ORGO ORGANIZATION TERMS OF SERVICE

Last Updated: November 1, 2025 Version: 2.1

Welcome to Orgo!

These Organization Terms of Service (“Terms”) govern your organization’s access to and use of the Orgo platform and services (the “Service”), provided by Orgo Informatics SRL (“Orgo”, “we”, “us”, or “our”).

By creating an organization account, clicking “I Agree,” or accessing the Service on behalf of your organization, you (“you”, “your”, or “Organization”) agree to be bound by these Terms, our Privacy Policy, Data Processing Agreement, and User Terms of Service.

If you do not agree to these Terms, do not use the Service.

IMPORTANT: These Terms govern the relationship between Orgo and your organization. Individual members, volunteers, and users who access your organization’s Orgo space must accept our separate User Terms of Service.

1. DEFINITIONS

1.1 Key Terms

“Orgo Platform” or “Service”: The cloud-based software accessible at orgo.space and related mobile applications, enabling community management, member databases, communications, events, and payments.
“Account”: Your organization’s Orgo account, created upon registration.
“Subscription Plan”: The tier of service you purchase (e.g., Free, Standard, Business, Enterprise), as detailed at orgo.space/pricing.
“Customer Data” or “Member Data”: All data, content, and information you or your members upload, store, or transmit through the Service, including personal data of your members, volunteers, beneficiaries, and other end-users.
“End Users” or “Members”: Individuals you authorize to access your Account (admins, facilitators, members, volunteers, beneficiaries, etc.).
“Administrator” or “Admin”: Individual(s) you designate with administrative access to your Account, including the ability to add/remove End Users, manage settings, access Member Data, and authorize payments.
“Fees”: Amounts owed to Orgo for your Subscription Plan, as specified at orgo.space/pricing or in your account settings.
“Agreement”: These Organization Terms, together with our Privacy Policy, Data Processing Agreement (DPA), and User Terms of Service.

2. ELIGIBILITY & ACCOUNT REGISTRATION

2.1 Eligibility

To use the Service, you must:

(a) Represent an organization, association, club, school, or similar entity authorized to enter into binding agreements.

(b) Be at least 18 years old (or the age of majority in your jurisdiction), or be authorized by your organization to bind it to these Terms.

(d) Comply with all applicable laws and regulations.

2.2 Account Creation

When you create an Account:

(a) You designate a primary Administrator (“Admin”) with full control over your Account, including the ability to add/remove End Users, manage settings, and authorize payments.

(b) You are responsible for maintaining the confidentiality of your login credentials and for all activities under your Account.

(c) You agree to notify us immediately at security@orgo.space if you suspect unauthorized access or a security breach.

2.3 Organizational Use Only

The Service is designed for organizational use (non-profits, associations, clubs, educational institutions, etc.). You may not:

(a) Use the Service for personal, household, or individual purposes unrelated to an organization.

(b) Resell, white-label, or sublicense the Service to third parties without a written agreement with Orgo.

(i) Permitted Revenue Activities: You may collect revenue from your own Members through the Service, including:

Membership dues and subscription fees
Event ticket sales
Donations and fundraising campaigns
Sales of your own products or services to Members
Incidental sponsorship acknowledgments from third parties (per Section 5.5.8)

(ii) Prohibited Activities Without Prior Written Consent: You may not, without our express written approval:

Create Orgo spaces on behalf of separate third-party organizations as a primary business activity
Resell Orgo subscriptions or access to third-party entities for profit
Act as a platform aggregator, franchiser, or network operator where multiple independent legal entities pay you for access to separate Orgo spaces
White-label Orgo as your own proprietary software product
Charge third-party entities “platform fees” or “software access fees” for using Orgo infrastructure

(iii) Multi-Chapter Clarification: The Multi-Chapter feature is designed for organizations with:

Regional branches or chapters that are part of the same legal entity, OR
Closely affiliated entities with legitimate operational relationships (federations, umbrella organizations, parent-subsidiary structures)

If your chapters are independent legal entities with separate governance, finances, and missions, contact sales@orgo.space to discuss Enterprise configurations or partnership agreements.

(iv) Consultancy and Implementation Services: If you provide consultancy services that include setting up or managing Orgo spaces for clients:

Each client organization must have its own Orgo Account and pay Orgo directly, OR
You must have a written reseller or partner agreement with Orgo
You may charge professional fees for your services (setup, training, management) but not for software access itself

(v) Corporate Sponsorship Programs: If you wish to:

Collect corporate sponsorship fees exceeding €10,000 per year from third parties in exchange for branded spaces, premium visibility, or platform access within your Orgo space, OR
Operate a B2B model where corporations pay to access a network of organizations via Orgo

Please contact sales@orgo.space for approval and appropriate licensing terms.

(vi) Violation and Enforcement: Violation of this Section 2.3(c) may result in:

Immediate Account suspension
Termination without refund of prepaid fees
Adjustment of your subscription to Enterprise pricing reflecting actual usage
Legal action to recover unpaid fees and damages

2.4 Account Suspension

We reserve the right to suspend or terminate your Account if:

(a) You violate these Terms or the Acceptable Use Policy incorporated in our User Terms.

(b) Your payment method fails or you have overdue invoices (see Section 4.6).

(d) We reasonably believe your Account poses a security or legal risk.

3. SERVICE DESCRIPTION & LICENSE

3.1 Service Provision

Subject to your compliance with these Terms and payment of applicable Fees, Orgo grants you a limited, non-exclusive, non-transferable, revocable right to access and use the Service during your subscription term, solely for your internal organizational purposes.

3.2 Features Included

Your Subscription Plan includes the features described at orgo.space/features and in your account dashboard. Standard features include:

Member database and profile management
Communication tools (email, SMS, in-app messaging)
Event creation, RSVP tracking, and calendar
Payment processing (via third-party processors like Stripe)
File storage and document sharing
Groups, roles, and permissions
Mobile apps (iOS and Android)
Reporting and analytics
API access (rate limits apply per plan)

3.3 Service Changes

We may:

(a) Add or improve features at any time at no additional cost (we’ll notify you of major enhancements).

(b) Modify or discontinue features with at least 30 days’ notice if such changes materially degrade core functionality. You may cancel per Section 4.5 if you object.

(c) Perform maintenance with advance notice (typically 48 hours for scheduled downtime; emergency maintenance may occur without notice).

3.4 Beta, Experimental, and Pre-Release Features

3.4.1 Definition of Non-Generally Available Features

We may offer features that are not yet ready for general availability, labeled as “Beta”, “Alpha”, “Preview”, “Pilot”, “Early Access”, “Experimental”, “Labs”, “Developer Preview”, or similar designations (collectively, “Non-GA Features”).

3.4.2 Characteristics of Non-GA Features

Non-GA Features are:

(a) Provided “AS IS”: Non-GA Features are provided without any warranties, express or implied, including warranties of merchantability, fitness for a particular purpose, accuracy, reliability, or non-infringement.

(b) Excluded from SLA: Non-GA Features are not covered by our Service Level Agreement (Section 6.1-6.3). Uptime targets, service credits, and availability guarantees do not apply to Non-GA Features.

(c) Not for Production Use: Non-GA Features are intended for testing, evaluation, and feedback purposes only. You should not rely on Non-GA Features for critical business operations, production environments, or mission-critical functions.

(d) Subject to Bugs and Errors: Non-GA Features may contain bugs, errors, defects, security vulnerabilities, performance issues, data loss risks, or unexpected behavior.

