Terms of Service

These Terms of Service ("Terms") govern your use of the Restorable service ("Service") operated by Hackerman AB, a Swedish limited company (org. nr. [ORG-NR]), with its registered office at [ADDRESS], Sweden ("Hackerman", "we", "us").

By creating an account or installing the Restorable agent, you agree to these Terms on behalf of the organization you represent ("Customer", "you"). If you do not have authority to bind your organization, do not proceed.

Effective date: 4 May 2026

1. What the Service does

Restorable backs up customer databases, runs scheduled restore tests against those backups, and produces cryptographically signed receipts attesting the outcome. The Service consists of:

• The Restorable agent. Open-source software (Apache-2.0) that the Customer installs and operates on their own infrastructure. The agent holds the Customer's Ed25519 signing key and age encryption key, performs backups, runs restore tests, and signs receipts.
• The orchestrator. A hosted API operated by Hackerman that coordinates backup schedules, stores encrypted backup payloads, hosts the transparency log, delivers evidence emails, and serves the customer dashboard.

The Service we provide is the orchestrator. The agent runs on your infrastructure, under your control.

2. Account and access

2.1. You must provide accurate registration information and keep it current.

2.2. You are responsible for all activity under your account, including actions by anyone you grant access to.

2.3. You must notify us promptly at security@restorable.app if you believe your account has been compromised.

3. Subscription and payment

3.1. The Service is offered in paid tiers (currently Starter, Pro, and Team). Pricing, feature limits, and included storage are published on our pricing page and may change with 30 days' notice.

3.2. Subscriptions are billed monthly or annually in advance. Payments are processed through our EU-based payment provider (currently Mollie).

3.3. Storage usage beyond your tier's included allowance is billed as overage at the rate specified for your tier, invoiced with the following billing cycle.

3.4. If payment fails, we will notify you and provide a 14-day grace period. If payment is not resolved within that period, we may suspend the Service. Suspension does not delete your data; see section 10 for data retention on termination.

3.5. All fees are exclusive of VAT or other applicable taxes, which will be added where required by law.

4. What the receipt means (and does not mean)

4.1. Each receipt is a cryptographic attestation that a specific restore test, at a specific timestamp, against a specific backup, produced a specific outcome (pass or fail). The receipt is signed by the Customer's own Ed25519 key, held by the Customer's agent.

4.2. A passing receipt means the restore test passed at that point in time. It does not guarantee that future restores will succeed, that the backup is free of corruption beyond what the test checks, or that the backup satisfies any particular regulatory or compliance requirement.

4.3. Restorable does not make compliance determinations. The Customer's auditor, compliance officer, or legal counsel interprets the receipt in the context of the applicable framework (SOC 2, ISO 27001, or otherwise). We provide the evidence. You determine what it means for your compliance posture.

4.4. Customer-defined smoke tests (SQL queries, aggregation checks) are written and maintained by the Customer. We execute them as provided. A passing smoke test means the query returned the expected result, not that the database is correct in any broader sense.

5. Data handling and encryption

5.1. Restorable cannot access your backup data. Backups are encrypted by the agent using age encryption with a Content Encryption Key (CEK) that only the Customer holds. We store ciphertext. We do not hold, escrow, or have any mechanism to obtain the decryption key.

5.2. We process the following metadata in the course of operating the Service: account information, backup schedule configuration, backup size, timestamps, restore test outcomes, receipt payloads (which contain test metadata, not backup content), and transparency log entries.

5.3. Metadata processing is covered by a separate Data Processing Agreement (DPA), available on request and included with Pro and Team tiers. The DPA describes our obligations under the GDPR as a data processor for the limited metadata we handle.

5.4. Because we cannot access the backup payload, we are not a data processor with respect to the contents of your backups. The Customer remains the sole controller of that data.

5.5. All data is stored on EU-sovereign infrastructure. We do not use US vendors anywhere in the data path. The current infrastructure inventory is published on our website.

6. Service scope and availability

6.1. "Service availability" means the availability of the orchestrator API, dashboard, evidence email delivery, and ciphertext storage. It does not include the uptime or correct operation of the Customer's agent, which runs on the Customer's infrastructure.

6.2. We target 99.5% monthly uptime for the orchestrator API, measured as the percentage of minutes in a calendar month during which the API responds to authenticated requests. Planned maintenance windows, announced at least 48 hours in advance, are excluded from the calculation. This is an operational target, not a contractual commitment with credits or remedies.

6.3. We may modify, deprecate, or discontinue features of the Service with reasonable notice. For changes that materially reduce functionality you are using, we will provide at least 60 days' notice and, if you object, allow you to terminate without penalty.

7. Customer responsibilities

7.1. You are responsible for installing, configuring, and operating the agent on your infrastructure, including keeping it updated.

7.2. You are responsible for the security of your signing key (Ed25519) and encryption key (age CEK). If you lose your encryption key, Restorable cannot decrypt your backups. We have no recovery mechanism for lost keys.

7.3. You are responsible for ensuring that your use of the Service complies with applicable laws, including any requirements related to the data you back up.

7.4. You must not use the Service to store or process data that is illegal under applicable law, or in a way that interferes with the Service for other customers.

