diff --git a/src/App.tsx b/src/App.tsx index f6ef999..a819d0a 100644 --- a/src/App.tsx +++ b/src/App.tsx @@ -21,6 +21,7 @@ import CommunityPage from './pages/CommunityPage' import BlogPage from './pages/BlogPage' import BlogPostPage from './pages/BlogPostPage' import FaqPage from './pages/FaqPage' +import ModerationPage from './pages/ModerationPage' import NotFoundPage from './pages/NotFoundPage' import AuthModal from './components/AuthModal/AuthModal' import ProtectedRoute from './components/ProtectedRoute/ProtectedRoute' @@ -80,6 +81,7 @@ export default function App() { } /> } /> } /> + } /> } /> } /> } /> diff --git a/src/components/BYOKSection/BYOKSection.tsx b/src/components/BYOKSection/BYOKSection.tsx index fd5115e..b4a3d38 100644 --- a/src/components/BYOKSection/BYOKSection.tsx +++ b/src/components/BYOKSection/BYOKSection.tsx @@ -7,7 +7,7 @@ const featureCards: Carousel3DCard[] = [ { icon: , title: 'Bring your own keys', - description: 'Hook up OpenAI, Anthropic, Gemini — whatever you use. OpenThorn never touches your API keys.', + description: 'Hook up OpenAI, Anthropic, Gemini - whatever you use. OpenThorn uses your keys only for requests you make.', }, { icon: , @@ -22,7 +22,7 @@ const featureCards: Carousel3DCard[] = [ { icon: , title: 'Real code, real time', - description: 'OpenThorn writes production-grade code — not a drag-and-drop approximation. Watch every file appear.', + description: 'OpenThorn writes production-grade code - not a drag-and-drop approximation. Watch every file appear.', }, { icon: , diff --git a/src/components/Footer/Footer.tsx b/src/components/Footer/Footer.tsx index f8ff00e..85f43b3 100644 --- a/src/components/Footer/Footer.tsx +++ b/src/components/Footer/Footer.tsx @@ -33,6 +33,7 @@ const legalLinks = [ { label: 'Privacy Policy', to: '/privacy' }, { label: 'Terms of Service', to: '/terms' }, { label: 'Cookie Policy', to: '/cookies' }, + { label: 'Moderation & DSA', to: '/moderation' }, { label: 'Imprint', to: '/imprint' }, ] diff --git a/src/pages/CookiesPage.tsx b/src/pages/CookiesPage.tsx index d515497..ee6bdad 100644 --- a/src/pages/CookiesPage.tsx +++ b/src/pages/CookiesPage.tsx @@ -4,29 +4,82 @@ import { usePageTitle } from '../lib/usePageTitle' export default function CookiesPage() { usePageTitle('Cookie Policy') return ( - -

1. What Are Cookies and Local Storage

+ +

1. What Cookies and Local Storage Are

- Cookies are small text files stored in your browser by a website. Many modern web - applications also use the browser's localStorage API — a similar - mechanism that stores data locally without an expiry date. This page explains - exactly what OpenThorn stores and why. + Cookies are small text files stored in your browser by a website. Modern web apps + also use browser storage such as localStorage and{' '} + sessionStorage. This page explains what OpenThorn stores in your + browser and why.

-

2. Essential Storage

+

2. Essential Authentication Storage

- The following storage is strictly necessary for the service to function. It cannot - be disabled without breaking the service. + OpenThorn uses Supabase Auth to keep you signed in and protect account-only pages. + Depending on browser and Supabase behavior, session information may be stored in + browser storage and related authentication cookies. This storage is necessary for + login, logout, account security, and session restoration. +

+ +

3. Essential App Storage

+

+ OpenThorn also uses localStorage for product features that need to survive page + reloads on the same browser:

