Software-as-a-Service Agreement
v. 2.0 (14/04/2026)
1.1 These software-as-a-service terms and conditions ("Agreement") apply to the licensing of the Governance cloud-based software solution (the "Services") provided by Rencore GmbH, a company incorporated in Germany with its principal place of business at Bayerstrasse 71-73, 80335 Munich, Germany ("Company") to business customers ("Customers") (each a "Party" and together the "Parties").
1.2 The Company and the Customer agree that all communications shall be conducted electronically.
2. Definitions
In this Agreement, the following definitions apply. Capitalized terms not defined below are defined where they first appear in this Agreement in bold.
"API" means an application programming interface enabling two software programs to communicate.
"Affiliate" means any entity that controls, or is controlled by another party, where control means ownership of more than 50% of the voting interests.
"Data Processing Addendum" or "DPA" means Company's data processing addendum, as published at https://rencore.com/en/terms-of-use/governance-data-processing-agreement.
"GDPR" means the General Data Protection Regulation (EU) 2016/679.
"Service Hours" means Working Days, 09:00-22:00 CET
"Working Days" means all days except weekends.
Headings are for convenience only. References to this Agreement include all Schedules and amendments. For clarity, "text form" includes notices and communications delivered by email.
3. Conclusion of Contract
3.1 Services are provided under orders placed by Customer and accepted by Company (each a "Contract"). Order Forms may be executed via Company's website or by individual purchase order ("Order Form Form"). Offers made by the Company are non-binding and may be withdrawn by the Company at any time prior to acceptance by the Customer, unless the offer is expressly designated as binding. Obligations arise only under agreed Contracts.
3.2 The date from which Services will be provided (the "Effective Date") will be stated in the applicable Order Form. Additional statutory or contractually agreed effectiveness requirements remain unaffected.
4. Order of Precedence
In the event of conflict, the following order applies (highest priority first):
- Data Processing Agreement
- Order Form
- Attachments to an Order Form (if any)
- Main body of this Agreement
5.1 Company will make the Services available as described in the Order Form and in accordance with generally accepted technical standards. Any Service characteristics shall only constitute guarantees if the Company has expressly assumed liability irrespective of fault or has expressly designated them as guarantees. Any guarantee must be made in writing to be valid.
5.2 Quality requirements or other performance criteria (such as IT security, compliance, programming, or documentation requirements) shall only form part of the Contract if they are expressly included at the time the Contract is concluded and have been expressly and unconditionally confirmed by the Company.
5.3 Brochures, advertising materials or information provided on websites by the Company shall only become part of the Contract if this is expressly agreed.
5.4 Company is not responsible for internet connectivity or transmission quality.
5.5 The Services are provided as a cloud-based application (software-as-a-service). The scope of the Services does not include the procurement or provision of any third-party software, including any licenses for operating systems or standard software from third-party vendors, nor does it cover the further development or new development of third-party software, including patches, updates, or upgrades.
5.6 The Services integrate with Customer Services (as defined below) that Customer must purchase separately. Company is not responsible for failures caused by non-availability or malfunction of Customer Services or related third-party services.
6. Changes, Updates, and Upgrades
6.1 Company may update the Services (including functionality, infrastructure, security, and technical configurations) at any time to ensure continued quality ("Update"). During the
Term of the Contract, the Company will supply all Updates necessary to maintain the Services.
6.2 If an Update is required to be installed or activated by the Customer, and the Customer fails to do so despite being prompted by the Company, the Company shall not be liable for any defect in the Services that results from the absence of such Update. The Company reserves the right to modify the Services, including its features and functionalities, within the scope of Updates and ongoing development. This may also involve restricting or discontinuing individual features, provided such changes are necessary for technical, security, regulatory, or market adaptation reasons.
6.3 If an Update or modification results in a significant deviation from, or restriction of, the main contractual obligations, or materially diminishes the agreed scope of Services, the Customer will be informed in advance in text form (e.g., by email), at least four (4) weeks before the change takes effect.
6.4 The Customer must object in text form to such a significant change within fourteen (14) days after receipt of the notification. If the Customer objects and the Company is thereby materially and unreasonably hindered in continuing to provide the Services (wholly or in material part), the Company shall be entitled to terminate the Contract for cause with immediate effect. In such a case, any fees paid in advance for periods after the effective date of termination will be refunded on a pro rata basis.
6.5 Improvements, innovations, or substantially new features of the Services ("Upgrades") are not included within the scope of the maintenance services owed under the Contract. Upgrades may be provided subject to separate remuneration and a separate agreement. However, the Company reserves the right to make such Upgrades available free of charge at its own discretion.
