Logstatus Terms of Service

These Terms of Service ("Terms") govern your access to and use of the Logstatus service ("Service") operated by Andreas Braa, sole proprietor (enkeltpersonforetak) trading as Greyframe, organisation number [ORG.NR], registered in Norway ("Provider", "Greyframe", "we", "our"). By signing up for, accessing, or using the Service, you ("Customer", "you") agree to be bound by these Terms. If you are accepting on behalf of an organisation, you represent that you have authority to bind that organisation, and "Customer" refers to that organisation. The Service is intended for use by businesses and organisations. The Service is not intended for, and is not directed at, consumers as defined under Norwegian consumer law (forbrukerkjøpsloven).

1. The Service

1.1. Description. Logstatus is a software service for recording, organising, and reviewing incident, fault, health-safety-environment (HSE), and after-action submissions in live-event venues and similar settings. The Service comprises a main administrative application at logstatus.app and a token-based submission shell at links.logstatus.app. 1.2. Access. Subject to these Terms and payment of the applicable fees, the Provider grants the Customer a non-exclusive, non-transferable, revocable right to access and use the Service during the Term for its internal business purposes. 1.3. Plan. The features, limits, and pricing applicable to the Customer's subscription are those of the plan selected at signup or as later amended in writing. Plans, prices, and add-ons are published at logstatus.app/pricing and incorporated by reference. 1.4. Updates. The Provider may update, modify, or improve the Service from time to time. Material reductions in functionality during a paid Term will be communicated in advance, and the Customer may terminate the affected subscription if a reduction has a material adverse effect on its use.

2. Accounts and authorised users

2.1. Registration. To use the Service, the Customer creates an account and registers one or more Authorised Users (admins / operators) up to the limits of its plan. 2.2. Authorised Users. "Authorised Users" are individuals — typically employees, contractors, or designated personnel of the Customer — who the Customer designates as admins or operators in the Service. The Customer is responsible for the acts and omissions of its Authorised Users under these Terms. 2.3. Submitters. Crew, contractors, and other individuals who submit data through the soft-auth submission shell using Customer-issued tokens are not Authorised Users and are not required to register. The Customer is responsible for ensuring those individuals are entitled to submit and that the Customer has provided them with appropriate notice (see § 5). 2.4. Credentials. The Customer is responsible for keeping account credentials confidential and for all activity under its account.

3. Customer Data

3.1. Definition. "Customer Data" means all data submitted by or on behalf of the Customer through the Service, including incident submissions, attachments, account data, and Authorised User profiles. 3.2. Ownership. As between the Parties, the Customer owns all Customer Data. The Provider claims no ownership of Customer Data. 3.3. Licence to operate. The Customer grants the Provider a non-exclusive, worldwide, royalty-free licence to host, copy, transmit, and display Customer Data solely as necessary to provide the Service. 3.4. Data Processing Agreement. The Provider processes personal data within Customer Data as the Customer's processor, on the documented instructions of the Customer. The terms of that processing are set out in the Greyframe Data Processing Agreement at logstatus.app/legal/dpa, which is incorporated into these Terms. 3.5. No use for training. The Provider does not use Customer Data to train machine-learning or AI models, whether for the Provider's own products or for third parties. 3.6. Aggregated data. The Provider may generate aggregated, de-identified statistics from use of the Service (for example, average submission counts per venue type) and use those statistics to improve the Service and to publish industry-level insights, provided that no individual, Customer, or data subject is identifiable.

4. HSE and special-category data

4.1. The Customer acknowledges that the Service is designed to record HSE and incident information, and that submissions may include health-related information about identified or identifiable individuals — special-category data under Article 9 of the General Data Protection Regulation (EU) 2016/679 ("GDPR"). 4.2. The Customer warrants that, before submitting such data to the Service, it has a lawful basis under Article 6 GDPR and a permitted condition under Article 9 GDPR (typically Article 9(2)(b), employment and social-protection law obligations, including the Norwegian Working Environment Act (arbeidsmiljøloven)). 4.3. The Customer is responsible for providing fair-processing information to data subjects — including crew, contractors, and members of the public — whose data is captured through the Service. 4.4. The Customer indemnifies the Provider against any third-party claim, regulatory proceeding, or supervisory-authority finding arising from the Customer's failure to comply with this Section 4, subject to the liability provisions in § 13.

5. Acceptable use

The Customer's use of the Service is subject to the Greyframe Acceptable Use Policy at logstatus.app/legal/aup, which is incorporated into these Terms. The Customer is responsible for the conduct of its Authorised Users and Submitters under that policy.

