Terms & Conditions

Effective date: 1. November 2025
Company: Pedajas OÜ, registry code [], VAT ID []
Registered address: Verevsoo, Kastre
Email: info.msgui@gmail.com

  1. What these Terms cover
    These Terms & Conditions (“Terms”) govern access to and use of the Service - a web-based IT tool that connects to Microsoft® 365 to help administrators view and manage email quarantine (e.g., release, delete, report, search or otherwise manage quarantined messages).
    By creating an account, clicking “I agree”, or using the Service, you agree to these Terms.
    If you are accepting on behalf of a business or public body, you represent that you have authority to bind that entity and “Customer” means that entity.
  2. Key definitions
    Service – Our web application, APIs, and related features. Microsoft® 365 – Microsoft® cloud services used by Customer (e.g., Exchange Online). We are not affiliated with Microsoft®.
    Customer Data – Data you provide to or access through the Service, including tenant identifiers, user information, and any message metadata the Service processes (see §10).
    Subscription – A paid plan that auto-renews each billing period until cancelled.
    Admin User – A Customer user with rights to authorize Microsoft® permissions and take quarantine actions.
  3. Who may use the Service
    You must: (a) be at least 18; (b) have valid authority (for business use); and (c) only use the Service in accordance with applicable law and Microsoft® policies. You remain responsible for actions taken under your account.
  4. Account & Microsoft® authorization
    To function, the Service requires you to connect a Microsoft® 365 tenant and grant the necessary permissions (via Powershell, https://microsoft.com/devicelogin, Microsoft® OAuth / Graph scopes or equivalent).
    You can either control those permissions in your Microsoft® admin center or You can skip authorization or authentication (connecting to Microsoft® services). Revoking or not authorizing or not authenticating will limit or disable features and in this case it means that Service is still provided.
  5. Subscriptions, pricing, taxes
    5.1 Plans & renewal. Subscriptions are billed in advance per period (e.g., monthly). Plans and current prices are shown when registering to use the Service. Subscriptions auto-renew until cancelled.
    5.2 Trials. If offered, trials convert to a paid plan unless you cancel before the trial ends.
    5.3 Changes. We may change prices or plan features with reasonable prior notice, effective on the next renewal.
    5.4 Taxes. Prices may exclude VAT or other taxes; we will add them where required by law.
    5.5 Payment processors. We use third-party processors (e.g., Stripe, EveryPay, PayPal) to collect payments. They may apply their own terms and fees for funding and withdrawals.
  6. Cancellations & refunds (EU digital services)
    6.1 You can cancel in the account portal at any time; cancellation takes effect at the end of the current paid period - Subscription period. We do not provide prorated refunds for partial periods unless required by law.
    6.2 EU 14-day withdrawal. The Service is digital content/digital service supplied immediately after ordering. Where consumer laws grant a 14-day right of withdrawal, that right does not apply once you (i) request immediate access and (ii) acknowledge you will lose the right of withdrawal when the Service begins. We present this consent when registering. If you do not give that consent, you retain your statutory withdrawal right and refunds will follow applicable law.
    6.3 Service defects. If the Service does not conform to what we promised, you may have statutory remedies (e.g., fix, price reduction, termination) under EU/EEA and Estonian law.
  7. What the Service does (and does not) do
    7.1 Quarantine actions. The Service surfaces quarantine items from Microsoft® 365 and lets Admin Users initiate actions available in Microsoft® cloud infrastructure (e.g., release, delete). Actions are ultimately performed by Microsoft®, not by us.
    7.2 Dependency on Microsoft®. The Service depends on Microsoft® 365 availability, APIs, permissions, policies, and rate limits. We are not responsible for outages, changes, or limits imposed by Microsoft® or your tenant configuration or availability.
    7.3 Dependency on other Sub-processors (i.e. server infrastructure provider). The Service depends on Hetzer policies, and rate limits. We are not responsible for outages, changes, or limits imposed by or your tenant configuration. Sub-processors are listed in Annex below.
    7.4 No message storage (by default). We do not store email message content (body/attachments) in our databases. We may process message identifiers and limited metadata transiently to show you items and execute your commands (§10).
    7.5 Future storage option. If we later introduce an optional feature that stores message content or additional metadata, it will be opt-in, with a clear notice and updated terms/privacy details before you enable it.
  8. Acceptable use
    You will not: (a) attempt to access content you are not authorized to access;
    (b) misuse the Service to bypass Microsoft® or other Sub-processor's security;
    (c) interfere with or disrupt the Service;
    (d) reverse-engineer or resell except as allowed by law;
    (e) use the Service for unlawful, harmful, or spam activities. We may suspend or terminate for breaches.
    Any of these actions may suspend or terminate the Service and hold You accountable by law.
  9. Support & availability
    We provide email support on best-effort basis. While we aim for high availability, no specific SLA is promised unless you have a separate written agreement. Maintenance, security updates, and Microsoft® and Sub-processor's dependency on Sub-processors may cause temporary unavailability.
  10. Privacy, security, and data handling
    10.1 Roles under GDPR. For Customer Data from your Microsoft® tenant, you are the controller and we act as your processor. We process only on your instructions to provide the Service.
    10.2 Data we process. To operate the Service we may process tenant IDs, user and mailbox identifiers, quarantine item identifiers, message metadata (e.g., sender, recipient, subject line or fragments, timestamps, policy names), audit logs, and admin actions. Email and Content bodies, attachments are not persisted in our databases by default; transient processing may occur in memory or secure caches strictly to perform the requested action and display the current view.
