# SaaS and MSP Licensing Guidance

**Document Version:** 1.0.0
**Last Updated:** 2026-01-25

This document provides detailed guidance on Stella Ops licensing for SaaS providers,
Managed Service Providers (MSPs), and hosting scenarios. For the full legal terms,
see `LICENSE-ADDENDUM-COMMUNITY-PLUGIN-GRANT.md`.

---

## Overview

The Stella Ops BUSL-1.1 license with Community Plugin Grant restricts providing Stella
Ops as a commercial hosted service to third parties. This document clarifies what is
and isn't permitted under different hosting scenarios.

**Key Principle:** The restriction targets commercial offerings that compete with
Stella Ops' own hosted services, not legitimate internal use or isolated customer
deployments.

---

## 1. Prohibited: Multi-Tenant SaaS Offerings

The following are **NOT permitted** without a commercial license:

### 1.1 Public SaaS Platform

**Prohibited:** Operating a multi-tenant SaaS platform that provides Stella Ops
functionality to paying customers.

**Example (prohibited):**
```
AcmeScan.io
├── Customer A (paying subscriber)
├── Customer B (paying subscriber)
├── Customer C (paying subscriber)
└── Shared Stella Ops infrastructure
```

**Why prohibited:** This directly competes with Stella Ops' commercial SaaS offering.

### 1.2 White-Label Hosting

**Prohibited:** Rebranding Stella Ops and selling it as your own hosted product.

**Example (prohibited):**
```
"PowerScan Pro" (white-labeled Stella Ops)
├── Sold as monthly subscription
├── Marketed as proprietary technology
└── Runs on shared infrastructure
```

**Why prohibited:** This is commercial redistribution as a competing service.

### 1.3 Embedded SaaS Features

**Prohibited:** Embedding Stella Ops scanning as a feature in your commercial SaaS product.

**Example (prohibited):**
```
AcmeDevPlatform.com (commercial SaaS)
├── Code repository feature
├── CI/CD pipeline feature
├── "Security Scanning" feature <- Powered by embedded Stella Ops
└── Charged as part of subscription
```

**Why prohibited:** Stella Ops functionality is being monetized as part of a third-party
service offering.

---

## 2. Permitted: Internal Use

The following **ARE permitted** under the Community Plugin Grant:

### 2.1 Internal Enterprise Deployment

**Permitted:** Deploying Stella Ops for your organization's internal use.

**Example (permitted):**
```
Acme Corp Internal
├── Development team scans
├── Security team analysis
├── Compliance reporting
└── Accessed only by Acme employees/contractors
```

**Why permitted:** Internal use for the licensee's own business operations.

### 2.2 Internal Platform Team

**Permitted:** A platform/DevOps team providing Stella Ops to internal development teams.

**Example (permitted):**
```
Acme Corp Platform Team
├── Hosts Stella Ops on internal infrastructure
├── Provides scanning service to:
│   ├── Team Alpha (internal)
│   ├── Team Beta (internal)
│   └── Team Gamma (internal)
└── All users are Acme employees
```

**Why permitted:** All users are within the same organization.

### 2.3 Subsidiary/Affiliate Use

**Permitted:** Parent company hosting for subsidiaries under common control.

**Example (permitted):**
```
Acme Holdings
├── Acme Corp (subsidiary) - uses hosted Stella Ops
├── Acme Europe (subsidiary) - uses hosted Stella Ops
└── Acme Asia (subsidiary) - uses hosted Stella Ops
```

**Why permitted:** Affiliates under common control are treated as one organization.

---

## 3. Permitted with Conditions: MSP Single-Tenant Hosting

Managed Service Providers may host Stella Ops for customers under specific conditions.

### 3.1 Single-Tenant Isolated Deployments

**Permitted (with commercial license):** MSP hosting separate Stella Ops instances for
each customer.

**Example (permitted with commercial license):**
```
AcmeMSP Infrastructure
├── Customer A Instance (isolated)
│   ├── Dedicated Stella Ops deployment
│   ├── Customer A data only
│   └── Covered by AcmeMSP commercial license
├── Customer B Instance (isolated)
│   ├── Dedicated Stella Ops deployment
│   ├── Customer B data only
│   └── Covered by AcmeMSP commercial license
└── No shared infrastructure between customers
```

**Requirements:**
- Each instance must be fully isolated
- MSP must have commercial license covering all instances
- Or each customer must have their own commercial license

### 3.2 Customer-Licensed Deployments

**Permitted:** MSP managing infrastructure where customer holds the license.

**Example (permitted):**
```
AcmeMSP (infrastructure only)
├── Customer A Infrastructure
│   ├── Customer A's Stella Ops license
│   ├── MSP manages infrastructure
│   └── Customer controls license compliance
└── Customer B Infrastructure
    ├── Customer B's Stella Ops license
    └── MSP manages infrastructure
```

**Why permitted:** The customer (not MSP) is the licensee; MSP provides only
infrastructure management.

---

## 4. Gray Areas: Guidance for Common Scenarios

### 4.1 Consulting with Temporary Access

**Scenario:** Security consultant deploys Stella Ops at client site for an engagement.

**Analysis:**
- If consultant's license: Consultant needs commercial license for third-party use
- If client's license: Client uses their free tier or commercial license

**Recommendation:** Client should obtain their own license; consultant assists with
deployment.

### 4.2 Training/Demo Environments

**Scenario:** Providing training environments with Stella Ops to external trainees.

**Analysis:**
- Temporary, non-production training: Generally permitted under non-production use
- Ongoing access for trainees: May require commercial license depending on duration

**Recommendation:** Contact legal@stella-ops.org for training program licensing.

### 4.3 Non-Commercial Community Hosting

**Scenario:** Hosting Stella Ops scanning as a free service for community benefit.

The BUSL-1.1 restriction specifically targets "public multi-tenant **paid** hosting."
Non-commercial hosting for community benefit may be eligible for the Community Program.

