Terms of Condition

Terms & Conditions – KraLos GmbH

Terms & Conditions

These Terms & Conditions apply exclusively to business customers of KraLos GmbH and govern the provision of SaaS, cybersecurity services and consulting in a B2B environment.

Version 1.0 · May 2026

1. Scope

These Terms & Conditions (“Terms”) apply to all contracts, offers, services and business relationships between KraLos GmbH, Hannoversche Neustadt 54, 31303 Burgdorf, Germany (“KraLos”, “we”, “us”) and its customers.

KraLos provides its services exclusively to entrepreneurs within the meaning of Section 14 of the German Civil Code (BGB), legal entities under public law and special funds under public law. Contracts with consumers within the meaning of Section 13 BGB are not concluded.

B2B Notice: KraLos provides services exclusively in a business-to-business environment. Consumer withdrawal rights do not apply.

Deviating, conflicting or supplementary terms and conditions of the customer shall only become part of the contract if KraLos has expressly agreed to their validity in text form.

2. Services

KraLos offers services exclusively in the following areas:

SaaS Provision of cloud-based software and platform services.
Cybersecurity Protection, analysis, monitoring and securing of digital systems.
Consulting Strategic, technical and organizational consulting in IT and cybersecurity.

The specific scope of services is determined by the applicable offer, order, agreement, service description, statement of work or separate contractual arrangement.

Unless expressly agreed otherwise, consulting, analysis and cybersecurity services are provided as professional services and KraLos does not owe a specific economic or technical result.

3. Conclusion of Contract

Offers from KraLos are non-binding unless expressly designated as binding. A contract is concluded by written or electronic acceptance of an offer, by order confirmation, by signing a contract or by provision of the agreed service.

KraLos may reject orders if legal, technical, security-related, compliance-related or economic reasons prevent performance.

4. Subscription Contracts, Term and Termination

SaaS and recurring cybersecurity services are provided as subscription contracts unless expressly agreed otherwise.

The minimum term of a subscription contract is twelve (12) months.

After the end of the respective contract term, the contract automatically renews for an additional contract period of twelve (12) months unless terminated in text form with a notice period of three (3) months before the end of the respective contract term.

The right to extraordinary termination for good cause remains unaffected. Good cause includes, in particular, payment default, material breach of these Terms, misuse of the software, attacks against systems of KraLos or third parties, violation of security requirements or breach of statutory obligations.

5. Usage Rights, Intellectual Property and Proprietary Rights

All rights to software, platforms, source code, object code, architectures, interfaces, designs, models, documentation, dashboards, trademarks, logos, concepts, security mechanisms, analyses, reports and other work results remain exclusively with KraLos or the respective rights holders.

During the contract term, the customer receives a simple, non-exclusive, non-transferable and non-sublicensable right to use the provided software and agreed services solely for its own internal business purposes.

No ownership rights, source code, patent rights, trademark rights, trade secrets or other proprietary rights are transferred to the customer.

6. Prohibited Use, Modification and Misuse

The customer shall not use KraLos software, platforms or services in an abusive, unlawful or security-compromising manner.

In particular, the customer is prohibited from:

  • copying, modifying, decompiling, disassembling, reverse engineering or otherwise manipulating the software;
  • bypassing security mechanisms, license checks, access restrictions or technical protection measures;
  • using the software or services for attacks, unauthorized testing, malware, botnets, phishing, spam, credential theft or any other unlawful purposes;
  • performing unauthorized penetration tests, load tests, scans or attacks against KraLos systems or third parties;
  • providing, reselling, renting, leasing or making the services available to third parties without prior written consent;
  • exploiting vulnerabilities instead of responsibly reporting them to KraLos.
Consequences of Misuse: Any breach may result in immediate suspension, extraordinary termination, claims for damages, contractual penalties, injunctive relief and criminal or civil prosecution. KraLos expressly reserves the right to report unlawful conduct to competent authorities.

7. Customer Duties

The customer shall provide all information, access, contacts and technical prerequisites required for the performance of the services in a timely, complete and accurate manner.

The customer remains responsible for the security of its own systems, endpoints, credentials, backups, internal processes, user accounts and networks unless these are expressly part of the agreed KraLos services.

Credentials must be kept confidential. The customer shall implement appropriate technical and organizational measures to prevent unauthorized access.

8. Hosting, Infrastructure and Proprietary Analytics

KraLos servers are hosted by IONOS in Germany unless expressly agreed otherwise in an individual case.

KraLos does not use Google Analytics on its websites and platforms. For the evaluation of access, technical events, security events and usage statistics, KraLos uses its own analytics and monitoring systems.

These systems are used in particular for security, stability, abuse detection, technical improvement, error analysis and further development of the services offered.

9. Data Protection and Confidentiality

KraLos processes personal data in accordance with applicable data protection laws, in particular the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and relevant sector-specific regulations.

Where KraLos processes personal data on behalf of the customer, the parties shall enter into a separate Data Processing Agreement pursuant to Article 28 GDPR.

Both parties undertake to keep confidential all confidential information, trade secrets, technical details, security concepts, customer data and contractual contents and to use them only for the purpose of contract performance.

10. Availability, Maintenance and Security

KraLos may maintain, update, expand, modify or temporarily restrict systems, software and infrastructure if this is required for operation, security or further development.

Planned maintenance will be announced in advance where possible. In the event of acute security risks, attacks, vulnerabilities or disruptions, KraLos may take immediate measures, even if this results in temporary restrictions.

A specific availability level or service level agreement applies only if expressly agreed separately.

11. Disclaimer and Limitation of Liability

KraLos has unlimited liability in cases of intent, gross negligence, injury to life, body or health and under mandatory statutory liability provisions.

In the event of slightly negligent breach of material contractual obligations, KraLos shall only be liable for typical and foreseeable damages. Material contractual obligations are obligations whose fulfilment enables the proper performance of the contract and on whose compliance the customer may regularly rely.

In all other respects, liability of KraLos is excluded. In particular, KraLos shall not be liable for indirect damages, consequential damages, loss of profits, business interruption, data loss, reputational damage, lost savings, damages caused by third parties, cyberattacks, customer misconfigurations or damages outside KraLos’ sphere of influence.

To the extent permitted by law, KraLos’ total liability is limited to the net fees paid by the customer during the twelve (12) months preceding the event giving rise to liability.

Cybersecurity Notice: No security solution can guarantee absolute protection against attacks, vulnerabilities, user errors or emerging threats. KraLos does not warrant the complete prevention of all cyberattacks.

12. Fees and Payment

Unless stated otherwise, prices are net prices plus applicable VAT. Invoices are due without deduction within the payment period stated on the invoice.

In the event of payment default, KraLos may suspend or restrict services until full payment has been received, provided that such suspension is reasonable considering the customer’s interests.

13. Customer References

KraLos may publicly use the customer’s name, trademarks or logos as a reference only if the customer has expressly consented to such use or if this has been contractually agreed.

14. Final Provisions

These Terms are governed by the laws of the Federal Republic of Germany, excluding the United Nations Convention on Contracts for the International Sale of Goods.

To the extent legally permissible, the exclusive place of jurisdiction for all disputes arising out of or in connection with these Terms shall be the registered office of KraLos GmbH.

Amendments and additions to these Terms must be made in text form unless stricter legal form requirements apply.

Should any provision of these Terms be or become invalid or unenforceable, the validity of the remaining provisions shall remain unaffected.