--- document: Terms of Service language: en status: draft version: 0.1.0-draft last_updated: 2026-05-20 master: false translates: terms-of-service.ru.md ---

> Draft — owner + counsel review required before publishing. > This document is an internal draft. It only takes legal effect after owner sign-off, counsel review, and publication on app/(public)/legal/terms. > Russian (terms-of-service.ru.md) is the master version. In case of any discrepancy, the Russian text prevails until an official English version is signed off.

Bendahara — Terms of Service

Version: 0.1.0-draft  •  Effective from: [TBD: publication date] Service operator: [TBD: legal entity name (Russia LLC / Cyprus LTD / Bali entity / other)] Contact email: [TBD: legal@bendahara.app or equivalent]

These Terms of Service (the "Terms") govern the relationship between [TBD: operator name] ("Operator", "we", "our") and the legal or natural person ("Customer", "Tenant", "you") using the Bendahara service (the "Service").

---

1. Acceptance of Terms

1.1. Registering a company through the website form, signing in to an existing account, or otherwise using any functionality of the Service constitutes full and unconditional acceptance of these Terms.

1.2. If you do not agree with any provision of these Terms — do not use the Service.

1.3. The individual registering the company (the "Tenant Owner", role owner) confirms that:

they are at least 18 years old;
they are authorised to accept these Terms on behalf of the company they represent;
the information provided at registration is accurate.

1.4. The Operator may refuse registration or suspend an account without giving reasons where there are grounds to believe a breach of clause 1.3 or section 5.

---

2. Service description

2.1. Bendahara is a multi-tenant SaaS platform for managing expense claims and reimbursement requests, with Telegram as the primary interaction channel for approvers. The Service includes:

a web interface (app.bendahara.app or other domain — [TBD]) for administrators, finance staff, and employees;
a Telegram bot (@invoices_robot or other — [TBD]) for submission and approval;
API and webhook interfaces (paid plans only; see section 4);
configuration of approval workflows, role model, departments, and currencies per company;
an immutable audit log of all material events;
data export tools (Excel, CSV).

2.2. The Service is provided on an "as is" SaaS, multi-tenant basis. Data isolation between companies is enforced at the Firestore subcollection layer (see docs/multi-tenancy.md).

2.3. The Service may evolve: new features may be added, deprecated features removed, UI and behaviour changed. Material changes are announced per section 10.

---

3. Registration and accounts

3.1. Company (tenant) registration

3.1.1. Any person may register a company via the public form. Required information: company name, administrator email, sign-in method (password or OAuth provider).

3.1.2. The first registered user of a company is automatically granted the owner role. This role has the highest privileges within their tenant, including company deletion and subscription management.

3.1.3. There is one active Owner per tenant at a time. Ownership transfer to another user — via the admin interface or, if technically impossible, by support request.

3.2. Inviting employees

3.2.1. Employees join a tenant via a single-use invitation link generated by an administrator and shared with the invitee through Telegram, email, or any other convenient channel.

3.2.2. An invitation is valid for 7 days. After expiry it becomes invalid; the administrator may issue a new one.

3.2.3. By accepting an invitation through Telegram, the employee confirms: (a) acceptance of these Terms; (b) consent to bind their Telegram account to a Service account.

3.3. Account responsibility

3.3.1. The Customer is responsible for:

the confidentiality of passwords and tokens;
actions of any person using their account;
keeping contact details (email, phone) up to date.

3.3.2. Any suspected account compromise must be reported to the Operator immediately at the email from the preamble.

3.3.3. The Operator is not liable for damages resulting from the Customer's failure to maintain reasonable security measures.

3.4. Telegram account linking

3.4.1. Use of the Telegram channel requires phone number confirmation via Telegram's standard "Send Phone Number" mechanism.

3.4.2. The phone number is used to route messages and identify the user; it is not shared with third parties except as described in the Privacy Policy.

---

4. Paid subscriptions

4.1. Pricing plans

4.1.1. The Service offers the following plans (as of this version):

| Plan | Price | Limits / features | |-------------------|----------------------------------------|---------------------------------------------------------------------------| | Founding free | $0 — first cohort, perpetual | Up to [TBD: per-cohort limits] — fixed at signup | | Business | $120 / month (VAT-inclusive: [TBD]) | Up to 20–30 employees ([TBD: exact cap]), all core features | | Enterprise | Contractual (sales-led) | SSO, dedicated support, SLA, extended audit, on-prem options |

Current pricing and limits are published at app/(public)/pricing and may change per section 10.

4.2. Trial period

4.2.1. New tenants receive a free trial of 14 (fourteen) calendar days with full Business-plan functionality.

4.2.2. If no subscription is purchased before the trial ends, the tenant enters a grace period of 7 (seven) calendar days during which the Service continues to function while displaying a payment reminder.

4.2.3. After the grace period the tenant enters lock mode: data is preserved and remains readable by the Owner, but submission and approval of new claims is blocked.

