Terms & Conditions for Cryptomator Hub (SaaS)

Effective date: November 2023

The following General Terms and Conditions apply exclusively within the framework of the contractual relationship between Skymatic GmbH (hereinafter “Provider”) and the customers (m/f/d, hereinafter “Customer”) of “Cryptomator Hub” provided as Software as a Service (SaaS).

Conflicting or different general terms and conditions of the users do not become part of the contract. This also applies if the Provider does not expressly object to them.

Contract language is German. This is a translation from our German AGB. German Version shall prevail.

§1 Definitions

Unless otherwise indicated, the expressions mentioned in the text are defined as follows:

  • Cryptomator: refers to the application that can be installed on the Customer’s devices and is used for client-side encryption of data. The encrypted data is stored in a location chosen by the user.
  • Vaults: are the storage locations created in Cryptomator, which can contain any number of encrypted documents and folders. Each vault is protected by an individual key.
  • Cryptomator Hub: is software which, in the context of this Agreement, the Provider provides as a web application accessible via the browser. Cryptomator Hub is used to manage access to vaults and the associated storage of metadata, but not to store the encrypted vault contents.
  • Users and groups: can be created in Cryptomator Hub or imported via external software such as Active Directory. Users or groups can be granted access to one or more vaults using Cryptomator Hub.
  • Active users: have been given access to at least one vault directly or indirectly through a group membership.

§2 Subject of Contract

The subject of the agreement is the provision of “Cryptomator Hub” (hereinafter referred to as the “Software”) and the required computing resources to it as a service hosted on the Provider’s servers. The provision is against payment and limited in time to the duration of the contract.

§3 Services of the Providers; Software

3.1 The Software is a SaaS service, i.e. the Provider grants the Customer the use of the most current version of the Software via the internet by means of access through a browser. The Software is designed to be used together with the Cryptomator application, also provided by the Provider, which is used to encrypt data on local storage space selected by the Customer or provided by third parties.

3.2 The Provider warrants the functionality and availability of the software for the duration of the contractual relationship and shall maintain it in a condition suitable for use in accordance with the contract.

3.3 The Provider shall provide the Customer with access data for an admin account in electronic form upon request at the latest. The Customer shall manage the access data of the Users itself with the help of the admin account. The Customer may increase or decrease the number of active users of the Software as required. The Provider shall ensure that the number of booked active users is usable in a timely manner.

3.4 Furthermore, the Provider shall provide the Customer with user documentation in electronic form after conclusion of the contract. The current version of this documentation can be viewed online at any time during the use of the software.

3.5 The Provider may update and further develop the software at any time and, in particular, adapt it due to a changed legal situation, technical developments or to improve IT security. In doing so, the Provider shall give due consideration to the Customer’s legitimate interests and inform the Customer in good time of any necessary updates. In the event of a significant impairment of the Customer’s legitimate interests, the Customer shall have a special right of termination.

3.6 The Provider shall not owe any adaptation to the Customer’s individual needs or IT environment, unless the parties have agreed otherwise.

3.7 The Provider shall regularly perform maintenance on the Software and inform the Customer thereof in due time. It shall attempt to perform maintenance regularly outside the Customer’s usual business hours (GMT +1/+2). In exceptional cases and especially due to compelling reasons, maintenance may be performed at a different time.

3.8 The Provider shall take state-of-the-art measures to protect the data. However, the Provider shall not be subject to any custodial or safekeeping obligations with respect to the data. The Customer shall be responsible for sufficient backup of the data.

3.9 The Customer remains the owner of the data stored on the Provider’s servers and may demand their return at any time.

3.10 The Provider may provide its services and support through third parties as subcontractors. It shall be liable for the performance of services by subcontractors as for its own actions.

§4 Scope and Rights of Usage

4.1 The software shall not be physically transferred to the Customer.

4.2 The Customer shall receive simple, i.e. non-sublicensable and non-transferable rights to the most current version of the software, limited in time to the term of the contract, to use the software for its intended purpose by means of access via a browser in accordance with the contractual provisions. The Customer does not receive any right to the source code of the software. He may only use the software for his own purposes. This does not include the use of the products for third parties, for example as a service provider or any other transfer or brokerage of use to third parties.

