Rakomi

Terms of Service

Quick Summary

Effective Date: 2026-03-24 Version: 5

1. Definitions

Term Meaning
CRE8EVE / we / us CRE8EVE Sp. z o.o., Tulipanowa 4, 72-003 Dobra, Poland (KRS: 0000912669, NIP: 8513262229)
Rakomi / Service / Platform The authentication-as-a-service platform at rakomi.com, including the API, dashboard, SDK, and documentation
Customer / you The natural or legal person who creates an account on the Rakomi dashboard
Tenant A logical workspace within Rakomi representing a distinct application or project
End-User A person who authenticates through a Customer's application using Rakomi
Dashboard The web-based management interface at rakomi.com
API The programmatic interface at api.rakomi.com

2. Service Description

Pursuant to Art. 8 ust. 1 pkt 1 of the Polish Act on Providing Services by Electronic Means (Ustawa o świadczeniu usług drogą elektroniczną):

Rakomi provides the following digital services:

Age-appropriate access controls: Tenants enabling social login providers that permit users under 16 (e.g., Discord, Facebook) are solely responsible for implementing age-appropriate access controls per Art. 8 GDPR. Rakomi provides the authentication infrastructure but does not verify end-user age on behalf of tenants.

3. Technical Requirements

Pursuant to Art. 8 ust. 1 pkt 2:

3.1 Dashboard Access

3.2 API Integration

4. Contract Conclusion and Termination

Pursuant to Art. 8 ust. 1 pkt 3:

4.1 Contract Conclusion

The contract for provision of services is concluded when:

  1. You complete the registration form on the Rakomi dashboard.
  2. You receive and verify your email address by clicking the verification link.
  3. Your account is activated.

By creating an account, you accept these Terms of Service, the Privacy Policy, and the Data Processing Agreement (for data you process through the platform on behalf of your end-users). These Terms are available for review before registration.

4.2 Contract Duration

The contract is concluded for an indefinite period. There is no minimum contract duration.

4.3 Termination by Customer

You may terminate the contract at any time by deleting your account through the dashboard or by emailing info@rakomi.com. Account deletion is subject to the data retention provisions in Section 14.

4.4 Termination by CRE8EVE

CRE8EVE may terminate the contract with 30 days' advance notice by email, for the following reasons:

  1. Material breach of these Terms or the Acceptable Use Policy (Section 7) that is not remedied within 14 days of notice.
  2. Legal or regulatory requirement preventing continued service provision.
  3. Cessation of the Rakomi service entirely (with maximum notice as commercially reasonable).

CRE8EVE may suspend or terminate access immediately (without the 30-day notice period) if:

5. Complaint Procedure

Pursuant to Art. 8 ust. 1 pkt 4:

See our Complaint Procedure for full details. Complaints should be directed to info@rakomi.com.

6. Prohibition on Unlawful Content

Pursuant to Art. 8 ust. 3 pkt 2 lit. b of the Polish Act on Providing Services by Electronic Means:

Customers must not use the Service to deliver, store, or facilitate access to unlawful content (zakaz dostarczania treści bezprawnych). This includes but is not limited to content that violates applicable law, infringes intellectual property rights, constitutes defamation, or facilitates criminal activity.

7. Acceptable Use Policy

7.1 Permitted Use

You may use Rakomi solely for legitimate authentication, authorization, and identity management purposes within your applications.

7.2 Prohibited Activities

The following activities are strictly prohibited:

7.3 Enforcement

Violation of this AUP may result in: warning, temporary rate limit reduction, account suspension, or account termination, proportionate to the severity and pattern of violation.

8. Service Availability

The Rakomi platform is provided on a commercially reasonable efforts basis. We aim for high availability but do not guarantee specific uptime percentages at this time.

No binding SLA is offered in the current version. A Service Level Agreement with defined uptime commitments and remedies will be introduced alongside paid plans.

In other words: we work hard to keep Rakomi running, but we're honest that we don't yet have the infrastructure monitoring to guarantee 99.9% uptime. This transparency is intentional — we won't promise what we can't yet measure.