4.2.4. Purchasing a subscription at any time while in lock mode restores full functionality without data loss.

4.2.5. [TBD: 90 or other] days after entering lock without payment, the tenant deletion procedure applies (section 7).

4.3. Payment

4.3.1. Payments are processed through a provider selected by the Operator: [TBD: Stripe / YooKassa / Cloudpayments / other]. The provider's own terms apply in addition.

4.3.2. Subscriptions auto-renew monthly (or annually if an annual term is selected) until explicitly cancelled in /admin/billing.

4.3.3. Upon cancellation, the Service remains available until the end of the paid period; auto-renewal is disabled.

4.3.4. Refunds: if the subscription is cancelled within [TBD: 14 / 30] days of the first payment, a full refund is available subject to no signs of abuse; otherwise refunds for the unused portion of a period are not provided. Detailed refund policy — [TBD: link].

4.4. Pricing changes and taxes

4.4.1. Prices are exclusive of applicable taxes (VAT, sales tax, etc.); taxes are added at the rate applicable to the Customer's jurisdiction.

4.4.2. The Operator may change prices and plan terms per section 10. A price change becomes effective for an existing Customer no earlier than 30 days after notification.

4.5. Enterprise plan

4.5.1. Enterprise terms are governed by a separate written agreement between the Operator and the Customer; that agreement supplements and, in case of conflict, prevails over these Terms with respect to the relevant tenant.

---

5. Acceptable use

5.1. The Customer shall NOT:

5.1.1. Use the Service for activities violating applicable law of the Customer's or the Operator's jurisdiction.

5.1.2. Upload content that infringes third-party rights (copyright, trademarks, image rights, communication secrecy, etc.).

5.1.3. Apply automated scraping, crawling, or similar bulk-extraction techniques other than through the official API within the limits of the paid plan.

5.1.4. Resell, sublicense, lease, or otherwise commercialise access to the Service without the Operator's written consent.

5.1.5. Use the Service for spam, fraud, phishing, malware distribution, or organised abuse of third-party accounts.

5.1.6. Create multiple tenants to circumvent free-tier or trial limits.

5.1.7. Upload data classified as especially sensitive by applicable law (health, biometric, state secrets, GDPR Art. 9 special categories, etc.) without prior written agreement with the Operator.

5.1.8. Attempt to bypass technical protections, reverse-engineer the Service, or probe for vulnerabilities outside a publicly announced responsible-disclosure programme ([TBD: bug bounty / security@bendahara.app]).

5.1.9. Generate excessive load on the Service infrastructure (DoS-like traffic, including unintentional).

5.2. Consequences of breach

5.2.1. Where a breach is identified, the Operator may, at its discretion: issue a warning, restrict functionality, suspend the account, or terminate the relationship per section 7.

5.2.2. For severe breaches (5.1.5, 5.1.7, 5.1.8) — suspension without prior notice.

5.2.3. The Operator is not obliged but may share information about breaches with law-enforcement authorities where legally grounded.

---

6. User content

6.1. Ownership. All data uploaded or created by the Customer in the Service (claims, receipts, documents, audit data, workflow settings, department names, etc., the "Content") remains the Customer (tenant) property. The Operator acts as a custodian and data processor as set out in the DPA (see dpa.ru.md; an English version is planned for Phase 5).

6.2. Licence to the Operator. The Customer grants the Operator a non-exclusive, royalty-free, term-limited licence to store, display, and process the Content solely to deliver the Service, provide technical support, ensure security, comply with the law, and — in anonymised aggregated form — for Service-quality analytics.

6.3. Backups. The Operator regularly takes technical backups (see docs/multi-tenancy.md § Tenant deletion). Backups are stored encrypted in Google Cloud Storage in the [TBD: europe-west1] region.

6.4. Content warranty. The Customer warrants that it holds all necessary rights to the uploaded Content and that the Content does not infringe third-party rights.

6.5. Telegram messages. Messages sent via the Service's Telegram bot are processed per Telegram's terms (see https://telegram.org/tos). Interaction metadata (chatid, messageid, inline-button click events) is stored by the Operator as part of the audit log.

---

7. Termination

7.1. By the Customer

7.1.1. The Tenant Owner may initiate company deletion at any time through /admin/danger-zone (double confirmation).

7.1.2. After initiation:

the tenant is flagged deleted_at and switched to read-only;
a 30-day grace period is provided during which the Owner may reverse the deletion;
after the grace period the Service exports all tenant data to an encrypted archive (GCS) and deletes subcollections;
the archive is retained for 365 days from soft-delete in case of claims or lawful requests, then physically destroyed (GDPR Art. 17 right to be forgotten).

7.1.3. The Customer may request a full data export in a machine-readable format (JSON + binary files) at any time before the 365-day expiry through /admin/export or by written request.

7.2. By the Operator

7.2.1. The Operator may terminate these Terms with respect to a tenant where:

there is a severe breach of section 5;
subscription has been unpaid for more than [TBD: 90] days past the grace period;
the Customer is liquidated as a legal entity;
the Operator is unable to continue providing the Service for reasons beyond its control (sanctions, vendor shutdowns, etc.).

