IronFlock Terms of Service (B2B)

Effective date: December 28, 2025

These Terms of Service (the Terms) govern access to and use of the IronFlock platform and related services (the Service). These Terms are intended for business customers. If you need these Terms tailored to your specific business model (pricing, SLA, support commitments, DPA URL, etc.), have counsel review before relying on them.

1. Definitions

  • Customer means the business entity that enters into these Terms.
  • Users means individuals authorized by Customer to use the Service (e.g., employees, contractors).
  • Order Form means any ordering document, quote, or online plan selection that specifies subscription(s), fees, and term.
  • Customer Data means data submitted to or processed by the Service on Customer’s behalf, including device telemetry and configuration data.
  • Documentation means user guides and technical documentation made available by IronFlock.
  • IronFlock / we / us means IronFlock GmbH.

2. Agreement Structure

If you purchase a paid subscription, these Terms and the applicable Order Form together form the agreement. If there is a conflict, the Order Form controls only for the conflicting topic.

If Customer and IronFlock have a signed master agreement, that agreement controls.

3. Eligibility; Business Use Only

The Service is offered for business use. By using the Service, you represent that you are acting on behalf of a business entity and have authority to bind that entity.

4. Accounts; Administrators; Security

  • Customer is responsible for all activity under its accounts and for ensuring Users comply with these Terms.
  • Customer will maintain appropriate security controls for its credentials and devices and will promptly notify IronFlock of any suspected unauthorized access.
  • IronFlock may provide administrative roles and access controls; Customer is responsible for assigning roles appropriately.

5. License Grant; Restrictions

Subject to these Terms and payment of applicable fees, IronFlock grants Customer a limited, non-exclusive, non-transferable license during the subscription term for its Users to access and use the Service for Customer’s internal business purposes.

Customer and Users will not (and will not permit others to):

  • reverse engineer or attempt to discover source code or underlying ideas (except to the extent permitted by mandatory law);
  • interfere with or disrupt the Service, including by bypassing rate limits, access controls, or security measures;
  • use the Service to store or transmit malware or to perform unlawful, infringing, or harmful activities;
  • access or attempt to access data or accounts not authorized to Customer;
  • resell, lease, or provide the Service to third parties as a service bureau, except as expressly permitted in an Order Form.

6. Industrial / IoT / Edge-Specific Responsibilities

Customer is solely responsible for its devices, networks, configurations, and operational decisions, including safe deployment, monitoring, and rollback planning.

The Service may enable remote actions (e.g., configuration, software deployment, updates). Customer is responsible for:

  • verifying compatibility and safety in its own environments;
  • implementing staged rollouts, approvals, and operational safeguards;
  • ensuring use complies with applicable industry regulations, safety requirements, and internal policies.

The Service is not designed or warranted for use in high-risk environments where failure could lead to death, personal injury, or severe physical or environmental damage (e.g., life support systems, emergency response systems), unless expressly agreed in writing.

7. Service Changes

IronFlock may modify the Service to improve performance, security, and functionality. IronFlock will not materially reduce core functionality purchased under an active subscription without reasonable notice where practicable.

8. Support; Service Levels

Support scope, response times, and any service level commitments (if any) are only as stated in an Order Form or separate support/SLA document. If none are provided, the Service is provided without a service level agreement.

9. Fees; Payment; Taxes

  • Fees (if any) are described in the applicable Order Form.
  • Unless otherwise stated, fees are non-refundable and payable in advance.
  • Customer is responsible for all applicable taxes, excluding taxes based on IronFlock’s income.
  • IronFlock may suspend access for undisputed overdue amounts after providing reasonable notice.

10. Third-Party Services

The Service may integrate with or link to third-party services. Third-party services are governed by their own terms, and IronFlock is not responsible for third-party services.

11. Intellectual Property; Feedback

IronFlock and its licensors retain all rights, title, and interest in the Service, Documentation, and related technology.

If Customer provides suggestions or feedback, IronFlock may use it without restriction or obligation.