(e) May Change or Be Discontinued: We may, at any time and in our sole discretion:

Modify, redesign, or significantly change Non-GA Features
Discontinue Non-GA Features without ever releasing them as generally available
Release Non-GA Features as generally available with different features, pricing, or terms
Remove access to Non-GA Features without advance notice (though we will make reasonable efforts to provide notice)

(f) Clearly Designated: Non-GA Features will be clearly labeled in the Service with a badge, tag, or notation indicating their non-GA status.

3.4.3 Your Responsibilities When Using Non-GA Features

If you choose to use Non-GA Features:

(a) Do NOT Use for Critical Operations: Do not use Non-GA Features for:

Managing sensitive or confidential data (unless you have adequate backups)
Critical business processes or revenue-generating activities
Legal or regulatory compliance functions
Operations where failure could cause harm, loss, or significant disruption

(b) Maintain Separate Backups: If you store data using Non-GA Features, maintain independent backups outside the Service. We do not guarantee data preservation for Non-GA Features.

(c) Expect Changes: Anticipate that Non-GA Features may change significantly or be discontinued. Do not build critical workflows or integrations that depend on Non-GA Features remaining unchanged.

(d) Provide Feedback: We welcome your feedback on Non-GA Features. Submit feedback to feedback@orgo.space. By providing feedback, you grant us the rights specified in Section 9.4.

(e) Review Documentation: Check documentation, release notes, and known issues for Non-GA Features before use.

3.4.4 Data in Non-GA Features

(a) Data Export Before Discontinuation: If we discontinue a Non-GA Feature that stores your data:

We will provide at least 30 days’ advance notice via email and in-app notification (where feasible)
We will provide a data export option if technically feasible
If data export is not feasible, we will clearly notify you of data deletion timelines

(b) No Liability for Data Loss: We are not liable for any data loss, corruption, or unavailability resulting from:

Bugs or errors in Non-GA Features
Discontinuation of Non-GA Features
Changes to Non-GA Features that render data inaccessible
Your failure to maintain independent backups

(c) Migration Assistance: We may, but are not obligated to, provide tools or assistance to migrate data from discontinued Non-GA Features to generally available features.

3.4.5 Pricing for Non-GA Features

(a) Typically Free During Beta: Non-GA Features are usually offered at no additional charge during the testing period.

(b) Pricing May Change: If a Non-GA Feature becomes generally available, we may introduce pricing or change terms. We will provide at least 30 days’ notice before charging for a previously free Non-GA Feature.

(c) No Refunds for Discontinued Features: If you paid for access to a Non-GA Feature (e.g., as part of an Early Access program) and we discontinue it:

No refunds are provided if the feature was clearly designated as Non-GA
We may, at our discretion, offer service credits or alternative features

3.4.6 No Obligation to Release

Offering a Non-GA Feature does not obligate us to: (a) Continue offering the Non-GA Feature (b) Release the Non-GA Feature as generally available (c) Provide any specific features, functionality, or performance levels (d) Support the Non-GA Feature beyond the beta/testing period

3.4.7 Examples of Non-GA Features

Examples may include (but are not limited to):

New AI-powered features (e.g., “AI Member Matching (Beta)”)
Experimental integrations with third-party services
New analytics or reporting features in testing
Redesigned user interfaces or navigation
New API endpoints or webhooks under development

3.4.8 Transition to General Availability

When a Non-GA Feature becomes generally available: (a) We will remove the Non-GA designation and update documentation (b) The feature becomes subject to our standard SLA (Section 6) (c) Pricing (if any) will be clearly communicated (d) The feature becomes covered by our standard warranties (Section 11.1)

3.4.9 Opting Out of Non-GA Features

(a) Non-GA Features are typically opt-in (you must explicitly enable them) (b) You may disable Non-GA Features at any time via your account settings or by contacting support@orgo.space (c) Disabling a Non-GA Feature may result in loss of data stored in that feature (ensure you export data first)

3.5 Third-Party Integrations

The Service integrates with third-party services (e.g., payment processors, email providers, social login, marketing tools). Your use of third-party services is subject to their own terms and privacy policies. We are not responsible for third-party failures or terms.

Important: When you enable third-party integrations (such as HubSpot, Google Tag Manager, Meta Pixel, webhooks, or custom APIs), you act as the Data Controller and determine how data is shared with those third parties. See our Data Processing Agreement for details.

4. SUBSCRIPTION PLANS, BILLING & CANCELLATION

4.1 Subscription Plans

Current plans and pricing are available at orgo.space/pricing. Plans are based on:

(a) Number of member accounts (active users)

(b) Features and limits (storage, emails sent, API calls, etc.)

(d) Mid-Cycle Plan Changes and Add-Ons:

(i) Upgrades (Higher-Tier Plans or Additional Features):

You may upgrade to a higher-tier plan or purchase additional features (storage, member capacity, add-on modules) at any time during your Subscription Term
Prorated Pricing: You will be charged the prorated difference between your current plan and the new plan for the remainder of your Subscription Term
Calculation Example: If you upgrade from Standard (€50/month) to Business (€200/month) on day 15 of a monthly cycle, you pay: (€200 - €50) × 15/30 = €75 for the remaining 15 days
Upgrades take effect immediately upon payment confirmation
Your renewal date remains unchanged

(ii) Downgrades (Lower-Tier Plans or Feature Removal):

You may request a downgrade to a lower-tier plan at any time
Downgrades take effect at your next renewal date (not mid-cycle)
No refunds for the current Subscription Term
Data Preservation: If downgrading results in loss of features or storage limits:
- We will notify you of affected features at least 30 days before the downgrade takes effect
- You have 90 days from downgrade date to export data that exceeds your new plan limits
- After 90 days, data exceeding limits may be archived or deleted per Section 8.7
If your current usage exceeds the lower plan’s limits (e.g., you have 500 members but downgrade to a 200-member plan), you must reduce usage before the downgrade takes effect, or we may deny the downgrade request

(iii) Adding Users or Storage Mid-Cycle:

If you exceed your plan’s member capacity or storage limits:
- We will notify you via email and in-app notification within 5 business days
- You have 15 days to either: a) Upgrade to a plan that accommodates your usage, OR b) Reduce usage to within your current plan limits (delete inactive members, remove files)
- If you take no action within 15 days, we may:
  - Automatically upgrade you to the next appropriate plan tier and charge prorated fees, OR
  - Suspend features that exceed limits (e.g., disable new member registrations, restrict file uploads) until you upgrade or reduce usage
Prorated Add-On Pricing: Additional users or storage purchased mid-cycle are charged on a prorated basis for the remainder of your Subscription Term, then billed at full price upon renewal

(iv) Overage Charges (if applicable to your plan):

Some plan features have soft limits with overage billing (e.g., API calls, SMS messages sent)
Overage charges are billed monthly in arrears at the rates specified in your Order Form or at orgo.space/pricing
We will notify you when you reach 80% of your plan limit to help you avoid unexpected charges

(v) Enterprise Custom Plans:

Enterprise customers with custom pricing may have different mid-cycle change terms as specified in their Order Form or written agreement
Contact sales@orgo.space for Enterprise plan modifications

4.2 Free Trial / Free Plan

(a) We may offer a free trial or free plan with limited features.

(b) Free plans may have usage limits (e.g., max members, storage, emails). Exceeding limits may require an upgrade.

4.3 Billing & Payments

(a) Billing Cycle: You will be billed:

Monthly (on the same day each month), or
Annually (in advance, with optional discounts).

(b) Payment Methods: Credit card, debit card, or bank transfer (as available in your region).

(c) Currency: Fees are charged in EUR (€) or your local currency. Exchange rates (if applicable) are determined at the time of billing.

