Terms of Service

1. Introduction & Acceptance

These Terms of Service (“Terms”) govern your use of the sota.io platform (“Service”), operated by mamarx GmbH, Chodowieckistr. 15, 10405 Berlin, Germany (“we”, “us”, “mamarx”).

By accessing or using the Service, you agree to be bound by these Terms. If you do not agree, do not use the Service. We may update these Terms with 30 days' notice via email or in-app notification.

2. Service Description

sota.io is a Platform-as-a-Service (PaaS) that enables developers and AI agents to deploy web applications on EU-based infrastructure. The Service includes:

• Application deployment and hosting on Hetzner Cloud (Germany)
• Automated build pipeline with framework detection
• Managed PostgreSQL databases
• HTTPS/TLS certificates via Let's Encrypt
• REST API, CLI tool, and MCP server for AI agent integration
• Web dashboard for project management

mamarx manages the infrastructure. You are responsible for your application code, data, and security configuration.

3. Account Responsibilities

You must provide accurate registration information and are fully responsible for all activity under your account. You must protect your credentials (API keys) and notify us immediately at info@sota.io if you suspect unauthorized access.

4. Acceptable Use

You may not use the Service to:

• Engage in illegal activities or violate applicable laws
• Distribute malware, viruses, or malicious code
• Send spam or conduct phishing attacks
• Launch DDoS attacks or attempt unauthorized network access
• Host or distribute child sexual abuse material (CSAM)
• Mine cryptocurrency without explicit consent
• Infringe on intellectual property rights
• Abuse system resources beyond your plan limits

Violations may result in immediate account termination without refund.

5. Digital Services Act Compliance

In accordance with EU Regulation 2022/2065 (Digital Services Act), we provide mechanisms for reporting illegal content. Reports can be submitted to abuse@sota.io. We review reports within 72 hours and publish annual transparency reports as required.

6. EU AI Act

sota.io provides infrastructure services only. If you deploy AI systems on our platform, you bear sole responsibility for compliance with EU Regulation 2024/1689 (EU AI Act), including risk classification, documentation, and transparency requirements.

7. Sanctions & Export Control

You warrant that you are not located in, or a resident of, any country subject to EU or German sanctions, and that you are not listed on any applicable sanctions list. You agree not to use the Service to facilitate transactions with sanctioned parties.

8. Data & Privacy

We store only the data necessary to operate the Service (authentication data, project metadata, deployment logs). We do not sell or share your data with third parties. You own all data in your deployed applications. See our Privacy Policy for details.

Upon account termination, you have 30 days to retrieve your data. After this period, data is permanently deleted.

9. Container & Deployment Disclaimer

Your applications run in isolated containers with resource limits defined by your plan. You are responsible for the security and behavior of your deployed code, including dependencies, environment variables, and database contents.

10. Third-Party Services

The Service integrates with third-party services (Hetzner Cloud, Supabase, Let's Encrypt). We are not responsible for the availability, performance, or policies of these services. Your use of third-party integrations may be subject to their respective terms.

11. Limitation of Liability

Our liability is limited to the fees you paid in the preceding 12 months. We exclude liability for indirect, incidental, or consequential damages to the maximum extent permitted by law. This limitation does not apply in cases of gross negligence, willful misconduct, or liability that cannot be excluded under applicable law.

12. Indemnification

You agree to indemnify and hold harmless mamarx GmbH from any third-party claims arising from your use of the Service, including claims related to your deployed applications, stored data, or violation of these Terms.

13. Service Availability

We provide the Service on a best-effort basis. We do not guarantee specific uptime unless agreed in a separate Service Level Agreement (SLA). We are not liable for interruptions caused by force majeure, scheduled maintenance (announced 48 hours in advance), or circumstances beyond our control.

14. Plans & Billing

The Service offers a free tier and paid plans. Plan limits (projects, memory, CPU) are enforced automatically. We reserve the right to modify pricing with 30 days' notice. Downgrades take effect at the end of the current billing period.

15. Termination

You may cancel your account at any time. We may terminate your account immediately for policy violations, or with 30 days' notice for any other reason. Upon termination, you have 30 days to retrieve your data. Running containers are stopped and project data is deleted after the retrieval period.

16. Intellectual Property

You retain all rights to your application code and data. mamarx GmbH retains all rights to the sota.io platform, including the API, CLI, MCP server, dashboard, and documentation. We grant you a limited, non-exclusive license to use the platform for the duration of your account.

17. GDPR & Data Processing

All data is processed and stored exclusively within the European Union (Hetzner Cloud, Germany). We act as data processor for personal data you store in your applications. A separate Data Processing Agreement (DPA) is available. We will notify you of any data breach without undue delay.

18. Governing Law & Disputes

These Terms are governed by the laws of the Federal Republic of Germany. Exclusive jurisdiction is Berlin, Germany. Before initiating legal proceedings, both parties agree to attempt good-faith dispute resolution.

19. Contact