  • - Supabase authentication session — stores your login session so - you remain signed in across page loads. Set by Supabase when you sign in. - Removed when you sign out or clear your browser data. + seen_shared_projects_* - remembers which shared-project + notifications you have already seen, so the dashboard does not repeat the same + notice after every refresh. +
    • +
  • + github_repo_* - stores per-project GitHub repository owner, + repository name, and auto-sync preference for the browser you are using. +
    • +
  • + openthorn.memory.* - stores local user-memory entries such as + inferred design preferences, recurring fixes, and useful facts across projects. +
    • +
  • + Preview storage polyfills - generated project previews may use + in-memory replacements for localStorage or sessionStorage when sandboxed previews + cannot access normal browser storage.
-

3. What We Do Not Use

+

4. Consent Banner

+

+ OpenThorn currently does not use analytics cookies, advertising cookies, + retargeting pixels, or third-party social media tracking pixels. Because the + current browser storage is used for authentication, security, and requested app + functionality, we do not show a cookie consent banner. If we add non-essential + cookies or tracking, we will update this page and request consent where required. +

+ +

5. External Resource Requests

+

+ OpenThorn may load fonts, generated-preview runtime packages, type definitions, + or WebAssembly resources from third-party CDNs. These requests are not used by + OpenThorn for advertising or behavioural tracking, but the third-party provider + may receive technical request data such as your IP address, browser information, + requested URL, referrer, and request time. +

+

+ We describe these providers and data flows in the Privacy Policy. If we add + analytics, profiling, advertising, or other non-essential tracking, we will update + this notice and request consent where required. +

+ +

6. How to Control Storage

+

+ You can clear cookies and localStorage through your browser settings. Clearing + storage may sign you out, remove local preferences, reset notification state, and + disconnect browser-local GitHub repository settings. Server-side account, + project, provider-key, integration, collaboration, and community records are + handled as described in the Privacy Policy. +

+ +

7. What We Do Not Use

  • No analytics or tracking cookies.
  • No advertising or retargeting cookies.
    • @@ -34,7 +87,7 @@ export default function CookiesPage() {
  • No data shared with or sold to data brokers.
-

4. Contact

+

8. Contact

For questions about our use of cookies or local storage, contact us at{' '} mys.thomas00@gmail.com. diff --git a/src/pages/FaqPage.tsx b/src/pages/FaqPage.tsx index 779eefb..f8127f6 100644 --- a/src/pages/FaqPage.tsx +++ b/src/pages/FaqPage.tsx @@ -87,12 +87,12 @@ const FAQ_DATA: FaqCategory[] = [ { question: 'Are my API keys safe?', answer: - 'Yes. API keys are encrypted with AES-256-GCM before being stored in our database. They are never logged, never shared with third parties, and are only decrypted at the moment your request is sent to the provider.', + 'Saved API keys are encrypted before database storage, are not used for OpenThorn billing, and are decrypted only when needed to send your request to the AI provider you selected. You should still set provider-side spend limits, rotate keys, and revoke any key you suspect has been exposed.', }, { question: 'What data does OpenThorn store?', answer: - 'We store your email address, your encrypted API keys, your project names, and the prompts and generated code within your projects. We do not collect payment information, browsing behaviour, or any data beyond what is needed to provide the service.', + 'We store the data needed to provide the service, including account/profile data, encrypted API keys, project names, prompts, generated code, collaboration records, community likes, deployment metadata, and optional GitHub integration data. Browser-local storage may also keep app preferences and local user memory.', }, { question: 'Where is my data hosted?', diff --git a/src/pages/ImprintPage.tsx b/src/pages/ImprintPage.tsx index d22ba0d..3fa6ce1 100644 --- a/src/pages/ImprintPage.tsx +++ b/src/pages/ImprintPage.tsx @@ -4,18 +4,48 @@ import { usePageTitle } from '../lib/usePageTitle' export default function ImprintPage() { usePageTitle('Imprint') return ( - -