6. Fees, billing, and taxes

6.1. Fees. The Customer agrees to pay the fees for its plan, as published at logstatus.app/pricing or as set out in a separately signed order form. Prices are in euros (EUR) unless otherwise stated. 6.2. Billing cycle. Subscriptions are billed monthly or annually in advance, depending on plan selection. Festival-window subscriptions are billed per event window. Usage-metered add-ons are billed in arrears. 6.3. Payment. Fees are payable via the payment method registered with our payment processor (currently Stripe Payments Europe, Limited). The Customer authorises the Provider to charge the registered payment method on each billing cycle. 6.4. Taxes. Fees are exclusive of VAT (MVA) and other taxes. The Provider will apply Norwegian MVA where required. For business customers established in the EU outside Norway, the reverse-charge mechanism applies where the Customer provides a valid VAT number. 6.5. Late payment. If a payment is not received within 14 days of becoming due, the Provider may suspend the Service or charge interest at the rate set by the Norwegian Late Payment Interest Act (forsinkelsesrenteloven). The Provider may use a collection agency to recover unpaid amounts; the Customer is liable for reasonable collection costs. 6.6. Price changes. The Provider may change prices with at least 30 days' notice, effective at the start of the next renewal term. Prices for an active paid term will not be changed during that term. 6.7. No refunds. Fees paid are non-refundable except where required by mandatory law or as expressly stated in these Terms.

7. Term and renewal

7.1. Term. The subscription term begins on the start date set out at signup or in the applicable order form and continues for the billing cycle selected (monthly, annual, or event-window). 7.2. Automatic renewal. Subscriptions automatically renew for successive periods of the same length unless the Customer cancels before the end of the then-current term using the cancellation controls in the Service or by written notice to the Provider. 7.3. Festival plans. Festival-window subscriptions do not auto-renew. Each new event window requires a new subscription.

8. Suspension and termination

8.1. Termination by Customer. The Customer may terminate its subscription at any time, effective at the end of the then-current billing period. 8.2. Termination by Provider for cause. The Provider may suspend or terminate access for material breach of these Terms or the AUP — including non-payment of undisputed fees — if the breach is not cured within 14 days of written notice (or immediately for breaches that cannot reasonably be cured). 8.3. Termination for convenience by Provider. The Provider may terminate a subscription for any reason on at least 60 days' written notice, with a pro-rata refund of pre-paid fees for the unused portion of the term. 8.4. Emergency suspension. The Provider may suspend access immediately if continued use poses a security risk, regulatory risk, or material risk of harm to the Service or other customers. The Provider will restore access as soon as the issue is resolved. 8.5. Effect of termination. On termination, the Customer's right to use the Service ends. The Customer may export Customer Data for 30 days after termination using the in-product export tools. The Provider will delete Customer Data from production systems within 30 days after the export window closes; backup copies are deleted in line with the Provider's backup retention schedule (currently 90 days). 8.6. Survival. Sections that by their nature should survive termination — including § 3 (during data return/deletion), § 4 (indemnity), § 11 (IP), § 12 (confidentiality), § 13 (warranty), § 14 (liability), § 15 (indemnification), § 19 (governing law), § 20 (notices) — survive.

9. Service levels and support

9.1. No formal SLA for self-serve plans. The Provider does not offer an uptime commitment, response-time commitment, or service-credit scheme for Crew, Solo Venue, Group, Tour, or Festival plans. The Provider operates the Service with reasonable care and effort. 9.2. Enterprise SLA. Customers on Enterprise plans may be offered an SLA in a separately signed order form or amendment. 9.3. Support. Support is provided by email at support@logstatus.app during normal Norwegian business hours. Response times and channels available depend on the Customer's plan. 9.4. Planned maintenance. The Provider may perform planned maintenance from time to time, with advance notice where practical.

10. Data residency

The Provider stores Customer Data in the European Economic Area (EEA) where the underlying infrastructure supports a regional pin. Some processing during the operation of the Service occurs across our infrastructure provider's global network, including outside the EEA, in which case transfers are covered by the European Commission's Standard Contractual Clauses (Decision 2021/914). Details are set out in our Subprocessor list at logstatus.app/legal/subprocessors. If the Customer requires strict EEA-only processing, the EU Data Residency add-on must be purchased; this add-on is subject to availability and may be subject to additional terms.