7. Availability
7.1 Company shall provide the Services with commercially reasonable availability and shall take appropriate measures to ensure that this consists of at least 99.9% availability in each 90-day period (the "Availability"), measured at the WAN-side router output of the hosting data center. Company tracks Availability at https://status.rencore.com.
7.2 Availability is calculated as: (129,600 minutes minus Downtime in minutes) / 129,600 minutes, expressed as a percentage. The 99.9% committed availability target is equivalent to a maximum of 130 minutes of Downtime in any 90-day period. Availability is recorded 24/7, subject to the exclusions below. "Downtime" is the total minutes in a 90-day period during which the Services are inaccessible to Customer over the Internet. Downtime excludes periods: (a) caused by factors beyond Company's control, including unforeseeable events, IT security incidents, outages of connected services, degradation of Customer Services or their underlying infrastructure (e.g., Azure, Azure AD, Cloudflare, Global DNS), or other Customer-agreed services preventing access; and (b) scheduled maintenance. Customer acknowledges that the Services are a non-essential service that requires active use by Customer.
7.3 Scheduled maintenance is excluded from Downtime where: (a) 72 hours' notice is given and outage during Customer’s data centre standard working hours does not exceed 360 minutes per 90-day period; (b) or the cause is force majeure On Customer's request (made within 90 days after the relevant period), Company will credit 1% of the applicable 90-day service fees for each percentage point below the Availability target, capped at 20% of fees for the period. Credits apply to the next invoice.
7.4 Other rights of Customer under applicable law remain unaffected.
8. Documentation
Company will provide access to all generally available user documentation (the "Documentation") at https://docs.rencore.com/governance, at no additional charge.
9. Rights of Use
9.1 Company reserves all rights to the Services and associated intellectual property. No rights are granted except as expressly stated in this Agreement.
9.2 The Company grants the Customer a non-exclusive, revocable, non-transferable right to use the Services as intended for the Term of the Contract. The Customer is entitled to make the Services available to its own employees for business purposes in accordance with this Agreement. and, where necessary, to activate corresponding user accounts ("Authorised Users"). This right of use may not be sublicensed or otherwise made available to third parties unless the Order Form expressly provides for sublicensing, for example to Affiliates of the Customer. Provision of the Services to third parties is only permitted to the extent necessary for the intended contractual use.
9.3 The Company will provide the Customer with the access credentials required for identification and authentication to use the Services. The Customer is not permitted to disclose these credentials to third parties.
9.4 The development of individual adaptations or configurations of the Services ("Customizations") must be expressly agreed. The Company retains all rights to Customizations, in particular the right to license Customizations to other customers. If the Company creates Customizations for the Customer, the rights of use granted to the Customer under this Agreement with respect to the Services shall also apply to such Customizations.
10. Customer Obligations
10.1 The Customer is responsible for all activities of its Authorised Users. The Customer shall ensure that each Authorised User informs the Company immediately via security@rencore.com of any unauthorised use of the account or any other breach of security.
10.2 The Customer shall ensure compliance with the following restrictions when using the Services:
a) The Services may only be used for the purposes defined in the service description.
b) The Services may not be used for backing up, or archiving data.
c) The Services may not be modified, decompiled, reverse engineered, or disassembled, nor may the source code be extracted in any other way.
d) The Customer may not use the Services for the purpose of resale, except otherwise
agreed upon.
10.3 Company may suspend access in whole or in part if Customer's or Authorised Users usage:
a) materially breaches this Agreement or the Order Form;
b) violates applicable law;
c) negatively affects the rights of Company, Company's Affiliates, or third parties and immediate action is necessary.
10.4 Suspension will be limited to the scope and duration necessary. Company will use commercially reasonable efforts to give prior notice to Customer's designated notice contact (email being sufficient), specifying a cure period. Where circumstances require immediate suspension, Company will notify Customer without undue delay after suspension. Suspension is without prejudice to other rights and remedies.
11. Service Levels
11.1 Company will provide 1st level advice and support for configuration and operation of the Services, including initial triage, analysis, resolution, or escalation to 2nd level support.
