Initial commit (history squashed)

2025-10-07 10:14:21 +03:00
commit b97fc7685a
1132 changed files with 117842 additions and 0 deletions
--- a/docs/29_LEGAL_FAQ_QUOTA.md
+++ b/docs/29_LEGAL_FAQ_QUOTA.md
@@ -0,0 +1,84 @@
+# Legal FAQ — Free‑Tier Quota & AGPL Compliance
+
+> **Operational behaviour (limits, counters, delays) is documented in  
+> [`33_333_QUOTA_OVERVIEW.md`](33_333_QUOTA_OVERVIEW.md).**  
+> This page covers only the legal aspects of offering Stella Ops as a
+> service or embedding it into another product while the free‑tier limits are
+> in place.
+
+---
+
+## 1 · Does enforcing a quota violate the AGPL?
+
+**No.**  
+AGPL‑3.0 does not forbid implementing usage controls in the program itself.
+Recipients retain the freedoms to run, study, modify and share the software.
+The Stella Ops quota:
+
+* Is enforced **solely at the service layer** (Redis counters) — the source
+  code implementing the quota is published under AGPL‑3.0‑or‑later.
+* Never disables functionality; it introduces *time delays* only after the
+  free allocation is exhausted.
+* Can be bypassed entirely by rebuilding from source and removing the
+  enforcement middleware — the licence explicitly allows such modifications.
+
+Therefore the quota complies with §§ 0 & 2 of the AGPL.
+
+---
+
+## 2 · Can I redistribute Stella Ops with the quota removed?
+
+Yes, provided you:
+
+1. **Publish the full corresponding source code** of your modified version  
+   (AGPL § 13 & § 5c), and
+2. Clearly indicate the changes (AGPL § 5a).
+
+You may *retain* or *relax* the limits, or introduce your own tiering, as long
+as the complete modified source is offered to every user of the service.
+
+---
+
+## 3 · Embedding in a proprietary appliance
+
+You may ship Stella Ops inside a hardware or virtual appliance **only if** the
+entire combined work is distributed under **AGPL‑3.0‑or‑later** and you supply
+the full source code for both the scanner and your integration glue.
+
+Shipping an AGPL component while keeping the rest closed‑source violates
+§ 13 (*“remote network interaction”*).
+
+---
+
+## 4 · SaaS redistribution
+
+Operating a public SaaS that offers Stella Ops scans to third parties triggers
+the **network‑use clause**.  You must:
+
+* Provide the complete, buildable source of **your running version** —
+  including quota patches or UI branding.
+* Present the offer **conspicuously** (e.g. a “Source Code” footer link).
+
+Failure to do so breaches § 13 and can terminate your licence under § 8.
+
+---
+
+## 5 · Is e‑mail collection for the JWT legal?
+
+* **Purpose limitation (GDPR Art. 5‑1 b):** address is used only to deliver the
+  JWT or optional release notes.
+* **Data minimisation (Art. 5‑1 c):** no name, IP or marketing preferences are
+  required; a blank e‑mail body suffices.
+* **Storage limitation (Art. 5‑1 e):** addresses are deleted or hashed after
+  ≤ 7 days unless the sender opts into updates.
+
+Hence the token workflow adheres to GDPR principles.
+
+---
+
+## 6 · Change‑log
+
+| Version | Date | Notes |
+|---------|------|-------|
+| **2.0** | 2025‑07‑16 | Removed runtime quota details; linked to new authoritative overview. |
+| 1.0 | 2024‑12‑20 | Initial legal FAQ. |