Operator

+ +

Service Provider

Thomas Tschinkel
+ OpenThorn
Rome, Italy

-

Contact

+

Legal Address

+

+ The full postal address of the operator must be added here before public or + commercial operation of the service. "Rome, Italy" alone may not satisfy provider + information duties for an Italian or EU information society service. +

+ +

Contact Details

Name: Thomas Tschinkel
Email: mys.thomas00@gmail.com

+ +

Business and Tax Information

+

+ If OpenThorn is operated commercially or through a registered business, add the + applicable business name, legal form, registration number, register court or + chamber of commerce entry, VAT or Partita IVA, and PEC address here. +

+ +

Responsible for Content

+

+ Thomas Tschinkel is responsible for OpenThorn content unless otherwise stated. + User-generated Community content is handled under the{' '} + Moderation and DSA Notice. +

+ +

Dispute Resolution

+

+ The European Commission's former Online Dispute Resolution platform stopped + accepting new complaints on March 20, 2025 and was discontinued on July 20, 2025. + OpenThorn is not currently obliged or willing to participate in a voluntary + consumer arbitration procedure unless mandatory law requires otherwise. +

) } diff --git a/src/pages/LegalPage.tsx b/src/pages/LegalPage.tsx index 9200f09..70b7238 100644 --- a/src/pages/LegalPage.tsx +++ b/src/pages/LegalPage.tsx @@ -17,6 +17,7 @@ const DOC_NAV = [ { path: '/terms', label: 'Terms of Service' }, { path: '/privacy', label: 'Privacy Policy' }, { path: '/cookies', label: 'Cookie Policy' }, + { path: '/moderation', label: 'Moderation & DSA' }, { path: '/imprint', label: 'Imprint' }, ] diff --git a/src/pages/ModerationPage.tsx b/src/pages/ModerationPage.tsx new file mode 100644 index 0000000..b4dd4db --- /dev/null +++ b/src/pages/ModerationPage.tsx @@ -0,0 +1,87 @@ +import LegalPage from './LegalPage' +import { usePageTitle } from '../lib/usePageTitle' + +export default function ModerationPage() { + usePageTitle('Moderation and DSA') + return ( + +

1. Scope

+

+ This notice explains how OpenThorn handles reports about illegal content, + unlawful activity, intellectual-property complaints, and community moderation. + It applies to public or shared areas of the service, including Community + projects, public previews, project metadata, and user-visible profile details. +

+ +

2. Single Point of Contact

+

+ For Digital Services Act, moderation, law-enforcement, or regulatory enquiries, + contact us at{' '} + mys.thomas00@gmail.com. + Please write in English, German, or Italian and include enough detail for us to + identify the content or account concerned. +

+ +

3. How to Report Illegal Content

+

+ If you believe content on OpenThorn is illegal or infringes your rights, email us + with the following information: +

+
    +
  • The URL, project ID, username, screenshot, or other identifier of the content.
    • +
  • A clear explanation of why you believe the content is illegal or infringing.
    • +
  • Your name and email address, unless you have a legally valid reason to report anonymously.
    • +
  • For intellectual-property reports, proof that you own or represent the affected rights.
    • +
  • A statement that the information in your report is accurate to the best of your knowledge.
    • +
+ +

4. Review and Action

+

+ We review reports in good faith and may remove, restrict, disable, or preserve + content where this is necessary to comply with law, protect users, enforce our + Terms, or investigate abuse. We may also reject reports that are incomplete, + abusive, clearly unfounded, or not related to OpenThorn. +

+

+ When we take moderation action against user content, we will provide the affected + user with a brief explanation where appropriate and legally permitted. We may not + provide details if doing so would create security risks, reveal confidential + information, interfere with an investigation, or violate applicable law. +

+ +

5. Appeals

+

+ If your content or account is restricted and you believe the decision was wrong, + contact us at{' '} + mys.thomas00@gmail.com + {' '}with the subject line "Moderation Appeal". Include the original decision, + your account email, the affected content, and why you believe the decision should + be changed. +

