Terms and Conditions — Legal Monitor
Version 1.1.0 — as of 10.07.2026
Provider: Thorsten Ahrens, Serahr — serahr.de
1. Scope, Contracting Party
These Terms govern the use of the Serahr Legal Monitor service. Provider and contracting party:
Thorsten Ahrens, Serahr
Zillestr. 75, 51067 Köln, Germany
E-mail: contact@serahr.de
Full provider details: Imprint
The service is offered exclusively to entrepreneurs within the meaning of § 14 BGB. Consumers as defined by § 13 BGB are not eligible. Confirmation of business status is part of the order process.
2. Service Description
Legal Monitor is a technical information and monitoring solution. The service includes:
- Monitoring of regulatory developments from official sources, with algorithmic relevance pre-classification.
- Automated scans of customer-registered, verified domains for technical findings (cookie banners, tracking, imprint, privacy policy, terms).
- Delivery of findings via web dashboard, HTTP API (Bearer token), and optional HMAC-SHA256-signed webhooks (generic / Discord / Slack format).
- Compliance reports as HTML/PDF and per-domain JSON export of configuration (excluding secrets).
Not a legal service under the German Legal Services Act (RDG).The service provides information; it does not replace legal advice. The customer decides whether and how to act on findings; for binding assessments, consult a qualified attorney. The provider does not guarantee that acting on findings results in full regulatory compliance — compliance remains the customer's responsibility.
Anonymous statistical analysis. The provider analyzes scan results in anonymized form to produce industry- and country-level statistics on GDPR compliance and to improve the product. Only industry, country, month and numeric finding counts are aggregated. No hostname, account ID or other identifying attributes are stored in the aggregate table; re-identification of the customer or their domain is therefore excluded. Aggregated analyses may be published as industry reports, press releases or marketing materials. See the Privacy Policy for details. The customer may opt out at any time in the account settings; aggregate values already produced are not affected, as they no longer constitute personal data.
3. Conclusion of Contract, Domain Verification
The contract is concluded upon completion of the order process (tier selection, acceptance of these Terms and the Privacy Policy, payment via Stripe). Before the first order, the customer must verify the monitored domain via one of: email-match (account email matches domain), imprint mail, meta tag, or DNS TXT record.
Unverified domains are automatically hard-deleted 48 hours after creation. By verifying, the customer warrants that they own or are contractually authorized for the domain.
3a. No Right of Withdrawal
As the service is offered exclusively to entrepreneurs within the meaning of § 14 BGB (§ 1), there is no statutory right of withdrawal.
Note: Should a statutory right of withdrawal nevertheless exist in an individual case (e.g. because the customer acts as a consumer contrary to their declaration), §§ 355 et seq. BGB apply. In that case the provider reserves the right to claim compensation for services already rendered.
4. Plans, Domains, Add-Ons
- Solo: 49 € / month or 490 € / year (2 months free). 1 included domain, 1 user, full feature set incl. API + webhook.
- Agency: 229 € / month or 1,990 € / year. 5 included domains, multi-user, client branding, audit log. Currently not yet available for purchase; bookable in a later phase.
- Domain add-ons (Solo): per additional domain at the price shown on the pricing page at booking time. Billed via Stripe quantity model on the same interval as the main plan.
All prices are net plus VAT where applicable. The pricing page at booking time governs.
4a. Payment, Default of Payment
Fees are due at the start of each billing period and collected via the payment provider Stripe. If a payment fails, Stripe retries collection automatically; the customer is informed by email and may update the payment method.
If payment remains outstanding after a reasonable grace period, the provider may suspend access to the service (dashboard, scans, notifications, API) until payment is received and may terminate the contract for cause in case of continued default. Statutory default consequences (in particular default interest under § 288(2) BGB) remain unaffected. During a suspension the customer's data is retained; the deletion periods of §§ 6 and 7 only start at contract end.
5. Term, Cancellation, Auto-Cancel
Contracts run monthly or yearly. Cancellation is possible at any time effective at end of paid term (self-service via Stripe Customer Portal or by email). Early cancellation does not entitle to pro-rated refund.
Domain change: per domain, one hostname change per billing interval. While a new domain is unverified (typo slot), correction is free. After verification, the cooldown applies.
Add-on auto-cancel: when an additional domain is removed, the slot remains paid until end of period (no mid-period refund). If not refilled, the add-on quantity is auto-reduced at period end.
5a. Data Export and Switching Support
The customer can export their configuration and finding data at any time (JSON export in the dashboard, compliance report as HTML/PDF, retrieval via the documented API) in common, machine-readable formats. No separate charges apply for exports or for switching to another provider.
After contract end, the export functions remain available during the 30-day grace period (§§ 6, 7). Upon request, the provider supports the customer's data transition to a reasonable extent. Where Regulation (EU) 2023/2854 (Data Act) applies to the service, its provisions on switching between data processing services apply in addition.
6. Soft-Delete and Hard-Delete of Domains
Removed domains enter a 30-day grace period(soft-delete). During this time, compliance reports and JSON exports remain available, and removal can be undone via "Restore". After 30 days, the domain and its scan data are permanently deleted by a daily cron. Customer is notified by email at soft-delete (with JSON attachment), 7 days, and 1 day before final deletion.
7. Account Deletion
The customer can mark their account for deletion at any time via the dashboard. A 30-day reversible period applies. After that, account, domains, scans, subscription data, Stripe customer and auth user are deleted. Statutory retention obligations (invoices, tax records) remain.
8. Availability, Maintenance
The provider aims for high availability but does not guarantee a specific SLA. Planned maintenance is announced when possible. Temporary impairments via sub-processors (in particular Vercel, Hetzner, Supabase, Resend, OpenRouter, Stripe — full list in the DPA, section 4) do not entitle to refund unless they cause permanent unavailability of more than 14 consecutive days.
9. Customer Obligations
- Verified domain must be owned or controlled by the customer.
- Credentials (login, API key, webhook secret) must be kept confidential.
- API + webhooks are rate-limited; abuse leads to immediate suspension without refund.
- Customer ensures lawful processing of registered domain data (ownership, agency relationship if applicable).
10. Data Processing Agreement (DPA)
Where the provider processes personal data on behalf of the customer, the separate Data Processing Agreement per Art. 28 GDPR applies. It becomes part of the contract automatically — no separate signature required.
11. Liability
The provider is liable without limitation for intent and gross negligence, for injury to life, body or health, under the German Product Liability Act, and within the scope of any guarantee given.
For slightly negligent breach of cardinal duties, liability is limited to foreseeable, contract-typical damage. For slightly negligent breach of non-cardinal duties, liability is excluded.
No liabilityis assumed for consequences of the customer's implementation or non-implementation of findings — the service is an information provider; legal assessment rests with the customer or their counsel.
12. Changes to these Terms
The provider may amend these Terms with effect for the future. Material changes are notified by email at least six weeks before effective date; customer has the right to object. Without objection, changes are deemed accepted. In case of objection, the provider may terminate the contract effective at the change date.
13. Final Provisions
German law applies, excluding the UN Sales Convention. Exclusive place of jurisdiction is Cologne, Germany, where legally permissible. Severability clause applies.