11. Intellectual property

11.1. Provider IP. The Provider retains all rights, title, and interest in the Service, including all software, documentation, branding, trade marks (including "Greyframe" and "Logstatus"), and any improvements. No rights are granted to the Customer except as expressly set out in these Terms. 11.2. Customer IP. The Customer retains all rights, title, and interest in Customer Data and in its own branding and trade marks. 11.3. Feedback. If the Customer provides feedback, suggestions, or ideas about the Service, the Customer grants the Provider a perpetual, royalty-free licence to use that feedback to improve the Service, with no obligation to attribute or compensate.

12. Confidentiality

12.1. Each Party may receive non-public information from the other ("Confidential Information"). The receiving Party will use Confidential Information only to perform under these Terms and will protect it with the same care it uses for its own confidential information, and in no case less than reasonable care. 12.2. Confidentiality obligations do not apply to information that (i) is or becomes public without breach, (ii) was already known to the receiving Party, (iii) is independently developed, or (iv) is required to be disclosed by law (with prompt notice to the other Party where lawful).

13. Warranties and disclaimer

13.1. Mutual warranties. Each Party warrants that it has the authority to enter into and perform under these Terms. 13.2. Service warranty. The Provider will use commercially reasonable efforts to provide the Service in accordance with these Terms. 13.3. Disclaimer. Except as expressly set out in this § 13, the Service is provided "as is" and "as available". To the maximum extent permitted by mandatory Norwegian law, the Provider disclaims all other warranties, express or implied, including merchantability, fitness for a particular purpose, non-infringement, accuracy, completeness, and uninterrupted or error-free operation. 13.4. No warranty as to outcomes. Without limiting § 13.3, the Provider does not warrant that the Service will achieve any specific operational or compliance outcome for the Customer, including regulatory compliance under workplace-safety law. The Service is a tool that supports the Customer's own processes; responsibility for those processes remains with the Customer.

14. Limitation of liability

14.1. Cap on liability. To the maximum extent permitted by Norwegian law, the Provider's total aggregate liability under or in connection with these Terms — whether in contract, tort, or otherwise — is limited, per claim and in the aggregate per twelve-month period, to the total fees paid by the Customer to the Provider under these Terms during the twelve (12) months immediately preceding the event giving rise to the claim. 14.2. Exclusion of indirect damages. Neither Party is liable to the other for indirect, incidental, special, consequential, or punitive damages, including loss of profits, revenue, goodwill, business opportunity, or data, even if advised of the possibility. 14.3. Carve-outs. Nothing in this § 14 limits liability for: (a) wilful misconduct; (b) gross negligence; (c) fraud; (d) any liability that cannot be limited under mandatory law; (e) the Customer's payment obligations under § 6; (f) the Customer's indemnification obligations under § 4 and § 15. 14.4. Allocation. The Parties acknowledge that the fees reflect this allocation of risk and that the limitations in this § 14 are a fundamental basis on which the Provider is willing to provide the Service.

15. Indemnification

15.1. By Customer. The Customer indemnifies and holds the Provider harmless from any third-party claim arising out of (i) the Customer's breach of § 4 (HSE / Article 9 data), (ii) the Customer's breach of the AUP, (iii) Customer Data infringing the rights of any third party, or (iv) any submission to the Service that was unlawful when made. 15.2. By Provider. The Provider indemnifies and holds the Customer harmless from any third-party claim that the Service, as provided by the Provider and used in accordance with these Terms, infringes the intellectual-property rights of that third party. This indemnity is the Customer's sole and exclusive remedy for any infringement by the Service. 15.3. Procedure. The indemnifying Party's obligations are conditioned on the indemnified Party (i) giving prompt written notice of the claim, (ii) giving the indemnifying Party sole control of the defence and settlement (provided that no settlement requiring an admission of liability or payment by the indemnified Party may be made without its consent), and (iii) providing reasonable cooperation.

16. Modifications to these Terms

16.1. The Provider may modify these Terms from time to time. Material changes will be communicated to active Customers by email and noted in the changelog at the bottom of this page at least 30 days before they take effect. 16.2. If a Customer does not agree to a material change, the Customer may terminate the affected subscription before the change takes effect, with a pro-rata refund of pre-paid fees for the unused portion of the term. 16.3. Continued use of the Service after a change takes effect constitutes acceptance.

17. Assignment and entity conversion

17.1. The Customer may not assign these Terms or any rights or obligations under them without the Provider's prior written consent, except to a successor in interest by merger, acquisition, or sale of substantially all of its assets. 17.2. The Provider may assign these Terms (a) to an affiliate, or (b) to a Norwegian limited company (aksjeselskap) it forms or controls to continue the Greyframe business (expected to be Greyframe AS), or (c) to a successor in interest by merger, acquisition, or sale of substantially all of its assets. The Customer consents in advance to such assignment, provided the assignee assumes the Provider's obligations under these Terms in full.