(d) Automatic Renewal: Your subscription renews automatically at the end of each billing cycle unless you cancel per Section 4.5.

(e) Taxes: Fees are exclusive of taxes. You are responsible for all applicable taxes (VAT, sales tax, etc.), which will be added to your invoice.

4.4 Fee Changes

(a) We may increase Fees upon 90 days’ advance notice via email or in-app notification.

(b) Fee increases apply at your next renewal date (not mid-cycle).

4.5 Cancellation & Refunds

4.5.1 By You

(a) You may cancel your subscription at any time via your account settings or by emailing support@orgo.space.

(b) Cancellation takes effect at the end of your current billing cycle. You retain access until then.

(c) No refunds for partial months/years. If you cancel mid-cycle, you will not be billed for the next cycle, but prepaid fees are non-refundable.

(d) Downgrading: If you downgrade to a lower-tier plan, the change takes effect at the next billing cycle. No refunds for the current cycle.

4.5.2 By Orgo

We may terminate your subscription with 30 days’ notice if:

(a) We discontinue the Service (unlikely, but we’ll refund unused prepaid fees on a pro-rata basis).

(b) You materially breach these Terms and fail to cure within 15 days of notice.

4.6 Late Payment & Suspension

(a) If your payment fails or is overdue by more than 15 days, we may suspend your Account after 5 business days’ email notice.

(b) During suspension, you and your End Users cannot access the Service, but your data is preserved for 30 days.

(c) Reactivation: Pay all overdue amounts via your account dashboard. Service resumes within 24 hours of payment.

(d) Termination for Non-Payment: If payment is overdue for 45 days, we may terminate your Account and delete your data per Section 9.3.

(e) Late Payment Interest: Overdue amounts (unpaid for more than 15 days past the due date) accrue interest at the rate of 1.5% per month (18% per annum), or the maximum rate permitted by applicable law, whichever is lower, calculated from the original due date until the date payment is received in full.

(i) Interest is compounded monthly on unpaid principal and accrued interest.

(ii) Late payment interest applies to all overdue amounts, including:

Subscription Fees
Overage charges
Professional services fees
Any other fees owed under this Agreement

(iii) Payment of late fees does not waive our right to suspend or terminate your Account per Section 4.6(a)-(d).

(iv) Collection Costs: If we engage a collection agency or attorney to collect overdue amounts, you agree to reimburse us for all reasonable collection costs, including:

Collection agency fees (typically 25-35% of amount owed)
Attorney fees and legal costs
Court costs and filing fees

(v) Romanian Law Compliance: Under Romanian law (Law 72/2013 on measures to combat late payment), we are entitled to:

Interest at the reference rate of the European Central Bank plus 8 percentage points (currently ~12-13% per annum)
Fixed compensation of €40 for recovery costs
Additional reasonable recovery costs exceeding €40

We may elect to apply Romanian statutory late payment terms in lieu of the 1.5% monthly rate above if more favorable to us.

5. YOUR RESPONSIBILITIES

5.1 Account Security

You are responsible for:

(a) Keeping your Admin login credentials confidential.

(b) All activities that occur under your Account, whether authorized or not.

5.2 Customer Data

You represent and warrant that:

(a) You own or have the necessary rights to all Customer Data you upload to the Service.

(b) Customer Data does not violate any third-party rights (intellectual property, privacy, publicity, etc.) or applicable laws.

GDPR consent (EU users)
Parental consent for minors under 16 (GDPR Article 8) or under 13 (COPPA in the US)
Any other consents required by local privacy laws

(d) You will not upload content that violates our User Terms of Service (Acceptable Use Policy).

5.3 Compliance with Laws

You agree to use the Service in compliance with:

(a) All applicable local, national, and international laws and regulations.

(b) GDPR (if you process EU personal data), CCPA (if you process California residents’ data), and other privacy laws.

5.4 Backup Responsibility

While we maintain regular backups for disaster recovery, you are responsible for maintaining your own backups of critical Customer Data. Use our data export feature (Section 10.4) to download your data regularly.

5.5 Rights and Obligations of Organizations (Admins)

5.5.1 Access to Member Data

When End Users (members, volunteers, beneficiaries, etc.) join your organization’s Orgo space, you (as Organization Admin) receive access to their name, email, phone number, and other contact information (“Member Contact List”) to facilitate community management and organizational operations.

5.5.2 Permitted Uses of Member Contact List

You may use the Member Contact List solely to:

(a) Communicate with Members about activities, events, volunteer opportunities, and purposes directly related to your organization’s mission and operations.

(b) Manage membership, volunteers, beneficiaries, fundraising campaigns, and organizational administration.

(d) Provide services and benefits that Members reasonably expect when joining your organization.

5.5.3 Prohibited Uses of Member Contact List

You agree NOT to:

(a) Sell, rent, lease, or otherwise provide the Member Contact List to third parties for monetary or other consideration.

(b) Use Member Contact List for commercial purposes unrelated to your organization’s stated mission and activities.

Service providers who assist your organization (accountants, event platforms, email marketing tools) under confidentiality obligations
As required by law or court order
Parent organizations or chapters within your organizational structure (if using Multi-Chapter features)

(d) Use Member Contact List for political campaigning, unless your organization is explicitly a political organization and Members joined with that understanding.

(e) Combine Member Contact List with purchased, scraped, or third-party email lists for bulk email campaigns.

5.5.4 Data Export and External Use

(a) You may export Member Contact Lists using our data export features (Section 10).

(b) Upon export, you assume full responsibility for:

Compliance with data protection laws (GDPR, CCPA, etc.) for any use outside the Service
Security of exported data (encryption, access controls, secure storage)
Honoring Member deletion, access, and portability requests
Maintaining accuracy and updating exported data

(c) If you import Member Contact Lists into external systems (email marketing platforms, CRM tools, accounting software):

You represent that you have obtained necessary consents from Members
You remain the Data Controller for such data
Orgo has no liability for your use of exported data outside the Service

5.5.5 Email Marketing Compliance

If you send emails to Members (via the Orgo platform or using exported lists):

(a) You must comply with all applicable anti-spam laws, including CAN-SPAM (US), GDPR (EU), CASL (Canada), and local regulations.

(b) For Members in the European Union or UK: You represent and warrant that you have obtained explicit opt-in consent before sending marketing emails. EU and UK law requires affirmative consent; pre-checked boxes or implied consent are insufficient.

(d) You must honor unsubscribe requests within 10 business days.

(e) You must include your organization’s physical postal address in all marketing emails (required by CAN-SPAM and other regulations).