+ +

6. Repeat Abuse

+

+ We may suspend or terminate accounts that repeatedly publish illegal content, + submit manifestly unfounded reports, attempt to evade moderation, or abuse the + reporting process. +

+ +

7. Community Standards

+

+ Public OpenThorn content must not include illegal material, malware, phishing, + stolen credentials, private personal data, impersonation, copyright-infringing + material, hate or harassment, sexual exploitation, or content that endangers + children. Do not publish API keys, passwords, private repository data, or personal + information you do not have permission to share. +

+ +

8. Emergency and Authority Requests

+

+ Public authorities and law-enforcement bodies may contact us at{' '} + mys.thomas00@gmail.com. + We will review requests under applicable law and may require proof of authority, + legal basis, and a clear description of the requested action. +

+ + ) +} diff --git a/src/pages/PrivacyPage.tsx b/src/pages/PrivacyPage.tsx index 7486520..8f2d6d7 100644 --- a/src/pages/PrivacyPage.tsx +++ b/src/pages/PrivacyPage.tsx @@ -4,7 +4,7 @@ import { usePageTitle } from '../lib/usePageTitle' export default function PrivacyPage() { usePageTitle('Privacy Policy') return ( - +

1. Who We Are

OpenThorn is operated by Thomas Tschinkel, located in{' '} @@ -13,82 +13,210 @@ export default function PrivacyPage() { mys.thomas00@gmail.com.

-

2. What Data We Collect

-

We collect only what is necessary to provide the service:

+

2. What Data We Process

+

We process the data needed to provide, secure, and improve OpenThorn:

  • - Account data — your email address when you register or sign in. + Account and profile data - email address, display name, + avatar URL, OAuth account metadata, authentication identifiers, and session data.
  • - API keys — the API keys you add for third-party AI providers - (e.g. OpenAI, Anthropic). These are encrypted with AES-256-GCM before storage - and are never shared with third parties. + Project and repository data - project names, prompts, chat + history, generated code, uploaded or edited files, preview/deploy metadata, + starred status, and repository names or owner names when you connect GitHub.
  • - Project data — the prompts you write, the code OpenThorn - generates, and your project names. Stored so you can return to your work. + API provider data - AI provider names, model settings, base + URLs, enabled/disabled status, and API keys you save. API keys are encrypted + before database storage and are decrypted only when needed to send your request + to the AI provider you selected. +
    • +
  • + AI request data - prompts, project context, generated files, + runtime errors, and other technical context needed to produce or refine output. + This data may be sent to the AI provider you choose. +
    • +
  • + GitHub integration data - GitHub OAuth access tokens, GitHub + username, repository owner/name, repository descriptions, auto-sync setting, + and code pushed to GitHub when you enable repository sync. +
    • +
  • + Deployment data - generated HTML, project identifiers, Netlify + site IDs, deploy IDs, deploy URLs, and related deployment status data when you + use the Netlify deployment feature. +
    • +
  • + Community and collaboration data - public shared projects, + author/profile details displayed with community projects, likes, collaborator + email addresses, collaborator permissions, invite status, and real-time presence + or generation state used to support collaboration. +
    • +
  • + Local user memory - optional browser-local preferences, fixes, + and facts inferred from your prompts so OpenThorn can keep useful context across + projects on the same browser. +
    • +
  • + Technical data - IP address, browser/device data, request + logs, error information, and security events processed by our hosting, + authentication, database, font, CDN, and integration providers.
-

