Last Updated: August 8, 2025

These Terms of Service govern your access to and use of Medusa Cloud and related services. By using the Cloud Services, you agree to be bound by the terms outlined below.

This Agreement applies exclusively to the Cloud Services and does not cover the Medusa open-source framework.

Unless otherwise defined, capitalized terms used in these Terms of Service have the meanings below:

• “Agreement” means these Terms of Service and any referenced attachments, policies, or documents incorporated by reference.
• “Company” means MedusaJS, Inc., the provider of the Cloud Services described in this Agreement.
• “Customer” means the individual or legal entity that enters into this Agreement with Company to access and use the Cloud Services.
• “Cloud Services” means the hosted, cloud-based platform and infrastructure provided by Company, including tools for deployment, configuration, and management of Customer projects.
• “Customer Data” means any content, code, data, or other materials submitted, uploaded, or transmitted by Customer through the Cloud Services.
• “Plan” means the specific subscription tier selected by Customer, which determines applicable pricing, features, usage limits, and the duration of the Subscription Term.
• “Subscription Term” means the period during which Customer is authorized to access and use the Cloud Services, based on the selected Plan.

1. SERVICES

1.1 Subject to the terms of this Agreement, Company shall use commercially reasonable efforts to provide Customer with access to its Cloud Services, as described in the applicable Plan or service documentation. Cloud Services may include infrastructure hosting, deployment, and configuration tools made available by Company as part of its managed offering.

1.2 Company reserves the right to modify or update the Cloud Services from time to time, provided such changes do not materially degrade core functionality during the Subscription Term.

1.3 Company will use reasonable efforts to maintain the Cloud Services. Cloud Services may be unavailable due to maintenance or causes beyond Company’s control. Company will use reasonable efforts to provide advance notice for scheduled maintenance.

2. RESTRICTIONS AND RESPONSIBILITIES

2.1 Company is responsible for securing the infrastructure and systems it operates, including implementing industry-standard technical and organizational measures, maintaining the availability of the Cloud Services, and responding to Customer support requests in a timely manner. While Company is not required to monitor Customer activity, it may do so when necessary to protect the integrity of the Cloud Services. Company reserves the right to suspend or restrict usage it reasonably believes may violate this Agreement or applicable law.

2.2 Company does not collect, store, or process payment card or billing information. Such data is handled solely by third-party payment processors and does not pass through or reside on Company systems. By purchasing a Plan, Customer agrees to provide its payment details and any additional information directly to such payment processor and to be bound by their terms of service. Customer’s payment information is handled in accordance with applicable privacy and security standards by these providers.

2.3 Customer owns and is solely responsible for all Customer Data submitted or stored by Customer in or through the Cloud Services. Customer hereby represents and warrants that all Customer Data complies with applicable laws and does not infringe third-party rights or include unlawful, harmful, or defamatory material.

2.4 Customer grants Company a non-exclusive, royalty-free, perpetual license to copy, distribute, prepare derivative works, and otherwise use Customer Data as reasonably necessary to operate, maintain, and improve the Cloud Services. This includes activities such as infrastructure monitoring, diagnostics, usage analysis, anonymization, and internal business reporting. Any such access is limited in scope, subject to appropriate technical and organizational safeguards, and does not involve the disclosure of identifiable Customer Data to third parties. For data protection purposes, Customer acts as the data controller and Company acts solely as a data processor with respect to Customer Data.

2.5 Customer is solely responsible for managing user access, account configurations, and the security of its systems and data. This includes implementing appropriate safeguards, maintaining secure credentials, and ensuring compliance with applicable regulations. Company shall not be liable for any data loss, unauthorized access, or disruptions resulting from misconfiguration, insecure implementation, or third-party integrations used by Customer.

2.6 Customer may choose to implement modifications or customizations to the Medusa open-source codebase. Any such changes are the sole responsibility of Customer and subject to the licensing terms of such codebase. Company shall not be liable for any issues, defects, or operational failures arising from these modifications, whether made by Customer or a third party on Customer’s behalf. Company’s managed services do not include the review, approval, or maintenance of custom code.

2.7 Customer agrees to indemnify and hold harmless Company and its affiliates, officers, employees, and agents from any claims, losses, liabilities, damages, or expenses (including reasonable legal fees) arising out of (i) a breach of this Agreement, (ii) the Customer Data, or (iii) the misuse of the Cloud Services. This obligation survives termination of the Agreement.