4.3 The Customer is not entitled to have user accounts used by more than one natural person at a time (“account sharing”).

4.4 Unless otherwise agreed or required by mandatory law or preceding terms of use, the Customer is not entitled to

  1. to copy the Software beyond what is necessary for the contractual use, neither in whole nor in part;
  2. modify, correct, adapt, translate, improve or otherwise make derivative developments to the Software;
  3. rent, lend, sell, license, transfer or otherwise make the Software available to third parties;
  4. reverse engineer, decompile, disassemble or otherwise attempt to decipher the source code of the Software, in whole or in part, without authorization;
  5. circumvent or violate any security devices or protection mechanisms contained in or used for the Software;
  6. take any action that is likely to cause damage to the Software or the Provider’s servers;
  7. remove, delete, obliterate, alter, obscure, translate, combine, add to or otherwise modify any trademarks, documentation, warranties, disclaimers or other rights, such as intellectual property, marks, notices, labels or serial numbers, associated with the Software or Documentation;
  8. to use the Software in a way that violates applicable law and/or the rights of third parties;
  9. use the Software for purposes of benchmarking or competitive analysis of the Software, for the development, use or provision of a competing software product or service, or for any other purpose that is detrimental to Provider; and/or
  10. use the Software for or in connection with the design, construction, maintenance, operation or use of hazardous environments, systems or applications or other safety-critical applications, or otherwise use the Software in a manner that could result in physical harm or serious property damage.

§5 Support

5.1 The Provider shall set up a support service for inquiries of the Customer regarding functions of the Software. Requests can be made via the support channels indicated on the Provider’s website (https://cryptomator.org/contact/) at the times indicated there or by email. The requests will be processed in the chronological order of their receipt.

5.2 The support does not cover problems with or damage to the software, insofar as these were caused by

  1. negligence, misuse or improper operation on the part of the Customer,
  2. operation, use or storage/hosting of the Software not in accordance with Provider’s specifications;
  3. modifications to the Software not made or approved by Provider;
  4. actions of third parties;
  5. third party products; and/or
  6. force majeure.

§6 Service Levels; Troubleshooting

6.1 The Provider guarantees an overall availability of the Services of at least 99.5% per month at the Delivery Point. The handover point is the router exit of the data center chosen by the Provider.

6.2 Availability shall be deemed to be the Customer’s ability to use all main functions of the Software. Maintenance times as well as times of malfunction in compliance with the remedial time shall be deemed times of availability of the software. Times of insignificant malfunctions shall not be taken into account in the calculation of availability. The measuring instruments in the data center shall be decisive for the proof of availability.

6.3 The Customer shall immediately report malfunctions to the Provider (email: [email protected], fax: 02241 / 2667424) in German or English. A fault report and correction is guaranteed Monday to Friday (excluding national holidays) between 9:00 am and 6:00 pm (service hours).

6.4 Serious malfunctions (the use of the software as a whole or a main function of the software is not possible) shall be remedied by the Provider also outside the service times at the latest within 6 hours from receipt of the notification of the malfunction - provided that the notification is made within the service times (remedying time). If it is foreseeable that it will not be possible to remedy the fault within this period of time, the Provider shall inform the Customer of this without delay and notify the Customer of the expected exceeding of the time period.

6.5 Other significant malfunctions (main or secondary functions of the software are disturbed but can be used; or other not only insignificant malfunctions) shall be remedied within 12 hours at the latest within the service times (remedying time).

6.6 The elimination of insignificant disruptions is at the Provider’s discretion.

6.7 For each full hour of falling short of the monthly availability of the services, the Provider shall forfeit a contractual penalty in the amount of 0.5% of the agreed monthly remuneration (§ 13). The amount of the contractual penalty is limited to three times the agreed monthly remuneration.

