Terms and Conditions

These Terms and Conditions constitute a legally binding agreement (“Agreement”) made between you, whether personally as a professional, or on behalf of an entity you represent and indicated in the Order Form (“You” or “Customer”) and Crust Technology Ltd whose principal place of business is Unit 1G, The Atrium, Blackpool Business Park, Blackpool, Cork, Republic of Ireland, with company ID 644181 (“Crust”, “we,” “us” or “our”), concerning your access to and contracting a Planet Crust Cloud Service offering (“Product”) through https://www.planetcrust.com or https://docs.planetcrust.com. (“Website”).

You agree that by contracting our Product through our Website, you have read, understood, and agree to be bound by these Terms and Conditions, which may be executed via electronic signature, electronic online communications, or via emailed PDF-format document. If you do not agree with these Terms and Conditions, please do not contract our Product and cease using our Website immediately.

You confirm that you are fully able and entitled to accept these Terms and Conditions governing the purchase of the Product and are authorized to do so on behalf of the Customer. This service is only available for professionals and companies, and you represent that you are not a consumer or a minor.

TERMS AND CONDITIONS

1. Definitions

@Human Platform: @Human is a low-code open source development platform composed of building blocks allowing to flexibly create tailored software solutions for the needs of the Customer. @Human is published at https://github.com/crusttech
Cloud Environment: The technological infrastructure that supports your @Human Platform that is provided by Crust.
Cloud Services: The provision of the Planet Crust Cloud Environment in order to use the @Human Platform, as well as the support services and professional services indicated in the Annexes herein.
Effective Date: Date of acceptance of the Order Form and provisioning of the Cloud Services.
Order Form: The online form setting out your details and those of the Cloud plan you have chosen.
Customer Data: Data, information, documents and any other content uploaded or transmitted or managed by the Customer to and on the @Human Platform.
IPR: Means all intellectual property rights in a work, such as copyrights, patents, trademarks, design rights, utility models and any other similar rights provided by law.
Prohibited Uses: Processing of medical, health or genetic data.

2. Object and scope

The purpose of this Agreement is to regulate the provision of the Cloud Services by Crust to the Customer detailed in the Order Form. The Cloud Services may not be used for any Prohibited Uses. Support on the Service is provided under the terms of the Service Level Agreement. Access to personal data is regulated in the Crust Data Protection agreement.

The Cloud Services are based on the Cloud Environment technology and services contracted by Crust from third parties to host Your @Human Platform.

This Agreement is not a software license for the @Human Platform, which is separately licensed to the Customer as set out in clause 8 below.
During any Free Trial period, the terms of this Agreement except as to payment shall apply.

3. Term, termination and effects

a. Term
This Agreement shall commence on the Effective Date and shall continue in force until the date indicated in the Order Form (the “Term”), unless terminated according to section (b) below.

b. Termination
Client may terminate this Agreement by giving not less than one (1) months’ written notice to the other at any time, specifying date such termination becomes effective. In this case, Client has no right to any refund unless termination is for breach by Crust. Crust may suspend services or terminate in the event of material breach of these Terms or non-payment of the corresponding monthly or annual fees and will provide 15 days’ prior written notice of suspension and 30 days’ prior written notice of termination.

Either party may terminate this Agreement, in addition to those reasons provided for by law, with immediate effect if, in respect of the other party, the other party (i) is in material breach of this Agreement where the breach is incapable of remedy, in which case the termination is effective from the reception of a written notice; or (ii) is in material breach of this Agreement where the breach is capable of remedy and fails to be remedied by the breaching party within fifteen (15) days after receiving written formal notice of such breach.

c. Termination effects
The obligations in clauses 7 to 13, in addition to provisions of this Agreement which either are expressed to survive its expiry or termination or from their nature or context it is contemplated that they are to survive such termination, shall survive termination. Termination shall be without prejudice to the accrued rights of either party at the termination date, in particular the right to claim damages for prejudice. At the time the Cloud Services are terminated, Crust will provide a complete copy of Customer’s data upon Customer’s request.

