Last updated on November 15, 2023
CAOS Ltd. ("We", ZITADEL, CAOS AG, or simply CAOS), with head office in Lerchenfeldstrasse 3, 9014 St. Gallen, Switzerland, offers "Identity and Access Management as service" with the brand name "ZITADEL Cloud Services" and all of our Websites (Services or ZITADEL Cloud).
The customer relationship (Framework Agreement or The Agreement) is created by the Customer ("you") by creating a user or organization within the ZITADEL Cloud Service or with signature of a purchase order between you and ZITADEL (jointly referred to as Parties). On the basis of this Framework Agreement you may then choose to make use of payable services (Subscription) as you wish, i.e. you may book services, options and packages yourself at any time (Booking, Purchase Order, PO) and subsequently terminate them.
The terms of service ("TOS") outlined in this document establish the most important points of this Framework Agreement – independently of the use of any services.
This Agreement has the following appendices. When you enter the Agreement with us, you accept these agreements.
- Data Processing Agreement - How we process personal data on behalf of you
- Service Descriptions - How we provide services to yo
- Policies - Policies that apply for use of our services
- Enterprise Agreement - Annex for Enterprise Agreement and Support Services
The outlined policies complement these terms of service. When accepting the TOS, you accept these policies.
Any provisions which deviate from these TOS must be agreed in writing between the Customer and us. Such agreements shall take precedence over the TOS outlined in this document.
You may only transfer the Framework Agreement or Services used in the context of the Framework Agreement to third parties with our prior written consent.
Type and scope of the services
We provide the Services under the conditions stated on our websites, or the latest customer specific purchase order, at the time of booking.
Modifications of services offered
We are entitled to offer new services, to withdraw existing services (Termination) or to modify the specifications and prices of existing services (Modification) at any time. If the modification or termination affects a service that you are using at that time, we will inform you via email that said service will be automatically modified and/or is no longer available after a period of 30 days.
If such modification would have a disadvantageous impact on the Customer use of service, ZITADEL and Customer must discuss the change with the Customer first and, to the best of its ability, find a solution that is acceptable to both Parties. If such a solution cannot be found, ZITADEL may implement the modification and Customer may submit notice of termination of the relevant Service (email is sufficient) before the modification becomes effective without being obliged to pay contractual penalties or termination fees. ZITADEL may modify the prices for a service after the minimum term of the agreement.
Modification of services booked by you
You may change or terminate Services or Subscriptions booked by you at any time. You may, where applicable, add more Services (e.g. add-ons) to your existing Services at any time. Modifications will take effect in the next billing period, or as agreed otherwise between the Parties. Changing services booked by you requires a new purchase order, stating the new conditions of the services after Modification, to be accepted by the Parties.
We take all appropriate physical and electronic precautions to ensure the security and availability of our infrastructure and the service offered thereupon, in particular to protect against unauthorized access to data, data loss, failures and misuse.
The Annex of the data processing agreement outlines the measures we take in more detail.
We offer Support Services directly related to the use of our Services. The Description of Support Services is available as Annex to this document.
Customers without a subscription can contact us via the official communication channels. The parties may enter a service level agreement, as specified in our Support Service Description, for booked Support Services. Only named persons in the Purchase Order, or as agreed in writing (email is sufficient) may use the Support Services to interact with ZITADEL.
Customers with a Subscription may be eligible for a SLA as outlined in our Service Level Description.
Failure to provide the agreed service level objectives during the term of the Agreement results in compensation via service credits, as outlined in the Annex per service level objective.
Customer must request service credit and must notify ZITADEL in writing (email sufficient) within 30 days of becoming eligible for service credit and must prove failure of ZITADEL to meet the stated objective. ZITADEL will confirm or reject the claim with reasons for a refusal within 10 days. Service credit will in no case be paid as a cash equivalent. No further guarantees are provided.
Be advised that the scope of our influence is limited. For example, the actual accessibility of a service is also dependent on the connection to and between various Internet Service Providers ("ISPs"). Portions of our services, i.e. software components, may also be beyond our influence and be subject to their own contractual conditions. You accept that in such cases we reject any responsibility.
Inclusion of third parties
At our request you will provide your truthful contact information and keep it updated at all times. You must also ensure that you actually receive messages, in particular emails, intended for you.