9. Plan Limits and Fair Use

9.1 Plans and Pricing

Rakomi offers four service tiers:

Plan Monthly Price Annual Price MAU Limit
Free 0 EUR 0 EUR 1,000
Pro 29 EUR 290 EUR/year (2 months free) 10,000
Business 99 EUR 990 EUR/year (2 months free) 50,000
Enterprise Custom Custom Custom

All prices are in EUR and exclude applicable VAT. VAT will be calculated and displayed during checkout based on your location and business status.

Reverse trial: Every new tenant receives a complimentary 14-day Pro trial. No credit card is required. At trial expiry, the tenant automatically reverts to the Free plan. No charges are incurred unless the tenant actively upgrades.

MAU overage blocks: Pro and Business tenants may purchase additional MAU capacity in blocks of 5,000 users at 10 EUR/month per block (maximum 10 blocks per plan).

9.2 Fair Use

Plan limits are designed for legitimate use. CRE8EVE reserves the right to adjust rate limits with 30 days' advance notice by email. Immediate throttling (without the 30-day notice period) may be applied in cases of abuse as defined in the Acceptable Use Policy (Section 7).

9.3 Subscription Terms

Billing cycle: Subscriptions are billed monthly or annually in advance. Auto-renewal occurs at the end of each billing period unless cancelled.

Upgrades: Take effect immediately. For upgrades within an active subscription (e.g., Pro to Business), the price difference is charged immediately (prorated).

Downgrades: Scheduled to take effect at the end of the current billing period. Resources exceeding the target plan's limits become read-only (NOT deleted). For annual subscriptions with more than 2 months remaining, a pro-rated refund for the excess period is issued (EU Data Act 2023/2854 Art. 6(8)).

Cancellation: You may cancel your subscription at any time via DELETE /v1/billing/subscription or through the dashboard. Cancellation takes effect immediately and your account is moved to the Free plan. No automatic refund is issued (see Art. 16(m) waiver below). This complies with EU Consumer Directive 2023/2673 — cancellation is as easy as signup.

Past-due subscriptions: If payment fails, automatic retries occur over approximately 2 weeks. During this period, you receive email notifications with a direct link to update your payment method. If payment remains unresolved, new user registrations are blocked, webhook deliveries are paused, and new API key creation is blocked. Existing user authentication (login, refresh, logout) always continues to work. If the subscription is not recovered, the account is downgraded to the Free plan.

Art. 16(m) withdrawal waiver: Before completing a paid subscription checkout, you will be asked to consent to immediate access to the service and acknowledge that you waive your 14-day withdrawal right under EU Consumer Rights Directive 2011/83/EU Art. 16(m). This is standard practice for digital services and has been confirmed by the EU Court of Justice (C-641/19).

10. Intellectual Property

10.1 Customer Data

You retain all rights, title, and interest in your data and your end-users' data processed through the platform. CRE8EVE acquires no ownership rights in Customer data.

10.2 Limited Processing Licence

You grant CRE8EVE a limited, non-exclusive licence to process your data solely for the purpose of providing and improving the Service. This licence terminates upon contract termination and data deletion.

10.3 Platform IP

CRE8EVE retains all intellectual property rights in the Rakomi platform, including its software, API design, documentation, SDK, trademarks, and trade dress.

10.4 Feedback

If you provide feedback, suggestions, or feature requests regarding the Service, CRE8EVE may use them without restriction or obligation. You are not required to provide feedback.

11. Limitation of Liability

11.1 Mutual Limitation

To the maximum extent permitted by applicable law, the aggregate liability of either party for all claims arising under or in connection with these Terms shall not exceed the total fees paid by the Customer to CRE8EVE in the twelve (12) months preceding the claim. Where the service is provided free of charge, the aggregate liability is limited to PLN 500.

11.2 Exclusions

Neither party excludes or limits liability for:

11.3 Art. 82 GDPR Carve-Out

This limitation does not apply to liability under Art. 82 GDPR (compensation for data protection damages), which cannot be contractually excluded or capped (CJEU C-300/21 Austrian Post).