4. Fees, invoicing and payment

As a material condition of the Agreement, the Customer undertakes to pay the amounts agreed in the Order Form (“Fees”), including any applicable VAT or sales tax thereon when they become due, in accordance with charges in force from time to time and any invoice terms.

Fees are non-refundable and shall be invoiced in currency set out in the Order Form and shall be paid by credit card daily, weekly, monthly or annually in advance via the polar.sh payments portal (https://polar.sh/checkout/polar_c_cVddcjm8sHieBN1WypM3qmwnLte2Cvq67spKj2gJbeg).

All payments are subject to the Polar.sh Terms and Conditions, which are available at checkout in the payment portal.

The Cloud Services may be suspended or terminated immediately in accordance with article 4, if payment is overdue or cannot be made for any reason. In the event of termination, the Customer must pay all pending balances of its account, calculated according to the previous section, and any accrued interest.

5. Service provision and support

Service provision. The Cloud Services shall be performed diligently and professionally according to high industry standards. Crust guarantees the level of service during the Term of the Agreement in accordance with the service levels set out below. Crust warrants that the Cloud Services shall comply with the contractual specifications, as well as good industry practice and applicable regulations. Crust shall promptly take all reasonable measures to remedy any defects and/or correct any errors identified by the Parties or notified by a third party (e.g. client or user) in the Cloud Services. These corrections shall be carried out in accordance with the service levels set out below.

Service Level. Crust offers 99.9% uptime of the Cloud Service on a yearly basis, except scheduled outages and force majeure. Scheduled outages will be below 4 hours per month, not to exceed six (6) events/month. Crust will provide at least 48 hours’ notice of any scheduled outages. Crust will try to avoid scheduling downtime during normal work hours or peak usage hours for the Cloud Service.

@Human Community Support. Unless otherwise agreed by the Parties, support is informally provided (i.e. without SLA and at Crust’s sole discretion) via the @Human Community portal. All users may sign up to the portal at https://planetcrust.com/human-community

6. Customer’s obligations

Customer shall (i) pay the agreed Fees in the time and manner indicated herein; (ii) be responsible for the legality of its use of the Cloud Services and its Customer Data; (iii) use commercially reasonable efforts to prevent unauthorized access to or use of the Cloud Services and the @Human Platform, and notify Crust promptly of any such unauthorized access or use; and (iv) use the Cloud Services only in accordance with these Terms and Conditions and applicable laws.

Customer is responsible for maintaining the security of its internal network and @Human instance from unauthorized access through the Internet. Crust shall not be liable for unauthorized access to Customer’s network or other breaches of Customer’s network security.

Customer shall not (i) sell, resell, rent or lease the Cloud Services, (ii) use the Cloud Services to store or transmit unlawful material or messages, or to store or transmit material or messages in violation of third-party privacy rights, (iii) use the Cloud Services to store or transmit malicious codes, (iv) interfere with or disrupt the integrity or performance of the Cloud Services and/or Environment , or (v) attempt to gain unauthorised access to the Cloud Services or Environment or their related systems or networks.

7. Customer data

The Customer alone is responsible of the accuracy, quality, integrity, legality, reliability, suitability and intellectual property rights in the use of all Customer Data, and neither Crust nor its suppliers will be responsible for its elimination, correction, destruction, damage, loss or error arising during the storage of any such Customer Data unless the same is directly caused by Crust. The Customer represents that Customer Data, the use of the Customer Data and any other activities in connection with the Service do not violate, infringe or misappropriate any third party’s rights.

Customer Data will be backed up every 24 hours. Any Customer Data may be retained, deleted and/or discarded without previous notice if the Customer is in material breach of this Agreement, including without limitation the obligation to pay fees for the Cloud Services. On termination, all Customer Data will be deleted 30 days after termination, except as required for legal and administrative purposes.

For the purposes of maintenance, statistics and for developing and improving the Cloud Services, metadata relating to Customer’s use of the Service may be anonymised and processed by CRUST during and after termination.