You will ensure that the use of our Websites and Services by you or third parties complies with all applicable legislation, this Agreement, any Annexes and policies, specifically the Acceptable Use Policy, at all times.
You will take appropriate measures to prevent any misuse of the services you booked. These include, for example, securing the software used and the prompt installation of security updates as well as using suitably secure passwords.
We take care of the necessary disaster recovery measures. The goal is to maintain a maximum 24h old restore point off all the vital data.
Any liability for damages, indirect or direct, in case of data loss is explicitly rejected.
You will immediately report any knowledge of a misuse of your booked services.
If the maintenance of service quality requires your cooperation, for example to remedy errors in the services you use, you will provide said cooperation promptly and free of charge.
Third party obligations
You will ensure that your vicarious agents, customers and third parties fulfill these obligations as well.
Credit and payment
Signup to our Services does not require you to open a payment account. However, a payment account is required for the purchase of our Subscriptions. The costs for the services you have purchased will be debited periodically from your payment account or must be paid according to the purchase order.
If payment upon invoice is agreed, the payment deadline shall be 30 days after receipt of the invoice, or as stated in the purchase order.
Offsetting against a counterclaim is prohibited.
In the event of default we reserve the right to transfer our claim to a collections agency. You will bear any resulting costs insofar as legally permissible.
Termination by you
You may terminate the Framework Agreement at any time by ceasing your use of the services and deleting your customer account on our website.
For purchase orders, the term must be terminated by providing written notice (email is sufficient) of termination at least 30 days prior to the end of the term.
Termination by us
We may terminate the Framework Agreement at any time via email message with a notice period of 90 days. Any use of the services will cease at the end of this period and the Framework Agreement will be terminated.
If you have neither used services nor made payment for a period of 180 days, the Framework Agreement will be considered automatically terminated at the end of this period.
If you have a Subscription to any free plans, that don't require payment, we automatically the Framework Agreement will be considered automatically terminated after 30 days without any Daily Active User on the Unit.
Any remaining credit shall automatically expire upon termination of the Framework Agreement.
Termination of services
We are entitled to suspend and terminate services used by you if
- Your credit has been used up by services and/or any applicable credit limit has been reached;
- You are in default in the payment of open invoices and/or prompt payment seems unlikely (i.e. in the event of insolvency proceedings);
- Your services were used illegally or in breach of contract, or if there is reasonable suspicion of such use (i.e. in the event of complaints or abuse reports);
- Other customers' services are being negatively affected in breach of the fair use provision, including in the event of your services being subject to attacks by third parties (i.e. DoS/DDoS attacks);
- We consider the suspension or termination of the services to be necessary for the protection of ourselves, our infrastructure or other customers.
We reserve the right to immediately terminate the Framework Agreement in such cases.
Deletion of data
In the event of the termination of the contract, we reserve the right to irrevocably delete all of your data.
We and/or third parties which we involve are only liable for demonstrably willful or grossly negligent damages. Our liability per damage event is limited to the value of the services used during the previous contractual year. Any liability in other cases, for consequential damages or lost profits is hereby excluded.
You are liable for all damages and costs arising from the illegal or non-contractual use of the services which you have booked. We in particular reserve the right to invoice you for any additional costs incurred by us in this context.
You acknowledge that we may be partially or entirely unable to provide our services during and/or as a result of events beyond our influence. These include events such as natural disasters, war, terrorism, sabotage, attacks on our infrastructure (i.e. DoS/DDoS attacks), failure of electrical or data connections and unexpected official requirements. We are not liable for any damages in such cases.
The Framework Agreement is subject to Swiss law.
Place of jurisdiction
The exclusive place of jurisdiction is St. Gallen, Switzerland.
Should any provision of these TOS be or become invalid, this shall not affect the validity of the remaining TOS. The invalid provision will be replaced by a valid one which approximates the invalid one as much as possible.
We are entitled to unilaterally amend this Agreement at any time. The current version is accessible via our website. We will inform you of any amendments via email. These amendments shall be considered as accepted upon booking additional services or at the latest after 30 days. In the case of a rejection on your part we reserve the right to terminate the Framework Agreement.