will make reasonable efforts to contact you before taking action, except where immediate action is necessary to protect the integrity of the Service, other customers, or comply with legal obligations.

7. Intellectual Property

7.1 LetsBe IP

The LetsBe platform — including the Hub, Safety Wrapper, agent framework, provisioning system, and all associated software, documentation, and branding — is owned by LetsBe Solutions LLC and its licensors. These Terms grant you a limited, non-exclusive, non-transferable license to use the platform for the duration of your subscription. You do not acquire any ownership interest in the platform.

7.2 Open-Source Tools

The business tools deployed on your VPS are open-source software, each subject to its own license (e.g., AGPL-3.0, MIT, Apache 2.0, GPL-2.0). LetsBe does not claim ownership of, modify, or sublicense these tools. As described in §2.3, you are the licensee — each tool runs under its upstream open-source license on your dedicated server. Your rights under those licenses (including the right to inspect source code, modify tools, and use them independently of LetsBe) are not restricted by these Terms. LetsBe deploys unmodified upstream Docker images and does not create derivative works of the deployed tools.

7.3 Your Content

You retain all rights to content you create, upload, or generate using the Service. LetsBe does not claim any license to your content beyond what is necessary to provide the Service (e.g., storing data on your VPS, transmitting redacted prompts to LLM providers).

7.4 AI-Generated Content

Content generated by AI agents on your behalf is your responsibility. You are the publisher and controller of AI-generated content. LetsBe does not guarantee that AI-generated content is accurate, original, non-infringing, or fit for any particular purpose. You are responsible for reviewing AI-generated content before publication or external use.

8. Limitation of Liability

8.1 Disclaimer of Warranties

To the maximum extent permitted by applicable law, the Service is provided "AS IS" and "AS AVAILABLE." We disclaim all warranties, express or implied, including but not limited to warranties of merchantability, fitness for a particular purpose, non-infringement, and accuracy of AI outputs.

We do not warrant that:

  • The Service will be uninterrupted, error-free, or completely secure
  • AI agent outputs will be accurate, complete, or appropriate
  • The tools deployed on your VPS will be compatible with all data formats, third-party services, or future upstream releases
  • Your data will be preserved against all possible loss scenarios

8.2 Limitation of Liability

To the maximum extent permitted by applicable law, LetsBe's total aggregate liability to you for all claims arising out of or relating to these Terms or the Service shall not exceed the greater of:

  • The total fees you paid to LetsBe in the 12 months preceding the claim; or
  • €500.

This limitation applies to all causes of action, whether in contract, tort (including negligence), strict liability, or otherwise.

8.3 Exclusion of Consequential Damages

To the maximum extent permitted by applicable law, neither party shall be liable for any indirect, incidental, special, consequential, or punitive damages, including but not limited to loss of profits, loss of data, loss of business opportunity, or reputational harm, regardless of whether such damages were foreseeable.

8.4 Exceptions

The limitations in §8.2 and §8.3 do not apply to:

  • Liability that cannot be limited by applicable law (including, for EU consumers, liability for intentional misconduct or gross negligence)
  • Your payment obligations under these Terms
  • Either party's indemnification obligations under §9
  • Breaches of confidentiality obligations
  • LetsBe's obligations under the DPA with respect to data breaches

8.5 AI-Specific Disclaimers

You acknowledge that:

  • AI agents are probabilistic systems that may produce unexpected, incorrect, or inconsistent results
  • The Safety Wrapper and security layers are defense-in-depth measures, not absolute guarantees
  • AI agents may take actions within their permitted scope that have unintended business consequences (e.g., sending an email with incorrect information, categorizing a lead incorrectly)
  • You are responsible for configuring appropriate autonomy levels, permissions, and review gates for your AI agents
  • The External Communications Gate is a safety feature, not a compliance tool — regulatory responsibility for communications sent by AI agents on your behalf remains with you

9. Indemnification

9.1 Your Indemnification

You agree to indemnify, defend, and hold harmless LetsBe, its officers, employees, and agents from and against any claims, damages, losses, liabilities, and expenses (including reasonable legal fees) arising out of:

  • Your use of the Service in violation of these Terms
  • Your violation of any applicable law or third-party right
  • Content you create, store, or transmit through the Service
  • Actions taken by AI agents that you configured, authorized, or failed to adequately supervise
  • Your failure to comply with data protection obligations as a data controller

9.2 LetsBe Indemnification

LetsBe will indemnify, defend, and hold harmless the Customer from and against claims that the LetsBe platform (excluding open-source tools and third-party LLM outputs) infringes a third party's intellectual property rights, provided that you: (a) promptly notify us of the claim, (b) give us sole control of the defense, and (c) cooperate with our defense. If a claim is made or is likely, we may, at our option, modify the Service, obtain a license, or terminate your subscription with a pro-rata refund.

