# Legal FAQ - Free-Tier Quota & BUSL-1.1 Additional Use Grant > **Operational behaviour (limits, counters, delays) is documented in** > [`30_QUOTA_ENFORCEMENT_FLOW1.md`](30_QUOTA_ENFORCEMENT_FLOW1.md). > This page covers only the legal aspects of offering Stella Ops as a > service or embedding it into another product while the free-tier limits are > in place. > **Plugin developers:** See [`PLUGIN_DEVELOPER_FAQ.md`](PLUGIN_DEVELOPER_FAQ.md) > for plugin-specific licensing questions. > > **MSPs and SaaS providers:** See [`SAAS_MSP_GUIDANCE.md`](SAAS_MSP_GUIDANCE.md) > for detailed hosting scenarios. --- ## 1 ? Does enforcing a quota violate BUSL-1.1? **No.** BUSL-1.1 permits usage controls and requires production use to remain within the Additional Use Grant (3 environments, 999 new hash scans per 24 hours, and no SaaS/hosted third-party service). Quota enforcement documents compliance. The Stella Ops quota: * Is enforced **solely at the service layer** (Valkey counters, Redis-compatible). * Never disables functionality; it introduces *time delays* only after the free allocation is exhausted. * Can be bypassed by rebuilding from source, but production use outside the Additional Use Grant requires a commercial license. ## 2 ? Can I redistribute Stella Ops with the quota removed? Yes, provided you: 1. **Include the LICENSE and NOTICE files** with your distribution, and 2. **Mark modified files** with prominent change notices. Recipients are still bound by BUSL-1.1 and the Additional Use Grant; production use outside the grant requires a commercial license. ## 3 ? Embedding in a proprietary appliance You may ship Stella Ops inside a hardware or virtual appliance under BUSL-1.1. You must include LICENSE and NOTICE and preserve attribution notices. Production use must remain within the Additional Use Grant unless a commercial license is obtained. Proprietary integration code does not have to be disclosed. ## 4 ? SaaS redistribution The BUSL-1.1 Additional Use Grant prohibits providing Stella Ops as a hosted or managed service to third parties. SaaS/hosted use requires a commercial license. ## 5 � Is e-mail collection for the JWT legal? * **Purpose limitation (GDPR Art. 5-1 b):** address is used only to deliver the JWT or optional release notes. * **Data minimisation (Art. 5-1 c):** no name, IP or marketing preferences are required; a blank e-mail body suffices. * **Storage limitation (Art. 5-1 e):** addresses are deleted or hashed after <= 7 days unless the sender opts into updates. Hence the token workflow adheres to GDPR principles. --- --- ## See Also - [`PLUGIN_DEVELOPER_FAQ.md`](PLUGIN_DEVELOPER_FAQ.md) - Plugin development and distribution questions - [`SAAS_MSP_GUIDANCE.md`](SAAS_MSP_GUIDANCE.md) - SaaS and MSP hosting scenarios - [`ENFORCEMENT_TELEMETRY_POLICY.md`](ENFORCEMENT_TELEMETRY_POLICY.md) - Audit and telemetry details - [`COMPLIANCE_ATTESTATION_FORM.md`](COMPLIANCE_ATTESTATION_FORM.md) - Self-attestation process - [`LICENSE-ADDENDUM-COMMUNITY-PLUGIN-GRANT.md`](../../LICENSE-ADDENDUM-COMMUNITY-PLUGIN-GRANT.md) - Full addendum text --- ## 6 - Change-log | Version | Date | Notes | |---------|------|-------| | **3.1** | 2026-01-25 | Added cross-references to Community Plugin Grant documentation. | | **3.0** | 2026-01-20 | Updated for BUSL-1.1 Additional Use Grant. | | **2.1** | 2026-01-20 | Updated for Apache-2.0 licensing (superseded by BUSL-1.1 in v3.0). | | **2.0** | 2025-07-16 | Removed runtime quota details; linked to new authoritative overview. | | 1.0 | 2024-12-20 | Initial legal FAQ. |