5.5.6 Multi-Chapter and Affiliated Organizations

(a) If you use our Multi-Chapter feature to manage branches, chapters, or regional divisions:

Each chapter may have its own Admin with access to that chapter’s Member data
You represent that all chapters are part of your organization or affiliated entities with legitimate data-sharing relationships
You remain responsible for ensuring chapter Admins comply with these Terms

(b) Separate Legal Entities: If your chapters or affiliates are separate legal entities (e.g., regional branches with independent legal status):

Each entity should have its own Orgo Account, OR
You must have a written data-sharing agreement between entities that complies with GDPR Article 26 (joint controllers) or equivalent local law
Contact sales@orgo.space for guidance on Enterprise configurations for federated organizations

5.5.7 Payment Processing and Member Financial Data

(a) When you collect donations, membership fees, or event ticket payments via Orgo (powered by Stripe):

Member payment information (credit card numbers, bank details) is processed and stored by Stripe, not by Orgo or you
You have access to transaction records (amounts, dates, payer names) but not full payment credentials
Stripe’s terms and privacy policy govern payment processing

(b) You agree to use transaction data solely for:

Financial reporting and accounting
Issuing receipts and tax documents
Fraud prevention and dispute resolution
Purposes directly related to the transaction

Determining refund eligibility and amounts
Processing refunds via the Service or Stripe dashboard
Communicating refund policies to Members
Orgo is not a party to transactions between you and your Members

5.5.8 Advertising and Sponsorships

(a) You may display sponsorship acknowledgments, partner logos, or non-intrusive advertising within your Orgo space, provided such content:

Complies with all applicable laws and regulations
Follows FTC guidelines on native advertising and disclosures (if applicable)
Does not mislead Members or misrepresent relationships
Does not promote illegal, harmful, or prohibited content (per User Terms, Acceptable Use Policy)

(b) Revenue Sharing Not Required: You may retain sponsorship revenue collected from third parties without sharing revenue with Orgo, provided:

Sponsorships are incidental to your organizational mission (not your primary business model)
You do not resell or sublicense the Service itself (see Section 2.3(c))

5.5.9 Representation and Warranty of Organization Admins

By accepting these Terms as an Organization Admin, you represent and warrant that:

(a) You are authorized to bind your organization to this Agreement.

(b) You will comply with all applicable data protection laws (GDPR, CCPA, UK DPA, etc.) in your processing of Member data.

(d) You have obtained, or will obtain, all necessary consents from Members for processing their personal data, including:

GDPR-compliant consent (EU users)
Parental consent for minors under 16 (GDPR Article 8) or under 13 (COPPA in the US)
Opt-in consent for email marketing (where required by law)

(e) All advertising, sponsorships, and promotions you introduce to your Orgo space comply with applicable laws, regulations, and industry guidelines.

5.5.10 Breach of Member Trust

We may suspend or terminate your Account if:

(a) You violate this Section 5.5 (including failure to ensure administrator confidentiality per Section 5.5.11).

(b) We receive credible complaints from multiple Members about misuse of their data, spam, or unauthorized communications.

(d) You sell or lease Member Contact Lists to third parties.

(e) You fail to implement appropriate safeguards for administrators with access to sensitive data, including:

Lack of confidentiality agreements for administrators with access to member data
Missing background checks for administrators with access to children’s data
Failure to revoke access for terminated administrators
Allowing unauthorized individuals to access Member data

(f) An administrator under your control misuses Member data and you fail to:

Notify affected Members as required by law (typically within 72 hours under GDPR)
Take corrective action (revoke access, investigate, report to authorities if required)
Cooperate with our investigation or provide requested documentation

In the event of suspension or termination for violations of this Section, you are not entitled to any refund of prepaid fees (per Section 4.5.1(c)).

5.5.11 Administrator Access Controls and Confidentiality

As the Data Controller for Member data within your organization, you are responsible for ensuring that administrators and staff members with access to Member personal data handle such data securely and lawfully.

5.5.11.1 Need-to-Know Principle

You must grant administrator access to Member data only to individuals who require such access to perform legitimate organizational functions. Access should be:

(a) Role-based: Administrators should have access only to the data and features necessary for their role (e.g., event coordinators access event data, finance staff access payment records).

(b) Documented: You should maintain internal records of which administrators have access, the scope of access granted, and the business justification.

5.5.11.2 Confidentiality Obligations

You represent and warrant that all administrators with access to Member personal data:

(a) Have signed confidentiality agreements, non-disclosure agreements (NDAs), or are bound by professional secrecy obligations (e.g., lawyers, doctors, clergy) that prohibit unauthorized use or disclosure of Member data.

(b) Have received training on:

Your organization’s data protection policies
Applicable data protection laws (GDPR, CCPA, COPPA, etc.)
The importance of protecting Member privacy and handling data securely
Procedures for reporting suspected data breaches or misuse

Use Member data for personal purposes unrelated to organizational functions
Disclose Member data to unauthorized third parties
Access Member data out of curiosity or for reasons unrelated to their role
Export or copy Member data to personal devices or unsecured systems without authorization

5.5.11.3 Background Checks for Administrators with Access to Children’s Data

If your organization serves individuals under 18 years of age (or under 16 in the EU/EEA, or under 13 in the US), you must ensure that administrators with access to children’s personal data:

(a) Undergo appropriate background checks as required by applicable law, which may include:

Criminal record checks (e.g., DBS checks in the UK, FBI background checks in the US, criminal record certificate in Romania)
Child safeguarding clearances (e.g., Working with Children Checks in Australia)
References from previous employers or organizations
Verification of identity and employment history

(b) Complete safeguarding training appropriate to your jurisdiction and organizational context, including:

Recognizing signs of abuse, neglect, or exploitation
Mandatory reporting obligations
Safe communication practices with minors
Data protection specific to children (COPPA, GDPR Article 8)

(c) Maintain records of background checks and safeguarding training, updated periodically (typically every 3-5 years or as required by local law).

(d) Immediately revoke access for any administrator who:

Fails a background check or safeguarding screening
Is subject to safeguarding concerns, allegations, or investigations
Poses a risk to children based on credible information

5.5.11.4 Access Control Documentation

You should maintain internal documentation (not required to be shared with Orgo unless requested per Section 5.5.11.7) that includes:

(a) Administrator Access Log:

List of administrators with access to the Orgo platform
Scope of access granted (e.g., full access, chapter-specific, read-only, financial data access)
Date access was granted
Business justification for access (role, responsibilities)
Date of last access review

(b) Confidentiality Agreement Records:

Confirmation that administrators have signed confidentiality agreements or NDAs
Date agreements were signed
Storage location of signed agreements

Type of background check conducted (criminal record, DBS, etc.)
Date of background check
Result (cleared/not cleared)
Date of next scheduled renewal

(d) Training Records:

Data protection training completion dates
Safeguarding training completion dates (if applicable)
Training provider or method (in-person, online course, etc.)

5.5.11.5 Revocation of Access Upon Termination or Role Change

When an administrator’s role ends (due to resignation, termination, retirement, or role change that no longer requires access to Member data):

(a) Immediate Access Revocation: You must immediately revoke their access to the Orgo platform by:

Disabling their user account or removing administrator permissions
Revoking API keys or integrations they controlled
Changing shared passwords or access credentials they may have known

(b) Data Return or Deletion: You must ensure the departing administrator:

Returns any exported Member data (CSV files, backups, printed reports)
Deletes Member data from personal devices, email accounts, cloud storage, or other systems
Confirms in writing that they have returned or deleted all Member data

Confidentiality obligations continue after their role ends (typically indefinitely or as specified in their NDA)
They must not use or disclose Member data for any purpose after departure
Violations of confidentiality may result in legal action

(d) Timely Action: Access revocation should occur:

Immediately upon termination for cause or security concerns
Within 24 hours for voluntary resignations or retirements
On the effective date for planned role changes or transitions

5.5.11.6 Data Breach Notification by Organizations

If you discover or suspect that:

(a) An administrator has misused, disclosed, or accessed Member data without authorization;

(b) Member data under your control has been accessed, acquired, disclosed, or compromised by unauthorized parties;

(d) Member data has been inadvertently exposed (e.g., sent to wrong recipients, posted publicly by mistake);

You must:

(i) Notify Affected Members within the timeframes required by applicable law:

GDPR (EU/EEA/UK): Within 72 hours of becoming aware of the breach (Article 33-34)
CCPA (California): “Without unreasonable delay” (typically within 72 hours)
COPPA (US, children’s data): As soon as practicable
Other jurisdictions: Per local data breach notification laws

