Terms of Service

These Terms of Service ("Terms") govern your use of the ITSailor platform and offerings (collectively, the "Services") operated by Michal Jatczak, a Maltese sole trader trading as ITSailor ("we", "us", "ITSailor"), with principal place of business at 507 Cityway, Triq Il-Madonna Tal-Gebla, Gzira GZR 1564, Malta. Malta VAT MT32760411, DUNS 507601021.

By purchasing, accessing, or using the Services you ("Customer", "you") agree to these Terms.

Most Services are sold business-to-business. By accepting these Terms for a B2B offering you confirm that you are acting on behalf of a legal entity, are authorised to bind that entity, and that the purchase is for purposes related to your trade, business, or profession. Consumer-protection statutes that apply only to business-to-consumer contracts (including the 14-day cooling-off period under EU Directive 2011/83/EU) do not apply to B2B purchases.

We currently offer the following categories of Services:

3.1 Free diagnostic tools

Calculators, scanners, and assessments at /tools (M365 license estimator, security scorecard, AI readiness scan, SaaS auditor, deliverability scanner, offboarding risk profiler, automation ROI calculator, DevEx maturity scan). Provided free, anonymously, without warranty. You retain ownership of inputs you submit; we retain anonymised aggregate metrics for product improvement.

3.2 Paid workshops

Fixed-price live engagements delivered by the founder (Michal Jatczak). Currently:

• €499 Architecture & Security Design Workshop (B2B). 2-hour live session in your tenant, hardened CIS-aligned baseline scan, Azure landing-zone sketch, written architecture review delivered within 5 business days, and a deployable architecture plan with ready-to-merge Terraform / Power Automate flows.
• €149 Microsoft 365 Tenant Hardening (B2C variant). 90-minute live session for solo operators and very small teams. Covers the same CIS baseline at a reduced scope.

3.3 Paid eBooks and knowledge bundles

Downloadable PDFs (currently €99 per title — M365 Hardening for Regulated Industries and DORA & NIS2 Roadmap; release schedule on the handbook page). Personal license for the purchasing organisation; redistribution or resale prohibited.

3.4 Microsoft 365 and partner-marketplace licensing

We act as a Microsoft CSP Indirect Reseller (PLA ID 7113951) through the Pax8 marketplace. Where you purchase third-party licences (Microsoft 365, Google Workspace, others) through us, the underlying vendor's end-user terms also apply. We are the billing party and primary support contact; the vendor retains licence ownership and platform-level terms.

3.5 SaaS subscriptions (MVP — sold under Order Forms)

• SEAWALL Engine — FinOps cost-protection for AWS and Azure tenants.
• HOIST — autonomous Tier-0 IT support agent (per-resolution or subscription).
• DECKLOG — private retrieval-augmented AI agent for internal knowledge.

SaaS products are currently in sales-MVP phase. Production tiers, pricing, and availability are confirmed through a separate Order Form / Master Services Agreement (MSA) signed before service activation.

3.6 Custom consulting and implementation engagements

Custom Cloud, Security, and AI architecture engagements scoped per a separate Statement of Work (SOW) anchored to the €499 Architecture Workshop output. All consulting engagements close with an Exit Kit (see section 05).

Subject to payment in full and ongoing compliance with these Terms:

• Workshop deliverables. You receive a perpetual, royalty-free, worldwide licence to use the architecture documents, Terraform modules, Intune baselines, and other deliverables produced for you within your organisation, AND you may hand them to any other vendor without restriction (this is the Exit Kit promise — see section 05).
• eBooks and knowledge bundles. Personal licence for the purchasing organisation's internal use. Redistribution, resale, sublicensing, or public republication is prohibited.
• SaaS products. Subscription right to access the hosted service for the term and seat count agreed. No licence to underlying source code.
• Free tool outputs. You own your inputs and the per-session report generated; we may use anonymised aggregate metrics to improve the tools.

The Exit Kit is delivered within 24 hours of engagement close on request. No vendor lock-in is a contractual commitment, not a marketing line.