Where CRE8EVE and the Customer are jointly involved in processing that causes damage, each party may be held liable for the entire damage (Art. 82(4) — joint-and-several liability, non-waivable). Art. 82(5) provides the right of recourse: a party that has paid full compensation for damage attributable to the other party's breach is entitled to claim reimbursement of the proportionate share.

11.4 Jurisdiction Carve-Out

Claims for compensation under Art. 82 GDPR may be brought before courts of the data subject's habitual residence, regardless of any jurisdiction clause in these Terms (Art. 82(6) / Art. 79(2) GDPR).

12. Indemnification

12.1 Customer Indemnification

You agree to indemnify and hold CRE8EVE harmless against claims arising from:

12.2 Art. 82(5) Recourse

This indemnification mirrors Art. 82(5) GDPR: where CRE8EVE pays compensation for damage attributable to the Customer's breach of GDPR obligations (as Controller), the Customer shall reimburse CRE8EVE proportionately.

13. Force Majeure

Neither party shall be liable for failure to perform obligations under these Terms due to circumstances beyond its reasonable control, including but not limited to:

The affected party shall notify the other party promptly and use reasonable efforts to mitigate the impact.

14. Data Retention and Account Deletion

14.1 Account Deletion

When you delete your account:

  1. A 7-day recovery grace period applies, during which you can restore your account. (Note: this grace period will be extended to comply with EU Data Act Art. 25(2)(g) minimum 30-day data retrieval period. See Section 15.)
  2. After the grace period, account data is permanently deleted within 30 days.
  3. Data export is available before deletion via the dashboard export feature (CSV format).
  4. Backup copies are purged within the 7-day backup rotation cycle.
  5. A deletion certificate is provided, scoped honestly to data within CRE8EVE's direct control.

14.2 Post-Deletion Retention

Anonymised compliance audit log metadata may be retained after account deletion for GDPR accountability obligations (Art. 5(2) / Art. 30). See our Privacy Policy Section 9 for details.

15. EU Data Act — Switching and Data Portability

Pursuant to Chapter VI of the EU Data Act (Regulation (EU) 2023/2854), in effect since September 12, 2025:

15.1 Notice Period

The Customer may initiate switching by providing notice to CRE8EVE. The maximum notice period is 2 months (Art. 25(2)(d)). CRE8EVE's actual notice period is 30 days.

15.2 Transitional Period

Upon notice, a transitional period of maximum 30 calendar days begins (Art. 25(2)(a)), during which:

The Customer has the right to extend the transitional period once (Art. 25(5)).

15.3 Exit Strategy Support

CRE8EVE provides exit strategy support as required by Art. 25(2)(b), including guidance on JWT key migration, OAuth redirect URI re-registration, and SDK integration changes.

15.4 Data Retrieval Period

After the transitional period, the Customer has a minimum 30 calendar days to retrieve remaining data (Art. 25(2)(g)).

Note: The current implementation provides a 7-day grace period, which will be extended to comply with the minimum 30-day retrieval requirement.

15.5 Erasure

Full erasure is performed after the data retrieval period expires (Art. 25(2)(h)).

15.6 Contract Termination Triggers

The contract terminates when (Art. 25(2)(c)):

15.7 Customer Options at Termination

At termination, the Customer may choose from three options (Art. 25(3)):

  1. Switch to another provider — CRE8EVE assists with data transfer to the destination provider.
  2. Switch to on-premises — CRE8EVE provides data export for self-hosted deployment.
  3. Erase — CRE8EVE permanently deletes all Customer data.

15.8 Extended Timeline

If the 30-day transitional period is technically unfeasible, CRE8EVE will notify the Customer within 14 working days and propose an alternative timeline not exceeding 7 months (Art. 25(4)).

15.9 Exportable Data Categories

The following data categories are available for export (Art. 25(2)(e)):

15.10 Trade Secret Exemptions

The following are exempt from export as trade secrets (Art. 25(2)(f)):

15.11 Switching Charges

No switching charges apply. Data export and switching assistance are provided free of charge (Art. 29). This will remain the case permanently from January 12, 2027 (Art. 29).

15.12 Authentication-Specific Switching Complexities

Per Art. 29(5)-(6), the following authentication-specific complexities must be considered during switching:

15.13 Open Interfaces

APIs are available equally to all Customers and destination providers, free of charge, with sufficient documentation for third-party import tools (Art. 30(2)). API documentation is maintained at rakomi.dev.