11.2 Requests are classified into four "Severity Levels". Company shall communicate any escalation, de-escalation, or change of Severity Level to Customer without undue delay:
|
Level |
Name |
Criteria |
|
1 |
Critical |
Service unusable or Customer's business at risk |
|
2 |
Major |
Significant disruption to business operations or SaaS-Service usage |
|
3 |
Minor |
Limited impact: operations continue with slight restrictions |
|
4 |
Low |
All other requests |
11.3 To report a security incident, Customer shall contact security@rencore.com. For all other issues, Customer shall contact support@rencore.com. Customer shall provide reasonable details about the incident and designate a contact person available during business hours. Reasonable details include when and how the issue occurred; steps already taken to resolve it; whether the issue affects all or only specific users; and, where possible, steps to reproduce it. Customer shall name a contact person reachable during the incident by phone or email.
11.4 Company will use commercially reasonable efforts to begin processing within the applicable "Response Time": end of the next Working Day if received during Service Hours; two Working Days if received outside Service Hours. Company prioritizes thorough resolution over fixed resolution times, applying the Severity Level framework above. This applies to standard tickets. Company maintains separate procedures for security vulnerabilities and incidents.
11.5 Company provides 2nd and 3rd level support through specialists, including developers and engineers, to resolve requests escalated from 1st level support. Customer cannot contact 2nd or 3rd level support directly.
11.6 If a reported issue is found to be the result of improper use or use contrary to the contract by the Customer or its Authorised Users, the Customer shall reimburse the Company for any costs incurred in investigating and remedying the Issue, based on market standard rates.
11.7 The following are not included in Support-Services: training; remedying errors caused by Customer's improper acts or omissions; development services; setup/implementation; and connecting third-party services.
12. Customer Data and Feedback
12.1 All data transmitted to the SaaS-Services by Customer ("Customer Data") may be used by Company solely to provide the Services and to address security, support, or technical issues.
12.2 Subject to the DPA, Company may collect and use anonymized usage data for statistical analysis, service improvement, development of the Services, and security purposes.
12.3 Customer grants Company and Company's Affiliates a non-exclusive, sublicensable, transferable, irrevocable, worldwide, royalty-free right to use or incorporate into the Services any suggestions, enhancement requests, or other feedback relating to the Services.
13. Warranty
13.1 The Company shall maintain the Services with the level of care generally exercised within the industry.
13.2 If the Services infringes third-party rights, the Company shall, at its own discretion and expense, either procure for the Customer the necessary right of use or modify the Services to eliminate the infringement. If the Company is unable to remedy the situation, the Company shall be entitled to terminate the Contract without notice. In determining any remedial action, the Company shall give due consideration to the Customer’s legitimate interests.
13.3 Warranty is excluded for defects resulting from use of the Services that is not in accordance with this Agreement or the intended purpose.
13.4 Warranty claims expire after twelve (12) months.
13.5 Company warrants that Services will materially conform to its documented specifications at the time of go-live. Where a defect existing at contract inception has been disclosed to and acknowledged by Customer prior to signing, company shall have no liability in respect of that defect unless otherwise agreed in writing. The Customer's right to terminate this Agreement on the basis that contractual use has not been granted is excluded, except where the Company has clearly and definitively failed to enable such use and has not remedied that failure within a reasonable period.
14. Remuneration
14.1 Customer agrees to pay license fees for the Services ("Service Fee"). Service Fees are specified in the applicable Order Form.
14.2 Unless otherwise stated in the Order Form, fees are payable in advance for the agreed Term. In case of termination during the Term, Services Fees are generally re-paid on a pro rata basis.
14.3 Company may adjust the Service Fees applicable to any existing Order Form by giving notice in text form (including on auto-renewal). Any such adjustment shall be based on one or more of the following criteria, which shall be specified in the notice: (a) increases in infrastructure or hosting costs directly attributable to the provision of the Services; (b) increases in third-party software or API licensing costs incorporated into the Services; (c) increases in personnel costs directly related to the provision and support of the Services; or (d) changes in applicable regulatory or compliance requirements that necessitate material investment. Fee adjustments are limited to the proportion of cost increase attributable to the relevant criterion. Where the applicable cost drivers decrease, Company shall pass on such reductions to Customer in an equivalent manner. Fees set out in any Order Form apply solely to the service period specified therein and do not constitute a binding price commitment for any future or renewal Order Form.
14.4 All fees are exclusive of taxes, tariffs, levies, and duties of any nature.
14.5 Unless otherwise stated in the Order Form, payments are due in EUR, GBP or USD (as selected by Customer in the Order Form) upon commencement of Services, by wire transfer Each party bears its own currency conversion costs.