3. Legal Basis for Processing

+

3. Why We Process Data and Legal Bases

  • - Account and project data — performance of a contract - (Art. 6(1)(b) GDPR): processing is necessary to provide the service you signed - up for. + Providing the service - account access, project storage, + AI generation, GitHub sync, Netlify deploys, collaboration, and community + features are processed under Art. 6(1)(b) GDPR (performance of a contract). +
    • +
  • + Security, abuse prevention, reliability, and essential diagnostics - + processed under Art. 6(1)(f) GDPR (legitimate interests). +
    • +
  • + Legal compliance - records or disclosures required by law are + processed under Art. 6(1)(c) GDPR. +
    • +
  • + Optional connected services - when you choose OAuth login, + GitHub sync, provider keys, public sharing, or deployment, we process the data + needed for that feature under Art. 6(1)(b) GDPR and, where required, your + consent under Art. 6(1)(a) GDPR.
-

4. Third-Party Service Providers

-

We use the following processors who handle personal data on our behalf:

+

4. Third-Party Services and Recipients

+

We use service providers and integrations that may process personal data:

  • - Vercel Inc. (hosting and infrastructure) — the service is hosted - on Vercel's platform. Request data including IP addresses may be processed by - Vercel. Data may be processed in the United States under Standard Contractual - Clauses. + Vercel Inc. (hosting and infrastructure) - request data, + including IP addresses and technical logs, may be processed by Vercel. +
    • +
  • + Supabase, Inc. (authentication, database, realtime) - account, + profile, session, project, collaboration, community, encrypted provider-key, + and GitHub integration records are stored or processed on Supabase infrastructure. +
    • +
  • + AI providers you select (for example OpenAI, Anthropic, Google, + Mistral, Groq, OpenRouter, or custom providers) - prompts, project context, + generated files or errors, and your API key or authorization credentials are + transmitted as needed to fulfil your AI request. +
    • +
  • + GitHub, Inc. - OAuth login data and, if you connect a repository, + OAuth access tokens, repository metadata, and project code are processed by GitHub. +
    • +
  • + Netlify, Inc. - when you deploy, generated HTML and deployment + metadata are sent to Netlify to create or update a site.
  • - Supabase, Inc. (authentication and database) — your account - credentials and project data are stored on Supabase infrastructure. Data may be - processed in the United States under Standard Contractual Clauses. + Google Fonts / Google LLC - OpenThorn loads fonts from Google + Fonts. When your browser requests those font resources, Google may receive your + IP address, browser data, referrer, and request timing information. +
    • +
  • + CDN and package providers - generated previews may load runtime + resources such as JavaScript packages, type definitions, or WebAssembly files + from public CDNs when needed to build, preview, or typecheck generated code. +
    • +
  • + OAuth providers (Google and GitHub) - if you sign in with an + OAuth provider, that provider processes authentication data according to its own + terms and privacy policy.
-

OpenThorn does not sell your personal data to any third party.

+

+ OpenThorn does not sell your personal data. API keys are not used for OpenThorn + billing and are not disclosed except where technically necessary to communicate + with the provider you selected or where legally required. +

+

+ Where a provider acts as our processor, we aim to use appropriate data processing + terms, confidentiality obligations, and transfer safeguards. Where a third-party + service is independently selected by you, such as your AI provider or GitHub + account, that service may also act as an independent controller under its own + terms. +

+ +

5. Security Measures

+

+ We use technical and organisational measures intended to protect personal data, + including Supabase row-level security, authenticated access controls, HTTPS, + provider-side infrastructure security, and encryption of saved provider API keys + before database storage. +

+

+ Saved provider API keys are sensitive credentials. OpenThorn encrypts them before + database storage and decrypts them only when needed to send your request to the + provider you selected. This reduces exposure but does not make stored keys risk + free. You remain responsible for managing provider-side permissions, spend limits, + and key rotation, and you should revoke a key immediately if you suspect misuse. +

-

5. Data Retention

+

6. Public Sharing

+

+ If you publish a project to the Community, its title, preview, generated content, + author/profile information, likes count, and related metadata may be visible to + other users or visitors. Do not publish secrets, credentials, private repository + data, or personal information you do not want to make public. +

