Terms of Service

1. Parties and Agreement Structure

1.1 Service Provider

1.2 Agreement document hierarchy

These Terms of Service form part of a composite agreement together with the documents listed below. In the event of conflict, precedence shall be as follows:

1. Signed enterprise agreement, order form, or statement of work
2. Product-specific service terms (Hosting, VDS, Email, AI, etc.)
3. Acceptable Use Policy (AUP)
4. Service Level Agreement (SLA)
5. Data Processing Agreement / DPA (with respect to data processing matters only)
6. These Terms of Service
7. Privacy Policy
8. Refund and Cancellation Policy
9. Subprocessor Framework and other public disclosure documents

2. Eligibility, Consent and Sanctions Compliance

2.1 Eligibility requirements

• The Services may be used by natural persons who are at least 18 years of age and have the legal capacity to enter into binding agreements, as well as by legal entities.
• Persons under the age of 18 may use the Services only under the supervision of a parent or legal guardian, who shall be deemed a party to this agreement and shall assume full responsibility.
• Any person acting on behalf of an organisation represents and warrants that they have the authority to bind that organisation.

2.2 Sanctions compliance

RYSTAT services may not be used by individuals, entities, or countries listed on the sanctions lists of the United Nations, the European Union, the United Kingdom, the United States, or any other applicable authority. Any person or entity requesting Services represents and warrants that they are not subject to such restrictions. RYSTAT may request identity or trade documentation for compliance purposes.

3. Scope of Services and Definitions

RYSTAT provides domain name registration, web hosting (shared and reseller), virtual private servers (VDS/VPS), business email, artificial intelligence (AI) based services (including OpenClaw, n8n assistant, and Website Builder), CDN, DNS, and related digital infrastructure services.

Detailed descriptions, technical specifications, and product-specific rules for each service are set out on the relevant product page and in the applicable product-specific terms (Section 1.2). Unless expressly stated otherwise in an order form or enterprise agreement, services are considered unmanaged in nature.

Domain name registration services: RYSTAT processes domain name registrations through accredited registrar API connections. The registration process is subject to the registrar's registration agreement in force at the time of application and to ICANN policies. RYSTAT acts as an intermediary in these transactions; final registration decisions and domain ownership are directly tied to the information on record. Domain name disputes are subject to the ICANN UDRP process and the relevant arbitration bodies.

4. Account Management and Security

• Account information must be kept accurate, complete, and up to date.
• Login credentials, API keys, and administrative access are the customer's responsibility and must not be shared with third parties.
• The use of strong passwords and two-factor authentication (2FA) is strongly recommended.
• RYSTAT must be notified immediately upon detection of any unauthorised access or security incident: security@rystat.com
• The customer is responsible for all activity conducted through their account.

5. Acceptable Use

The Services may only be used for lawful purposes. The detailed prohibited use framework is governed by the Acceptable Use Policy (AUP). In summary:

• Illegal activities, fraud, infringement of rights, and content contrary to applicable law are prohibited.
• Attacks on infrastructure, malicious software, spam, and unsolicited commercial communications are prohibited.
• Excessive or abusive activity that adversely affects the service quality of other customers is prohibited.
• Collecting personal data without consent and processing data in violation of EU data protection legislation are prohibited.

6. Digital Services Act (DSA) — EU 2022/2065

RYSTAT operates as a hosting service provider within the scope of the EU Digital Services Act. Our obligations under the DSA and your rights thereunder are set out below.

6.1 DSA point of contact (DSA Article 11)

The designated point for direct and expedited contact with member state competent authorities, the European Commission, and the Digital Services Coordinator (DSC): legal@rystat.com

Official correspondence received at this address is handled in English, Turkish, and German.

6.2 Illegal content notice and action mechanism (DSA Article 16)

Any person (natural person, legal entity, or competent authority) who considers content hosted on RYSTAT infrastructure to be illegal may submit a notice through the following channel:

RYSTAT will assess notices received within a reasonable timeframe and inform the notifier of the outcome. Notices that are manifestly unfounded or submitted in bad faith may not be acted upon.

6.3 Appeal against content moderation decisions (DSA Article 17)

Customers wishing to appeal a content removal, suspension, or access restriction decision taken by RYSTAT may do so within 14 days of being notified of the decision by contacting:

Appeals are subject to an internal review process. The outcome will be communicated within a reasonable timeframe.

6.4 Internal complaint mechanism (DSA Article 20)

Customers may contest the following types of RYSTAT decisions free of charge and by electronic means:

• Content removal or access restriction decisions
• Account or service suspension decisions
• Responses to notices submitted under DSA Article 16

6.5 Out-of-court dispute resolution (DSA Article 21)

Where a satisfactory outcome cannot be achieved through the internal complaint process, recipients located in the EU/EEA may refer their dispute to certified out-of-court dispute resolution bodies under the DSA. RYSTAT agrees to cooperate with such bodies. A list of certified bodies is published by the Digital Services Coordinator (DSC) of the member state in which the service is provided.