14.6 Late and defaulted payments incur interest at the base rate plus 9%.
15. Customer Services
15.1 Customer shall use commercially reasonable efforts to cooperate with Company for the proper performance of the Services, including:
a) performing cooperation obligations specified in Order Forms;
b) providing data and information necessary for the Services; and
c) providing all available information regarding any claimed Service defect.
15.2 Customer acknowledges that proper Service performance requires API access to relevant structures, inventories, and metadata in Customer's third-party cloud services ("Customer Services"). The specific Customer Services in scope are identified in the applicable Order Form. Details of required access are set out in the Documentation and the DPA.
16. Third-party Interfaces
16.1 The Services provide interfaces to third-party applications and products. The Company is not responsible for the availability, performance, or accuracy of such third-party software or services. The Customer acknowledges that the use of third-party interfaces is subject to the terms and conditions of the respective third-party providers.
16.2 The SaaS-Services depend on the free APIs provided by third-party cloud service providers to connect the SaaS-Services to the Customer Services. If these third-party cloud service providers introduce charges for the use of these APIs, or reduce the free API capacity below the level required to operate the SaaS-Services, Company shall provide Customer with at least sixty (60) days' prior written notice of any resulting additional charges, together with documentation of the underlying third-party fees. Any additional costs arising from third-party API charges will be invoiced separately and shall only apply with Customer's prior written approval. If Customer does not approve the additional charges, Customer may terminate the affected SaaS-Services without penalty.
16.3 The rights of use granted under this Agreement do not apply to open-source components of the Services, insofar as this is not permitted under the relevant terms of use and license provisions of the open-source software.
17. Liability
17.1 If the Company is liable for damages caused by ordinary negligence, such liability shall be limited to the breach of essential contractual obligations. Essential contractual obligations shall mean obligations whose fulfilment is essential for the proper performance of the Contract and on which the Customer may reasonably rely. In such cases, liability is further limited to the typical, foreseeable damage at the time of the execution of the contract, and in any event shall not exceed the amount of the license fees due for the relevant contract year.
17.2 Regardless of any fault on the part of the Company, liability for fraudulent concealment of defects, for the assumption of a guarantee or procurement risk. Insofar as liability under statutory product liability claims cannot be legally excluded, the liability of the Company shall not be limited.
17.3 Any exclusion or limitation of the Company’s liability for damages under the foregoing provisions shall also apply to the personal liability of the Company’s corporate bodies, employees, representatives, agents, and shall extend as well to statutory liability in tort.
17.4 The limitations of liability set out in this section do not apply in cases of wilful misconduct, gross negligence, or injury to life, body, or health.
17.5 Liability for loss of data is limited to the typical costs of restoration that would have arisen had the Customer performed proper and regular data backups, without prejudice to any further limitations set out in this section. The Company shall not be liable for any loss of data to the extent that such loss results from the Customer’s failure to perform appropriate data backups.
18. Trial-Services
Where Services or parts thereof are provided at no charge for trial purposes ("Trial-Services"), the following applies:
18.1 Trial-Services are provided "as is" without warranty of any kind. To the extent permitted by applicable law, Company makes no representations regarding the availability, functionality, or suitability of Trial-Services. Trial-Services may not operate as intended and could cause malfunctions, loss of data, or system damage.
18.2 Company's liability for Trial-Services is limited to intent and gross negligence. Company remains liable for fraudulent concealment of defects.
18.3 Provisions on Availability and Liability do not apply to Trial-Services.
18.4 Company is not obliged to provide Support-Services during the trial period.
18.5 Either Party may discontinue Trial-Services at any time without notice.
19. Data Protection
19.1 The Customer is solely responsible for all data entered, stored, or processed within the Services. To the extent that such data includes personal data, the Customer acts as the controller, or – where applicable – as a processor within the meaning of applicable data protection laws. In this regard, the Customer shall ensure compliance with all relevant statutory data protection provisions.
19.2 If and to the extent that the Company processes personal data on behalf of the Customer in the context of the Services, the DPA pursuant to Art. 28 GDPR shall apply. The version of the DPA in effect at the date of signing this Agreement, as found at rencore.com/en/terms-of-use/governance-data-processing-agreement is hereby incorporated by reference.
20. Confidentiality
20.1 Each Party shall keep strictly confidential all Confidential Information disclosed by the other Party (the "Disclosing Party") to the receiving party (the "Receiving Party") in connection with this Agreement, applying at minimum the same degree of care as it applies to its own confidential information, but no less than a commercially reasonable standard of care.
20.2 "Confidential Information" means non-public information relating to a Party's business operations, products, know-how, IT systems, or financial affairs; information marked as confidential; information that a reasonable recipient would regard as confidential; and the existence and content of this Agreement and Order Forms.