15.14 Switching Guide and Data Register

A switching guide with methods, formats, restrictions, and technical limitations is maintained at rakomi.dev (Art. 26(a)). An online register of data structures, formats, and open interoperability specifications is maintained at rakomi.dev (Art. 26(b)).

15.15 ICT Jurisdiction

All ICT infrastructure is located within the European Union (Hetzner, Germany) (Art. 28(1)(a)). CRE8EVE maintains measures against unlawful international governmental access to non-personal data (Art. 28(1)(b)).

15.16 Complaint Mechanism

For complaints related to switching, data portability, or data retrieval, see the Complaint Procedure Section 3.4.

16. OAuth Technical Disclosures

Customers integrating Rakomi's OAuth 2.0 authorization server should be aware of the following technical characteristics:

17. Terms Modification

17.1 Notification

Changes to these Terms will be communicated by email to the address registered on your account. Email constitutes a durable medium (trwały nośnik) as required by law. Dashboard notification is provided as a supplementary channel but does not satisfy the durable medium requirement alone.

17.2 Non-Material Changes

Non-material changes (e.g., clarifications, typographical corrections, additional examples) take effect 30 days after email notification. Continued use of the Service after this period constitutes acceptance.

17.3 Material Changes

Material changes to pricing, limitation of liability, data processing terms, or user rights require separate active acceptance. You will be prompted to accept the new terms before they apply to your account. If you do not accept, you may terminate the contract before the changes take effect.

17.4 Permissible Grounds for Modification

Changes may be made for the following reasons:

  1. Regulatory changes: New or amended laws, regulations, or court decisions affecting the Service.
  2. New features: Introduction of new functionality requiring updated terms.
  3. Security requirements: Changes necessary to maintain platform security.
  4. Price changes: Introduction of paid plans or adjustment of pricing.

18. Data Processing

Data processing by CRE8EVE is governed by our Privacy Policy and, for data processed on behalf of Customers, the Data Processing Agreement.

CRE8EVE does not process Customer or end-user data for AI/ML model training, fine-tuning, or improvement.

19. Governing Law and Jurisdiction

19.1 Governing Law

These Terms are governed by Polish law. For EU consumers and quasi-consumers, the mandatory consumer protection laws of their country of habitual residence apply additionally per the Rome I Regulation Art. 6.

19.2 Jurisdiction

Disputes between CRE8EVE and business Customers are subject to the exclusive jurisdiction of courts competent for the registered office of CRE8EVE Sp. z o.o. (Dobra, Poland).

Consumer carve-out: Consumers have the right to bring proceedings before the court of their domicile.

Art. 82 GDPR carve-out: Claims for compensation under Art. 82 GDPR may be brought before courts of the data subject's habitual residence (Art. 79(2) GDPR).

20. Current Pricing

See Section 9.1 for current plan pricing. All prices are in EUR and exclude applicable VAT.

Enterprise pricing is available upon request — contact sales@rakomi.com.

Pricing changes constitute a material change under Section 17.3 and require separate active acceptance. We will provide at least 30 days' advance notice by email before any price increase takes effect.

21. Miscellaneous

21.1 Entire Agreement

These Terms, together with the Privacy Policy, Cookie Policy, and Data Processing Agreement, constitute the entire agreement between you and CRE8EVE regarding the use of the Service.

21.2 Severability

If any provision of these Terms is found to be invalid or unenforceable, the remaining provisions shall continue in full force and effect.

21.3 No Waiver

Failure by CRE8EVE to enforce any provision shall not constitute a waiver of that provision or any other provision.

21.4 Assignment

CRE8EVE may assign its rights and obligations under these Terms in connection with a merger, acquisition, or sale of substantially all assets, provided the assignee agrees to honour these Terms.

21.5 Contact

For questions about these Terms: info@rakomi.com For data protection: dpo@rakomi.com For full entity details: Provider Identification

Changes to This Document

See Section 17 for the terms modification procedure.

Previous versions are available upon request to info@rakomi.com.