8. Intellectual Property Rights

Crust and its licensors (including @Human Platform project contributors) own all right, title, and interest to the @Human Platform, technology, documentation, code or software provided to Customer as the basis for development work. Except as expressly stated otherwise in this Agreement, Crust and its licensors retain all such rights. All rights in the @Human Platform source code base are licensed to Customer under the @Human project license which is the Apache Software License 2.0 (https://www.apache.org/licenses/LICENSE-2.0), which shall appear in the source code in accordance with the license.

Each Party retains all rights resulting from names, logos and trademarks are owned by Crust, and no right is granted to the other Party to use any of the foregoing except as expressly permitted herein or by the other Party written consent.

To the extent third-party Open Source Software is used in whole or in part in the development in the provision of the Cloud Services, such Open Source Software is licensed in accordance with the terms and conditions of the specific licence under which the relevant Open Source Software is distributed, but is provided “as is” and without limitation, Crust specifically disclaims any implied or express representation that such Open Source Software in conjunction with, or as incorporated or bundled with, the Software, will be capable of (a) to operate in conjunction with any software @Human Platforms other than those identified as compatible with the software; or (b) to operate uninterrupted or error free. In the event of any bugs or issues arising with respect to third-party Open Source, Crust will report them to the corresponding open source project and use reasonable efforts to obtain a fix in accordance with the open source project’s practices.

9. Confidential Information

Each Party agrees to maintain the confidentiality of any proprietary information (including without limitation non-public trade secrets, proprietary information, ideas, works of authorship, know-how, processes and any other information or data related to a Party and its services, business and contractual relationships) (“Confidential Information”) received from the other during the term of this Agreement and for three years after its termination. As long as the information is not publicly and officially disclosed, each Party agrees not to reveal or use said Confidential Information for any purpose except as necessary to fulfil its obligations and exercise its rights under this Agreement. Except as and when required to do so by competent administrative authority or court of law, neither party shall disclose Confidential Information of the other to any third party.

10. Data Protection

The Parties undertake to comply with the obligations that the current regulations on the protection of personal data impose for the processing activities that they carry out. The Parties undertake to comply with the applicable data protection laws, and in particular with General Data Protection Regulation (EU) 2016/679 (“GDPR”) and any other that may apply or develop the provisions thereof. In accordance with the GDPR, processing the personal data of each Party’s signatory and its technical, administrative or commercial contact persons (name, address, professional email address, telephone) is necessary for the preparation and performance of this Agreement, and as a legitimate interest of the Parties of keeping and managing the relation between themselves. These personal data will not be shared with any third party however, they may be disclosed to third party service providers with whom each Party has a contract for data processing according to the applicable regulations. The Parties will keep this personal data for the whole duration of the Agreement and (blocked) for the period prescribed by law for legal or administrative reasons.

Each Party agrees to inform the abovementioned persons of the possibility of exercising his/her rights of access, rectification, erasure and opposition, limitation and restriction of processing in the terms established by the GDPR and any applicable national privacy laws, by writing to the contact or email address of each Party. In relation to Crust, complaints, if any, may be filed with the Irish Information Commissioner’s Office. The Parties declare that the data about the persons mentioned herein are correct and up-to-date and each Party will promptly send any updates to the other Party.
Crust will access and process personal data on behalf of the Customer under the Crust Data Processing Agreement.

11. Limitation of Warranty and Liability

Except as specifically set out in this Agreement and to the maximum extent permitted by applicable law, the Cloud Services and @Human Platform are provided to the Customer are “as is” without any warranty of any kind, either expressed or implied, including, but not limited to the implied warranty of satisfactory quality, and fitness for a particular purpose. Crust and its licensors do not guarantee that the use of the Cloud Services and/or @Human Platform will not be interrupted or error free or comply with regulatory requirements. Customer may purchase support and specific maintenance services separately from Crust (see Essential Support Conditions).

