Terms of Service

Last updated: 10 February 2026

These Terms of Service ("Terms") govern the use of the Panzerotti platform provided by [COMPANY_NAME] OÜ ("Provider", "we", "us"), an Estonian company, to its enterprise clients ("Client", "you").

By accessing or using the Panzerotti service, the Client agrees to be bound by these Terms. These Terms are provided in accordance with Hungarian Act CVIII of 2001 on electronic commerce and information society services.

1. Definitions

• Service — The Panzerotti session-aware security and analytics platform, including APIs, dashboards, SDKs, and documentation.
• Client Data — All data generated by or on behalf of the Client through the use of the Service, including session metadata, behavioural vectors, challenge/response logs, and analytics.
• Subscription Period — The term during which the Client is entitled to use the Service, as specified in the applicable Order Form.
• Order Form — A document or electronic agreement specifying the Service plan, pricing, and Subscription Period.
• DPA — The Data Processing Agreement executed between the Provider and Client pursuant to Article 28 GDPR.

2. Service Description

Panzerotti provides:

• Session-aware security — Cryptographic proof-of-work challenges, session identity management, and real-time bot detection.
• Session analytics — Behavioural intelligence, journey mapping, and anomaly detection dashboards.
• APIs and SDKs — Integration tools for deploying session protection on the Client's infrastructure.

The Service is provided as a cloud-hosted SaaS platform on AWS infrastructure within the European Union (EU-Central-1, Frankfurt).

3. Client Obligations

The Client shall:

• Use the Service in compliance with all applicable laws and regulations.
• Maintain the confidentiality of API keys and access credentials.
• Not attempt to reverse-engineer, decompile, or extract source code from the Service.
• Not use the Service to process data of individuals under 16 without appropriate legal basis.
• Provide accurate billing and contact information.
• Comply with their obligations as Data Controller under GDPR when using the Service.

4. Service Levels

• Availability target: 99.9% monthly uptime (excluding scheduled maintenance).
• Scheduled maintenance: Announced at least 48 hours in advance via email.
• Incident response: Critical issues acknowledged within 4 hours during business hours (CET).
• Support channels: Email (support@panzerotti.be).

Service credits for downtime exceeding the availability target are specified in the applicable Order Form.

5. Fees and Payment

• Fees are specified in the applicable Order Form.
• Invoices are issued monthly in arrears in EUR.
• Payment is due within 30 days of invoice date.
• All prices are exclusive of VAT. For B2B clients with a valid EU VAT ID, the reverse charge mechanism applies per Article 196 of Directive 2006/112/EC.
• Late payments accrue interest at the rate permitted by the Estonian Law of Obligations Act.

6. Data Processing

• The Provider acts as Data Processor for Client Data, as detailed in the Privacy Policy and the DPA.
• The Client acts as Data Controller and is responsible for the lawfulness of processing.
• The Provider processes Client Data solely on the Client's documented instructions.
• Sub-processor changes are communicated with 30 days' notice.

7. Data Portability and Switching (EU Data Act) {#switching}

In compliance with Regulation (EU) 2023/2854 (EU Data Act), Chapter VI:

7.1 Data Export

• The Client may export 100% of their readily available data at any time via the Service API or dashboard.
• Exported data is provided in structured, commonly used, and machine-readable formats (JSON, CSV).
• Export functionality is included in all Service plans at no additional cost.

7.2 No Exit Fees

• The Provider does not apply switching charges, egress fees, or any other fees for data export or service migration (Article 25, EU Data Act).
• Data export volume is unlimited and not subject to throttling during normal operation.

7.3 Switching Process

• The Client may initiate a switching process at any time by providing written notice.
• The maximum notice period for switching is 2 months from the date of written notice.
• During the notice period, the Service continues to operate normally and data export remains fully available.
• The Provider will provide reasonable technical assistance for migration to an alternative service provider.

7.4 Functional Equivalence

• All exported data maintains its functional equivalence — the same structure, semantics, and completeness as within the Service.
• Export formats are documented in the API documentation and include JSON and CSV.
• The Provider guarantees that exported data is sufficient to reproduce equivalent analytics and reports in a comparable service.