(ii) Notify Orgo at privacy@orgo.space within 24 hours if:

The incident may affect our systems, security, or other customers
The breach involves a vulnerability in the Orgo platform
You need our assistance to investigate or remediate the breach
The breach involves a large number of Members (more than 100 individuals)

(iii) Document the Incident: Maintain records of:

Date and time the breach was discovered
Nature of the breach (what data was affected, how it occurred)
Number of affected Members and categories of data involved
Actions taken to contain and remediate the breach
Notifications sent to Members, authorities, and Orgo

(iv) Take Corrective Action:

Immediately contain the breach (revoke access, secure systems, recover data)
Investigate the root cause
Implement measures to prevent recurrence
If an administrator caused the breach, take appropriate disciplinary action
Report to data protection authorities if required by law (GDPR Article 33)

(v) Cooperate with Investigations: If Orgo, data protection authorities, or law enforcement investigate the breach, you must:

Provide requested information and documentation
Preserve evidence
Implement recommended remedial measures

5.5.11.7 Orgo’s Right to Audit and Request Documentation

Upon reasonable notice (typically 15 days), we may request that you provide evidence of compliance with this Section 5.5.11, including:

(a) Confidentiality Agreements: Confirmation (not necessarily copies) that administrators have signed confidentiality agreements or NDAs.

(b) Background Check Compliance (for organizations serving children):

Attestation that administrators with access to children’s data have undergone appropriate background checks
Dates of background checks and renewal schedules
(We do not require copies of background check results, which may contain sensitive personal data)

(d) Training Records: Confirmation that administrators have received data protection and safeguarding training (if applicable).

(e) Breach Incident Reports: Documentation of any data breaches or security incidents affecting Member data.

When We May Request Audits:

We may request such documentation if:

(i) Your organization serves vulnerable populations (children, disabled individuals, elderly, healthcare recipients).

(ii) We receive complaints or reports suggesting inadequate data protection practices.

(iii) You experience a data breach or security incident.

(iv) You handle Special Categories of Personal Data (GDPR Article 9: health data, biometric data, etc.).

(v) We are required to demonstrate compliance to regulators or as part of our own compliance audits.

(vi) You are a large organization (more than 1,000 Members or annual revenue exceeding €100,000 via the platform).

Failure to Provide Documentation:

If you fail to provide requested documentation within a reasonable timeframe (typically 30 days):

We may suspend your Account until documentation is provided (particularly for organizations serving children or vulnerable populations).
We may terminate your Account if you repeatedly fail to demonstrate compliance.
We may report concerns to relevant data protection authorities if required by law.

5.5.11.8 High-Risk Organizations and Special Categories of Personal Data

If your organization processes Special Categories of Personal Data as defined by GDPR Article 9, including:

(a) Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership;

(b) Genetic data or biometric data for the purpose of uniquely identifying a person;

(d) Data concerning criminal convictions and offenses;

You must implement enhanced safeguards, including:

(i) Multi-Factor Authentication (MFA): Mandatory MFA for all administrators with access to Special Categories of data.

(ii) Encryption of Exported Data: Any export of Special Categories data must be encrypted (AES-256 or equivalent) when stored outside the Orgo platform.

(iii) Data Protection Impact Assessments (DPIAs): Conduct DPIAs as required by GDPR Article 35 before processing Special Categories of data.

(iv) Regular Access Audits: Review administrator access at least quarterly (vs. annually for standard data).

(v) Enhanced Training: Administrators must receive specialized training on handling sensitive personal data.

(vi) Legal Basis Documentation: Maintain clear documentation of the legal basis for processing Special Categories of data (explicit consent, legal claims, medical treatment, etc.).

Enterprise Plans for High-Risk Use Cases:

If your organization handles high-risk data, we strongly recommend upgrading to an Enterprise plan, which includes:

Dedicated support for compliance and data protection questions
Assistance with DPIAs and compliance documentation
Custom data retention and deletion policies
Enhanced security features (advanced access controls, audit logs, IP whitelisting)
Service Level Agreements (SLAs) with higher uptime guarantees

Contact sales@orgo.space to discuss Enterprise plans tailored to high-risk use cases.

5.5.11.9 Acknowledgment and Agreement

By accepting these Terms as an Organization Admin, you acknowledge and agree that:

(a) You are responsible for ensuring administrators comply with confidentiality, background check, and access control requirements outlined in this Section 5.5.11.

(b) Failure to comply with these requirements may result in:

Suspension or termination of your Account
Liability for data breaches or misuse by administrators under your control
Regulatory enforcement actions by data protection authorities
Legal claims from affected Members

Your administrators’ conduct or compliance with confidentiality obligations
Background checks or safeguarding failures by your organization
Breaches caused by administrators’ misuse of exported data or access to the platform
Your failure to notify Members of data breaches as required by law

(d) You will cooperate with Orgo’s reasonable requests for documentation and audit information to demonstrate compliance with data protection obligations.

6. SERVICE LEVEL & SUPPORT

6.1 Availability Target

We strive to maintain high availability of the Service. Our uptime targets are:

Subscription Plan	Target Uptime (Monthly)
Free / Standard	99.5%
Business	99.9%
Enterprise	99.95%

6.2 Exclusions

Uptime targets exclude:

(a) Scheduled maintenance (announced at least 48 hours in advance).

(b) Emergency maintenance for security or critical fixes.

(d) Force Majeure events (see Section 15.6).

(e) Beta/Non-GA features (Section 3.4).

6.3 Service Credits (Paid Plans Only)

If we fail to meet the uptime target in a given month:

(a) You may request a service credit equal to 5% of your monthly fee for each 0.5% below target (max 25% of monthly fee for Standard; 50% for Business; 100% for Enterprise).

(b) How to Claim: Email support@orgo.space within 15 days of month-end with details of the outage.

(d) Sole and Exclusive Remedy: Service credits are your SOLE AND EXCLUSIVE REMEDY for Service availability issues, downtime, or performance problems, EXCEPT in cases of:

Our gross negligence or willful misconduct
Force Majeure events lasting more than 30 consecutive days (in which case you may terminate per Section 16.6)

By claiming service credits, you waive any right to pursue additional damages or legal claims for the same availability issue.

6.4 Support

Plan	Channels	Response Time	Hours
Free	Community forum, docs	Best effort	N/A
Standard	Email support	48 business hours	Mon-Fri, 9-18h CET/EET
Business	Email + chat	24 business hours	Mon-Fri, 9-18h CET/EET
Enterprise	Email, chat, phone, Slack	1h (critical), 4h (high)	24/7 for critical

Contact: support@orgo.space

7. DATA PROTECTION & PRIVACY

7.1 Data Controller and Data Processor

7.1.1 You Are the Data Controller

For Member Data processed through the Service:

You (the Organization) are the Data Controller under GDPR, CCPA, and other data protection laws.
You determine the purposes and means of processing Member Data.
You are responsible for complying with all data protection laws, including obtaining consents, providing privacy notices, and responding to data subject rights requests.

7.1.2 Orgo Is the Data Processor

Orgo acts as a Data Processor (or “Service Provider” under CCPA) on your behalf.
We process Member Data only according to your instructions and our Data Processing Agreement (DPA).
We implement appropriate security measures to protect Member Data.

7.2 Data Processing Agreement (DPA)

7.2.1 Incorporation

Our Data Processing Agreement (DPA) is incorporated into these Terms by reference and is available at orgo.space/dpa/.