12. Customer Data; GDPR Roles; Data Processing Addendum

12.1 Customer Data ownership and instructions

As between the parties, Customer owns Customer Data. Customer controls and determines the purposes and means of processing Customer Data, including what telemetry is collected and how long it is retained.

12.2 Processor role

For Customer Data that includes personal data, the parties acknowledge:

  • Customer acts as controller (GDPR Art. 4(7)) for such Customer Data.
  • IronFlock acts as processor (GDPR Art. 4(8)) and processes such Customer Data only on Customer’s documented instructions, as necessary to provide the Service, support, and maintain security.

12.3 Data Processing Addendum (DPA)

The parties will enter into a Data Processing Addendum where required by law. A template DPA is available at messages/company-legal/dpa/dpa.en.md. The DPA will describe processing details (subject matter, duration, nature/purpose, categories of data subjects and personal data) and include GDPR Art. 28 terms, including subprocessors.

12.4 Security

IronFlock will implement appropriate technical and organizational measures designed to protect Customer Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access.

12.5 Return/deletion

Upon termination or expiration, IronFlock will, consistent with the DPA and applicable law, return and/or delete Customer Data within a reasonable period, except to the extent retention is required by law or for legitimate backup integrity.

13. Aggregated / Anonymized Data

IronFlock may collect and use aggregated and/or anonymized data derived from usage of the Service (which does not identify Customer, Users, or any individual) to operate, maintain, monitor, protect, and improve the Service, including cross-tenant analytics.

14. Confidentiality

Each party may receive the other party’s non-public information marked or reasonably understood as confidential (Confidential Information). Each party will:

  • use the other party’s Confidential Information only to perform under these Terms;
  • protect it using reasonable care;
  • not disclose it to third parties except to employees/contractors who need to know and are bound by confidentiality obligations.

Confidential Information excludes information that is independently developed, publicly available without breach, or rightfully received without confidentiality obligations.

15. Compliance; Export Controls

Customer will comply with applicable laws in its use of the Service, including data protection laws and export/sanctions laws.

16. Warranties; Disclaimers

Except as expressly stated in an Order Form, the Service is provided “as is” and “as available.” To the maximum extent permitted by law, IronFlock disclaims all warranties, including implied warranties of merchantability, fitness for a particular purpose, and non-infringement.

IronFlock does not warrant that the Service will be uninterrupted, error-free, or that Customer Data will be preserved without loss.

17. Indemnification

17.1 Customer indemnity

Customer will defend and indemnify IronFlock from third-party claims arising from (a) Customer Data, (b) Customer’s or Users’ misuse of the Service, or (c) Customer’s devices, deployments, or configurations, except to the extent caused by IronFlock’s breach of these Terms.

17.2 IronFlock IP indemnity (optional baseline)

IronFlock will defend and indemnify Customer from third-party claims that the Service, as provided by IronFlock, infringes a third party’s intellectual property right, and will pay resulting damages awarded by a court or agreed in settlement, provided Customer promptly notifies IronFlock and cooperates.

IronFlock has no obligation to the extent a claim arises from Customer Data, third-party services, Customer modifications, misuse, or use not in accordance with these Terms.

If an infringement claim occurs or is likely, IronFlock may (at its option) (a) modify the Service to be non-infringing, (b) obtain a license, or (c) terminate the affected portion and refund prepaid unused fees for that portion.

18. Limitation of Liability

To the maximum extent permitted by law:

  • Neither party will be liable for indirect, incidental, special, consequential, or punitive damages, or for loss of profits, revenue, goodwill, or data, even if advised of the possibility.
  • Each party’s aggregate liability under these Terms will not exceed the fees paid or payable by Customer to IronFlock for the Service in the twelve (12) months preceding the event giving rise to the claim.

Nothing in these Terms limits liability to the extent it cannot be limited under applicable law (for example, liability for intent, gross negligence, or injury to life, body, or health).

19. Term; Suspension; Termination

19.1 Term

These Terms start when Customer first uses the Service and continue until terminated. Subscription terms are as stated in the Order Form.