7.5 Anti-Lock-In

• The Service provides open, documented APIs for all data access and export operations.
• No proprietary formats are used for data storage or export.
• Session data, analytics, and configuration are fully extractable without loss of information.

8. Intellectual Property

• The Provider retains all intellectual property rights in the Service, including software, documentation, and trademarks.
• The Client retains all rights in their Client Data.
• The Provider is granted a limited, non-exclusive licence to process Client Data solely for the purpose of providing the Service.
• Neither party acquires rights in the other party's intellectual property except as expressly stated in these Terms.

9. Confidentiality

• Each party shall maintain the confidentiality of the other party's Confidential Information.
• Confidential Information includes: pricing, technical specifications, security measures, business strategies, and any information marked as confidential.
• Confidentiality obligations survive termination for a period of 3 years.
• Exceptions: information that is publicly available, independently developed, or required to be disclosed by law.

10. Limitation of Liability

• The Provider's total aggregate liability under these Terms shall not exceed the fees paid by the Client in the 12 months preceding the event giving rise to the claim.
• The Provider shall not be liable for: indirect, incidental, consequential, or punitive damages; loss of profits, revenue, or data; or interruptions caused by force majeure.
• These limitations do not apply to: wilful misconduct, gross negligence, or breaches of data protection obligations.

11. Term and Termination

11.1 Term

• The initial Subscription Period is specified in the Order Form.
• Unless terminated, the Subscription renews automatically for successive periods of the same duration.

11.2 Termination for Convenience

• Either party may terminate with 2 months' written notice before the end of the current Subscription Period.

11.3 Termination for Cause

Either party may terminate immediately upon written notice if:

• The other party commits a material breach and fails to cure it within 30 days of notice.
• The other party becomes insolvent, enters liquidation, or ceases to operate.

11.4 Post-Termination

Upon termination:

1. The Client retains access to data export for a 30-day retrieval period.
2. After the retrieval period, all Client Data is permanently and irrecoverably deleted.
3. The Provider will provide written confirmation of deletion upon request.
4. Obligations under Sections 8 (IP), 9 (Confidentiality), and 10 (Liability) survive termination.

12. Force Majeure

Neither party shall be liable for delays or failures in performance caused by events beyond reasonable control, including: natural disasters, war, terrorism, pandemics, government actions, power failures, or internet disruptions. The affected party shall provide prompt notice and use reasonable efforts to mitigate the impact.

13. Governing Law and Jurisdiction

• These Terms are governed by the laws of the Republic of Estonia.
• Disputes shall be resolved by the courts of Harju County, Estonia.
• For Hungarian enterprise clients: Nothing in these Terms limits the Client's rights under Hungarian consumer protection or data protection law where mandatorily applicable.

14. Amendments

• The Provider may amend these Terms with at least 30 days' prior written notice to the Client.
• Material changes will be communicated via email to the Client's registered contact.
• Continued use of the Service after the effective date of amendments constitutes acceptance.
• If the Client does not agree to the amendments, they may terminate in accordance with Section 11.

15. Severability

If any provision of these Terms is found to be invalid or unenforceable, the remaining provisions shall continue in full force and effect. The invalid provision shall be replaced by a valid provision that most closely achieves the original intent.

16. Entire Agreement

These Terms, together with the applicable Order Form, DPA, and Privacy Policy, constitute the entire agreement between the parties. They supersede all prior agreements, representations, and understandings relating to the subject matter.

17. Legal References

• GDPR: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016
• EU Data Act: Regulation (EU) 2023/2854 of the European Parliament and of the Council of 13 December 2023, specifically Chapter VI (Switching between data processing services)
• Hungarian E-Commerce Act: Act CVIII of 2001 on electronic commerce and information society services
• EU VAT Directive: Directive 2006/112/EC, Article 196 (Reverse charge mechanism)
• EU e-Invoicing Directive: Directive 2014/55/EU (Standard EN 16931)
• Estonian Law of Obligations Act: Võlaõigusseadus (late payment interest)

18. Contact

[COMPANY_NAME] OÜ [STREET_ADDRESS], [CITY], Estonia Email: legal@panzerotti.be EU VAT ID: EE[VAT_NUMBER] Estonian Registry Code: [REGISTRY_CODE]