Except for any breach of IPR, confidentiality and data protection specific obligations agreed by Crust in this Agreement, to the maximum extent permitted by applicable law in no event will Crust or its licensors be liable for any indirect, special, incidental, consequential or exemplary damages arising out of or in any way relating to this Agreement, to the use of or inability to use the Cloud Services and/or the @Human Platform including, without limitation, damages for loss of goodwill, work stoppage, lost profits, loss of data, computer failure or any and all other commercial damages or losses regardless of the legal or equitable theory (contract, tort or otherwise) upon which the claim is based.

For all events and circumstances, Crust or its affiliates’ aggregate and cumulative liability arising out of or relating to this Agreement will be limited to direct damages and will not exceed the amounts received by Crust from Customer during twelve (12) months immediately preceding the first event giving rise to liability, with respect to the particular items (whether software, services or otherwise) giving rise to liability.

Nothing in this Agreement is intended to exclude or limit Crust’s liability (a) for death or personal injury, or (b) for losses that are caused by gross negligence or wilful misconduct of Crust, provided however in this case that to the extent permitted by applicable law, Crust be not liable for any amounts in excess in the aggregate of the amounts paid to Crust under this Agreement.

This liability limitation applies mutatis mutandis to the Customer.

12. Miscellaneous

a) Independence. The Parties are and shall remain independent traders during the entire term of the Agreement, each assuming the risks for their own operations and acting in total independence. Under no circumstances does the Agreement grant to Crust the role of authorised representative, agent or sales representative of the Customer.

b) Force Majeure. Neither Party shall be liable for any delay or failure to fulfil its obligations under this Agreement which is due wholly or partially to any strike, lock-out or other industrial action, electrical failure, server failure, third party acts or omissions or any other event or act beyond the reasonable control of the Party including without limitation, acts of God, riot, civil commotion, malicious damage, compliance with any law or governmental order, rule, regulation or direction, accident, fire, flood or storm.

c) Assignment. Parties may only assign this Agreement without need for the other Party’s consent (a) in the event of any merger, acquisition, or corporate reorganisation or (b) to a purchaser of all or substantially all its assets, so long as the assignee is not a competitor of the other Party, in which case the prior written consent is required.

d) Severability. If any part of this Agreement is held to be unenforceable, in whole or in part, such holding shall not affect the validity of the other parts of the Agreement.

e) Waiver. The waiver of a breach of any provision of this Agreement shall not operate or be interpreted as a waiver of any other or subsequent breach.

f) Notices. Any notices relating to the present agreement shall be considered valid only if notified to the addresses indicated herein or in the Order Form, save for possible changes which shall be notified in writing with a prior adequate notice:

Crust: Contact person (name, surname): Niall McCarthy (niall.mccarthy@crust.tech)
Customer: as set out in the Order Form

All notices permitted or required under this Agreement shall be in writing and shall be delivered in person, overnight courier service or mailed by first class, registered or certified mail, postage prepaid, to Customer at the address listed in the Order Form, or such other address as either Party may specify in writing, or by email to the email addresses set out in the Order Form. Such notice shall be deemed to have been given upon receipt.

g) Entire Agreement. This Agreement, the Annexes, constitutes the entire agreement and supersedes all prior or contemporaneous oral or written agreements regarding the subject matter hereof and prevails over any contradictory terms of any Annex (unless expressly provided therein), which are governed by the terms hereof. There are no third-party beneficiaries to this Agreement.

h) Update of terms. These terms may be updated from time to time by Crust and notified to you with at least 30 days’ prior written notice of their entering into effect. The new version will enter into effect on the earlier of (a) your express acceptance of the new terms, or (b) continued use of the Service after the notified effective date.

i) Governing Law and Jurisdiction. This Agreement shall be governed by the laws of England and Wales. In the event of an unresolved conflict regarding the interpretation and execution of this Agreement, the parties shall exclusively submit to courts of London, England.

END OF TERMS

CRUST TECHNOLOGY LTD DATA PROCESSING AGREEMENT

This Data Processing Agreement regulates the processing of any Customer Personal Data by Crust Technology Ltd (“CRUST” or the “Company”).

With respect to provisions regarding processing of Customer Personal Data, in the event of a conflict between the Terms and Conditions and this Agreement, the provisions of this Agreement shall control.