10. Term and Termination

10.1 Term

These Terms are effective from the date you create your account and continue until your subscription is terminated by either party.

10.2 Cancellation by You

You may cancel your subscription at any time through your account settings or by contacting support. Upon cancellation:

  1. Your subscription remains active until the end of the current billing period
  2. No further charges are made (except outstanding premium AI usage or overage charges)
  3. After the billing period ends, your account is marked for deletion and a confirmation email is sent. A 48-hour cooling-off period begins, during which you may reverse the cancellation
  4. After the cooling-off period, a 30-day data export window begins
  5. During the export window, your VPS remains accessible for data retrieval (tools may be in read-only mode)
  6. After the 30-day window, your VPS is securely deprovisioned: disk wiped, snapshots deleted, instance removed

10.3 Termination by LetsBe

We may terminate your account:

  • For cause: If you materially breach these Terms and fail to cure the breach within 14 days of written notice
  • For prohibited use: Immediately, if your use poses an imminent threat to the Service, other customers, or legal compliance (with notice as soon as practicable)
  • For non-payment: If payment is not received after the seven-day retry period described in §4.4

Upon termination by LetsBe, the same 30-day data export window applies, except in cases of illegal activity where we may be required to preserve or disclose data to authorities.

10.4 Termination for Convenience by LetsBe

We may discontinue the Service entirely with at least 90 days' written notice. In this case, you will receive a pro-rata refund for any prepaid period remaining after the discontinuation date, and the 30-day data export window applies.

10.5 Effect of Termination

Upon termination and expiration of the data export window:

  • Your VPS is securely wiped and deleted
  • All snapshots and backups of your VPS are deleted
  • Your Hub account data is soft-deleted and permanently purged after backup rotation (90 days)
  • Billing records are retained for 7 years per German tax law (HGB §257)
  • These Terms survive only to the extent necessary: §5.1 (data ownership), §7 (IP), §8 (liability), §9 (indemnification), §11 (governing law), and this §10.5

10.6 Data Retention After Termination

Data Retained For Reason
VPS and all tool data Deleted after 30-day export window Service termination
Hub account record 90 days (soft-delete + backup rotation) Operational cleanup
Billing records 7 years German tax law (HGB §257)
Aggregated telemetry (no PII) 24 months Service improvement
Support tickets 24 months after resolution Operational reference

11. Governing Law and Disputes

11.1 Governing Law

These Terms are governed by the laws of the State of Delaware, USA, without regard to conflict of laws principles.

For EU customers: If you are a consumer habitually resident in the EU, you additionally benefit from the mandatory consumer protection provisions of the law of your country of residence, to the extent those provisions offer greater protection than the governing law of these Terms.

For US customers: These Terms are subject to applicable US federal law and the laws of the State of Delaware.

11.2 Dispute Resolution

Informal Resolution First: Before initiating formal proceedings, both parties agree to attempt to resolve disputes through good-faith negotiation for a period of 30 days after written notice of the dispute.

EU Customers: If informal resolution fails, disputes may be submitted to the courts of your country of residence in the EU, or to the courts of [LetsBe jurisdiction]. You may also use the European Commission's Online Dispute Resolution platform at https://ec.europa.eu/consumers/odr.

Non-EU Customers: If informal resolution fails, disputes shall be resolved through binding arbitration administered by the American Arbitration Association (AAA) under its Commercial Arbitration Rules, except that either party may seek injunctive relief in a court of competent jurisdiction. The arbitration shall take place in Wilmington, Delaware, or remotely at the parties' election.

11.3 Class Action Waiver (US Customers)

To the extent permitted by law, you agree to resolve disputes with LetsBe on an individual basis and waive any right to participate in a class action, class arbitration, or representative proceeding. This waiver does not apply where prohibited by law.