6.6 Transparency

RYSTAT aims to publish aggregate data relating to content moderation (service termination decisions, content removal actions, requests from competent authorities) at appropriate intervals.

7. Consumer Rights — Pre-Contractual Information (Directive 2011/83/EU Article 6)

Mandatory pre-contractual information for consumers resident in the EU/EEA:

For detailed information on consumer rights and the withdrawal procedure, see the Refund and Cancellation Policy.

8. Payment and Billing

• Services are provided on a prepaid basis unless expressly stated otherwise.
• All prices are displayed exclusive of tax unless otherwise indicated.
• For services with automatic renewal, charges for the new period will be applied unless the service is cancelled beforehand.
• In the event of non-payment, services may be suspended; customers are reminded that data backup during such periods remains their sole responsibility.

9. Data, Content and Backups

The customer bears sole responsibility for the content, datasets, applications, emails, backups, and all materials they host or upload. RYSTAT may provide system-level backups for certain services; however, such mechanisms should not be treated as a primary backup solution and are provided on a best-effort basis.

The customer bears independent responsibility as data controller for its obligations under EU GDPR and applicable data protection legislation. RYSTAT processes such data solely in its capacity as data processor for the purpose of providing the Services.

10. Service Continuity and Maintenance

RYSTAT shall use commercially reasonable efforts to maintain the continuity of the Services. Scheduled maintenance will be announced in advance where practicable. Emergency security interventions, third-party infrastructure incidents, and force majeure events may result in service interruptions without prior notice. For availability targets and service credit calculations, see the SLA.

11. Suspension, Restriction and Termination

RYSTAT may partially or wholly restrict, suspend, or terminate Services in the following circumstances:

• Breach of the Terms of Service, AUP, or product-specific terms
• Security risk, abuse, spam, or activities affecting the infrastructure
• Non-payment or a material billing dispute
• Legal obligation, regulatory requirement, court order, or competent authority request
• A content removal order from a competent authority under DSA Article 16

Reasonable notice: Except in cases of emergency security or abuse incidents, RYSTAT will endeavour to notify the customer of breaches warranting termination and to provide a reasonable opportunity to remedy them. This obligation does not apply in cases of legal requirement, court order, or force majeure.

12. Intellectual Property

All intellectual property rights in RYSTAT's software, trademarks, documentation, designs, and original service-related materials are reserved. The customer retains all rights in their own content and data, and grants RYSTAT a limited, non-exclusive, non-transferable licence to use such content and data to the extent necessary to provide the Services. This licence terminates upon the cessation of the Services.

The customer assigns to RYSTAT all rights in any feedback voluntarily provided to RYSTAT; no compensation shall be due in respect of such assignment.

12a. Digital Content and Service Conformity (Directive 2019/770/EU)

All digital services provided to consumers in the EU/EEA (hosting, VDS, email, Website Builder, AI products) are subject to the EU Directive on Contracts for the Supply of Digital Content and Digital Services (2019/770/EU). Within this framework:

• Conformity obligations (Articles 7–8): Services are provided in conformity with the characteristics specified in the agreement and the standards reasonably expected (functionality, accessibility, continuity, security).
• Security updates (Article 9): RYSTAT shall provide the necessary security updates required to maintain conformity of the service throughout the contract period.
• Consumer remedies in the event of non-conformity (Article 14): Where non-conformity is identified in a continuously supplied digital service, the consumer may exercise: (1) the right to have conformity restored, (2) a proportionate price reduction, or (3) the right to terminate the contract. These rights apply in addition to, and independently of, SLA service credits.
• Refund upon termination (Article 16): Where a consumer exercises the right to terminate the contract, all amounts paid shall be refunded within 14 calendar days.

13. Artificial Intelligence (AI) Services

The artificial intelligence services provided by RYSTAT (OpenClaw, n8n AI assistant, Website Builder AI features, and related APIs) are subject to this section and additionally to the AI Service Terms.

13.1 User responsibility

• The customer assumes full responsibility for the inputs submitted to AI systems and the outputs received from them.
• AI outputs are probabilistic in nature; accuracy, completeness, or freedom from error is not guaranteed.
• AI outputs may not be relied upon as the sole basis for legal, medical, financial, or safety-critical decisions; independent expert review is required.
• Generating content that infringes the rights of third parties, copyright, or personality rights is prohibited.

13.2 EU AI Act compliance (EU 2024/1689)

The EU Artificial Intelligence Act (AI Act — Regulation 2024/1689) entered into force on 1 August 2024. RYSTAT manages its AI services in accordance with the AI Act's application timeline and the applicable service category:

• Prohibited AI practices (AI Act Article 5) may not be used on RYSTAT platforms.
• High-risk AI systems (AI Act Annex III) are subject to additional compliance requirements, which are set out on the relevant service page.
• Transparency obligations under the AI Act arising from general-purpose AI models (GPAI) are fulfilled.