  1. Definitions

For the purpose of this Agreement, the capitalized terms shall have the meaning set out in the EU General Data Protection Regulation (2016/679) (“GDPR”).

  1. Term

The duration of such processing of any Personal Data shall be for the period during which the Parties perform their applicable obligations under the Agreement.

  1. Data Protection Laws Compliance

Each Party shall comply with all applicable laws relating to privacy and data protection, including the EU General Data Protection Regulation (2016/679), and any amending or replacement legislation from time to time (collectively and individually, “Data Protection Laws”).

  1. CRUST as Data Processor, for and on behalf of Customer

During the provision of the Cloud Services, CRUST may access certain Personal Data under the responsibility of the Customer during the performance of the services, in particular (but without limitation), the data set out in the Exhibit below (“Customer Personal Data”) relating to the indicated persons (“Data Subjects”). Under applicable privacy regulations, Customer is responsible for its data and is what is known under privacy regulation as the “Data Controller”. Customer appoints CRUST as a data processor of Customer Personal Data, to process Customer Personal Data on Customer’s behalf, for the purpose of providing the Service.

  1. Rights and responsibilities of the Customer as Data Controller

As established in the GDPR, the Customer as Data Controller shall:

    1. Implement appropriate technical and organizational measures to ensure and be able to demonstrate that the processing is carried out in accordance with applicable legislation.

    2. Adopt appropriate data protection policies applicable to the use of the CRUST Cloud Services.

    3. Ensure that the Data Protection Officer or, in his / her absence, the Privacy Officer is involved in an adequate and timely manner in all matters relating to the protection of Customer Personal Data.

    4. Keep a record of processing activities in the case of processing Customer Personal Data that may pose a risk to the rights and freedoms of the data subject and / or in a non-occasional manner, or which involves the processing of special categories of data and / or data relating to convictions and infractions.

    5. Make available to the interested parties the essential aspects of this agreement, at the request of the Data Processor.

    6. Respond to the legal rights established by applicable law on the protection of Customer Personal Data and comply with the stipulations indicated in clause 5 even if these were originally addressed to the Data Processor.

Legal basis. Customer warrants that it has all the appropriate legal basis (including when relevant, informed consents from data subjects whose personal data are submitted to CRUST by Customer) for the processing of Customer Personal Data in the manner envisaged in the Cloud Services or otherwise described herein. Customer will indemnify and keep CRUST harmless from all claims, damages and losses we may suffer relating to or arising out of the processing of third-party personal data submitted by Customer to CRUST’s systems during the course of the provision of the Service.

Prohibited data. In all events, it is forbidden to submit to CRUST or upload to the Service any data that contains sensitive data (according to applicable Privacy Law) that relates to identifiable persons such as: any person’s racial origin, membership in a trade union, religion, ideology and sexual life, or health data or data relative to the commission of criminal offences or proceedings and associated penalties or fines.

  1. Rights and responsibilities of CRUST as Data Processor

CRUST will perform all its obligations Data Processor under the Privacy Regulation, and in particular shall:

    1. Process Customer Personal Data only on the basis of documented instructions from the Customer (which includes the configuration of the Service and all functionalities used by the Customer in the Service, such as messaging), including transfers of Customer Personal Data to a third country or international organization, unless otherwise required to do so under Union law or applicable Member State law; In such case, the Data Processor will inform the Data Controller of that legal requirement prior to the processing, unless otherwise prohibited by such law or in the public interest.

    2. Ensure that the persons authorised to process Customer Personal Data have undertaken to respect confidentiality or are subject to an obligation of confidentiality of a statutory nature.

    3. Take all appropriate technical and organisational measures to ensure a level of safety appropriate to the risk of processing.

    4. Assist the Data Controller, taking into account the nature of the processing, through appropriate technical and organisational measures, whenever possible, so that it can comply with its obligation to respond to requests for the exercise of the rights of the data subjects.

    5. Assist the Data Controller in ensuring that they comply with their obligations, taking into account the nature of the processing and the information that is available to the Data Processor.

