Terms of service

1. Introduction and Scope

1.1 These General Terms and Conditions (the "Terms") govern the supply by Accelerated Software Development B.V. ("ASD", "Provider", "we", "us" or "our") of software, platform services, orchestration-as-a-service (OaaS), hosting, developer tooling, professional services, training and related services (the "Services") to customers ("Customer").

1.2 These Terms apply only to the extent expressly incorporated by reference in an Order, Statement of Work ("SOW") or similar contractual document executed by ASD. In case of conflict the order of precedence is: (a) the Order; (b) Product-specific Annex; (c) CP sections; (d) General Terms.

2. Definitions and Interpretation

2.1 In addition to definitions used in product annexes or SOWs, the following terms apply:

• Agreement: the Order together with these Terms and any annexes and SOWs expressly referenced.
• ASD Background IP: intellectual property, know-how, software, tooling, templates and methodologies owned or licensed by ASD prior to or independent of the Agreement.
• Customer Data: all data, content or materials provided by or on behalf of the Customer in connection with the Services.
• Deliverables: outputs expressly identified as such in an Order.
• DPA: the Data Processing Addendum, where executed.
• SLA Schedule: the service level schedule attached to the Order.

3. Formation of the Agreement

3.1 An Agreement is formed only upon written acceptance by ASD of an Order or upon ASD commencing performance of the Services expressly described in an Order. Quotations are non-binding unless stated otherwise.

4. Services and Performance

4.1 ASD shall perform the Services described in the applicable Order or SOW with commercially reasonable skill, care and diligence.

4.2 Any timelines, milestones or service levels apply only if expressly stated in an Order, SOW or relevant annex.

4.3 ASD may modify the technical implementation of the Services provided such modification does not materially reduce the agreed functionality.

4.4 Changes to scope require a written change order and may result in adjusted fees and timelines.

5. Customer Responsibilities

5.1 Customer shall provide timely access, information, cooperation and approvals reasonably required for performance.

5.2 Customer is solely responsible for: (a) the legality, accuracy and completeness of Customer Data; (b) compliance by its users; and (c) maintaining backups, unless otherwise agreed.

6. Security and Availability

6.1 ASD will implement commercially reasonable technical and organisational measures appropriate to the nature of the Services. Security details, audit rights and incident notification obligations are governed by the DPA where executed.

6.2 Unless an SLA is expressly agreed, Services are provided "as available" and uninterrupted availability is not guaranteed.

7. Fees, Invoicing and Suspension

7.1 Fees are set out in the applicable Order or price list and are exclusive of taxes.

7.2 Invoices are payable within thirty (30) days unless stated otherwise. ASD may suspend the Services immediately upon non-payment without prejudice to other remedies, while respecting a short cure period for Enterprise or Pro tiers or via Order flexibility. Suspension does not relieve the Customer of payment obligations.

8. Taxes

Customers shall bear all applicable taxes, duties and levies, excluding taxes on ASD's net income.

9. Intellectual Property

9.1 ASD retains all rights in ASD Background IP. Unless expressly stated otherwise, no intellectual property rights are transferred to Customer. Customer receives a non-exclusive, non-transferable licence to use Deliverables solely for internal business purposes as specified in the relevant Order.

9.2 Open source components are governed by their applicable licences; ASD disclaims responsibility for Customer's downstream compliance.

10. Confidentiality and Data Protection

10.1 Each party shall keep Confidential Information confidential and use reasonable care to protect it.

10.2 Data protection obligations apply in accordance with the DPA and shall be governed exclusively by that DPA. The DPA will address roles (Controller/Processor), subprocessors, processing purposes, security measures, retention and data subject rights.

11. Warranties and Disclaimers

11.1 Except as expressly stated in an Order, the Services are provided "as is" and "as available". ASD disclaims implied warranties to the maximum extent permitted by law.

11.2 Where statutory warranties apply (for example in relation to consumer sales), ASD's statutory obligations shall apply.

12. Limitation of Liability

12.1 ASD's aggregate liability in respect of any claim arising out of an Order shall not exceed the fees paid under that Order in the twelve (12) months preceding the claim.

12.2 ASD shall not be liable for indirect, consequential or special damages (including loss of profits, data or anticipated savings). Nothing in these Terms excludes liability for fraud, wilful misconduct or mandatory statutory liability.

13. Indemnities

13.1 Customer shall indemnify ASD against third-party claims resulting from: (a) misuse of the Services by Customer or its users; (b) Customer Data; and (c) Customer's breach of law (including export control or sanctions).

13.2 ASD shall indemnify Customer against third-party claims alleging infringement of third-party intellectual property rights by ASD-provided Deliverables, subject to customary conditions.

