Important: Convenience Translation
This is a convenience translation of the German Allgemeine Geschäftsbedingungen (AGB). In the event of any discrepancy between this English version and the German original, the German version shall prevail. The German version is available at sternflut.de/agb.
Last updated: April 4, 2026
(1) These General Terms and Conditions (hereinafter “Terms”) apply to all contracts between
Timo Brenner
Sternflut (Sole Proprietorship / Einzelunternehmer)
c/o POSTFLEX PFX-046-301
Emsdettener Straße 10
48268 Greven, Germany
Email: info@sternflut.de
(hereinafter “Provider”) and the customer (hereinafter “Customer”) regarding the use of the Software-as-a-Service platform “Sternflut” (hereinafter “Service” or “Platform”) provided at https://sternflut.de.
(2) The Service is intended exclusively for entrepreneurs within the meaning of § 14 BGB (German Civil Code). By registering, the Customer confirms that they are using the Service exclusively in the course of their commercial or independent professional activity. Consumers within the meaning of § 13 BGB are excluded from using the Service.
(3) Deviating, conflicting, or supplementary general terms and conditions of the Customer shall not become part of the contract unless the Provider expressly agrees to their validity in writing.
(4) The Service includes in particular:
(5) Sternflut is a tool to support review management. The Provider does not guarantee any particular number, quality, or rating score of reviews collected. The Provider is not a marketing agency.
(1) The contract is formed by the Customer's registration on the Platform and confirmation of registration via email (double opt-in).
(2) By registering, the Customer accepts these Terms and the Data Processing Agreement (DPA), which is available at sternflut.de/dpa.
(3) The Provider reserves the right to reject registration without stating reasons.
(1) The Provider makes the Platform available to the Customer as a Software-as-a-Service (SaaS) via the Internet. The scope of services is determined by the plan selected by the Customer as described on the Provider's website.
(2) The Provider aims to ensure a platform availability of 99.5% on an annual average. Excluded from this are: planned maintenance, disruptions caused by force majeure or third parties (in particular Google, Twilio, Meta, Stripe, Resend, Supabase), and disruptions caused by the Customer.
(3) The Provider is entitled to further develop and adapt the Platform's features, provided this is reasonable for the Customer and does not substantially restrict the core functionality of the Service.
(4) The Platform is designed for use via common web browsers. The Provider does not owe any particular display on specific devices, browsers, or operating systems.
(5) The Provider depends on the availability and proper functioning of third-party services. Changes, restrictions, or discontinuation of third-party services may result in individual features being temporarily or permanently unavailable. The Customer has no claim to any specific third-party integration.
(6) The Platform uses artificial intelligence (AI) for reply suggestions and sentiment analysis (Regulation (EU) 2024/1689, Art. 50). AI-generated content is labelled as such in the user interface. AI reply suggestions are non-binding proposals that may not be accurate or complete. The Customer must review and adapt all AI-generated content before sending and is responsible for ensuring its appropriateness. Sentiment analyses are algorithmic assessments and may differ from actual customer sentiment.
(7) The Provider does not guarantee the actual delivery of emails, SMS, or WhatsApp messages to the recipient. Delivery depends on third-party providers (email providers, mobile carriers, Meta/WhatsApp) and factors beyond the Provider's control (e.g. spam filters, network availability, recipient settings).
(1) The Customer is obliged to provide truthful and complete information during registration and to keep this information up to date at all times.
(2) The Customer is responsible for keeping their access credentials confidential. The Customer is liable for all activities carried out under their account, unless the Customer is not responsible for use by third parties.
(3) Review Requests and Consent (Important):
The Customer bears full legal responsibility for ensuring that they have obtained the required consent or other legal basis from their end customers before sending review requests through the Platform. The Provider merely provides the technical tool. In particular, the Customer confirms:
(4) The Customer undertakes not to use the Platform for unlawful purposes, in particular not for sending unsolicited advertising (spam) in violation of § 7 UWG (German Unfair Competition Act), the CAN-SPAM Act (US), the TCPA (US), CASL (Canada), or PECR (UK); the deliberate manipulation or falsification of reviews (§ 5 UWG); the processing of data of minors without a legal basis; or use in a manner that damages the Platform or third parties.