19.2 Suspension

IronFlock may suspend access for: (a) security reasons, (b) violation of these Terms, or (c) overdue undisputed fees, and will restore access promptly after the issue is resolved.

19.3 Termination

Either party may terminate for material breach if not cured within a reasonable cure period after written notice.

20. Notices

Notices must be in writing and delivered by email or other method stated in the Order Form. Notices to IronFlock may be sent to: info@ironflock.com.

21. Governing Law; Venue

These Terms are governed by the laws of Germany, excluding conflict of laws rules and the UN Convention on Contracts for the International Sale of Goods (CISG). The courts in Frankfurt am Main, Germany will have exclusive jurisdiction, to the extent permitted by law.

22. Miscellaneous

  • Assignment: Neither party may assign these Terms without the other party’s consent, except to an affiliate or in connection with a merger, acquisition, or sale of substantially all assets.
  • Force majeure: Neither party is liable for delays beyond reasonable control.
  • Severability: If a provision is unenforceable, the remainder remains in effect.
  • Entire agreement: These Terms and any Order Form are the entire agreement on the Service.

Privacy Notice (Controller Activities)

Effective date: December 28, 2025

This Privacy Notice explains how IronFlock GmbH processes personal data where IronFlock acts as a controller (for example, website visitors, marketing leads, and billing contacts).

Important: For Customer Data processed within the IronFlock platform on behalf of our business customers (including telemetry, device data, and platform user accounts inside a customer tenant), IronFlock acts as a processor and processes that data under the applicable customer agreement and Data Processing Addendum (DPA). In that case, the customer’s privacy notice (as controller) applies.

1. Controller and Contact

Controller: IronFlock GmbH
Taunusanlage 8
60329 Frankfurt am Main, Germany

Privacy contact: contact@ironflock.com

2. Categories of Personal Data (Controller Context)

Depending on your interaction with us, we may process:

  • contact details (name, business email, phone number, company);
  • communication content (messages, support requests, feedback);
  • billing and transaction metadata (invoices, payment status; we do not intend to store full card details);
  • website/device data (IP address, browser type, device identifiers, approximate location derived from IP);
  • marketing preferences (newsletter opt-in/out).

3. Purposes and Legal Bases

We process personal data for the following purposes and legal bases:

  • Contract performance (GDPR Art. 6(1)(b)): providing requested information, onboarding, administering customer relationships, and delivering purchased services.
  • Legitimate interests (GDPR Art. 6(1)(f)): operating and securing our website and systems, preventing abuse, improving our services using aggregated/anonymized analytics, and responding to inquiries.
  • Consent (GDPR Art. 6(1)(a)): where required for certain cookies/marketing communications.
  • Legal obligation (GDPR Art. 6(1)(c)): tax, accounting, and compliance obligations.

4. Recipients

We may share personal data with:

  • service providers that help us operate our business (e.g., hosting, email delivery, customer support tooling, analytics);
  • professional advisors (legal, tax, auditors);
  • authorities where required by law.

We require our service providers to protect personal data and only process it for specified purposes.

5. International Transfers

We aim to host and process data primarily within the EU/EEA. If we transfer personal data to recipients outside the EU/EEA, we will use appropriate safeguards (for example, EU Standard Contractual Clauses) as required by applicable law.

6. Retention

We retain personal data only as long as necessary for the purposes described above, including legally required retention periods (e.g., accounting records). Retention periods vary based on the data type and purpose.

7. Your Rights

Subject to applicable law, you may have rights to access, rectify, erase, restrict processing, object, and data portability.

You can exercise rights by contacting us at contact@ironflock.com.

You also have the right to lodge a complaint with a data protection supervisory authority, in particular in the EU member state of your habitual residence, place of work, or the place of the alleged infringement.

8. Cookies

We may use cookies and similar technologies for essential functionality and (where enabled) analytics. Where required by law, we will request consent for non-essential cookies.

9. Security

We implement appropriate technical and organizational measures designed to protect personal data. However, no method of transmission or storage is perfectly secure.

10. Changes to this Notice

We may update this Privacy Notice from time to time. The effective date above indicates the latest revision.