    6. At the choice of the Data Controller, either destroy or return all Customer Personal Data once the processing services have been completed and destroy any existing copies unless the retention of Customer Personal Data is required under Union or applicable Member State law.

    7. Make available to the Data Controller all information necessary to demonstrate compliance with the obligations established in herein, as well as to allow and contribute to the performance of audits, including inspections, by the controller or other authorised auditors for the Data Controller.

    8. Process the Customer Personal Data in a way that ensures that the personnel in charge follow the instructions of the Data Controller (e.g. Service configuration).

    9. Ensure that the Data Protection Officer or, in his / her absence, the Privacy Officer is involved in an adequate and timely manner in all matters relating to the protection of Customer Personal Data.

    10. Adhere to a Code of Conduct that is approved by the Commission or other competent authority.

    11. Keep a record of processing activities in the case of processing Customer Personal Data that may pose a risk to the rights and freedoms of the data subject and / or in a non-occasional manner, or which involves the processing of special categories of data and / or data relating to convictions and infractions.

    12. Respond to the legal rights established by the GDPR and comply with the stipulations indicated in clause 5 even if these were originally addressed to the Data Processor.

  2. Data subjects’ exercise of their rights

If the Data Subjects addresses a request or exercises any of the rights established in the General Data Protection Regulation, CRUST and the Customer agree to collaborate to provide the information requested and perform any required actions, without delay and, at the latest, within one month from receiving the request, which may be extended for a further two months if necessary, taking into account the complexity of the application and the number of applications.

Similarly, but in the event that the Data Controller and / or the Processor do/es not proceed with the request of the Data Subject, he/she shall inform the latter without delay, and no later than one month after receipt of the request, shall provide the Data Subject with the reasons why he/she/they has/ve not acted and inform the Data Subject of his right to file a complaint before a competent authority and to file a judicial appeal. The response to the Data Subject’s request shall be made in the same format as that used by the person concerned, unless he/she requests that it be done otherwise.

  1. Subcontracting

As Data Processor, CRUST may provide access to a subcontractor processor to Customer Personal Data if we reasonably consider such access and processing necessary to the performance of the Cloud Services. In the event of such access and before the access takes place, CRUST shall ensure that an agreement with the third party is in place which is sufficient to require it to treat personal data in accordance with the applicable provisions of this Agreement and applicable. Customer authorises CRUST to subcontract such processing in its name, the current sub-processors being those set out in the Exhibit below.

  1. International transfer of data

CRUST shall not carry out any international transfer of data except with authorisation of Customer, which may be provided through instructions and configuration of the Service. However, CRUST may transfer Customer Personal Data outside the EEA to its subprocessors indicated in the Exhibit below.

  1. Security breach of the Customer Personal Data

Insofar as there exists an instruction from a competent supervisory authority, a development of a national legislation, in the event of a security breach of the Customer Personal Data, the Data Controller and/or Data Processor shall notify the competent supervisory authority of such breach without undue delay, and if possible, no later than 72 hours after it happened.

DPA Exhibit

In accordance with the provisions set out in herein and in the GDPR, the Data Processor shall process the type and category of Customer Personal Data provided by the Data Controller set out hereunder:

Data Subject Category of Data
Customer’s Authorized Users Identification data
CRUST Platform usage data, Messaging data
Persons whose data is processed by Customer in the CRUST Platform Identification data, Contact data, Messaging data
All other data relating to identified persons uploaded or captured by the Customer and stored in the CRUST Platform

Types of processing

Storage, selection, classification, filtering, transmission, modification, elimination.

Subcontractors

Entity Service Territory
Polar Orders and Payments Norway – https://www.polar.sh/
Origoss Devops Hungary, EU – https://www.origoss.com
Hetzner PAAS cloud provider Germany, US – https://www.hetzner.com/
Elestio PAAS cloud provider EU – https://docs.elest.io/books/legal-compliance/page/privacy-policies
Selise Support EU, Switzerland, Bangladesh – https://selisegroup.com/privacy-policy/