14. Termination and Exit

14.1 Either party may terminate for material breach not cured within thirty (30) days.

14.2 On termination, Customer may export Customer Data subject to technical feasibility and payment of outstanding fees. ASD may delete Customer Data after a commercially reasonable period unless retention is required by law.

15. Subcontracting

ASD may subcontract the performance of Services and remains responsible for subcontractors' performance. Where required by data protection law or material to the Order, subprocessors will be disclosed in the DPA or SOW.

16. Force Majeure

Neither party shall be liable for failure to perform due to events beyond reasonable control, including cloud provider outages, supplier failure, government action or network disruptions.

17. Amendments and Versioning

ASD may amend these Terms. Material amendments affecting existing Orders shall be notified and shall not apply to executed Orders unless agreed. Continued use of the Services after the effective date of amendments constitutes acceptance.

18. Notices

Notices shall be sent by email to the addresses specified in the Order. Electronic notices are deemed received on the business day after transmission, unless sender receives a bounce.

19. Governing Law and Jurisdiction

This Agreement is governed by the laws of the Netherlands. The courts of Amsterdam have exclusive jurisdiction, save that mandatory consumer protections in any relevant jurisdiction shall prevail for consumer Customers, where a consumer Customer means a natural person who enters into the Agreement primarily for personal, non-commercial purposes, and who qualifies as a consumer under applicable mandatory consumer protection laws.

20. Miscellaneous

20.1 Customer may not assign rights without ASD's prior written consent.

20.2 If any provision is held invalid, the remainder shall remain in force.

20.3 These Terms, together with the Order and SOWs, constitute the entire agreement.

20.4 No publicity or marketing reference without prior written consent.

21. Free or Trial Services

Free or trial Services (including student free-use) are provided subject to any specific annex and are otherwise provided without warranty, SLA or liability and may be modified or terminated at any time.

CP-1 — Definitions & Interpretation

1.1 Definitions in this CP chapter apply across all Annexes; capitalised terms not defined in an Annex bear meanings in this CP.

1.2 Additional CP definitions: "DPA", "Customer Data", "Observability Data", "Fragment URL", "Custom Development".

1.3 CP definitions override General Terms for Annexes.

CP-2 — Data Protection & Data Residency

2.1 Provider and Customer shall enter into the DPA as an integral Annex. The DPA governs Controller/Processor roles, permitted processing purposes, subprocessors, security measures, data subject rights, retention and deletion. Provider will adopt reasonable technical & organisational measures and ensure EU data residency where Enterprise data residency is agreed in an Annex.

2.2 "Observability Data" means technical and operational data generated by the Services for monitoring, security, reliability and improvement purposes, including metrics, logs, traces, configuration identifiers, tunnel metadata, timestamps and error information. Observability Data is aggregated and/or anonymised where reasonably practicable and does not include Customer Data, application content, request or response payloads, credentials, secrets, or decrypted traffic. Any processing of personal data, if applicable, is governed by the DPA. Inspection payloads (decrypted traffic or payload content) will not be centralised on Provider infrastructure except with Customer's prior written consent and a separately agreed SOW.

2.3 Subprocessors (e.g., Supabase, IONOS) are listed in the DPA and may be updated with notice and opportunity to object for material new subprocessors.

2.4 Free and Developer users remain subject to the DPA where personal data is processed, notwithstanding warranty and liability exclusions.

CP-3 — Product Introduction & Onboarding

3.1 New product types are introduced by adding a product-specific Annex to these Terms. Each new Annex shall have an effective date and be published with a corresponding Onboarding SOW.

3.2 Onboarding and production readiness will be governed by a specific Onboarding SOW which addresses design, build, acceptance, hardening and handover. Production supply of a new product or product tier commences only after the execution of the applicable Production SOW and payment terms agreed therein.

3.3 Prior trial arrangements (if any) do not create automatic production obligations; any conversion and remediation work required for production supply will be documented and priced in the Production SOW.

CP-4 — Telemetry, Privacy & Fragment URLs

4.1 Provider may collect anonymised telemetry and Observability Data for product improvement; telemetry will not include credentials or secrets. Provider will offer telemetry opt-out where feasible, noting functionality may be reduced.

4.2 Fragment URLs may expose configuration identifiers and metadata. Customer is responsible for access control and any disclosure resulting from public or insecure sharing. Provider may implement secure fragment options.

CP-5 — Deployment Models & Responsibility Matrix

5.1 Deployment Options: (a) Self-Hosted; (b) Provider-Managed on Customer infrastructure; (c) Provider-Hosted / Managed Node (including IONOS).

5.2 Responsibility Matrix (high level): infrastructure provisioning, TLS/domain management, patching/updates, backups/restore allocated as described in the applicable SOW.