6.8 Any other legal claims of the Customer against the Provider shall remain unaffected.

§7 Obligations of the Customer

7.1 The Customer shall protect the access data transmitted to it against access by third parties and keep it safe in accordance with the state of the art. The Customer shall ensure that use only occurs to the contractually agreed extent. The Provider shall be notified immediately of any unauthorized access.

7.2 Furthermore, the Customer is obliged to keep the recovery key generated by the software during the creation of the vault safe. It is pointed out that recovery of encrypted data without the key is technically impossible. Accordingly, the recovery key is the only means by which the Customer can recover its data in the event of a failure.

7.3 The Customer is obligated not to use the provided software for the storage or processing of data, the use of which violates applicable law, official orders, third party rights or agreements with third parties.

7.4 The Customer shall check the data for viruses or other harmful components before storing them or using them in the Software and shall use state-of-the-art measures (e.g. virus protection programs) for this purpose.

7.5 The Customer shall regularly make appropriate data backups on its own responsibility.

§8 Reference Marketing / Logo Use

8.1 The Customer has the option of giving its express consent for the Provider to name and use the Customer as a reference customer (including case studies, work references, success stories, etc.) in digital and analog form, free of charge and unlimited in terms of time and content, using the company mark (esp. logo) and the company name for marketing purposes.

8.2 The Customer may revoke their consent to reference marketing at any time by sending an email to [email protected]. The revocation is only valid for the future.

§9 Warranty

9.1 With regard to the granting of the use of the Software, the warranty provisions of the German “Mietrecht” shall apply (§§ 535 ff. BGB).

9.2 The Customer shall notify the Provider of any defects without undue delay.

9.3 The warranty for only insignificant reductions in the suitability of the service is excluded. The strict liability according to § 536a para. 1 BGB for defects that already existed at the time of conclusion of the contract is excluded.

§10 Liability

10.1 The parties shall be liable without limitation in the event of intent, gross negligence and culpable injury to life, body or health.

10.2 The Provider shall only be liable for indirect and consequential damages as well as for lost profits, additional personnel costs, useless expenses and omitted savings, etc. in the event of intent and gross negligence.

10.3 Notwithstanding the cases of unlimited liability according to § 10.1 and liability for consequential damages § 10.2, the parties shall be liable to each other in case of slightly negligent breach of duty only in case of breach of essential contractual obligations, i.e. obligations the fulfillment of which enables the proper execution of the contract in the first place or the breach of which endangers the achievement of the purpose of the contract and the compliance with which the other party may regularly rely on, however, limited to the damage foreseeable at the time of conclusion of the contract and typical for the contract.

10.4 If the Customer violates its obligation to properly back up data, the Provider’s liability for loss of data shall be limited to the amount of damage that would have occurred even if the Customer had properly and regularly backed up the data.

10.5 The above limitations of liability shall not apply to liability under the German Product Liability Act (Produkthaftungsgesetz) or to guarantees given in writing by one of the Parties.

10.6 § 10 shall also apply in favor of employees, representatives and bodies of the parties.

§11 Deficiencies in Title; Indemnification

11.1 The Provider warrants that the Software does not infringe any third-party rights. The Provider shall indemnify the Customer against all claims of third parties due to infringements of property rights for which the Provider is responsible in connection with the contractual use of the Software upon first request and shall reimburse the Customer for the costs of an appropriate legal prosecution. The Customer shall inform the Provider without undue delay of any claims asserted against it by third parties on the basis of the contractual use of the Software and shall grant the Provider all necessary powers of attorney and authority to defend the claims.

11.2 The Customer shall be solely responsible for all content and processed data used by it or its Users and any legal positions required for this purpose. The Provider does not take note of any content of the Customer or its Users and does not check the content used with the Software.

11.3 The Customer warrants that the content and data stored on the Provider’s servers, as well as its use and provision by the Provider, do not violate applicable law, official orders, third-party rights or agreements with third parties. The Customer shall indemnify the Provider against claims asserted by third parties on the basis of a violation of this clause upon first request. In this context, Customer also agrees to indemnify Provider against any liability and any costs, including possible and actual costs of legal proceedings, in the event that a claim is made against Provider by third parties, including employees of Customer personally, as a result of alleged acts or omissions of Customer. The Provider shall notify the Customer of the claim and, to the extent legally possible, give the Customer the opportunity to defend the asserted claim. At the same time, the Customer shall immediately provide the Provider with all information available to him regarding the facts that are the subject of the claim. Any further claims for damages of the Provider shall remain unaffected.