2.8 As a condition of use, Customer agrees not to use the Cloud Services for any purpose that is prohibited by this Agreement or by applicable law.Customer shall not (and shall not permit any third party) to: (i) license, sell, rent, lease, transfer, assign, reproduce, mirror, distribute, host or otherwise commercially exploit the Cloud Servicesor any portion of the Cloud Services; (ii) modify, translate, adapt, merge, make derivative works of, disassemble, decompile, reverse compile or reverse engineer any part of the Cloud Services except to the extent the foregoing restrictions are expressly prohibited by applicable law; (iii) use any manual or automated software, devices or other processes (including but not limited to spiders, robots, scrapers, crawlers, avatars, data mining tools, or the like) to “scrape” or download data from any web pages contained in the Cloud Services; (iv) remove or destroy any copyright notices or other proprietary markings contained on or in the Cloud Services; or (v) interfere with or attempts to interfere with the proper functioning of the Cloud Servicesor use the Cloud Servicesin any way not expressly permitted by this Agreement, including but not limited to violating or attempting to violate any security features of the Cloud Services, introducing viruses, worms, or similar harmful code into the Cloud Services, or interfering or attempting to interfere with use of the Cloud Services by any other user, host, or network. Any unauthorized use of the Cloud Services terminates the licenses granted by Company pursuant to this Agreement.

3. CONFIDENTIALITY & DATA RIGHTS

3.1 Each party acknowledges that, in connection with this Agreement, it may receive access to confidential or proprietary information belonging to the other, including information related to business, technology, or finances, and any other information that the receiving party actually knows or reasonably should know, based on the nature of the information or circumstances of disclosure, the disclosing party considers confidential (“Confidential Information”). This includes, for Company, non-public details about the Cloud Services’ features, functionality, and performance; and for Customer, any non-public Customer Data shared through the Cloud Services.

a) The party receiving the Confidential Information agrees to:

(i) use reasonable precautions to protect its confidentiality, and

(ii) not use or disclose it to any third party, except as needed to fulfill its obligations or exercise its rights under this Agreement or with prior written consent.

b) These obligations do not apply to information that the receiving party can show:

(i) was or becomes publicly available without breach of this Agreement;

(ii) was already known by receiving party before disclosure free of any obligation of confidentiality;

(iii) was lawfully disclosed by another party without restriction;

(iv) was independently developed without access to the Confidential Information. Prior to making any disclosure of Confidential Information pursuant to applicable law, regulation or court order, the receiving party shall make reasonable efforts to provide the disclosing party with (i) prompt written notice of such requirement so that the disclosing party may seek a protective order or other remedy; and (ii) reasonable assistance in opposing disclosure or seeking a protective order or other remedy. The receiving party shall disclose no more than the portion of the Confidential Information which is specifically ordered to be disclosed.

3.2 Customer retains all rights, title, and interest in and to its Customer Data, including any content or custom code it creates or deploys using the Cloud Services. Nothing in this Agreement shall be construed to grant Company any ownership rights in Customer Data. Company retains all rights to the Cloud Services and platform, including the infrastructure, software, and tools it provides, along with any related improvements or updates. This does not include any ownership over Customer’s use of Medusa’s open-source code or custom modifications.

3.3 Company may collect and analyze data related to Customer’s use of the Cloud Services, including metadata and aggregated or de-identified data derived from Customer Data. Company may use such data to improve its services, develop new features, and for lawful business purposes. Disclosures of such data will only be in aggregate or de-identified form and will not identify Customer or end users.

3.4 During the term of this Agreement, Customer grants Company a non-exclusive, royalty-free license to use Customer’s trade names and logos for the limited purpose of identifying Customer as a user of the Cloud Services in marketing materials or on Company’s website. Customer may revoke this license at any time by providing written notice.

4. DATA PROTECTION & PRIVACY

4.1 Company acts as a data processor on behalf of Customer, who is the data controller of Customer Data. Company processes Customer Data solely as necessary to provide the Cloud Services and in accordance with Customer’s instructions.

4.2 Customer is solely responsible for responding to any data subject requests (such as access, rectification, erasure, portability) related to Customer Data.

4.3 Company shall maintain reasonable administrative, technical, and physical safeguards designed to protect Customer Data from unauthorized access, disclosure, or loss. Routine data backups and disaster recovery procedures are in place to ensure service continuity.