7.2.2 Applicability

The DPA applies automatically if you process personal data of individuals in:

The European Economic Area (EEA)
The United Kingdom
Switzerland
California or other U.S. states with privacy laws
Any other jurisdiction with data protection laws

7.2.3 Key DPA Terms

The DPA governs:

Orgo’s obligations as Data Processor (security, confidentiality, assistance with data subject rights)
Your obligations as Data Controller (lawful basis, consents, notices, retention)
Subprocessors (third parties Orgo uses to provide the Service)
International data transfers (Standard Contractual Clauses for EU data)
Data breaches (notification procedures)
Audit rights
Data deletion upon termination

7.3 Subprocessors

7.3.1 Core Subprocessors

We use the following core subprocessors to provide the Service:

AWS (Frankfurt, Germany) - Cloud hosting and data storage
Cloudflare - CDN for static assets only (NOT for Member Data)
Stripe - Payment processing
Plausible Analytics - Privacy-focused, GDPR-compliant analytics (no personal data tracking)

7.3.2 Complete List

A complete, up-to-date list of subprocessors is available at orgo.space/subprocessors.

7.3.3 Notification of Changes

We will notify you at least 30 days before adding or replacing a subprocessor. You may object on reasonable data protection grounds. See DPA Section 7 for details.

7.4 Data Security

7.4.1 Orgo’s Security Measures

We implement industry-standard security measures, including:

Encryption in transit (TLS 1.2+) and at rest (AES-256)
Access controls and multi-factor authentication
Regular security audits and penetration testing
24/7 security monitoring
Data hosted in AWS Frankfurt, Germany (EU)

7.4.2 Your Security Responsibilities

You are responsible for:

Securing Administrator accounts (strong passwords, enabling MFA)
Controlling access to Member Data within your organization
Educating Administrators and End Users about security
Reporting suspected security incidents to security@orgo.space

7.4.3 Detailed Security Measures

See DPA Annex 2 for detailed technical and organizational security measures.

7.5 Data Breaches

7.5.1 Orgo’s Notification to You

If we become aware of a security breach affecting Member Data, we will notify you within 72 hours via email.

7.5.2 Your Notification Obligations

As Data Controller, you are responsible for:

Determining whether to notify data protection authorities and/or affected Members
Providing such notifications within legal timeframes (GDPR: 72 hours to authority; CCPA: without unreasonable delay)
We will assist you in preparing breach notifications (see DPA Section 10)

7.6 International Data Transfers

7.6.1 Data Residency

Current: All Member Data is hosted in AWS Frankfurt, Germany (EU).
Future: We may offer optional U.S. data residency for North American customers. You will choose your data residency location.

7.6.2 Transfers Outside the EU

If Member Data is transferred outside the EU/EEA (e.g., to subprocessors in the U.S.), we use:

Standard Contractual Clauses (SCCs) approved by the European Commission
Supplementary measures (encryption, access controls, contractual protections)
Transfer Impact Assessments for all transfers

See DPA Section 11 for details.

7.7 Data Retention and Deletion

7.7.1 During Agreement Term

We retain Member Data for as long as your Account is active, or as you configure in your retention settings (Enterprise plans).

7.7.2 After Termination

Upon termination:

We retain Member Data for 90 days (you may request data export during this period)
After 90 days, we delete all Member Data (except as required by law for accounting/legal purposes)
You may request immediate deletion by emailing privacy@orgo.space

See DPA Section 13 for detailed retention and deletion procedures.

7.8 Data Portability

You may export Member Data at any time via:

Self-service export (Account Settings > Data Export)
API access (docs.orgo.space/api)
Request to privacy@orgo.space for full data export

Exported data is provided in CSV, JSON, Excel, or SQL format.

See DPA Section 14 for EU Data Act compliance (switching process, transitional period).

7.9 Privacy Policy

Our Privacy Policy (available at orgo.space/privacy/) describes:

What personal data we collect from you (Organization Admins) and your Members
How we use and share personal data
Your privacy rights (access, deletion, portability, etc.)
How Members can exercise their rights

Important: Your organization should have its own privacy policy that informs Members about how you use their data. Orgo’s Privacy Policy does not replace your obligation to provide privacy notices to your Members.

7.10 Children’s Data

If your organization serves children under 13 (US - COPPA) or under 16 (EU - GDPR):

(a) You must implement verifiable parental consent mechanisms before collecting children’s data.

(b) You must comply with COPPA, GDPR Article 8, and other applicable children’s privacy laws.

(c) You must ensure Administrators with access to children’s data have appropriate background checks and safeguarding training (Section 5.5.11.3).

(d) See DPA Annex 5 for detailed requirements for processing children’s data.

7.11 Special Categories of Personal Data

If your organization processes Special Categories of Personal Data (GDPR Article 9: health data, biometric data, racial/ethnic origin, political opinions, religious beliefs, etc.):

(a) You must have a lawful basis under GDPR Article 9 (explicit consent, legal claims, medical purposes, etc.).

(b) You must implement enhanced safeguards (Section 5.5.11.8).

(d) We recommend upgrading to an Enterprise plan for additional security and compliance support.

7.12 Your Members’ Privacy Rights

Your Members (End Users) have rights under GDPR, CCPA, and other privacy laws, including:

Right to access their data
Right to correct inaccurate data
Right to delete their data
Right to data portability
Right to object to processing
Right to opt-out of marketing

As Data Controller, YOU are responsible for responding to Members’ rights requests. Orgo will assist you as specified in DPA Section 8.

7.13 GDPR Representative

For EU data protection matters, our GDPR representative is:

Name: Vasile Varzariu-Darie
Email: privacy@orgo.space
Address: S.C. ORGO INFORMATICS SRL, Str. Gheorghe Grigore Cantacuzino nr 14, etaj PARTER, ap 1, Ploiești, județul Prahova, Romania

8. INTELLECTUAL PROPERTY

8.1 Ownership of Service

The Service, including all software, technology, content, trademarks, and intellectual property, is owned by Orgo and is protected by copyright, trademark, patent, trade secret, and other intellectual property laws.

8.2 Ownership of Customer Data

You retain all ownership rights to Customer Data and Member Data. By uploading Customer Data to the Service, you grant Orgo a limited license to:

(a) Process Customer Data solely to provide the Service to you (as specified in the DPA).

(b) Create aggregated, anonymized, and de-identified data for analytics and service improvement (Section 8.3).

8.3 Use of Anonymized Data

8.3.1 What Is Anonymized Data?

“Anonymized Data” means data that:

Cannot reasonably identify you or your organization
Cannot reasonably identify individual Members
Has been aggregated and de-identified in accordance with GDPR, CCPA, and industry standards

8.3.2 Our Rights to Anonymized Data

We may use Anonymized Data for:

Analytics and research
Improving the Service
Developing new features
Benchmarking and industry reports
Marketing and promotional materials

8.3.3 Examples of Anonymized Data

“Organizations with 100-500 members have an average event attendance rate of 35%”
“Email open rates for newsletters sent on Tuesdays are 5% higher than Fridays”
“Communities using gamification features see 20% higher engagement”

8.3.4 No Re-Identification

We will not attempt to re-identify Anonymized Data to link it back to you or your Members.

8.4 Feedback and Suggestions

If you provide us with feedback, suggestions, or ideas about the Service:

(a) You grant us a perpetual, irrevocable, royalty-free, worldwide license to use, implement, and commercialize your feedback.

(b) You waive any rights to compensation or attribution for your feedback.

8.5 Restrictions

You may not:

(a) Reverse engineer, decompile, or disassemble the Service.

(b) Remove or alter any copyright, trademark, or proprietary notices.

(d) Copy, reproduce, or distribute any part of the Service.