13.3 Intellectual property status of AI outputs

The intellectual property status of AI outputs may vary depending on the model used and the applicable national law. Customers should seek independent legal advice under applicable law before using AI outputs for commercial purposes. RYSTAT makes no warranty in this regard.

13.4 Artificial Intelligence Features and Explicit Consent

RYSTAT offers AI-powered features such as AI Site Builder, AI Assistant and AI content generation. When these features are used, the user's prompts, input data and selected parameters may be transferred to third-party AI providers (DeepSeek (PRC), Anthropic (US), OpenAI (US), Mistral (FR)).

13.4.1 Default OFF — Express Consent Requirement

Artificial intelligence features are OFF by default. No data is transferred to any AI provider until the user manually enables the "Artificial Intelligence Features" toggle on the panel page /panel/profile (Privacy tab). This explicit consent is obtained under KVKK Article 9 ("explicit consent for cross-border data transfer") and GDPR Article 49(1)(a) ("explicit consent for transfers to third countries").

13.4.2 Bundle Rejection — EDPB Guidelines 05/2020 Compliance

General acceptance of these Terms of Service does NOT constitute consent to artificial intelligence features. Pursuant to EDPB Guidelines 05/2020 §59-60, explicit consent must be "specific, granular and distinguishable"; bundled acceptance is invalid. A separate click (panel toggle) is required to activate AI features.

13.4.3 Risk Notice — Schrems II

There is no EU adequacy decision for the DeepSeek (PRC) jurisdiction. The PRC Personal Information Protection Law (PIPL), Data Security Law and National Intelligence Law Article 7 grant the State broad access powers. Under CJEU C-311/18 (Schrems II), this does not meet the "essential equivalence" test. The user accepts this risk by giving explicit consent. A detailed Transfer Impact Assessment (TIA) is available on request from legal@rystat.com.

13.4.4 User Obligation — Prompt Content

The user undertakes not to include sensitive personal data, national ID numbers, trade secrets or information belonging to third parties in AI prompts. Responsibility in this regard lies with the user; RYSTAT does not pre-screen prompt content but maintains an audit trail.

13.4.5 Right to Withdraw

The user can withdraw consent at any time by disabling the AI toggle on the panel page /panel/profile (Privacy tab). Withdrawal applies prospectively; transfers that occurred before withdrawal are not affected by this right (KVKK Article 7; GDPR Article 7(3)).

13.4.6 No-Train Safeguard

RYSTAT seeks "no-train" clauses (user data shall not be used for model training) in its contracts with AI providers wherever possible. If a provider refuses this clause, RYSTAT closes that provider to new users and notifies existing users.

14. Indemnification and Hold Harmless

The customer agrees to defend, indemnify, and hold harmless RYSTAT, Unifics Limited, and their respective directors, employees, and service providers against any third-party claims arising from the customer's use of the Services, the content they host, infringement of third-party rights, activities contrary to applicable law, or breaches of the AUP. This obligation shall survive the termination of the agreement.

15. Limitation of Liability

Subject to the exceptions required by applicable mandatory law and cases of wilful misconduct or gross negligence:

• RYSTAT's total financial liability in any dispute shall not exceed the amounts actually paid by the customer for the service in dispute during the preceding 12 months.
• The following categories of loss are excluded from RYSTAT's liability: loss of revenue or profit, loss or corruption of data, business continuity interruption, reputational harm, opportunity costs, and any indirect or consequential loss.

16. Force Majeure

RYSTAT shall not be held liable for delays in performance arising from events beyond its reasonable control, including natural disasters, war, terrorism, cyberattacks, governmental intervention, power outages, internet infrastructure incidents, and third-party supplier disruptions. Such events will be notified promptly and reasonable efforts will be made to restore the Services as soon as possible.

17. Governing Law and Dispute Resolution

17.1 Governing law

These Terms of Service are governed by the laws of the Hong Kong Special Administrative Region, in which the company is incorporated, subject to the exceptions required by mandatory consumer and data protection legislation.

17.2 Jurisdiction

The courts of Hong Kong shall have jurisdiction to resolve disputes.

17.3 Alternative dispute resolution

The parties agree to consider alternative dispute resolution methods such as mediation or arbitration before resorting to court proceedings. For EU/EEA consumers, the EU ODR platform is available at: ec.europa.eu/odr

17.4 Severability

Should any provision of these Terms of Service be found invalid or unenforceable, that provision shall be construed in the manner most closely aligned with applicable law in the relevant jurisdiction; the remaining provisions shall continue in full force and effect.

18. Updates and Contact

RYSTAT may update these Terms of Service. Material changes will be announced via the website or by registered email address at least 30 days before the effective date. Continued use of the Services following such notice constitutes acceptance of the updated terms. For EU/EEA consumers, where required by law, separate consent to updates will be obtained.