Skip to main content

Terms of Service Agreement



CAOS Ltd. ("We", CAOS AG, or simply CAOS), with head office in Lerchenfeldstrasse 3, 9014 St. Gallen, Switzerland, offers "Identity and Access Management as service" with the brand name "ZITADEL Cloud Services" and all of our Websites (Services or ZITADEL Cloud).

The customer relationship (Framework Agreement or The Agreement) is created by the Customer ("you") by creating a user or organization within the ZITADEL Cloud Service. On the basis of this Framework Agreement you may then choose to make use of payable services (Subscription) as you wish, i.e. you may book services, options and packages yourself at any time (Booking, Purchase Order) and subsequently terminate them.

The terms of service ("TOS") outlined in this document establish the most important points of this Framework Agreement – independently of the use of any services.

This Agreement has the following appendices. When you enter the Agreement with us, you accept these agreements.

The following policies complement the TOS. When accepting the TOS, you accept these policies.


Any provisions which deviate from these TOS must be agreed in writing between the Customer and us. Such agreements shall take precedence over the TOS outlined in this document.


You may only transfer the Framework Agreement or Services used in the context of the Framework Agreement to third parties with our prior written consent.

Our Services

Type and scope of the services

We provide the Services under the conditions stated on our websites at the time of booking.

Modifications of services offered

We are entitled to offer new services, to withdraw existing services (Termination) or to modify the specifications and prices of existing services (Modification) at any time. If the modification or termination affects a service that you are using at that time, we will inform you via email that said service will be automatically modified and/or is no longer available after a period of 30 days.

Modification of services booked by you

You may change or terminate Services or Subscriptions booked by you at any time. You may, where applicable, add more Services (e.g. add-ons) to your existing Services at any time.

Due care

We take all appropriate physical and electronic precautions to ensure the security and availability of our infrastructure and the service offered thereupon, in particular to protect against unauthorized access to data, data loss, failures and misuse.

The Annex of the data processing agreement outlines the measures we take in more detail.


We offer Support Services directly related to the use of our Services. The Description of Support Services is available as Annex to this document.

Customers without a subscription can contact us via the official communication channels.

Limited influence

Be advised that the scope of our influence is limited. For example, the actual accessibility of a service is also dependent on the connection to and between various Internet Service Providers ("ISPs"). Portions of our services, i.e. software components, may also be beyond our influence and be subject to their own contractual conditions. You accept that in such cases we reject any responsibility.

Service level

Customers with a Subscription may be eligible for a SLA as outlined in our Service Level Description.

Inclusion of third parties

We may include third parties in the provision of our services. See our Privacy Policy and our Data Processing Agreement for more information.

Your obligations

Contact information

At our request you will provide your truthful contact information and keep it updated at all times. You must also ensure that you actually receive messages, in particular emails, intended for you.


You will ensure that the use of our Websites and Services by you or third parties complies with all applicable legislation, these these TOS, and our Acceptable Use Policy at all times.


You will take appropriate measures to prevent any misuse of the services you booked. These include, for example, securing the software used and the prompt installation of security updates as well as using suitably secure passwords.

Disaster recovery

We take care of the necessary disaster recovery measures. The goal is to maintain a maximum 24h old restore point off all the vital data.

Any liability for damages, indirect or direct, in case of data loss is explicitly rejected.

Reporting obligations

You will immediately report any knowledge of a misuse of your booked services.


If the maintenance of service quality requires your cooperation, for example to remedy errors in the services you use, you will provide said cooperation promptly and free of charge.

Third party obligations

You will ensure that your vicarious agents, customers and third parties fulfill these obligations as well.


Credit and payment

Signup to our Services does not require you to open a payment account. However, a payment account is required for the purchase of our Subscriptions. The costs for the services you have purchased will be debited periodically from your payment account.

Payment procedure

If payment upon invoice is agreed, the payment deadline shall be 30 days after receipt of the invoice.


Offsetting against a counterclaim is prohibited.


In the event of default we reserve the right to transfer our claim to a collections agency. You will bear any resulting costs insofar as legally permissible.


Termination by you

You may terminate the Framework Agreement at any time by ceasing your use of the services and deleting your customer account on our website.

Termination by us

We may terminate the Framework Agreement at any time via email message with a notice period of 90 days. Any use of the services will cease at the end of this period and the Framework Agreement will be terminated.

Automatic termination

If you have neither used services nor made payment for a period of 3 years, the Framework Agreement will be considered automatically terminated at the end of this period.

No reimbursement

Any remaining credit shall automatically expire upon termination of the Framework Agreement.

Termination of services

We are entitled to suspend and terminate services used by you if

  • Your credit has been used up by services and/or any applicable credit limit has been reached;
  • You are in default in the payment of open invoices and/or prompt payment seems unlikely (i.e. in the event of insolvency proceedings);
  • Your services were used illegally or in breach of contract, or if there is reasonable suspicion of such use (i.e. in the event of complaints or abuse reports);
  • Other customers' services are being negatively affected in breach of the fair use provision, including in the event of your services being subject to attacks by third parties (i.e. DoS/DDoS attacks);
  • We consider the suspension or termination of the services to be necessary for the protection of ourselves, our infrastructure or other customers.

We reserve the right to immediately terminate the Framework Agreement in such cases.

Deletion of data

In the event of the termination of the contract, we reserve the right to irrevocably delete all of your data.

Data protection

Please consult the annex to this Framework Agreement, specifically our Privacy Policy and Data Processing Agreement, or our Trust Site for more information about how we process and protect your data.


Our liability

We and/or third parties which we involve are only liable for demonstrably willful or grossly negligent damages. Our liability per damage event is limited to the value of the services used during the previous contractual year. Any liability in other cases, for consequential damages or lost profits is hereby excluded.

Your liability

You are liable for all damages and costs arising from the illegal or non-contractual use of the services which you have booked. We in particular reserve the right to invoice you for any additional costs incurred by us in this context.

Force majeure

You acknowledge that we may be partially or entirely unable to provide our services during and/or as a result of events beyond our influence. These include events such as natural disasters, war, terrorism, sabotage, attacks on our infrastructure (i.e. DoS/DDoS attacks), failure of electrical or data connections and unexpected official requirements. We are not liable for any damages in such cases.

Final provision

Applicable law

The Framework Agreement is subject to Swiss law.

Place of jurisdiction

The exclusive place of jurisdiction is St. Gallen, Switzerland.

Severability clause

Should any provision of these TOS be or become invalid, this shall not affect the validity of the remaining TOS. The invalid provision will be replaced by a valid one which approximates the invalid one as much as possible.

Entry into force

These TOS shall enter into force as of 15.07.2022.

Last revised: May 12, 2023


We are entitled to unilaterally amend these TOS at any time. The current version is accessible via our website. We will inform you of any amendments via email. These amendments shall be considered as accepted upon booking additional services or at the latest after 30 days. In the case of a rejection on your part we reserve the right to terminate the Framework Agreement.