Skip to main content

Terms of Service

Last updated: 2026-05-22

⚠️ LEGAL REVIEW REQUIRED — This draft Terms of Service must be reviewed by a qualified solicitor / Rechtsanwalt familiar with SaaS and Atlassian Marketplace terms before the listing is submitted. Items requiring specific legal input are marked inline.

1. Parties and acceptance

These Terms of Service ("Terms") constitute a legal agreement between:

  • Kettasys Ltd ("Attestsys", "we", "us", "our") — the operator of the Attestsys suite of Jira apps

⚠️ MANUAL REVIEW REQUIRED — Insert registered legal entity name, company number, and registered address once the Kettasys / Attestsys legal entity is established.

  • You — the Jira workspace administrator or organisation that installs and uses the Attestsys apps ("Customer", "you", "your")

By installing an Attestsys app from the Atlassian Marketplace or accessing any Attestsys service, you agree to these Terms. If you are accepting on behalf of an organisation, you represent that you have authority to bind that organisation.

These Terms supplement and do not replace the Atlassian Marketplace Terms of Service and the Atlassian Cloud Terms of Service, which govern your relationship with Atlassian. In the event of conflict between these Terms and Atlassian's terms, Atlassian's terms take precedence with respect to the Atlassian platform.

2. Description of service

Attestsys provides a suite of apps for the Atlassian Jira platform that create cryptographically-signed, tamper-evident, independently verifiable records of Jira activity:

  • Tamper-Evident Audit Log for Jira — signs and hash-chains Jira event records using ECDSA cryptography and RFC 3161 trusted timestamping.
  • GitHub Evidence Pack for Jira — links GitHub workflow events (pull requests, reviews, deployments) to Jira issues with cryptographic evidence.
  • Signed Approvals for Jira — captures cryptographically-signed approval decisions on Jira issues.

The apps are published on the Atlassian Marketplace and operate as Forge Remote apps. Event data from your Jira workspace is transmitted to and processed on Attestsys backend infrastructure hosted on Hetzner Cloud in Nuremberg, Germany (EU).

3. Editions and subscription

3.1 Free tier

The Tamper-Evident Audit Log is available on a free tier with the following limitations:

  • Audit chain retention: 30 days
  • Evidence bundle exports: 10 per calendar month
  • Timestamping: FreeTSA (non-qualified RFC 3161 timestamps, clearly labelled as such)

The free tier is provided without charge and without any service level commitments. We reserve the right to modify free tier limits at any time with 30 days' notice.

3.2 Paid tiers

Paid editions (Standard, Advanced, Enterprise) are available through the Atlassian Marketplace or, for Enterprise, directly with Kettasys Ltd. Pricing, features, and billing terms for paid editions are set out in the Atlassian Marketplace listing and in any order form or Enterprise contract.

⚠️ MANUAL REVIEW REQUIRED — Once pricing is confirmed and listed on the Marketplace, reference the specific Marketplace listing page URL for pricing details. For Enterprise (Paid via Vendor), the contract governs and takes precedence over these Terms where they conflict.

3.3 Billing via Atlassian Marketplace

For apps purchased through the Atlassian Marketplace, billing is managed entirely by Atlassian. Atlassian's billing terms, refund policies, and subscription management apply. We do not collect or process payment information for Marketplace-billed subscriptions.

4. Acceptable use

You may use the Attestsys apps only for lawful purposes and in accordance with these Terms. You agree not to:

  • Use the apps to process data you do not have the right to process
  • Attempt to tamper with, circumvent, or reverse-engineer the cryptographic audit chain
  • Use the apps to create false or fraudulent audit records
  • Interfere with or disrupt the Attestsys backend service or infrastructure
  • Exceed any usage limits applicable to your edition in bad faith
  • Resell or sublicense access to the Attestsys service without our written consent

We reserve the right to suspend or terminate access to the service for material breach of these Terms.

5. Data processing

5.1 Your data

You retain all rights to data you process through the Attestsys apps. We process your data solely to provide the service described in these Terms and our Data Processing Agreement (DPA).

5.2 Data Processing Agreement

As a data processor acting on your behalf, we are bound by the Data Processing Agreement incorporated into these Terms by reference. The DPA sets out the subject matter, nature, purpose, and duration of processing, the types of personal data and categories of data subjects, and our obligations and rights as processor.

5.3 Data residency

All data is processed and stored exclusively on Hetzner Cloud infrastructure in Nuremberg, Germany (EU). We do not transfer your data outside the EEA. See the Privacy Policy and Security Statement for full details.

6. Cryptographic evidence and admissibility

The Attestsys cryptographic audit chain is designed to create tamper-evident, independently verifiable records that can support authentication in audit and legal contexts. We do not warrant or guarantee that any specific court, arbitral tribunal, or regulatory body will find Attestsys evidence admissible in any particular proceeding.

⚠️ LEGAL REVIEW REQUIRED — This clause deliberately avoids any "court-admissible" claim per KGA-DEC-001. Confirm the framing with a solicitor familiar with eIDAS and the jurisdictions in which customers may rely on Attestsys evidence.