8. Open-source components

8.1. The Restorable agent, verifier, and core library are licensed under Apache-2.0. The wire-protocol specification and documentation are licensed under CC-BY-4.0. These licenses are independent of these Terms.

8.2. The open-source components are provided "as is" under their respective licenses, without warranty beyond what those licenses state. These Terms do not expand or limit the rights granted by those licenses.

8.3. You may use the open-source components without a Restorable subscription. The subscription covers access to the orchestrator, hosted storage, evidence delivery, and the dashboard.

9. Intellectual property

9.1. Hackerman AB owns the Service, the orchestrator, the dashboard, and all related intellectual property, except for the open-source components licensed as described in section 8.

9.2. Your data is yours. We claim no ownership of your backups, metadata, or receipts.

9.3. You grant us the limited right to process your metadata as necessary to operate the Service, as described in section 5 and the DPA.

10. Term and termination

10.1. These Terms take effect when you create an account and remain in effect until terminated.

10.2. You may terminate at any time by cancelling your subscription through the dashboard or by emailing support@restorable.app. Fees already paid are not refunded for the remaining billing period, except as required by law.

10.3. We may terminate or suspend your access if you breach these Terms, fail to pay after the grace period in section 3.4, or if we are required to do so by law. We will notify you in writing before or at the time of termination, except where prohibited by law.

10.4. On termination, you have 30 days to export your encrypted backups and receipts. After that period, we will delete your ciphertext and account data within 90 days. Transparency log entries are retained indefinitely as part of the append-only log. The log contains only metadata (timestamps, event types, organization identifiers); it does not contain backup content. Deleting individual log entries would break consistency proofs for other customers, so they are never removed.

11. Limitation of liability

11.1. Aggregate cap. Hackerman's total aggregate liability arising out of or related to these Terms, whether in contract, tort, or otherwise, is limited to the fees you paid to Hackerman in the twelve (12) months immediately preceding the event giving rise to the claim.

11.2. Consequential damages exclusion. To the maximum extent permitted by applicable law, Hackerman is not liable for any indirect, incidental, special, consequential, or punitive damages, including but not limited to: loss of data, loss of revenue, loss of profits, cost of replacement services, or business interruption, however caused and regardless of theory of liability.

11.3. Failed restores. Without limiting section 11.2, Hackerman is not liable for any loss arising from a backup that fails to restore, a restore test that produces an incorrect result, or a receipt that attests a passing result for a restore that later fails. The Service provides evidence of point-in-time test outcomes. It does not guarantee the recoverability of your data.

11.4. Key loss. Hackerman is not liable for any loss arising from the Customer's loss of their encryption key or signing key. We do not hold copies of these keys and cannot recover them.

11.5. The limitations in this section apply even if Hackerman has been advised of the possibility of such damages and even if a limited remedy is found to have failed its essential purpose.

11.6. Nothing in these Terms excludes or limits liability for (a) death or personal injury caused by negligence, (b) fraud or fraudulent misrepresentation, or (c) any other liability that cannot be excluded or limited under applicable law.

12. Warranty disclaimer

12.1. The Service is provided "as is" and "as available." To the maximum extent permitted by applicable law, Hackerman disclaims all warranties, whether express, implied, or statutory, including implied warranties of merchantability, fitness for a particular purpose, and non-infringement.

12.2. We do not warrant that the Service will be uninterrupted, error-free, or secure, or that any defects will be corrected.

12.3. We do not warrant that any receipt or restore test result is accurate, complete, or suitable for any particular compliance or regulatory purpose.

13. Indemnification

13.1. You agree to indemnify and hold harmless Hackerman, its officers, and employees from any claims, damages, or expenses (including reasonable legal fees) arising from: (a) your use of the Service in violation of these Terms, (b) your breach of applicable law, or (c) any third-party claim related to the data you back up through the Service.

13.2. We will notify you promptly of any such claim and cooperate reasonably in its defense.

14. Changes to these Terms

14.1. We may update these Terms from time to time. We will notify you of material changes at least 30 days before they take effect, by email to the address associated with your account.

14.2. Your continued use of the Service after the effective date of a change constitutes acceptance. If you disagree with a material change, you may terminate your subscription before the change takes effect.

15. Governing law and dispute resolution

15.1. These Terms are governed by the laws of Sweden, without regard to conflict-of-law principles.

15.2. Any dispute arising out of or in connection with these Terms shall be resolved by the general courts of Stockholm, Sweden.

16. Miscellaneous

16.1. Entire agreement. These Terms, together with the DPA and any order form or subscription confirmation, constitute the entire agreement between the parties regarding the Service.

16.2. Severability. If any provision is found unenforceable, the remaining provisions continue in effect.

16.3. Assignment. You may not assign these Terms without our prior written consent. We may assign these Terms in connection with a merger, acquisition, or sale of all or substantially all of our assets, with notice to you.

16.4. Waiver. Failure to enforce a provision is not a waiver of the right to enforce it later.

16.5. Notices. Notices to us should be sent to legal@restorable.app. Notices to you will be sent to the email address on your account.

16.6. Force majeure. Neither party is liable for delays or failures caused by events beyond reasonable control, including natural disasters, war, government action, or widespread internet outages.