+ +

7. Data Retention

  • - Account and project data — retained for as long as your account - is active, or until you request deletion. + Account, profile, project, provider-key, integration, collaboration, + and community data - retained while your account is active or until you + delete it or request deletion, unless a longer retention period is required by law. +
    • +
  • + GitHub tokens and repo settings - retained until you disconnect + GitHub, delete the related data, or request deletion. +
    • +
  • + Deployment metadata - retained while needed to show and update + your deployment. Data hosted by Netlify may remain in your Netlify-managed site + according to Netlify's retention practices. +
    • +
  • + Browser-local data - remains on your device until you clear it, + sign out where applicable, or the app removes it. +
    • +
  • + Server logs and security records - retained for a limited + period needed for security, debugging, and legal compliance.
-

6. International Data Transfers

+

8. International Data Transfers

- Vercel and Supabase are US-based companies. Transfers of personal data from the - EU/EEA are covered by Standard Contractual Clauses (SCCs) approved by the European - Commission under Art. 46 GDPR. + Some providers are based in or process data in the United States and other + countries outside the EU/EEA. Where required, transfers are protected by adequacy + decisions, Standard Contractual Clauses, the EU-US Data Privacy Framework where + applicable, or other safeguards under Chapter V GDPR.

-

7. Your Rights

+

9. Your Rights

Under the GDPR you have the right to:

    -
  • Access — request a copy of your personal data.
    • -
  • Rectification — ask us to correct inaccurate data.
    • -
  • - Erasure — ask us to delete your account and associated data. -
    • +
  • Access - request a copy of your personal data.
    • +
  • Rectification - ask us to correct inaccurate data.
    • +
  • Erasure - ask us to delete your account and associated data.
  • - Restriction — ask us to pause processing in certain + Restriction - ask us to pause processing in certain circumstances.
  • - Portability — receive your data in a structured, + Portability - receive your data in a structured, machine-readable format.
    • +
  • Object - object to processing based on legitimate interests.
  • - Object — object to processing based on legitimate interests. + Withdraw consent - withdraw consent where processing is based + on consent, without affecting prior lawful processing.

@@ -97,7 +225,7 @@ export default function PrivacyPage() { We will respond within 30 days.

-

8. Complaints

+

10. Complaints

If you believe we have handled your data unlawfully, you have the right to lodge a complaint with the Italian data protection authority:{' '} @@ -112,17 +240,16 @@ export default function PrivacyPage() { ).

-

9. Changes to This Policy

+

11. Changes to This Policy

We may update this policy from time to time. When we do, we will update the "Last - updated" date at the top of this page. For material changes that affect your rights - under the GDPR — such as new categories of data collected, new processors, or a - new legal basis — we will notify you by email or a prominent notice in the service - and, where required by law, seek your renewed consent. Minor editorial changes - (e.g. clarifications, spelling) take effect immediately without notice. + updated" date at the top of this page. For material changes that affect your + rights under the GDPR - such as new categories of data collected, new processors, + or a new legal basis - we will notify you by email or a prominent notice in the + service and, where required by law, seek your renewed consent.

-

10. Contact

+

12. Contact

For any questions about this privacy policy or your personal data, contact us at{' '} mys.thomas00@gmail.com. diff --git a/src/pages/TermsPage.tsx b/src/pages/TermsPage.tsx index 246b074..40bdde4 100644 --- a/src/pages/TermsPage.tsx +++ b/src/pages/TermsPage.tsx @@ -4,7 +4,7 @@ import { usePageTitle } from '../lib/usePageTitle' export default function TermsPage() { usePageTitle('Terms of Service') return ( - +

1. About OpenThorn

OpenThorn is a free AI web builder. You describe what you want; OpenThorn generates @@ -39,8 +39,16 @@ export default function TermsPage() {

  • - Your API keys are used to make requests directly to the AI provider. OpenThorn - does not store, log, or charge for your API usage. + Your API keys are encrypted before database storage and used to make requests + to the AI provider you select. OpenThorn does not charge for your provider + usage. You should still treat saved API keys as sensitive credentials and + revoke them with your provider if you suspect compromise. +
    • +
  • + To fulfil your request, OpenThorn may send your API key or authorization + credentials, prompts, project context, generated files, and technical error + details to the selected AI provider. The provider processes that data under its + own terms and privacy policy.
  • You are solely responsible for the security of your API keys. If a key is @@ -91,6 +99,11 @@ export default function TermsPage() { We reserve the right to remove publicly shared content that violates these Terms or applicable law.

