General terms and conditions

I. Scope and subject matter

1. Provider and scope

These General Terms and Conditions (hereinafter "Terms") apply to all contractual relationships between Tuurio GmbH, Muehlenstr. 8a, 14167 Berlin, registered at Amtsgericht Berlin (Charlottenburg) under HRB 180639, represented by Managing Directors Marcus Jueptner and Daniel Kraus (hereinafter "Tuurio" or "Provider"), and the customer (hereinafter "Customer") regarding the use of the SaaS platform Tuurio ID (hereinafter "Service").

2. Subject matter

Tuurio ID is a cloud-based platform for identity management and authentication (Identity & Access Management, IAM). The service includes:

• OAuth 2.0 / OpenID Connect Single Sign-On (SSO)
• User management and multi-tenant isolation
• Multi-factor authentication (MFA)
• Admin dashboard and management API
• Encrypted credential vault

The specific scope of service depends on the customer's subscription tier and the applicable service description (including fair use policy, Annex 1).

3. B2B service

Tuurio ID is exclusively for business customers (Sec. 14 German Civil Code). By entering the contract, the customer confirms use for business purposes.

4. Conflicting terms

These terms apply exclusively. Conflicting or supplementary terms of the customer do not become part of the contract unless Tuurio expressly agrees in writing.

II. Contract conclusion

1. Offer and acceptance

1. The customer registers on id.tuurio.com and selects a subscription tier.
2. Registration constitutes a binding offer. The contract is formed when Tuurio confirms registration and activates access (acceptance).

2. Contract components (order of precedence)

1. Individual agreements (in writing)
2. These General Terms and Conditions
3. Service description incl. fair use policy (Annex 1)
4. Service Level Agreement / SLA (Annex 2)
5. Data Processing Agreement / DPA (Annex 3)

3. Language

These terms are drafted in German. An English translation is provided as a non-binding reading aid. In case of conflicts between the German and English versions, the German version prevails.

III. Payment processing (Paddle as Merchant of Record)

1. Paddle as seller

Payment processing for paid subscriptions is handled by Paddle.com Market Limited as Merchant of Record (reseller). Paddle acts as the seller toward the customer and is responsible for invoicing, payment collection, VAT calculation, and PCI compliance.

2. Payment terms

1. Subscription fees are due in advance (monthly or annually). Currency: EUR.
2. Payment methods as offered by Paddle (credit card, PayPal, etc.).
3. In case of payment default exceeding 4 weeks despite reminder, Tuurio may temporarily restrict access to the service. The restriction is lifted once the outstanding amount is settled.

IV. Subscription tiers

Available tiers: Sandbox (free), Starter (EUR 39/mo), Business (EUR 99/mo), Enterprise (EUR 249/mo). The specific scope of each tier (MAU limits, tenant count, API quotas, support level) is defined in the service description / fair use policy (Annex 1).

Upgrade / Downgrade

1. Upgrade: Available at any time. The difference is charged pro-rata for the remaining billing period.
2. Downgrade: Effective at the end of the current billing period. The customer must ensure usage is within the new tier's limits before the downgrade takes effect.

V. Customer obligations

1. The customer is responsible for keeping access credentials (passwords, API keys, client secrets) confidential and for use only by authorized persons within their organization.
2. The customer ensures that registration and operational data (company name, contact details, billing address) is accurate and current.
3. The customer agrees to use the service in accordance with the fair use policy (Annex 1). Violations of the fair use policy constitute a breach of contract.
4. The customer uses the service exclusively for lawful purposes and in compliance with applicable laws, in particular the GDPR.

VI. Availability and service disruptions

Tuurio commits to providing the service with the availability agreed in the Service Level Agreement (Annex 2). For Sandbox and Starter tiers, best-effort availability applies without a defined availability commitment. Details on maintenance windows, credits, and escalation are defined in the SLA.