7.2.2. Except for severe breaches, the Customer is notified at least 30 days in advance and given a chance to export data.

7.2.3. For severe breaches, notice may be served simultaneously with suspension.

7.3. Effects of termination

7.3.1. Termination does not relieve the Customer of payment obligations for services rendered before termination.

7.3.2. Sections 6, 8, 9, 11 survive termination to the extent applicable.

---

8. Disclaimer of warranties

8.1. Baseline

8.1.1. The Service is provided "AS IS" and "AS AVAILABLE". The Operator does not warrant that the Service will meet specific Customer expectations, be uninterrupted or error-free, or be compatible with any combination of Customer hardware and software.

8.1.2. The Operator does not warrant the accuracy of currency rates, the timeliness of Telegram notifications (which depend on Telegram's infrastructure), or the preservation of data deleted by the Customer themselves.

8.2. Target uptime

8.2.1. The Operator targets the following uptime levels:

| Project stage | Uptime target | |-----------------------------------|----------------------------| | Phase 4 — Closed beta | 95% per calendar month | | Phase 5+ — Public launch | 99% per calendar month | | Enterprise tier | Per individual SLA |

8.2.2. Targets are not a legal guarantee or SLA, except for Enterprise customers with a separate agreement.

8.2.3. Planned maintenance is excluded from uptime calculations and is announced at least 24 hours in advance.

8.3. Third-party services

8.3.1. The Service relies on third-party infrastructure (Google Firebase, Stripe, Telegram, Resend, and others — full list in the DPA). The Operator is not liable for their availability, policies, or actions.

---

9. Limitation of liability

9.1. Aggregate cap. To the maximum extent permitted by applicable law, the Operator's total liability to the Customer for any claims arising out of or in connection with these Terms shall not exceed the amount of the Customer's last monthly subscription payment (or USD 100 / RUB 10,000, whichever is greater, for free-tier users).

9.2. Excluded damages. Under no circumstances shall the Operator be liable for:

lost profits;
indirect, punitive, consequential damages;
loss of business reputation;
damages from business interruption;

even if advised of the possibility of such damages.

9.3. Exceptions. This section does not limit liability for:

the Operator's wilful misconduct causing damage;
liability that cannot be limited under applicable law (e.g., harm to life and health).

9.4. Forensics / investigation. Costs of engaging third-party specialists to investigate incidents are borne by the initiating party.

---

10. Changes to Terms

10.1. The Operator may amend these Terms. The Customer is notified at least 30 (thirty) calendar days before the effective date through:

email to the Tenant Owner's address;
in-app notice (/admin banner);
Telegram bot message (for users subscribed to technical notifications).

10.2. Continued use of the Service after the effective date constitutes acceptance of the new version.

10.3. If the Customer does not agree with the changes, they may terminate the subscription per section 7.1. Payment for the unused portion — per clause 4.3.4.

10.4. Non-material changes (typo fixes, rewording without substantive impact, contact-detail updates) may be made without prior notice.

10.5. An archive of past versions is published at app/(public)/legal/terms/history ([TBD: exact URL]).

---

11. Governing law and dispute resolution

11.1. Governing law. These Terms are governed by the laws of [TBD: operator's jurisdiction — Russia / Cyprus / Singapore / other].

11.2. Venue. Any dispute not settled through good-faith negotiation within 30 days of a written claim shall be resolved in [TBD: court / arbitration in the operator's jurisdiction].

11.3. Language of claims. Claims are submitted in English or Russian to the email from the preamble.

11.4. Class action waiver. [TBD: applicability depends on jurisdiction — not applicable in Russia; standard practice in the US.]

11.5. GDPR / 152-FZ. For Customers and users falling under EU or Russian jurisdiction, additional provisions of the GDPR and Russian Federal Law No. 152-FZ "On Personal Data" respectively apply. See the Privacy Policy and DPA.

---

12. Miscellaneous

12.1. Entire agreement. These Terms together with the Privacy Policy, DPA (for B2B Customers), and the individual contract (for Enterprise) constitute the entire agreement between the parties.

12.2. Severability. If any provision of these Terms is held invalid, the remaining provisions remain in force.

12.3. Notices. All legally binding notices are sent:

by the Operator to the Customer — to the Tenant Owner's email provided at registration;
by the Customer to the Operator — to the email from the preamble or via /help/contact.

12.4. Assignment. The Customer may not assign rights and obligations under these Terms without the Operator's written consent. The Operator may assign rights and obligations to a successor in reorganisation or sale of the business with at least 30 days' notice.

12.5. Force majeure. Neither party is liable for failure to perform due to events beyond reasonable control (war, sanctions, shutdown of critical providers, natural disasters, legal changes making performance impossible).

---

> Contact information: > Operator: [TBD: full legal name, registration number, registered address] > Email: [TBD: legal@bendahara.app] > Support: [TBD: support@bendahara.app or /help]

> Versioning: 0.1.0-draft → 1.0.0 upon first publication. See docs/legal/README.md § Versioning.