master
b97fc7685a
Some checks failed
Build Test Deploy / authority-container (push) Has been cancelled
Build Test Deploy / docs (push) Has been cancelled
Build Test Deploy / deploy (push) Has been cancelled
Build Test Deploy / build-test (push) Has been cancelled
Docs CI / lint-and-preview (push) Has been cancelled
85 lines
3.1 KiB
Markdown
Executable File
85 lines
3.1 KiB
Markdown
Executable File
# Legal FAQ — Free‑Tier Quota & AGPL Compliance
|
||
|
||
> **Operational behaviour (limits, counters, delays) is documented in
|
||
> [`33_333_QUOTA_OVERVIEW.md`](33_333_QUOTA_OVERVIEW.md).**
|
||
> This page covers only the legal aspects of offering Stella Ops as a
|
||
> service or embedding it into another product while the free‑tier limits are
|
||
> in place.
|
||
|
||
---
|
||
|
||
## 1 · Does enforcing a quota violate the AGPL?
|
||
|
||
**No.**
|
||
AGPL‑3.0 does not forbid implementing usage controls in the program itself.
|
||
Recipients retain the freedoms to run, study, modify and share the software.
|
||
The Stella Ops quota:
|
||
|
||
* Is enforced **solely at the service layer** (Redis counters) — the source
|
||
code implementing the quota is published under AGPL‑3.0‑or‑later.
|
||
* Never disables functionality; it introduces *time delays* only after the
|
||
free allocation is exhausted.
|
||
* Can be bypassed entirely by rebuilding from source and removing the
|
||
enforcement middleware — the licence explicitly allows such modifications.
|
||
|
||
Therefore the quota complies with §§ 0 & 2 of the AGPL.
|
||
|
||
---
|
||
|
||
## 2 · Can I redistribute Stella Ops with the quota removed?
|
||
|
||
Yes, provided you:
|
||
|
||
1. **Publish the full corresponding source code** of your modified version
|
||
(AGPL § 13 & § 5c), and
|
||
2. Clearly indicate the changes (AGPL § 5a).
|
||
|
||
You may *retain* or *relax* the limits, or introduce your own tiering, as long
|
||
as the complete modified source is offered to every user of the service.
|
||
|
||
---
|
||
|
||
## 3 · Embedding in a proprietary appliance
|
||
|
||
You may ship Stella Ops inside a hardware or virtual appliance **only if** the
|
||
entire combined work is distributed under **AGPL‑3.0‑or‑later** and you supply
|
||
the full source code for both the scanner and your integration glue.
|
||
|
||
Shipping an AGPL component while keeping the rest closed‑source violates
|
||
§ 13 (*“remote network interaction”*).
|
||
|
||
---
|
||
|
||
## 4 · SaaS redistribution
|
||
|
||
Operating a public SaaS that offers Stella Ops scans to third parties triggers
|
||
the **network‑use clause**. You must:
|
||
|
||
* Provide the complete, buildable source of **your running version** —
|
||
including quota patches or UI branding.
|
||
* Present the offer **conspicuously** (e.g. a “Source Code” footer link).
|
||
|
||
Failure to do so breaches § 13 and can terminate your licence under § 8.
|
||
|
||
---
|
||
|
||
## 5 · Is e‑mail collection for the JWT legal?
|
||
|
||
* **Purpose limitation (GDPR Art. 5‑1 b):** address is used only to deliver the
|
||
JWT or optional release notes.
|
||
* **Data minimisation (Art. 5‑1 c):** no name, IP or marketing preferences are
|
||
required; a blank e‑mail body suffices.
|
||
* **Storage limitation (Art. 5‑1 e):** addresses are deleted or hashed after
|
||
≤ 7 days unless the sender opts into updates.
|
||
|
||
Hence the token workflow adheres to GDPR principles.
|
||
|
||
---
|
||
|
||
## 6 · Change‑log
|
||
|
||
| Version | Date | Notes |
|
||
|---------|------|-------|
|
||
| **2.0** | 2025‑07‑16 | Removed runtime quota details; linked to new authoritative overview. |
|
||
| 1.0 | 2024‑12‑20 | Initial legal FAQ. |
|