§12 Trial

Irrespective of the right of withdrawal (§ 16), the Customer, i.e. both the consumer and the entrepreneur, shall be entitled to use the software for 14 days free of charge and without obligation for both parties (hereinafter “test phase”). During the Test Phase, the Customer shall in particular have no claim to unrestricted functional scope of the Software or troubleshooting as well as contractual penalty pursuant to § 6.

§13 Remuneration and Payment Conditions

13.1 The Customer can view the prices for the software and services on the website (https://cryptomator.org/hub/#pricing-plans). Unless otherwise agreed (individual agreement, discount campaign or similar), the Customer shall - after expiry of the test phase (§ 12) - pay a monthly fee of EUR 10 per active user to the Provider.

13.2 Contractual penalties forfeited by the Provider pursuant to § 6 (7) shall be automatically offset against the payable fee on a monthly basis.

13.3 Invoices shall be issued for 12 months in advance. The invoice shall be due for payment immediately.

13.4 In the event of late payment, interest on arrears shall be due at the statutory rate. The Provider is entitled to temporarily deactivate the Customer’s access to the Software in case of a delay in payment of more than 30 days until the overdue invoice has been paid.

13.5 The Provider reserves the right to make an adjustment of the price even during an ongoing contract period. An adjustment can be made both in the form of a price increase and a price reduction. A price increase is only envisaged if cost-increasing circumstances occur that make proper maintenance significantly more difficult without this being compensated for by an increase in the price. Circumstances for which a price increase is considered are: cost-intensive adaptations in the software (development costs) justified by legal changes (e.g. concerning data protection); increased server costs, due to strongly increasing energy costs; increased costs for copyright-protected contents or costs for the legal examination of the Provider’s cooperation partners. The Provider shall inform the User of any price adjustment as soon as possible, but no later than three months before it takes effect, and shall explain the cost-increasing or cost-reducing factor in more detail. A price adjustment does not affect a contractual relationship until the minimum contract period of one month has expired. The User may terminate the contractual relationship existing with the Provider in the event of a price adjustment in accordance with the applicable regulations (§ 14). In the event that the Provider, through no fault of the User, notifies the User at a time when the User is no longer able to comply with the ordinary notice period until the effective date of the price adjustment, the User may terminate the contractual relationship as of the effective date of the price adjustment.

§14 Contract Duration and Termination

14.1 The Agreement shall enter into force after the Customer’s request and provision of access to the Software by the Provider and shall be concluded for an indefinite period of time.

14.2 The contract may be terminated by either party with a notice period of one month to the end of the month.

14.3 The right to terminate without notice for good cause remains unaffected. In any case, the termination must be in writing.

14.4 The Provider shall provide the Customer with reasonable support for the retransfer or backup of the data at its own expense after termination of the Agreement.

14.5 The Provider shall delete all Customer data remaining on its servers in an unrecoverable manner 30 days after termination of the contractual relationship. There shall be no right of retention or lien on the data in favor of the Provider.

§16 Withdrawal

If the Customer is a consumer, he has a right of withdrawal.

Right of Withdrawal

You have the right to revoke this contract within fourteen days without giving any reason. The revocation period is fourteen days from the day of the conclusion of the contract.

To exercise your right of withdrawal, you must inform us (Skymatic GmbH, Am Hauptbahnhof 6, 53111 Bonn, email: [email protected], fax: 02241 / 2667424) of your decision to withdraw from this contract by means of a clear declaration (e.g. a letter sent by post or an email). You can use the attached sample withdrawal form for this purpose, which is, however, not mandatory.

To comply with the withdrawal period, it is sufficient that you send the notice of exercise of the right of withdrawal before the expiry of the withdrawal period.