    10.3 Security. We use industry-standard safeguards, including encryption in transit, restricted access, and secret/token management. You are responsible for your tenant security (e.g., Microsoft® admin roles, MFA) and for keeping your account credentials secure.
    10.4 Sub-processors. We use trusted sub-processors to host and operate the Service (e.g., cloud hosting providers, Microsoft®, payment processors, email delivery). We can provide a current list on request. 10.5 International transfers. Where data leaves the EEA, we rely on lawful transfer mechanisms (e.g., EU Standard Contractual Clauses) as applicable.
    10.6 Retention & deletion. We retain operational logs and minimal metadata for security, audit, billing, and compliance for up to 12 months, unless longer is required by law or to resolve disputes. On termination, we disable Microsoft® tokens (if possible) and delete or anonymize residual operational data within 31 days , except where retention is legally required.
    10.7 Data Processing Addendum. A simple DPA reflecting §10 is incorporated into these Terms. If your organization needs a signed DPA, contact us.
  11. Intellectual property & license
    We (and our licensors) own the Service and all related Intellectual Property. We grant you a non-exclusive, non-transferable, revocable license to use the Service during your Subscription, solely for your internal business purposes. You grant us a limited license to process Customer Data to provide and improve the Service (while respecting §10). You may provide feedback; we may use it without obligation.
  12. Third-party services
    The Service interoperates with Microsoft® 365 and other providers and Sub-processors. Their terms, privacy, and availability apply. We do not control third-party changes, outages, or features. If a third party ceases to make a feature available on reasonable terms, we may cease providing that integration with no liability beyond a pro-rated refund for any prepaid, unusable period.
  13. Warranties & disclaimers
    Except as expressly stated, the Service is provided “as is” and “as available”. To the maximum extent permitted by law, we disclaim all warranties, including merchantability, fitness for a particular purpose, and non-infringement. We do not warrant uninterrupted or error-free operation, nor that Microsoft® 365 will be available or unchanged.
  14. Limitation of liability
    To the maximum extent permitted by law: (a) we are not liable for indirect, consequential, special, punitive, or incidental damages, lost profits, or loss of data; and (b) our total aggregate liability arising out of or related to the Service is limited to the fees you paid to us for the Service in the 12 months before the event giving rise to the claim.
  15. Suspension & termination
    We may suspend or terminate the Service (or your access) for non-payment, material breach, security risk, legal compliance, or misuse. You may terminate at any time via the account portal. Upon termination, your license ends and we will revoke Microsoft® tokens (if possible) and handle data as in §10.6. Outstanding fees remain due.
  16. Changes to the Service or these Terms
    We may modify features, update the Service, or change these Terms. If changes are material, we will give reasonable notice (e.g., via email or in-app). Changes take effect on the next renewal or earlier if you accept them sooner. If you object to material changes, you may cancel before they take effect.
  17. Compliance, export, and sanctions
    You must comply with applicable laws (including anti-abuse, privacy, and export/sanctions rules). You may not use the Service if you are subject to EU, UK, or US sanctions or are located in a country embargoed by the EU or US.
  18. Consumer information (EU/EEA)
    If you are a consumer (not using the Service for your trade/business), you may have mandatory rights under the laws of your country. Nothing here limits those rights. You may also use the EU Online Dispute Resolution platform: https://ec.europa.eu/consumers/odr
  19. Governing law & disputes
    These Terms are governed by the laws of the Republic of Estonia (without regard to conflict-of-laws rules). Courts of Harju County (Harju Maakohus), Estonia shall have jurisdiction.
  20. Notices
    We will send legal notices to the email associated with your account. You should send notices to info.msgui@gmail.com . Notices are deemed received when sent (email) or on delivery (registered post).
  21. Miscellaneous
    Entire agreement. These Terms (and any order form, DPA, or documents referenced) are the entire agreement.
    Severability. If a clause is invalid, the rest remains effective.
    No waiver. Failure to enforce is not a waiver.
    Assignment. You may not assign without our written consent; we may assign in connection with a merger, acquisition, or sale.
    Force majeure. We are not liable for events beyond our reasonable control (including Microsoft® outages, internet failures, hosting incidents, or regulatory actions).
  22. Annex: Data Processing Addendum (summary)
    Subject matter & duration. Processing Customer Data to provide the Service for the Subscription term. Nature & purpose. Authentication to Microsoft® 365; retrieval and display of quarantine items; execution of administrator-initiated actions; logging/audit.
    Types of data. Tenant and user identifiers; quarantine item identifiers; limited message metadata (e.g., sender, recipient, subject line or fragments, timestamps, policy names); admin action logs; no message bodies/attachments are stored by default.
    Data subjects. Customer’s users, senders/recipients appearing in quarantine metadata. Processor obligations. Process only on documented instructions; keep data confidential; apply appropriate security; assist with data subject requests and incidents; delete/return data on termination per §10.6; make information available to demonstrate compliance.
    Sub-processors. We may engage hosting, monitoring, email, and payment providers; we will remain responsible for them and ensure equivalent protections.
    Current Sub-Processors:
    (a) Microsoft® - cloud service provider
    (b) Hetzner - server hosting and infrastructure provider
    (c) Mailjet - E-mail service provider, sending notices for clients and Service provider

    International transfers. Where applicable, use EU Standard Contractual Clauses or other lawful mechanisms.
    Customer obligations. Provide lawful instructions; ensure a valid legal basis; maintain tenant security; refrain from uploading or routing content through the Service beyond what is necessary for quarantine management.