(5) The Customer must not use the Platform for review gating. Review gating means selectively directing customers to public review platforms based on satisfaction (e.g. only directing satisfied customers to leave a Google review while redirecting dissatisfied customers to an internal feedback form). All recipients of review requests must be given the same opportunity to leave a public review.
(6) The Customer is obliged to comply with the applicable terms of use of third-party platforms (including Google, Meta/Facebook, Instagram, Trustpilot) when using the Service, in particular with regard to review solicitation policies.
(7) The Customer is responsible for the content of messages sent through the Platform.
(8) The Customer may grant additional persons access to their account (team members). The Customer determines the access rights of team members (e.g. administrator, member). The Customer is responsible for the actions and omissions of their team members as for their own actions.
(9) In the event of violations of these obligations, the Provider is entitled to temporarily suspend the Customer's access to the Platform or to terminate the contract for cause.
(10) You represent and warrant that you are at least 18 years of age or the age of majority in your jurisdiction. The Service is not directed at children. We do not knowingly collect personal information from anyone under 16 years of age (or 13 years of age in jurisdictions where that lower threshold applies, such as the United States under COPPA).
(1) The Service may be used free of charge under the free plan (Free Plan) without time limitation. The features of the free plan are limited.
(2) The Provider may offer new customers a free trial period with extended features. The trial period is typically 14 days and may be extended to up to 30 days through partner promotions. After the trial period expires, the account is automatically downgraded to the free plan. No automatic conversion to a paid subscription takes place.
(3) For paid plans, the prices stated on the Provider's website at the time of contract conclusion apply. All prices are stated in Euros (EUR). Prices shown are final prices. The Provider is currently exempt from VAT under the German Small Business Regulation (§ 19(1) UStG, German VAT Act). Should the Provider become subject to VAT in the future, prices will be shown plus the applicable statutory VAT; the Customer will be informed in advance.
(4) Billing and payment processing is handled by the payment service provider Stripe. The Customer receives invoices electronically via email or through the Stripe customer portal.
(5) Payments are due monthly or annually in advance, depending on the selected billing period. In the event of late payment, the statutory default regulations apply (§ 288(2) BGB, German Civil Code: 9 percentage points above the base interest rate for B2B transactions).
(6) For SMS messages, additional usage-based costs (overages) may apply depending on the plan. The Customer is informed of the applicable usage prices on the Provider's website.
(7) In the event of late payment exceeding 14 days, the Provider is entitled to suspend access to the Platform until the outstanding amount is settled.
(8) Set-off by the Customer is only permissible with undisputed or legally established claims.
(1) The free plan has no minimum term and can be terminated at any time by deleting the Customer's account.
(2) Paid plans have a minimum term corresponding to the selected billing period (monthly or annually). The contract is automatically renewed for the same period unless terminated before the end of the current term.
(3) Termination is possible at any time effective at the end of the current billing period. Full functionality is retained until the end of the paid period. Fees already paid for the current billing period will not be refunded.
(4) Termination can be made via the Stripe customer portal or in text form (e.g. by email to info@sternflut.de).
(5) The right to extraordinary termination for cause remains unaffected. Cause exists in particular if the Customer is in default of payment of at least two monthly instalments despite a reminder, the Customer repeatedly or seriously violates the obligations under § 4, or insolvency proceedings are opened against the Customer's assets or the opening is rejected for lack of assets.
(6) In the event of extraordinary termination by the Provider for cause attributable to the Customer, the Customer has no right to a refund of fees already paid for the remaining contract period. The Customer retains the right to prove that the Provider has suffered no or significantly less damage (§ 314(4) in conjunction with §§ 280 ff. BGB, German Civil Code).
(7) Upon termination of a paid plan, the Platform remains fully functional until the end of the paid term. Regardless of the selected plan (including the free plan), the Customer may request a transition period for migration to another provider before account deletion; the transition period is up to 30 calendar days (Regulation (EU) 2023/2854, Art. 25).
(8) The Customer may delete their account at any time in the Platform's settings. Upon deletion, the Customer's business data is irrevocably and immediately removed. Send logs are retained in anonymised form in accordance with tax law retention requirements (§ 147 AO, German Fiscal Code). The Customer is obliged to export their data before account deletion (see § 13).