12. EU AI Act Transparency

12.1 AI Disclosure

In accordance with the EU AI Act (Regulation 2024/1689), LetsBe discloses that:

  • The Service uses general-purpose AI models provided by third parties (Anthropic, Google, DeepSeek, and others) for natural language processing, task execution, and content generation.
  • LetsBe is a deployer of AI systems, not a provider of the underlying models.
  • AI-generated content is labeled as such within the platform interface.
  • Human oversight is available through configurable autonomy levels, the External Communications Gate, and per-agent permission settings.

12.2 Your Obligations as Deployer

If you use the Service in a context that qualifies as "high-risk" under the EU AI Act (e.g., AI-assisted decision-making affecting individuals' rights), you are responsible for:

  • Conducting your own conformity assessment as required by the Act
  • Ensuring human oversight appropriate to the risk level
  • Maintaining records of AI system usage as required
  • Complying with transparency obligations toward individuals affected by AI decisions

LetsBe provides tools (audit logs, autonomy levels, communications gates) to support these obligations but does not assume your regulatory responsibilities.

13. General Provisions

13.1 Entire Agreement

These Terms, together with the Privacy Policy, DPA, and any order forms or founding member agreements, constitute the entire agreement between you and LetsBe regarding the Service. They supersede all prior agreements, representations, and understandings.

13.2 Severability

If any provision of these Terms is found to be invalid or unenforceable, that provision shall be enforced to the maximum extent permissible, and the remaining provisions shall remain in full force and effect.

13.3 Waiver

Our failure to enforce any provision of these Terms is not a waiver of our right to enforce that provision in the future.

13.4 Assignment

You may not assign or transfer these Terms or your subscription without our prior written consent. LetsBe may assign these Terms in connection with a merger, acquisition, or sale of substantially all of its assets, with notice to you.

13.5 Force Majeure

Neither party is liable for failure to perform due to events beyond reasonable control, including but not limited to natural disasters, war, terrorism, pandemics, government actions, internet or infrastructure failures, or hosting provider outages. If a force majeure event continues for more than 60 days, either party may terminate the affected subscription.

13.6 Notices

Notices under these Terms may be sent by email to the address associated with your account (for notices to you) or to legal@letsbe.solutions (for notices to LetsBe). Notices are effective when sent.

13.7 Language

These Terms are drafted in English. If translated into any other language, the English version shall prevail in the event of any inconsistency.

14. Open Questions (Internal — Remove Before Publication)

# Question Status Notes
1 LetsBe corporate jurisdiction and registered entity Resolved LetsBe Solutions LLC, registered in Delaware. 221 North Broad Street, Suite 3A, Middletown, DE 19709. Governing law: Delaware.
2 Arbitration body for non-EU disputes Resolved AAA (American Arbitration Association), Commercial Arbitration Rules. Venue: Wilmington, DE or remote.
3 Support email and legal email addresses Resolved legal@letsbe.solutions (notices), privacy@letsbe.solutions (privacy/DPO), matt@letsbe.solutions (support).
4 DPA finalization Open DPA template referenced throughout — must be completed and available in dashboard before ToS goes live.
5 SLA formalization Open Currently no formal SLA. Consider adding a basic SLA (99.5% uptime commitment with service credits) for Scale/Enterprise tiers.
6 Consumer protection review (EU) Open German/EU consumer protection law may require additional provisions (e.g., Widerrufsbelehrung format, button labeling for orders). Requires legal counsel review.
7 CCPA-specific disclosures Open CCPA requires specific disclosure language for California consumers. May be better placed in Privacy Policy.
8 Domain reselling terms Open If domain reselling via Netcup is offered, separate terms or an addendum may be needed.
9 Insurance and liability cap adequacy Open €500 / 12-month fees liability cap is standard for SaaS but should be reviewed by counsel given the scope of data processed.

15. Changelog

Version Date Changes
1.0 2026-02-26 Initial draft. Covers: service description with dual-region data centers, subscription/pricing/payment, data ownership and processing, AI transparency and disclaimers, acceptable use, IP, liability, termination with 30-day export window, EU AI Act compliance, governing law (placeholder). Aligned with Security & GDPR Framework v1.1 and Pricing Model v2.2. Post-draft consistency fixes: expanded subprocessor list to individual entries, added 48-hour cooling-off period to termination flow (§10.2), added breach notification section (§5.2a) with 72-hour timeline per GDPR Art. 33, clarified four-layer security architecture naming in §2.4.

This document is a draft requiring legal review. It should not be published or relied upon as legal advice. Qualified legal counsel in both the EU and the customer's jurisdiction should review these Terms before they are made binding.