Fees are stated in EUR exclusive of VAT, sales, withholding, or similar taxes which are payable by the Customer where applicable. Reverse-charge VAT applies for valid EU business customers outside Malta with valid VIES-verified VAT numbers. One-time fees are charged immediately on order. Subscription fees renew automatically on the same calendar day each month/year and are charged in advance via Stripe.

You may cancel a subscription at any time through the Stripe Customer Portal accessible from your account. Cancellation takes effect at the end of the current billing period; we do not pro-rate the unused portion. We do not refund past months absent a service-credit event under section 08.

We may suspend or terminate access immediately for (a) non-payment, (b) breach of these Terms, (c) abuse of the Services, or (d) where required by law. On termination, SaaS account access is revoked; workshop deliverables and Exit Kit materials already delivered remain yours under section 04.

Free tools and workshops are delivered as-is (workshops have a written warranty of professional execution — see section 10). SaaS subscriptions follow the SLA stated on the relevant product page or signed Order Form. Where SLAs apply, our liability for missed targets is limited to a service credit on the next invoice; this is your sole remedy.

You are responsible for:

• Operating your cloud accounts (Microsoft, AWS, Google, others) and the production environments you deploy;
• Reviewing Terraform plans, Intune baselines, Conditional Access policies, and other changes we recommend before applying them in your environments;
• Managing your own credentials, MFA tokens, and access policies;
• Backing up data and configuration outside scope of any SaaS we provide;
• Complying with your own regulatory obligations (DORA, NIS2, GDPR, MGA gaming licences, etc.).

We warrant that we have the right to deliver the Services and that we will perform any included professional services in a workmanlike manner consistent with industry practice.

Except for the foregoing, the Services are provided "as-is" without warranty of any kind, express or implied, including merchantability, fitness for a particular purpose, or non-infringement. We do not warrant that the Services will be uninterrupted, error-free, or meet your specific requirements.

To the maximum extent permitted by law, neither party will be liable for indirect, incidental, special, consequential, or punitive damages, or for lost profits, revenue, data, or business opportunities, even if advised of the possibility of such damages.

Nothing in these Terms excludes or limits liability that cannot be excluded or limited under Maltese or EU law (including liability for fraud, gross negligence, or wilful misconduct).

You will indemnify and hold ITSailor harmless from any third-party claim arising from (a) your use of the Services in breach of these Terms, (b) infrastructure or applications you operate using deliverables from us, and (c) data you process through the Services in breach of applicable law.

Where ITSailor processes personal data on behalf of Customer in connection with paid workshops, consulting engagements, or SaaS subscriptions, ITSailor acts as a processor and Customer as controller under GDPR (Regulation 2016/679). The parties will execute the standard ITSailor Data Processing Agreement (DPA) incorporating the mandatory processor terms required by GDPR Article 28(3), which forms part of these Terms. The Privacy Policy describes how we handle personal data we collect as controller.

Each party will protect the other's confidential information using at least the same degree of care it uses for its own confidential information, and never less than reasonable care. Architecture documents, source code, credentials, and audit findings are confidential information.

Current subprocessors (Stripe, Resend, Hetzner, Cloudflare, Vercel, GitHub, Microsoft Azure, Pax8, and others) are listed in our Privacy Policy section 03. We will provide reasonable advance notice (at least 30 days) of additions.

We may update these Terms from time to time. Material changes will be communicated by email to active customers at least 30 days before they take effect; continued use of the Services after the effective date constitutes acceptance.

These Terms are governed by the laws of Malta. The courts of Malta have exclusive jurisdiction over any dispute arising out of or in connection with the Services, without prejudice to any mandatory consumer rights that apply where you purchased a B2C-marketed Service.

Neither party is liable for delays or failures caused by events beyond reasonable control (natural disasters, war, internet outages, third-party cloud failures, government action). The affected party will give prompt notice and use reasonable efforts to mitigate impact.

• Contract and legal questions: legal@itsailor.io
• Billing: billing@itsailor.io
• Data Subject Rights (GDPR access / erasure / portability / objection): dsr@itsailor.io — see also our Privacy Policy section 06.
• Operational and security: support@itsailor.io
• General: hello@itsailor.io

Postal: Michal Jatczak T/A ITSailor, 507 Cityway, Triq Il-Madonna Tal-Gebla, Gzira GZR 1564, Malta.