(1) The Provider warrants that the Platform substantially provides the functionality described in the service description (§ 3).
(2) Defects must be reported to the Provider without undue delay after discovery in text form (including email).
(3) The Provider will remedy reported defects within a reasonable period. Remediation may, at the Provider's discretion, be effected by eliminating the defect, providing an update, or offering a workaround, provided this is reasonable for the Customer.
(4) Warranty claims do not exist insofar as the defect is attributable to improper use by the Customer, disruptions in third-party services, or changes in the Customer's technical requirements.
(5) For insignificant defects, claims for rent reduction or extraordinary termination are excluded.
(6) The limitation period for warranty claims is one year from the discoverability of the defect. This does not apply to claims for damages pursuant to § 8(1).
This limitation of liability is governed by German law (§§ 276, 278, 280–288, 823 BGB, German Civil Code). The mandatory liability carve-outs in paragraph (1) cannot be waived under German law.
(1) The Provider is liable without limitation:
(2) In the event of a slightly negligent breach of a cardinal obligation (a duty whose fulfilment is essential for the proper performance of the contract and on whose compliance the Customer regularly relies), the Provider's liability is limited to the typically foreseeable damage. Liability is capped at the total fees paid by the Customer in the 12 months preceding the damaging event.
(3) Otherwise, the Provider's liability for slightly negligent breaches of duty is excluded.
(4) Data loss: The Provider's liability for loss of data is limited to the typical recovery effort that would have been incurred had the Customer made proper and regular data backups (§ 13).
(5) The above limitations and exclusions of liability also apply to the personal liability of the Provider's legal representatives, employees, and vicarious agents.
(1) The Customer shall indemnify and hold the Provider harmless from all third-party claims arising from the Customer's unlawful use of the Platform, in particular claims resulting from sending review requests without the required consent (§ 7 UWG, Art. 6 GDPR, TCPA, CASL, PECR, CAN-SPAM).
(2) The Customer shall bear the costs of the Provider's reasonable legal defence, including all court and attorney fees at statutory rates.
(3) The indemnification obligation does not apply insofar as the Customer is not responsible for the violation or the claim is based on a defect in the Platform attributable to the Provider.
(1) The Provider processes the Customer's personal data in accordance with the Privacy Policy.
(2) Insofar as the Provider processes personal data on behalf of the Customer, the separate Data Processing Agreement (DPA) pursuant to Art. 28 GDPR applies.
(3) The Customer is the data controller (Art. 4(7) GDPR) for the data of their end customers; the Provider is the data processor (Art. 4(8) GDPR).
(4) The Provider maintains appropriate technical and organisational measures to protect Customer data, including encryption at rest and in transit, access controls, and regular security assessments, as described in detail in the Data Processing Agreement (Section 8).
(1) All rights to the Platform remain with the Provider.
(2) The Customer receives a simple, non-transferable right to use the Platform for the duration of the contract within the scope of the selected plan.
(3) The Customer remains the owner of their business data processed through the Platform. The Provider receives a simple right to use this data solely for the purpose of providing the Service.
(4) Third-party content embedded in the Platform (reviews from Google, Facebook, Trustpilot, Instagram) is subject to the terms of use of the respective third-party platform.
(1) Both parties undertake to treat confidential information of the other party as confidential and not to disclose it to third parties, unless disclosure is necessary for contract performance or required by law.
(2) Confidential information includes in particular trade and business secrets, customer data, technical information, and access credentials. Publicly available information and review content published on third-party platforms are not considered confidential.
(3) The confidentiality obligation survives the termination of the contract.
(1) The Provider performs regular backups of the Platform.
(2) The Customer may export their data at any time via the data export function in the Platform settings. The export is provided in a structured, commonly used, and machine-readable format (JSON). No separate fees are charged for data export or switching to another provider (Regulation (EU) 2023/2854, Art. 29).
(3) Exportable data categories: business data, review requests, usage statistics, messages, opt-outs, message templates, team members, notifications, QR analytics, payment events, escalation rules, and consent records.
(4) The Customer is independently responsible for regularly backing up their data. The Provider assumes no responsibility for the Customer's compliance with commercial and tax law retention obligations.