(e) Use the Service for any purpose other than as expressly permitted in these Terms.

9. WARRANTIES & DISCLAIMERS

9.1 Your Warranties

You represent and warrant that:

(a) You have the authority to bind your organization to these Terms.

(b) Your use of the Service complies with all applicable laws.

(d) You have obtained all necessary consents from Members for processing their personal data.

9.2 Orgo’s Limited Warranty

We warrant that the Service will perform substantially in accordance with our documentation available at docs.orgo.space during your subscription term.

9.3 DISCLAIMER OF WARRANTIES

EXCEPT AS EXPRESSLY PROVIDED IN SECTION 9.2, THE SERVICE IS PROVIDED “AS IS” AND “AS AVAILABLE” WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO:

(a) Implied warranties of merchantability, fitness for a particular purpose, title, or non-infringement.

(b) No guarantee that the Service will be uninterrupted, error-free, secure, or free from viruses.

(d) Non-GA Features (Section 3.4) are provided “AS IS” without any warranties.

SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES, SO THE ABOVE EXCLUSIONS MAY NOT APPLY TO YOU. IN SUCH JURISDICTIONS, OUR WARRANTIES ARE LIMITED TO THE MAXIMUM EXTENT PERMITTED BY LAW.

10. LIMITATION OF LIABILITY

10.1 Cap on Liability

10.1.1 General Cap

ORGO’S TOTAL AGGREGATE LIABILITY TO YOU FOR ALL CLAIMS ARISING OUT OF OR RELATED TO THESE TERMS OR THE SERVICE SHALL NOT EXCEED THE AMOUNT OF FEES YOU PAID TO ORGO DURING THE 12 MONTHS PRECEDING THE DATE THE CLAIM AROSE.

10.1.2 Free Plan

If you are on a free plan, Orgo’s total aggregate liability shall not exceed €100.

10.2 Exclusion of Indirect Damages

TO THE MAXIMUM EXTENT PERMITTED BY LAW, ORGO SHALL NOT BE LIABLE FOR ANY:

Indirect damages
Incidental damages
Consequential damages
Special damages
Punitive damages
Loss of profits, revenue, data, goodwill, or business opportunities
Cost of substitute services
Business interruption

EVEN IF ORGO HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

10.3 Exceptions

The limitations in Sections 10.1 and 10.2 do not apply to:

(a) Your indemnification obligations (Section 11).

(b) Your payment obligations (Fees, late payment interest).

(d) Our gross negligence or willful misconduct.

(e) Personal injury or death caused by our negligence.

(f) Fraud or fraudulent misrepresentation.

(g) Liability that cannot be excluded or limited under applicable law (e.g., GDPR data protection violations as required by GDPR Article 82).

10.4 Essential Purpose

YOU AGREE THAT THE LIMITATIONS OF LIABILITY IN THIS SECTION 10 ARE FUNDAMENTAL ELEMENTS OF THE AGREEMENT BETWEEN YOU AND ORGO. ORGO WOULD NOT PROVIDE THE SERVICE WITHOUT THESE LIMITATIONS. IF ANY LIMITATION IS FOUND TO BE INVALID, THE REMAINDER OF THIS SECTION 10 SHALL REMAIN IN FULL FORCE AND EFFECT.

10.5 Basis of the Bargain

The Service is offered at the price specified in your Subscription Plan based on these limitations of liability. If you require higher liability limits, contact sales@orgo.space to discuss Enterprise pricing.

11. INDEMNIFICATION

11.1 Your Indemnification of Orgo

You agree to indemnify, defend, and hold harmless Orgo, its officers, directors, employees, agents, and subprocessors from and against any and all claims, losses, damages, liabilities, costs, and expenses (including reasonable attorneys’ fees) arising from or relating to:

(a) Your use of the Service in violation of these Terms or applicable law.

(b) Customer Data you upload, including claims that Customer Data infringes third-party intellectual property rights or violates privacy laws.

(c) Your Members’ conduct, including claims arising from Member-generated content (except to the extent caused by our breach of these Terms).

(d) Your violation of data protection laws (GDPR, CCPA, COPPA, etc.) in your capacity as Data Controller.

(e) Your breach of Section 5 (Your Responsibilities), including:

Failure to obtain required consents from Members
Misuse of Member Contact Lists
Failure to implement administrator confidentiality or background checks
Data breaches caused by your administrators

(f) Your violation of Section 2.3(c) (third-party monetization restrictions), including unauthorized reselling or white-labeling of the Service.

(g) Claims by third parties (sponsors, partners, vendors) arising from your use of the Service or your relationship with them.

(h) Your Administrators’ conduct, including unauthorized access, data misuse, or security breaches caused by your Administrators.

11.2 Indemnification Procedure

(a) Orgo will promptly notify you in writing of any claim subject to indemnification.

(b) You will have sole control of the defense and settlement, provided you:

Do not admit liability on Orgo’s behalf
Do not agree to any settlement that imposes obligations on Orgo or requires Orgo to pay money or admit wrongdoing
Keep Orgo reasonably informed of the status

(d) You will pay all judgments, settlements, and reasonable costs (including attorneys’ fees) arising from indemnified claims.

11.3 Orgo’s Indemnification of You (Limited to certain claims)

Orgo will indemnify, defend, and hold you harmless from third-party claims that:

(a) The Service infringes a third party’s valid copyright, trademark, or patent (registered in the EU or US).

(b) Provided such claims are not caused by:

Your modification of the Service
Your combination of the Service with third-party products
Your use of the Service in violation of these Terms
Customer Data you uploaded

11.4 Orgo’s Remedies for IP Claims

If we reasonably believe the Service infringes, or if we receive an infringement claim, we may (at our option):

(a) Obtain the right to continue providing the Service.

(b) Replace or modify the Service to make it non-infringing.

11.5 Exclusive Remedy

This Section 11 states Orgo’s sole and exclusive liability and your sole and exclusive remedy for third-party IP infringement claims related to the Service.

12. TERM & TERMINATION

12.1 Term

These Terms commence on the date you accept them (by creating an Account or clicking “I Agree”) and continue until terminated in accordance with this Section 12.

12.2 Termination by You

You may terminate these Terms and your Account:

(a) At any time, in accordance with Section 4.5 (Cancellation).

(b) Termination takes effect at the end of your current billing cycle.

You lose access to the Service
We retain your Customer Data for 90 days (Section 7.7.2) for data export
After 90 days, we delete your Customer Data (except as required by law)

12.3 Termination by Orgo

We may terminate these Terms and your Account:

(a) For Cause (immediate or with 15 days’ notice to cure):

You materially breach these Terms (e.g., violations of Section 2.3(c), 5.5, or non-payment per Section 4.6)
Your Account poses a security or legal risk
You engage in fraud, abuse, or illegal activity

(b) For Convenience (with 30 days’ notice):

We discontinue the Service (unlikely, but we’ll refund unused prepaid Fees on a pro-rata basis)

You violate Section 2.3(c) (reselling/white-labeling)
You violate Section 5.5.10 (breach of Member trust, spam, data misuse)
Required by law or court order

12.4 Effect of Termination

Upon termination:

(a) Your Access: You and your Members immediately lose access to the Service.

(b) Data Retention: We retain Customer Data for 90 days (you may request export during this period).

(d) Payment Obligations: You remain responsible for all Fees incurred up to the termination date. No refunds for prepaid Fees (except as specified in Section 12.3(b) for our convenience termination).