**Examples of potentially eligible scenarios:**
- Free scanning services for open source projects
- Academic/educational institutions providing free access to students
- Non-profit organizations providing free services to other non-profits
- Community-run instances for local developer communities

**Requirements for Community Program consideration:**
1. Service must be genuinely free (no fees, subscriptions, or required purchases)
2. Service must not be a loss-leader for commercial offerings
3. Service must not compete directly with Licensor's commercial offerings
4. Organization must apply and be approved by Licensor

**Analysis:**
- Non-commercial, community benefit: Contact community@stella-ops.org for evaluation
- If charging any fees: Requires commercial license (not eligible for Community Program)
- If bundled with paid services: Requires commercial license

**Recommendation:** Apply for Community Program at https://stella-ops.org/community

**Important:** Community Program approval is not automatic. Licensor reserves the right
to evaluate each application based on community benefit, competitive impact, and
alignment with program goals.

### 4.4 Reseller/Channel Partner

**Scenario:** Reselling Stella Ops commercial licenses with implementation services.

**Analysis:**
- Reselling licenses: Requires authorized reseller agreement
- Implementation services: Permitted under customer's license

**Recommendation:** Contact sales@stella-ops.org for reseller program details.

---

## 5. Compliance Checklist

### For Internal Deployments

- [ ] All users are employees, contractors, or affiliates of the licensee
- [ ] Deployment is within free tier limits (3 environments, 999 scans/day) OR
      commercial license obtained
- [ ] LICENSE and NOTICE files preserved
- [ ] No third-party access to functionality

### For MSP Deployments

- [ ] Each customer instance is fully isolated
- [ ] Either MSP or customer holds valid license for each instance
- [ ] No shared multi-tenant infrastructure
- [ ] Clear documentation of license responsibility
- [ ] Annual compliance attestation completed

### For Any Hosted Scenario

- [ ] Not marketed as competing SaaS product
- [ ] Not white-labeled or rebranded
- [ ] Not embedded in commercial SaaS offering
- [ ] Attribution requirements met

---

## 6. Decision Tree

```
Is Stella Ops functionality being provided to third parties?
│
├─ NO → Internal use permitted (within free tier or with commercial license)
│
└─ YES → Is it a commercial offering (paid or part of paid service)?
         │
         ├─ NO (genuinely free, community benefit)
         │   │
         │   ├─ Apply for Community Program (community@stella-ops.org)
         │   │
         │   └─ If approved → Permitted under Community Program terms
         │      If not approved → Commercial license required
         │
         └─ YES (paid, or free-as-loss-leader for paid services)
              │
              └─ Is each customer fully isolated (single-tenant)?
                  │
                  ├─ NO → Commercial SaaS license required
                  │       (contact sales@stella-ops.org)
                  │
                  └─ YES → MSP single-tenant model
                           │
                           ├─ MSP holds commercial license covering all instances
                           │  → Permitted
                           │
                           └─ Each customer holds their own license
                              → Permitted (MSP provides infrastructure only)
```

**Key distinction:** The restriction targets "public multi-tenant **paid** hosting."
Non-commercial hosting for genuine community benefit may qualify for the Community Program,
but requires explicit approval from Licensor.

---

## 7. Examples of Compliance Violations

The following are examples of arrangements that would violate the license:

1. **"Vulnerability Scanning as a Service"** - Public signup for scanning services
   powered by Stella Ops without commercial license

2. **DevSecOps Platform Bundle** - Including Stella Ops scanning in a paid platform
   subscription without commercial license

3. **Shared MSP Instance** - Multiple MSP customers sharing a single Stella Ops
   deployment

4. **"Free Tier Arbitrage"** - Running multiple free-tier installations to serve
   third-party customers

5. **Competitive Forking** - Forking Stella Ops and offering it as a competing
   hosted service

---

## 8. Getting Commercial License

If your use case requires a commercial license:

**Contact:**
- Email: sales@stella-ops.org
- Website: https://stella-ops.org/pricing

**License options include:**
- Per-environment licensing
- Unlimited scan licensing
- MSP/reseller programs
- OEM/embedded licensing

**Volume discounts** available for MSPs and enterprise deployments.

---

## See Also

- `LICENSE-ADDENDUM-COMMUNITY-PLUGIN-GRANT.md` - Full legal terms
- `docs/legal/LEGAL_FAQ_QUOTA.md` - Quota and free tier FAQ
- `docs/legal/PLUGIN_DEVELOPER_FAQ.md` - Plugin developer questions
- `docs/legal/ENFORCEMENT_TELEMETRY_POLICY.md` - Audit and compliance verification

---

*Document maintained by: Legal + Sales Operations*
*Last review: 2026-01-25*