VII. Warranty

1. Tuurio owes the provision of the service as defined in the service description (Annex 1). Specific suitability for the customer's particular purposes is only owed if agreed in writing.
2. The customer must report disruptions immediately and provide all information necessary for troubleshooting.
3. Tuurio does not make guarantees in the legal sense (Sec. 444 German Civil Code). Statements about functionality, availability, or security in marketing materials describe the intended service standard, not guarantees.

VIII. Prices and price changes

1. The price agreed at contract conclusion applies for at least 12 months from the start of the contract.
2. Price changes are announced at least 90 days in advance by email. Price increases are only permissible for objectively justified reasons. Price reductions are also passed on (symmetry principle).
3. In case of price increases, the customer has a special termination right effective at the date the price increase takes effect. Termination must be declared within 30 days of receiving the price change notice. Until termination becomes effective, the previous prices apply.

IX. Term and termination

1. Ordinary termination

Monthly subscriptions: 1 month notice to the end of the billing period.
Annual subscriptions: 2 months notice to the end of the billing period.
Sandbox (free): Can be terminated at any time with immediate effect.
Termination via dashboard, email to support@tuurio.com, or via Paddle.

2. Extraordinary termination

The right to extraordinary termination for cause remains unaffected for both parties.

3. Consequences of termination

After contract end, the customer can export all data in a common format (JSON, CSV) within 30 days. After the export period, all customer data is deleted within 30 additional days, unless legal retention obligations apply (details in the DPA, Annex 3).

X. Liability

1. Unlimited liability

Tuurio is liable without limitation for damages caused by intent, gross negligence, injury to life, body, or health, assumption of a guarantee in the legal sense, or claims under the Product Liability Act.

2. Liability for cardinal obligations

For breach of material contractual obligations (cardinal obligations) through simple negligence, liability is limited to the typically foreseeable damage. Cardinal obligations include the provision of the service with agreed availability, the security and integrity of stored customer data, compliance with data protection obligations, and proper processing of authentication requests.

3. Exclusion

Liability for breach of non-material contractual obligations through simple negligence is excluded, except for damages to life, body, or health.

XI. Confidentiality and data protection

Where Tuurio processes personal data on behalf of the customer, the parties conclude a Data Processing Agreement (DPA) pursuant to Art. 28 GDPR (Annex 3). The DPA is available at /public/legal/avv and is digitally accepted by the customer during account setup.

XII. Force majeure

Neither party is liable for failure to perform due to force majeure events (natural disasters, war, pandemics, government orders, large-scale internet outages, large-scale cyberattacks affecting the entire infrastructure). The affected party must notify the other party immediately. If force majeure lasts longer than 3 months, either party may terminate the contract with extraordinary termination. Both parties' rights apply symmetrically.

XIII. Data portability (EU Data Act)

In accordance with Regulation (EU) 2023/2854 (EU Data Act), the customer may export data at any time during the contract term and up to 30 days after termination in machine-readable formats (JSON, CSV). No switching fees apply. Tuurio supports the customer with migration within technically reasonable limits.

XIV. Amendments to these terms

Tuurio may amend these terms with at least 30 days' notice. The customer is informed by email and via the dashboard. The customer may object within 30 days of receiving the amendment notice. In case of material changes (in particular, deterioration of service or increase in customer obligations), the customer has a special termination right effective at the date the amendment takes effect.

XV. Final provisions

1. The law of the Federal Republic of Germany applies, excluding UN sales law (CISG).
2. Exclusive place of jurisdiction for all disputes arising from or in connection with this contract is Berlin, where the customer is a merchant, legal entity under public law, or a special fund under public law.
3. We are neither willing nor obliged to participate in dispute resolution proceedings before a consumer arbitration board.

Annexes

• Annex 1: Service description & fair use policy
• Annex 2: Service Level Agreement (SLA)
• Annex 3: Data Processing Agreement (DPA/AVV)