(5) The Provider's liability for data loss is set out in § 8(4).
(1) Neither party shall be liable for the non-performance or delayed performance of its contractual obligations insofar as the non-performance or delay is due to force majeure.
(2) Force majeure includes in particular natural disasters, war, terrorism, pandemics, official orders, strikes, lockouts, telecommunications or power supply failures, and failures or significant service restrictions of third-party services (including Google, Meta, Twilio, Stripe, Supabase, Resend).
(3) If the force majeure event persists for more than three months, either party is entitled to terminate the contract for cause.
(1) The Provider is entitled to amend these Terms with effect for the future, provided the amendment is reasonable for the Customer taking into account the Provider's interests. Amendments to the core service obligations (§ 3(1)) and fees (§ 5) are excluded and require a separate agreement.
(2) The Provider will inform the Customer of amendments at least six weeks before they take effect by email. The notification will draw attention to the right of objection, the objection period, and the consequences of failure to object.
(3) The amendments are deemed approved if the Customer does not object in text form within six weeks of receipt of the notification. The Provider will specifically draw attention to this consequence in the notification.
(4) If the Customer objects, both parties have a special right of termination effective at the planned date the amendments were to take effect. Until the termination takes effect, the previous Terms continue to apply.
(1) The contractual relationship is exclusively governed by the laws of the Federal Republic of Germany, excluding the UN Convention on Contracts for the International Sale of Goods (CISG). This choice of law is made pursuant to Article 3 of the Rome I Regulation (Regulation (EC) No 593/2008) and is binding on all parties regardless of their place of residence or establishment.
(2) For all disputes arising from or in connection with this contract, the place of jurisdiction is Greven, Germany, insofar as the Customer is a merchant (Kaufmann), a legal entity under public law, or a special fund under public law.
(3) The Provider is neither willing nor obliged to participate in dispute resolution proceedings before a consumer arbitration board (§ 36 VSBG, German Consumer Dispute Resolution Act).
(4) Should individual provisions of these Terms be or become invalid, this shall not affect the validity of the remaining provisions. The statutory provisions shall apply in place of the invalid provision (§ 306(2) BGB, German Civil Code).
(5) Amendments and additions to this contract require text form (including email). This also applies to the waiver of this text form requirement.
(6) The Provider is entitled to use subcontractors to fulfil its contractual obligations.
(7) The Provider is entitled to transfer rights and obligations under this contract in whole or in part to a third party. The Provider will inform the Customer of such transfer with four weeks' notice in text form. The Customer is entitled to terminate the contract for cause within two weeks of receipt of the notification.
(8) The Provider may use anonymised and aggregated data derived from the Customer's use of the Service (e.g. usage statistics, feature adoption, performance metrics) for the purpose of improving the Service, generating benchmarks, and for its own business purposes. Such data does not identify the Customer or any individual and is not considered Customer data.
(9) The Service is not an archiving service. The Provider does not guarantee the long-term preservation of Customer data beyond the retention periods described in the Privacy Policy. The Customer is responsible for maintaining their own data backups (see § 13).
(10) The Customer grants the Provider the right to use the Customer's company name and logo on the Provider's website, marketing materials, and customer lists, unless the Customer objects in writing. The Customer may revoke this right at any time by notifying the Provider in text form.
(11) The failure of either party to enforce any right or provision of these Terms shall not constitute a waiver of such right or provision.
(12) The provisions of §§ 8 (Liability), 9 (Indemnification), 10 (Data Protection), 12 (Confidentiality), and 16 (Final Provisions) shall survive the termination of the contract.
The Service is not designed for processing Protected Health Information (PHI) as defined by the Health Insurance Portability and Accountability Act (HIPAA). We do not currently offer Business Associate Agreements (BAAs). If you are a US healthcare provider or covered entity, you may not use the Service to process PHI. Customers who process PHI through the Service without a BAA do so at their own risk and without HIPAA compliance protections. Contact info@sternflut.de for inquiries.
You may not use the Service in violation of applicable export control laws, trade sanctions, or embargo regulations, including those administered by the U.S. Office of Foreign Assets Control (OFAC), the U.S. Export Administration Regulations (EAR), the European Union, the United Kingdom, or the United Nations.