The legal weight of electronically signed and timestamped records varies by jurisdiction and context. Customers should seek independent legal advice if they intend to rely on Attestsys evidence in legal proceedings.

Qualified (QTSP-backed) timestamping is available on paid tiers and provides a rebuttable presumption of accuracy of the date and time under eIDAS Art. 41. Free tier timestamps (FreeTSA) are non-qualified and do not carry this presumption.

7. Intellectual property

All intellectual property rights in the Attestsys apps, backend service, documentation, and website remain with Kettasys Ltd. These Terms do not transfer any intellectual property rights to you.

You grant us a limited, non-exclusive licence to process your data for the sole purpose of providing the service.

8. Service availability and SLA

⚠️ MANUAL REVIEW REQUIRED — Insert the SLA commitments (uptime target, scheduled maintenance windows, support response times) once these are confirmed. For the initial free tier, no SLA is offered. For paid tiers, SLA terms should be confirmed.

The Attestsys service is provided on a "commercially reasonable efforts" basis for free-tier customers, with no uptime guarantee.

For paid tiers, service level commitments (if any) are set out in the relevant Marketplace listing or Enterprise contract.

We are not responsible for any unavailability caused by:

  • Atlassian platform outages or maintenance (Atlassian's SLA applies)
  • Force majeure events
  • Scheduled maintenance windows (notified in advance)

9. Security vulnerability disclosure

If you discover a security vulnerability in an Attestsys app or service, please report it responsibly to security@attestsys.com.

⚠️ MANUAL REVIEW REQUIRED — A formal responsible disclosure policy should be published and linked here before the Marketplace listing. Atlassian requires a security contact to be registered at ecosystem.atlassian.net.

We commit to responding to reported vulnerabilities in accordance with Atlassian's Security Bug Fix Policy SLA:

SeverityResponse commitment
Critical10 days
High4 weeks
Medium12 weeks
Low25 weeks

10. Limitation of liability

⚠️ LEGAL REVIEW REQUIRED — The following limitation of liability clause is a standard drafting position and must be reviewed by a solicitor familiar with the applicable governing law before publication. Caps and carve-outs need to be confirmed.

To the maximum extent permitted by applicable law:

  • No consequential loss: Kettasys Ltd shall not be liable for any indirect, incidental, special, consequential, or punitive damages arising from your use of the Attestsys service, even if advised of the possibility of such damages.
  • Liability cap: Our total aggregate liability to you in connection with these Terms shall not exceed the greater of (a) the total fees paid by you to Kettasys Ltd or Atlassian for the Attestsys service in the 12 months preceding the claim, or (b) €100 (one hundred euros) for free-tier customers.
  • Carve-outs: Nothing in these Terms limits liability for death or personal injury caused by negligence, fraud, or any other liability that cannot be limited by law.

11. Warranties and disclaimers

⚠️ LEGAL REVIEW REQUIRED — Standard disclaimer clause — confirm with solicitor.

The Attestsys service is provided "as is" and "as available". We disclaim all warranties, express or implied, including but not limited to implied warranties of merchantability, fitness for a particular purpose, and non-infringement.

We do not warrant that the service will be error-free, uninterrupted, or free from security vulnerabilities.

12. Termination

12.1 Termination by you

You may terminate your use of the Attestsys apps at any time by uninstalling them from your Jira workspace through the Atlassian Marketplace.

12.2 Termination by us

We may suspend or terminate your access to the service immediately upon notice if:

  • You breach these Terms materially and (if the breach is remediable) fail to remedy it within 14 days of notice
  • You fail to pay applicable fees (for paid tiers)
  • We are required to do so by law or by Atlassian

12.3 Effect of termination

Upon termination, we will retain your data for 30 days to allow you to export evidence bundles, then delete it, unless a longer retention period is required by law or agreed in an Enterprise contract. The cryptographic audit chain data is preserved (with redaction markers as appropriate) until the retention period expires.

13. Changes to these Terms

We will provide at least 30 days' notice of material changes to these Terms, by posting an updated version on this page and (where reasonably practicable) by notification through the Atlassian Marketplace. Continued use of the service after the effective date of changes constitutes acceptance.

14. Governing law and jurisdiction

⚠️ LEGAL REVIEW REQUIRED — Governing law must be confirmed based on where the legal entity is registered. English law is a common choice for international SaaS. German law may be appropriate given the EU data residency and target market. Confirm with solicitor.

These Terms are governed by [English law / German law — to be confirmed]. Any disputes arising from these Terms shall be subject to the exclusive jurisdiction of the courts of [jurisdiction — to be confirmed], unless mandatory consumer-protection law in your jurisdiction requires otherwise.

15. Contact

For legal enquiries relating to these Terms:

Email: legal@attestsys.com Postal: [Registered address — insert before publication]

⚠️ MANUAL REVIEW REQUIRED — Confirm the legal@attestsys.com email address is set up and monitored before the Marketplace listing goes live.