20.3 Information is not Confidential Information to the extent it: (i) is or becomes publicly available without breach of this Clause; (ii) was already known to the Receiving Party; (iii) is independently developed without breach of this Clause; or (iv) the Disclosing Party releases the Receiving Party from confidentiality in text form.
20.4 Each Receiving Party shall protect Confidential Information using commercially reasonable measures, disclose it only on a need-to-know basis, and ensure recipients are bound by comparable confidentiality obligations (contractual or statutory).
20.5 Without the Disclosing Party's consent in text form, the Receiving Party shall not: (a) disclose Confidential Information to third parties (other than affiliates, agents, and advisors bound by comparable obligations); or (b) copy or reproduce it as necessary for performance of this Agreement.
20.6 Disclosure is permitted where required or permitted by law, or necessary for the establishment, exercise, or defense of legal claims.
20.7 Confidential Information remains the property of the Disclosing Party. Deletion or return shall occur without undue delay when no longer needed for performance of this Agreement, in accordance with the DPA and applicable statutory retention periods.
20.8 The confidentiality obligations set out herein shall survive the termination of the Contract and remain in force for a period of five (5) years thereafter.
20.9 Notwithstanding the above, the Company may name the Customer as a reference in marketing materials, presentations, and on its website. The Customer hereby grants the Company a simple, non-exclusive, revocable license to use the Customer’s name and logo for the purpose of referencing.
21. Supply chain compliance
The Company complies with applicable supply chain due diligence requirements, to the extent that such obligations apply to the Company as a service provider. The Company maintains reasonable processes to support this compliance in the delivery of the Services under this Agreement.
22. Term and Termination
22.1 The initial term of each Order Form ("Term") is specified in the respective Order Form. Order Forms may be concluded for a fixed term or for an indefinite term. Fixed-term Order Forms shall automatically renew for successive periods equal to the Term unless terminated by either Party with at least thirty (30) calendar days' notice prior to the end of the then-current Term. Indefinite Order Forms may be terminated by either Party with at least thirty (30) calendar days' notice.
22.2 The right of both the Company and the Customer to terminate the Contract for good cause remains unaffected.
22.3 Notice of termination shall be effective only if provided in text form.
22.4 Upon termination of the Contract, the right to use the Services shall expire.
22.5 Upon expiration or termination of an Order Form (for any reason), Company will make Customer Data available for export by Customer for a period of 30 days following the effective date of termination. Company shall provide commercially reasonable assistance with data export on request.
22.6 After the 30-day export period, Company will mark Customer Data for deletion in accordance with the DPA, except to the extent retention is required by applicable law or the DPA. Company will confirm deletion in text form at the Customer's request. Customer Data will be deleted 30 days after it is marked for deletion.
23. Force Majeure
Neither Party shall be liable for any failure or delay in performing its obligations under this Agreement (other than payment obligations) to the extent that such failure or delay is caused by circumstances beyond its reasonable control, including natural disasters, acts of war or terrorism, pandemics, government actions, or failure of third-party telecommunications or power supply. The affected Party shall notify the other Party without undue delay and use commercially reasonable efforts to mitigate the impact. If a force majeure event continues for more than 90 consecutive days, either Party may terminate the affected Order Form(s) in text form.
24. Final Provisions
24.1 This Agreement constitutes the entire and exclusive agreement between the Parties with respect to its subject matter. The Parties expressly agree that any general terms and conditions of the Customer, regardless of when submitted or referenced, shall not apply and are hereby excluded. No amendment or modification of this Agreement shall be valid unless made in text form and expressly agreed by both Parties.
24.2 The Customer may only set off claims against the Company's claims if these counterclaims are undisputed or have been confirmed by a final court judgement.
24.3 The Customer may assign its rights under contracts with the Company to third parties only with the prior consent of the Company.
24.4 Should any provision of this Agreement be or become void, invalid, or unenforceable because of statutory provisions, court decisions, or otherwise, the validity of the remaining provisions shall not be affected thereby. The Parties undertake to replace any such void, invalid, or unenforceable provision immediately upon becoming aware of it with a valid and enforceable provision that best matches the original economic intent.
24.5 This Agreement, the Contract and any legal relations arising here from shall be governed by the laws of the Federal Republic of Germany, excluding the United Nations Convention on Contracts for the International Sale of Goods (CISG).
24.6 The exclusive place of jurisdiction for all disputes arising from this Agreement is Munich, Germany.