18. Notices

18.1. Notices to the Provider must be sent in writing to legal@logstatus.app, with a copy to the registered address on request. 18.2. Notices to the Customer will be sent to the billing or designated notice contact registered in the Service. The Customer is responsible for keeping that contact current. 18.3. A notice is deemed received on the next business day after the day it was sent, if sent by email before 17:00 CET / CEST on a business day.

19. Governing law and dispute resolution

19.1. These Terms are governed by the laws of Norway, without regard to conflict-of-laws rules. The United Nations Convention on Contracts for the International Sale of Goods does not apply. 19.2. The Parties will attempt to resolve any dispute by good-faith negotiation. Failing resolution, any dispute arising out of or in connection with these Terms will be submitted to the exclusive jurisdiction of the Oslo District Court (Oslo tingrett), with the right of appeal as provided by Norwegian procedural law.

20. Miscellaneous

20.1. Independent contractors. The Parties are independent contractors. Nothing in these Terms creates a partnership, joint venture, employment relationship, or agency. 20.2. Entire agreement. These Terms, together with the DPA, the AUP, the Subprocessor list, any order form, and the Privacy Policy, form the entire agreement between the Parties about the subject matter and supersede all prior agreements and discussions. 20.3. Order of precedence. In case of conflict, the order of precedence is: (i) any signed order form, (ii) these Terms, (iii) the DPA, (iv) the AUP, (v) the Subprocessor list. 20.4. Severability. If any provision is held invalid or unenforceable, the remaining provisions remain in full force, and the invalid provision will be reformed to the minimum extent needed to make it enforceable. 20.5. No waiver. A failure or delay in exercising a right does not waive that right. 20.6. Force majeure. Neither Party is liable for delays or failures caused by events beyond its reasonable control, including natural disasters, acts of war, government actions, internet or infrastructure-provider outages, and pandemics. 20.7. Headings. Headings are for convenience only and do not affect interpretation. 20.8. Language. The English version of these Terms is the controlling version. Any translation is provided for convenience only.

Changelog

- v0.1 — 2026-05-17. Initial draft, pre-launch.

Drafting notes (delete before publishing)

- Customer = organisation. Throughout, "Customer" means the buying organisation. Authorised Users (the people who log in) are not Parties; they bind the Customer. Submitters (the soft-auth crew) are even more removed — not Parties, not Authorised Users; they use the Service via a token issued by their employer. - HSE indemnity (§ 4.4 + § 15.1). Same load-bearing clause as the Pilot Agreement. If a customer pushes back on this, escalate before signing. There is no version of these Terms that omits the indemnity given the HSE positioning. - Liability cap (§ 14.1). Fees-paid-in-12-months. Standard. Worth flagging that for Solo Venue (€790/yr), this caps Provider liability at €790 — which is fine for that customer but will look small to a future Enterprise customer at €18k/yr. Enterprise customers typically negotiate this to a multiple of fees (1.5×, 2×); leave that to the signed Enterprise order form. - Force majeure (§ 20.6). Includes "internet or infrastructure-provider outages" — important given Cloudflare dependency. If Cloudflare has a global outage, you're not liable. - "No use for training" (§ 3.5). Bound here. Worth re-reading the Privacy Policy commitment alongside this — both must remain true or both change together. - Aggregated data (§ 3.6). Permits internal benchmarking and possibly published industry insights ("the average concert venue logs 23 incidents per month"). De-identified per GDPR Recital 26 — fine. - Festival plan and non-renewal (§ 7.3). Festival is event-window, not subscription. Renewal would be a fresh purchase each event. Worth a sentence in pricing copy too. - No-refunds default (§ 6.7). Standard SaaS. The "except where required by mandatory law" clause is the safety valve. - Late-payment regime (§ 6.5). Norwegian-specific. The Late Payment Interest Act sets the statutory rate each half-year; no need to hard-code a number. - Order of precedence (§ 20.3). Important for enterprise sales where order-form negotiation overrides standard Terms. Standard pattern: signed order form > Terms > DPA > AUP. Negotiated DPA addendums (if any) typically slot above the standard DPA via the order form. - English controlling (§ 20.8). Important for cross-border customers. Norwegian-language translation can be offered for public-sector customers if requested, but English controls. - Lawyer review. This is the document with the highest stakes for legal review. Don't send the v0.1 draft to a paying customer without at least one Norwegian tech-lawyer pass.