5. FEES AND PAYMENT

5.1 Customer agrees to pay the fees charged to its account and corresponding to its selected Plan, as published on Company’s website at the time of subscription or renewal (“Fees”). Company reserves the right to modify Fees or institute new Fees for any renewal term by providing at least thirty (30) days’ notice to Customer via email prior to the end of the then-current term.

5.2 If Customer believes it has been incorrectly billed, it must notify Company in writing within thirty (30) days of the date of the invoice in question to dispute such invoice. All billing inquiries should be directed to Company’s customer support.

5.3 By submitting payment information, Customer authorizes recurring charges as described under their selected Plan. Customers may update payment authorization through account settings in the Cloud Services or by canceling their Plan. All Fees are non-refundable unless otherwise stated.

6. TERM AND TERMINATION

6.1 The Agreement commences upon Customer’s acceptance hereof and continues until terminated as set forth herein.

6.2 Either party may terminate immediately upon written notice in the event that the other party materially breaches this Agreement and thereafter fails to cure such material breach within thirty (30) days after receiving written notice reasonably describing such breach. Customer shall pay for Cloud Services rendered through termination.

6.3 Company may suspend or terminate Customer’s access to the Cloud Services for excessive or abusive use impacting service stability or security, immediately upon written notice in the event that the other fails to cure such use within thirty (30) days after receiving written notice reasonably describing such use.

6.4 Sections intended to survive termination (e.g., confidentiality, liability limitations, disclaimers) remain in effect.

7. WARRANTY AND DISCLAIMER

7.1 CUSTOMER EXPRESSLY UNDERSTANDS AND AGREES THAT, TO THE EXTENT PERMITTED BY APPLICABLE LAW, CUSTOMER’S USE OF THE CLOUD SERVICES AND ANY CONTENT THEREON IS AT CUSTOMER’S SOLE RISK, AND THE CLOUD SERVICES ARE PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS, WITH ALL FAULTS.COMPANY EXPRESSLY DISCLAIMS ALL WARRANTIES, REPRESENTATIONS, AND CONDITIONS OF ANY KIND, WHETHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OR CONDITIONS OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT ARISING FROM USE OF THE CLOUD SERVICES AND ANY CONTENT THEREON. COMPANY MAKES NO WARRANTY, REPRESENTATION OR CONDITION THAT: (1) THE CLOUD SERVICES WILL MEET CUSTOMER’S REQUIREMENTS (SUCH AS THE QUALITY, EFFECTIVENESS, REPUTATION AND OTHER CHARACTERISTICS OF THE CLOUD SERVICE); OR (2) CUSTOMER’S USE OF THE CLOUD SERVICES WILL BE UNINTERRUPTED, TIMELY, SECURE OR ERROR-FREE.

8. LIMITATION OF LIABILITY

8.1 To the maximum extent required by law and except for liability related to gross negligence or willful misconduct, Company and its affiliates, suppliers, and employees will not be liable for indirect, incidental, consequential, punitive or special damages, loss of business, or data corruption.

8.2 Company’s cumulative liability regardless of the nature of the claim, even if Company has been advised of the possibility of such damages, shall not exceed the fees paid by Customer in the 12 months prior to the event giving rise to liability.

9. MISCELLANEOUS

9.1 If any provision of this Agreement is unenforceable, it will be limited or removed without affecting the remainder. Customer may not assign or transfer this Agreement or its rights or obligations hereunder without Company’s consent. Company may assign or sublicense any of its rights or obligations hereunder without requirement of consent.

9.2 This Agreement constitutes the entire agreement between the parties regarding the subject matter hereof and supersedes prior communications.

9.3 No agency, partnership, joint venture, or employment relationship between the parties is created by this agreement.

9.4 The prevailing party in any dispute is entitled to recover attorneys’ fees.

9.5 Notices must be in writing and are deemed delivered upon receipt.

9.6 This Agreement is governed by the laws of the State of California, United States, without regard to its conflict of law principles.

10. CHANGES TO AGREEMENT

10.1 Company may amend this Agreement by posting an updated version on its website or within the Cloud Services. Such amendments will take effect thirty (30) days after the date of posting. It is the responsibility of Customer to review the Agreement periodically for changes. If Customer does not agree with the changes, Customer may terminate this Agreement by providing written notice of termination to Company within the 30-day notice period. Continued use of the Services after the 30-day period shall constitute Customer’s acceptance of the amended Agreement.