Terms governing your use of cramio.

You must provide accurate and complete information when creating an account. You are responsible for maintaining the confidentiality of your credentials and for all activity under your account. You must notify us immediately of any unauthorized access.

The Customer is responsible for managing User access through the Platform's role-based access control system. API keys must be stored securely and rotated periodically. We reserve the right to disable accounts that violate these terms or exhibit suspicious activity.

cramio offers tiered subscription plans (Starter, Professional, Enterprise) with usage limits on products, users, and features. Plan details and pricing are published on our website and may be updated with 30 days' notice.

New accounts receive a 30-day free trial of the Starter plan. After the trial period, continued access requires an active paid subscription. Billing is processed monthly or annually through our payment provider (Stripe). All amounts are in EUR and exclusive of applicable VAT.

You may upgrade, downgrade, or cancel your plan at any time. Downgrades and cancellations take effect at the end of the current billing period. No refunds are provided for partial billing periods, except as required by applicable law.

The Platform is provided for the purpose of managing EU Cyber Resilience Act compliance, including SBOM management, vulnerability tracking, incident response, regulatory reporting, and evidence retention. You agree to use the Platform only for its intended purpose and in compliance with applicable laws.

You agree not to:

You retain all ownership rights to your Compliance Data. We process your data solely to provide and improve the Platform as described in our Privacy Policy.

By using the Platform, you grant us a limited, non-exclusive license to process your Compliance Data as necessary to operate the service — including vulnerability matching, report generation, and regulatory submission.

We do not access, analyze, or use your data for any purpose other than providing the Platform services, maintaining security, and fulfilling legal obligations. Enterprise customers may request a dedicated Data Processing Addendum (DPA).

When you use the Platform to submit reports to ENISA's Single Reporting Platform or other regulatory bodies, you acknowledge that:

We target 99.9% uptime for the Platform, measured monthly. Scheduled maintenance windows are communicated at least 48 hours in advance and are excluded from uptime calculations.

Professional and Enterprise plans include prioritized support with response time commitments. Starter plan support is provided on a best-effort basis during business hours (CET).

To the maximum extent permitted by applicable law, cramio's total aggregate liability for any claims arising from or related to these terms shall not exceed the total fees paid by you in the twelve (12) months preceding the claim.

We are not liable for indirect, incidental, special, consequential, or punitive damages, including loss of profits, data, or business opportunities, regardless of the theory of liability. This limitation applies even if we have been advised of the possibility of such damages.

Nothing in these terms limits liability for fraud, gross negligence, death or personal injury caused by negligence, or any liability that cannot be excluded under applicable law.

Either party may terminate these terms with 30 days' written notice. We may suspend or terminate your access immediately if you breach these terms, fail to pay fees when due, or if required by law.

Upon termination, we will provide a 30-day data export window during which you can download your Compliance Data in standard formats (JSON, CSV). After the export window, account data is deleted within 90 days, subject to legal retention requirements for Evidence Vault records.