5.3 Detailed role allocation recorded in the Annex Deployment paragraph and SOW.

CP-6 — Source Code Escrow & Emergency Access

6.1 For Enterprise and OaaS customers Provider offers Source Code Escrow or Emergency Access under a separate agreement. Escrow triggers, costs and scope agreed before production go-live.

CP-7 — SLA Ladder & Service Credits

7.1 Core SLA tiers: Free (no SLA), Pro (SLA Pro), Scale (SLA Scale), and Enterprise (SLA Enterprise). Annexes reference applicable SLA. SLA metrics and Service Credits are defined in the SLA Schedule. Service Credits are the sole remedy for SLA failure.

CP-8 — Change Control & Stabilization

8.1 Stabilization Work and Technical Debt: Provider will document scope in a Stabilization SOW with acceptance criteria and default warranty 90 days. Work beyond scope treated as Change Request with separate pricing.

8.2 Change Control: Material changes post-SOW require the Change Control procedure set out in the SOW.

CP-9 — Audit, Compliance & Security Incidents

9.1 Provider will cooperate with Customer audits subject to confidentiality and cost/notice limits in the SOW. For Enterprise customers Provider provides audit logs and operational evidence.

9.2 Security incidents: Provider shall notify Customer within 72 hours of a material incident affecting Customer Data and provide a remediation plan.

CP-10 — Liability, Insurance & Minimum Levels

10.1 Liability: Annexes may specify higher liability caps for Enterprise products; higher caps apply only if expressly stated in the Annex or Order. Agreement liability framework applies, modified only by Annex terms.

10.2 Insurance: For Enterprise products Provider will maintain technology PI and cyber insurance with limits to be agreed.

CP-11 — Price List

The Price List published on ASD's website is authoritative for fees, billing cycles, subscription tiers, permitted add-ons and related commercial terms and forms an integral part of these Terms. Unless expressly agreed otherwise in an Order, the fee, billing description and applicable Price List referenced in the Order shall govern. Price List changes apply only on renewal, upgrade, or new Orders, unless expressly agreed. Material changes to the Price List will be published on ASD's website and shall not apply to Orders already accepted by ASD unless expressly agreed in writing.

Annex A — Developer & Pro (Tunnel Services)

A.1 Scope

This Annex governs ASD's Developer and Pro services (the "Tunnel Services"). The Tunnel Services provide reverse-tunnel connectivity and dynamic public HTTPS endpoints for local developer services, integrated with the .asd CLI and the ASD.host account system.

A.2 Definitions

In addition to the General Terms:

• ASD Tunnel: the reverse tunnelling transport enabling public HTTPS endpoints.
• Developer: the entry-level subscription product intended for individual users and small teams.
• Pro: the paid offering with team accounts, role management and SLA as set out in the SLA Schedule.
• Tunnel Metadata: connection and telemetry metadata generated by tunnels.

A.3 Deliverables

A.3.1 Core deliverables include: (a) tunnel connectivity and dynamic URL generation; (b) .asd CLI integration (commands such as asd tunnel and asd login); (c) basic authentication features (Basic Auth or token-based access); and (d) minimal ASD.host account and dashboard entry points.

A.3.2 Provider will supply user documentation, DNS/CNAME setup guidance and a brief installation guide.

A.4 Account Tiers and Service Levels

A.5 Customer Obligations

A.5.1 Customer must maintain control of any domain names required for CNAME delegation and make DNS changes or provide ownership proofs as required to enable TLS issuance.

A.5.2 Customer is responsible for securing any applications or services exposed via Tunnel endpoints.

A.5.3 For Pro Customers, Customer shall maintain an authorised user list and manage user lifecycles via ASD.host roles or integrated SSO as configured.

A.6 Security, TLS and Domains

A.6.1 ASD will, with Customer cooperation, generate TLS certificates (Let's Encrypt or equivalent) for delegated domains.

A.6.2 The CNAME domain model requires DNS delegation by Customer. ASD will provide guidance; responsibility for domain ownership and registrar matters remains with Customer.

A.7 Telemetry, Privacy and Onboarding

A.7.1 ASD may collect anonymised Tunnel Metadata and telemetry for product improvement. Telemetry will exclude credentials or secrets. Telemetry handling is governed by the DPA.

A.7.2 Onboarding and production readiness: see CP-3 for onboarding. Production supply commences only after execution of the applicable Production SOW and fulfilment of any agreed acceptance criteria.

A.10 Liability and Exclusions

ASD's liability for Developer and Pro services is governed by the General Terms. ASD excludes liability for: (a) Customer application security failures; (b) DNS or registrar failures; and (c) outages or failures of third-party identity providers (IdPs), unless such responsibilities are accepted in a specific Order or SOW.