Terms and Conditions — Legal Monitor

Version 1.0.0 — as of 01.05.2026

Provider: Thorsten Ahrens, Serahr — serahr.de

1. Scope, Contracting Party

These Terms govern the use of the Serahr Legal Monitor service. Provider and contracting party:

Thorsten Ahrens, Serahr
Zillestr. 75, 51067 Köln, Germany
E-mail: contact@serahr.de
Full provider details: Imprint

The service is offered exclusively to entrepreneurs within the meaning of § 14 BGB. Consumers as defined by § 13 BGB are not eligible. Confirmation of business status is part of the order process.

2. Service Description

Legal Monitor is a technical information and monitoring solution. The service includes:

• Monitoring of regulatory developments from official sources, with algorithmic relevance pre-classification.
• Automated scans of customer-registered, verified domains for technical findings (cookie banners, tracking, imprint, privacy policy, terms).
• Delivery of findings via web dashboard, HTTP API (Bearer token), and optional HMAC-SHA256-signed webhooks (generic / Discord / Slack format).
• Compliance reports as HTML/PDF and per-domain JSON export of configuration (excluding secrets).

Not a legal service under the German Legal Services Act (RDG).The service provides information; it does not replace legal advice. The customer decides whether and how to act on findings; for binding assessments, consult a qualified attorney. The provider does not guarantee that acting on findings results in full regulatory compliance — compliance remains the customer's responsibility.

Anonymous statistical analysis. The provider analyzes scan results in anonymized form to produce industry- and country-level statistics on GDPR compliance and to improve the product. Only industry, country, month and numeric finding counts are aggregated. No hostname, account ID or other identifying attributes are stored in the aggregate table; re-identification of the customer or their domain is therefore excluded. Aggregated analyses may be published as industry reports, press releases or marketing materials. See the Privacy Policy for details. The customer may opt out at any time in the account settings; aggregate values already produced are not affected, as they no longer constitute personal data.

3. Conclusion of Contract, Domain Verification

The contract is concluded upon completion of the order process (tier selection, acceptance of these Terms and the Privacy Policy, payment via Stripe). Before the first order, the customer must verify the monitored domain via one of: email-match (account email matches domain), imprint mail, meta tag, or DNS TXT record.

Unverified domains are automatically hard-deleted 48 hours after creation. By verifying, the customer warrants that they own or are contractually authorized for the domain.

4. Plans, Domains, Add-Ons

• Solo: 49 € / month or 490 € / year (2 months free). 1 included domain, 1 user, full feature set incl. API + webhook.
• Agency: 229 € / month or 1,990 € / year. 5 included domains, multi-user, client branding, audit log. Currently not yet available for purchase; bookable in a later phase.
• Domain add-ons (Solo): per additional domain at the price shown on the pricing page at booking time. Billed via Stripe quantity model on the same interval as the main plan.

All prices are net plus VAT where applicable. The pricing page at booking time governs.

5. Term, Cancellation, Auto-Cancel

Contracts run monthly or yearly. Cancellation is possible at any time effective at end of paid term (self-service via Stripe Customer Portal or by email). Early cancellation does not entitle to pro-rated refund.

Domain change: per domain, one hostname change per billing interval. While a new domain is unverified (typo slot), correction is free. After verification, the cooldown applies.

Add-on auto-cancel: when an additional domain is removed, the slot remains paid until end of period (no mid-period refund). If not refilled, the add-on quantity is auto-reduced at period end.

6. Soft-Delete and Hard-Delete of Domains

Removed domains enter a 30-day grace period(soft-delete). During this time, compliance reports and JSON exports remain available, and removal can be undone via "Restore". After 30 days, the domain and its scan data are permanently deleted by a daily cron. Customer is notified by email at soft-delete (with JSON attachment), 7 days, and 1 day before final deletion.

7. Account Deletion

The customer can mark their account for deletion at any time via the dashboard. A 30-day reversible period applies. After that, account, domains, scans, subscription data, Stripe customer and auth user are deleted. Statutory retention obligations (invoices, tax records) remain.

8. Availability, Maintenance

The provider aims for high availability but does not guarantee a specific SLA. Planned maintenance is announced when possible. Temporary impairments via sub-processors (Vercel, Hetzner, Supabase) do not entitle to refund unless they cause permanent unavailability of more than 14 consecutive days.

9. Customer Obligations

• Verified domain must be owned or controlled by the customer.
• Credentials (login, API key, webhook secret) must be kept confidential.
• API + webhooks are rate-limited; abuse leads to immediate suspension without refund.
• Customer ensures lawful processing of registered domain data (ownership, agency relationship if applicable).

10. Data Processing Agreement (DPA)

Where the provider processes personal data on behalf of the customer, the separate Data Processing Agreement per Art. 28 GDPR applies. It becomes part of the contract automatically — no separate signature required.

11. Liability

The provider is liable without limitation for intent and gross negligence, for injury to life, body or health, under the German Product Liability Act, and within the scope of any guarantee given.

For slightly negligent breach of cardinal duties, liability is limited to foreseeable, contract-typical damage. For slightly negligent breach of non-cardinal duties, liability is excluded.

No liability is assumed for consequences of the customer's implementation or non-implementation of findings — the service is an information provider; legal assessment rests with the customer or their counsel.

12. Changes to these Terms

The provider may amend these Terms with effect for the future. Material changes are notified by email at least six weeks before effective date; customer has the right to object. Without objection, changes are deemed accepted. In case of objection, the provider may terminate the contract effective at the change date.

13. Final Provisions

German law applies, excluding the UN Sales Convention. Exclusive place of jurisdiction is Cologne, Germany, where legally permissible. Severability clause applies.