    +

    + Reports about illegal content, intellectual-property infringement, harmful + projects, or moderation decisions should be sent through the process described in + our Moderation and DSA Notice. +

    8. Intellectual Property

    @@ -121,14 +134,17 @@ export default function TermsPage() {

  • Bring Your Own Keys. OpenThorn does not operate AI models. You connect your own API keys from third-party AI providers (e.g. OpenAI, - Anthropic, Google). Those providers are responsible for their models' compliance - with applicable AI regulations. + Anthropic, Google). Those providers are responsible for obligations that apply + to their models, while OpenThorn remains responsible for the transparency, + configuration, and use obligations that apply to OpenThorn as a service.
  • - Minimal-risk use case. OpenThorn is used exclusively for code - and website generation. It is not used for any high-risk purpose as defined in - Annex III of the EU AI Act (including but not limited to biometric - identification, employment decisions, credit scoring, or law enforcement). + Intended use. OpenThorn is designed for code and website + generation. You must not use it for prohibited AI practices or for high-risk + purposes such as biometric identification, employment decisions, credit scoring, + education access decisions, law enforcement, migration control, or other regulated + uses unless you independently ensure that all applicable legal requirements are + met.
  • Human review recommended. AI-generated code may contain errors, @@ -143,14 +159,32 @@ export default function TermsPage() {
-

11. Limitation of Liability

+

11. Digital Services Act and Content Moderation

+

+ OpenThorn may host public user content, including Community projects and related + metadata. Users must not upload, publish, or share illegal content, malware, + phishing pages, stolen credentials, private personal data, infringing material, or + content that violates the rights or safety of others. +

+

+ We may remove, restrict, suspend, or preserve content where necessary to comply + with law, enforce these Terms, protect users, or investigate abuse. We may also + suspend or terminate accounts that repeatedly publish illegal content or submit + manifestly unfounded reports. +

+

+ Our single point of contact and reporting process are set out in the{' '} + Moderation and DSA Notice. +

+ +

12. Limitation of Liability

To the maximum extent permitted by applicable law, OpenThorn and its operators shall not be liable for any indirect, incidental, special, consequential, or punitive damages arising out of or related to your use of the service. Because the service is provided free of charge, our aggregate liability to you for direct damages shall not exceed the greater of the fees you paid us in the twelve months - preceding the claim or €0. + preceding the claim or EUR 0.

Nothing in these Terms limits or excludes liability for fraud, gross negligence, @@ -161,14 +195,14 @@ export default function TermsPage() { these Terms.

-

12. Termination

+

13. Termination

We may suspend or terminate your account if you breach these Terms. You may delete your account at any time by contacting us at mys.thomas00@gmail.com. Termination does not affect any accrued rights or obligations.

-

13. Changes to Terms

+

14. Changes to Terms

We may update these Terms at any time by posting the revised version on this page with an updated date. Continued use of the service after the update constitutes @@ -176,7 +210,7 @@ export default function TermsPage() { account.

-

14. Governing Law

+

15. Governing Law

These Terms are governed by Italian law. For users who are consumers under the Italian Consumer Code (D.Lgs. 206/2005), the mandatory consumer protection @@ -185,7 +219,7 @@ export default function TermsPage() { except where mandatory consumer law provides otherwise.

-

15. Contact

+

16. Contact

For any questions about these Terms, contact us at mys.thomas00@gmail.com.