Consequences of Withdrawal

If you revoke this contract, we shall reimburse you all payments we have received from you, including delivery costs (except for additional costs resulting from the fact that you have chosen a type of delivery other than the most favorable standard delivery offered by us), without undue delay and no later than within fourteen days from the day on which we received the notification of your revocation of this contract. For this repayment, we will use the same means of payment that you used for the original transaction, unless expressly agreed otherwise with you; in no case will you be charged for this repayment.

Sample Revocation Form

The legislator provides the following model withdrawal form in Annex 2 to Article 246a § 1 (2) sentence 1 number 1 and § 2 (2) number 2 EGBGB:

To:
Skymatic GmbH
Am Hauptbahnhof 6
53111 Bonn
Germany
Email: [email protected]
Fax: 02241 / 2667424

I/we (*) hereby revoke the contract concluded by me/us (*) for the purchase of the following goods:

Ordered on (*) / received on (*): __________________
Name of the customer: __________________
Address of the customer: __________________
Signature (only in the case of paper-based notice): __________________
Date: __________________

(*) Delete as applicable.

Special Notes: Exclusion or Premature Expiration of the Right of Withdrawal

The right of withdrawal does not apply to contracts for the delivery of digital content that is not prefabricated and for the production of which an individual selection or determination by the consumer is decisive or which is clearly tailored to the personal needs of the consumer.

The right of withdrawal expires prematurely if

  • the Provider begins with the execution of the contract (§ 356 para. 5 BGB),
  • after the Customer, as a consumer, has expressly consented to the commencement of the execution of the contract before the expiry of the revocation period (§ 356 para. 5 no. 1 BGB), and
  • the Customer as a consumer confirms his knowledge of the loss of the right of withdrawal (§ 356 para. 5 no. 2 BGB).

§16 Data Protection; Confidentiality

16.1 The Parties shall comply with the applicable data protection provisions applicable to them in each case.

16.2 If and to the extent that the Provider has access to personal data of the Customer in the context of the provision of services, the Parties shall conclude a corresponding order processing agreement prior to the start of the processing and attach these GTC as an annex. In this case, the Customer is a controller and the Provider is a processor. In this case, the Provider shall process the relevant personal data solely in accordance with the provisions set forth therein and in accordance with the Customer’s instructions.

16.3 The Provider undertakes to maintain confidentiality about all confidential information (including business secrets) that it learns in connection with this Agreement and its performance and not to disclose, pass on or otherwise use such information to third parties. Confidential information is information which is marked as confidential or the confidentiality of which is evident from the circumstances, irrespective of whether it has been communicated in written, electronic, embodied or oral form. The confidentiality obligation does not apply if the Provider is obligated to disclose the confidential information by law or by virtue of a final or legally binding decision of an authority or court. The Provider undertakes to agree with all employees and subcontractors on a provision similar in content to the preceding paragraph.

§17 Online Dispute Resolution as well as Information According to § 36 VSBG

17.1 The EU Commission has provided a platform for out-of-court dispute resolution at https://webgate.ec.europa.eu/odr.

17.2 The Provider is neither obligated nor willing to participate in a dispute resolution procedure before a consumer arbitration board.

§18 Final Clauses

18.1 Should individual provisions of this Agreement be invalid or unenforceable, this shall not affect the validity of the remaining provisions. The parties shall replace such provisions by effective and feasible provisions which correspond as closely as possible to the meaning and economic purpose as well as the intention of the parties at the time of conclusion of the contract. The same shall apply in the event of a gap in the contract.

18.2 There are no oral or written collateral agreements to this contract. Amendments to this contract and its annexes must be made in writing.

18.3 German law shall apply to the exclusion of the conflict of laws provisions and the United Nations Convention on Contracts for the International Sale of Goods of 11.4.1980 (UN Sales Convention).

18.4 The place of jurisdiction for all disputes arising from or in connection with this contract shall be Bonn, insofar as the Customer is a merchant, a legal entity under public law or a special fund under public law. Any exclusive place of jurisdiction shall have priority.