6.2 KiB
Compliance Attestation Form
Document Version: 1.0.0 Last Updated: 2026-01-25
This document describes the compliance attestation process for Stella Ops Community
Plugin Grant users. For a fillable template, see templates/self-attestation-form.md.
1. Purpose
The compliance attestation process allows organizations to demonstrate compliance with the Stella Ops Community Plugin Grant without enabling telemetry or undergoing formal audit. It provides a trust-based mechanism for license compliance verification.
2. Who Should Attest
Annual attestation is recommended for:
- Organizations using Stella Ops in production
- Deployments approaching free tier limits (2+ environments, 500+ scans/day)
- Organizations with data governance policies prohibiting telemetry
- MSPs managing customer deployments
Attestation is not required for:
- Non-production or evaluation use
- Single-environment deployments well within limits
- Organizations with active telemetry enabled
3. Attestation Components
3.1 Operator Information
| Field | Description | Example |
|---|---|---|
| Organization Name | Legal entity name | Acme Corporation |
| Contact Name | Primary compliance contact | Jane Smith |
| Contact Email | Email for compliance communications | compliance@acme.com |
| Installation ID | From admin dashboard (optional) | inst_abc123xyz |
| Attestation Date | Date form completed | 2026-01-25 |
3.2 Usage Declaration
Declare current usage levels:
Environment Count:
- 1 Environment
- 2 Environments
- 3 Environments (maximum free tier)
- More than 3 Environments (requires commercial license)
Scan Volume (peak 24-hour period in past year):
- Under 100 scans/day
- 100-499 scans/day
- 500-999 scans/day (maximum free tier)
- Over 999 scans/day (requires commercial license)
3.3 Distribution Declaration
If redistributing Stella Ops or Plugins:
- We do not redistribute Stella Ops or Plugins
- We redistribute with LICENSE and NOTICE files preserved
- We redistribute Plugins only (not core Stella Ops)
- We include this Addendum verbatim in all distributions
- We do not offer Stella Ops as a competing managed service
3.4 SaaS/MSP Declaration
Select the applicable scenario:
- Internal Use Only: Stella Ops is used only by our employees/contractors
- MSP Single-Tenant: We host isolated instances for customers (license details below)
- Not Applicable: We do not provide hosted services
If MSP Single-Tenant, specify:
- Number of customer instances: ___
- License type per instance:
- Each customer has own license
- Our commercial license covers all instances
- Mix (specify below)
4. Certification Statement
By submitting this attestation, the undersigned certifies that:
- The information provided is accurate to the best of their knowledge
- The organization's use of Stella Ops complies with BUSL-1.1 and the Community Plugin Grant
- They have authority to make this attestation on behalf of the organization
- They understand that false attestation may result in license termination
5. Submission Process
Step 1: Download Template
Copy the template from docs/legal/templates/self-attestation-form.md
Step 2: Complete Form
Fill in all required fields. Use "N/A" for non-applicable sections.
Step 3: Internal Review
Have appropriate internal stakeholders review:
- Legal/Compliance team
- IT/Platform team (for technical accuracy)
- Management (for authorization)
Step 4: Submit
Send completed form to: compliance@stella-ops.org
Subject line: Compliance Attestation - [Organization Name] - [Year]
Step 5: Confirmation
- Acknowledgment within 10 business days
- Confirmation letter issued if attestation accepted
- Follow-up questions if clarification needed
6. Renewal
6.1 Annual Renewal
Attestation should be renewed annually:
- Preferred: Within 30 days of attestation anniversary
- Grace period: 60 days after anniversary
- Reminder: stella-ops.org will send reminder 30 days before due date
6.2 Material Changes
Submit updated attestation within 30 days if:
- Environment count increases
- Scan volume regularly exceeds 80% of limit
- Organization structure changes (merger, acquisition)
- Deployment model changes (internal to MSP)
7. Record Retention
7.1 Attestor Retention
Organizations should retain:
- Copy of submitted attestation
- Supporting documentation (usage reports, dashboard screenshots)
- Confirmation letter from stella-ops.org
Recommended retention period: 5 years
7.2 stella-ops.org Retention
stella-ops.org retains:
- Submitted attestations: 5 years
- Confirmation letters: Indefinitely
- Supporting communications: 3 years
8. Frequently Asked Questions
Q: Is attestation mandatory?
A: No. Attestation is voluntary and recommended. It provides documented evidence of compliance in case of future questions.
Q: What if our usage changes after attesting?
A: Submit an updated attestation within 30 days of material changes. Good-faith updates are appreciated and do not trigger penalties.
Q: Can we attest for multiple installations?
A: Yes. Use one form per installation, or contact compliance@stella-ops.org for a consolidated form for large deployments.
Q: What happens if we can't attest to compliance?
A: Contact sales@stella-ops.org to discuss commercial licensing options. There's no penalty for recognizing a need to upgrade.
Q: Is the attestation legally binding?
A: The attestation is a representation of fact. Knowingly false attestation may result in license termination. However, good-faith errors with prompt correction are not penalized.
9. Contact
Attestation submissions: compliance@stella-ops.org
Questions about the process: legal@stella-ops.org
Commercial licensing: sales@stella-ops.org
See Also
templates/self-attestation-form.md- Fillable templateENFORCEMENT_TELEMETRY_POLICY.md- Audit and telemetry detailsLICENSE-ADDENDUM-COMMUNITY-PLUGIN-GRANT.md- Full legal terms
Document maintained by: Legal + Compliance Team Last review: 2026-01-25