(e) Survival: The following Sections survive termination:

Section 4.6 (Late Payment Interest)
Section 7 (Data Protection - for ongoing obligations)
Section 8 (Intellectual Property - ownership provisions)
Section 9.3 (Disclaimer)
Section 10 (Limitation of Liability)
Section 11 (Indemnification)
Section 12.4 (Effect of Termination)
Section 15 (General Provisions)

12.5 No Refunds Upon Termination for Cause

If we terminate your Account for your breach of these Terms (Section 12.3(a) or (c)), you are not entitled to any refund of prepaid Fees.

13. DISPUTE RESOLUTION & GOVERNING LAW

13.1 Governing Law

These Terms shall be governed by and construed in accordance with the laws of Romania, without regard to conflict of laws principles.

13.2 Jurisdiction

Any disputes arising out of or relating to these Terms shall be subject to the exclusive jurisdiction of the courts of Ploiești, Romania (or the courts of Bucharest, Romania, if Ploiești courts decline jurisdiction).

13.3 GDPR and Data Protection Disputes

For disputes related to data protection (GDPR, CCPA, DPA), the governing law and jurisdiction provisions in our Data Processing Agreement (DPA) shall apply, which may differ from this Section 13 to comply with GDPR requirements.

13.4 Informal Resolution

Before filing a lawsuit, you agree to first attempt to resolve the dispute informally by contacting us at legal@orgo.space. We will attempt to resolve the dispute within 30 days.

13.5 Class Action Waiver

TO THE MAXIMUM EXTENT PERMITTED BY LAW, YOU AGREE THAT ANY DISPUTE RESOLUTION PROCEEDINGS WILL BE CONDUCTED ONLY ON AN INDIVIDUAL BASIS AND NOT IN A CLASS, CONSOLIDATED, OR REPRESENTATIVE ACTION.

If this waiver is found to be unenforceable, the remainder of this Section 13 shall remain in full force and effect.

13.6 Time Limit for Claims

You must bring any claim arising out of these Terms within one (1) year after the claim arose, or the claim is permanently barred.

14. GENERAL PROVISIONS

14.1 Entire Agreement

These Terms, together with the Privacy Policy, Data Processing Agreement, and User Terms of Service, constitute the entire agreement between you and Orgo regarding the Service and supersede all prior agreements, representations, or understandings.

14.2 Amendments

14.2.1 Our Right to Amend

We may amend these Terms from time to time to:

Comply with legal or regulatory requirements
Reflect changes to the Service
Clarify ambiguous terms
Make other reasonable changes

14.2.2 Notice of Amendments

We will provide you with at least 30 days’ advance notice of material amendments via:

Email to your account email address
In-app notification
Posting updated Terms at orgo.space/terms/organization/ with the “Last Updated” date changed

14.2.3 Your Right to Object

If you object to a material amendment that adversely affects your rights:

Notify us in writing at legal@orgo.space within 30 days
If we cannot reach a mutually acceptable resolution, you may terminate your Account in accordance with Section 12.2
Your continued use of the Service after the effective date of an amendment constitutes acceptance

14.2.4 Immediate Amendments

Amendments required by law (e.g., new regulations, court orders) shall take effect immediately upon notice, without the 30-day notice period.

14.3 Severability

If any provision of these Terms is held to be invalid, illegal, or unenforceable:

The provision shall be modified to the minimum extent necessary to make it valid and enforceable
If modification is not possible, the provision shall be severed
The remaining provisions shall remain in full force and effect

14.4 Waiver

No waiver of any provision of these Terms shall be effective unless in writing. No waiver of any breach or default shall constitute a waiver of any other breach or default.

14.5 Assignment

14.5.1 Your Assignment

You may not assign or transfer these Terms or your Account without our prior written consent, except:

To an affiliate or successor entity in connection with a merger, acquisition, or sale of assets
Provided the successor entity agrees to be bound by these Terms

14.5.2 Our Assignment

We may assign or transfer these Terms or the Service:

To an affiliate or successor entity
In connection with a merger, acquisition, reorganization, or sale of our business
To a third party, provided we notify you and your rights under these Terms are not materially diminished

14.6 No Third-Party Beneficiaries

These Terms are solely for the benefit of you and Orgo and do not create any rights in favor of third parties, except:

Data Subjects (your Members) who are third-party beneficiaries of our Data Processing Agreement as required by GDPR

14.7 Independent Contractors

You and Orgo are independent contractors. These Terms do not create a partnership, joint venture, agency, employment, or fiduciary relationship.

14.8 Force Majeure

Neither party shall be liable for any failure or delay in performing its obligations (other than payment obligations) due to events beyond its reasonable control, including:

Acts of God (natural disasters, pandemics)
War, terrorism, civil unrest
Government actions, laws, or regulations
Utility failures, internet outages
Cyberattacks by third parties (provided we have implemented appropriate security measures)

The affected party shall:

Notify the other party promptly
Use commercially reasonable efforts to mitigate the impact
Resume performance as soon as reasonably practicable

If a force majeure event continues for more than 60 consecutive days, either party may terminate these Terms upon written notice.

14.9 Notices

14.9.1 How to Send Notices

All notices under these Terms must be in writing and sent to:

To Orgo:

Email: legal@orgo.space (for legal matters), privacy@orgo.space (for data protection), support@orgo.space (for support), security@orgo.space (for security incidents)
Mail: S.C. ORGO INFORMATICS SRL, Str. Gheorghe Grigore Cantacuzino nr 14, etaj PARTER, ap 1, Ploiești, județul Prahova, Romania

To You:

The email address associated with your Account
The billing address provided during registration

14.9.2 When Notices Are Deemed Given

Notices are deemed given:

Upon personal delivery
Upon email confirmation (if sent during business hours; otherwise, next business day)
Three (3) business days after sending by registered mail

14.9.3 Updating Contact Information

You must keep your contact information current in your account settings. We are not responsible for notices sent to outdated contact information.

14.10 Language

These Terms are executed in English. If translated into another language, the English version shall prevail in the event of any conflict.

14.11 Electronic Signatures

You agree that your electronic acceptance of these Terms (by clicking “I Agree” or creating an Account) constitutes your legally binding electronic signature.

14.12 Relationship to User Terms

Important: These Organization Terms govern the relationship between Orgo and your organization. Your Members (End Users) must separately accept our User Terms of Service, which govern their use of the Service and conduct within your Orgo space.

14.13 Headings

Section headings are for convenience only and do not affect interpretation of these Terms.

15. CONTACT INFORMATION

For general questions: Email: contact@orgo.space Website: orgo.space Documentation: docs.orgo.space

For support: Email: support@orgo.space

For data protection and privacy matters: Email: privacy@orgo.space Data Protection Officer: Vasile Varzariu-Darie

For security issues: Email: security@orgo.space

For legal matters: Email: legal@orgo.space

For sales and Enterprise plans: Email: sales@orgo.space

Mailing address: S.C. ORGO INFORMATICS SRL Str. Gheorghe Grigore Cantacuzino nr 14, etaj PARTER, ap 1 Ploiești, județul Prahova, Romania Registration: J29/2796/2019 Fiscal Code: 41650896

Please also review these related documents:

User Terms of Service - Terms for individual Members using your Orgo space
Privacy Policy - How we collect and use personal data
Data Processing Agreement (DPA) - GDPR-compliant data processing terms
Subprocessors List - Third parties we use to provide the Service

ACCEPTANCE

By clicking “I Agree,” creating an organization account, or accessing the Service, you acknowledge that you have read, understood, and agree to be bound by these Organization Terms of Service on behalf of your organization.

END OF ORGANIZATION TERMS OF SERVICE

Version 2.1 | Last Updated: November 1, 2025