Terms of Service (AGB)

These General Terms and Conditions (AGB) apply to all contracts concluded between Selda Karakus, trading as ZeroTrace, Alte Brühler Straße 127, 50997 Köln, Germany ("ZeroTrace", "we") and the customer ("you") regarding the purchase of hardware and firmware, the use of dashboard accounts, and the use of associated software and services (the "Service").

A consumer (Verbraucher) within the meaning of §13 BGB is any natural person who concludes a transaction for purposes that are predominantly outside their trade, business, or profession.

• Product listings on our website are an invitation to make an offer, not a binding offer.
• By clicking the order button, you submit a binding offer to purchase the items in your cart.
• The contract is concluded when we accept the order — through a separate order confirmation by email, by dispatch of the goods, or by delivery of the digital licence.
• Pre-orders. Some products are offered for pre-order before they are stocked. Payment is taken at the time of order; the indicative dispatch window shown on the product page applies. If the dispatch date slips by more than 30 days from the indicative window, you may withdraw from the pre-order at no charge and we will refund all amounts paid without undue delay. Pre-orders do not affect the statutory right of withdrawal (see §5).
• Obvious pricing or product errors. If a product is displayed at a price or with a description that is manifestly incorrect (e.g., €1 for a hardware unit due to a typo or import error), the contract is not concluded; we will notify you and refund any payment received. Statutory rights remain unaffected.

All prices are in EUR and include any applicable statutory levies. ZeroTrace is a small business under §19(1) UStG; therefore no VAT is charged or shown. Shipping costs are displayed before checkout and are additional unless stated otherwise.

Payment is processed by Stripe. The accepted payment methods are shown at checkout.

Delivery details, processing times, and shipping destinations are set out in our Shipping Policy. Risk of accidental loss passes to consumers only upon delivery of the goods (§446 BGB / §475 Abs. 2 BGB).

Consumers have a statutory right of withdrawal of 14 days. The full Widerrufsbelehrung and the model withdrawal form are available at /policies/widerruf.

Important notes for ZeroTrace hardware:

• Per §357a Abs. 2 BGB, consumers are liable for any diminished value of the goods resulting from handling beyond what was necessary to establish their nature, characteristics, and functioning. For ZeroTrace security devices this means: a returned device that has been flashed with custom firmware, put to operational use against a real system or radio environment, or otherwise used beyond what an in-store examination would have permitted will be assessed for diminished value and the refund reduced accordingly.
• Devices that have been physically modified, tampered with, or had their seals broken in a way that prevents resale as new may be subject to a deduction up to the difference between new and refurbished retail value.

For any digital content not on a tangible medium (firmware licences, software, downloadable tooling, dashboard activations), the special rule of §356 Abs. 5 BGB applies — see the Widerrufsbelehrung for the consent that is captured at checkout.

The goods remain our property until the purchase price has been paid in full (§449 BGB). Digital licences are granted only once payment is received and confirmed.

Consumers have the full statutory warranty rights of two (2) years for new goods (§438 Abs. 1 Nr. 3 BGB). For used or B-grade goods, the warranty period may be reduced to one year in accordance with §476 Abs. 2 BGB; this will be expressly indicated at the time of purchase.

We test every device before shipment. If a device is defective on arrival or fails within the warranty period, contact admin@zerotrace.pw with your order number and a description (photo/video where helpful). We will repair, replace, or refund in accordance with statutory law.

With the purchase of any ZeroTrace firmware, software, or downloadable tooling, ZeroTrace grants you a non-exclusive, non-transferable, non-sublicensable, revocable licence to use the software for your own lawful, authorised security-research, defensive-testing, training, or educational purposes.

You may not:

• reverse-engineer, decompile, or disassemble the firmware beyond what mandatory law expressly permits (§69d, §69e UrhG — interoperability and error correction only)
• sublicense, rent, lease, lend, or redistribute the software to third parties
• circumvent technical protection measures, device-bound activation, hardware fingerprints, or licence-management systems (§95a UrhG, §108b UrhG)
• use the software to capture, decrypt, or process the data of third parties without their consent or other valid legal basis
• use any open-source intelligence or research tooling we supply to violate the terms of service of third-party data sources, to scrape data behind authentication, or to process special-category personal data (Art. 9 GDPR) without lawful basis
• use any traffic, proxy, or network-routing tooling we supply for credential stuffing, account takeover, fraud, or evasion of lawful access controls
• use the software in violation of applicable export controls, sanctions, or the EU Dual-Use Regulation (EU) 2021/821

Firmware licences are cryptographically bound to a single device. Hardware changes or migrations are handled on request, subject to proof of purchase. The licence terminates automatically upon material breach of these Terms, in which case the licensee must cease use and destroy or de-activate all copies and activations of the software.

Update obligation for consumers (§327f BGB). Where the software constitutes digital content or a digital service supplied to a consumer in the meaning of §327 BGB, ZeroTrace provides updates necessary to maintain conformity for the period the consumer can reasonably expect, having regard to the type and purpose of the software and to typical industry expectations. For one-off ("Lifetime") licences this is at least 24 months from delivery. We may discontinue updates earlier where security or technical reasons make continued maintenance unreasonable; in that case we will notify affected licence holders by email or in-app notice.

ZeroTrace products are sold exclusively for authorised security research, defensive testing, and education by professionals, students, and researchers. Several ZeroTrace products are dual-use security tools within the meaning of §202c StGB and equivalent provisions abroad. By purchasing or using them you confirm that:

• You will only deploy the products against systems, networks, devices, persons, or radio environments where you hold prior, demonstrable, written authorisation from the rights-holder or controller.
• You will obtain any consents required under applicable data-protection (GDPR, BDSG) and telecommunications law before processing personal data captured by ZeroTrace tools (e.g., Wi-Fi probes, BLE identifiers, MAC addresses).
• You understand that the products are not intended for, and may not be used for, covert surveillance of unconsented individuals.

Expressly prohibited uses include:

• unauthorised access to computer systems, accounts, or data (§202a StGB)
• interception of non-public data transmissions you are not party to (§202b StGB)
• circumvention or removal of access controls to obtain data (§202a StGB)
• recording the non-public spoken word of others (§201 StGB)
• violation of telecommunications secrecy (§206 StGB, §3 TTDSG)
• unauthorised use of HID/keystroke-injection capabilities against systems you do not own or control
• unauthorised passive or active capture of Wi-Fi, Bluetooth, BLE, or other radio traffic of identified third parties
• stalking, harassment, intimate-partner surveillance, or any form of coercive control (§238 StGB)
• deployment of malware, ransomware, persistent backdoors, or credential-theft tooling against third parties
• circumvention of effective technical protection measures (§108b UrhG, §95a UrhG)
• use in violation of the EU Dual-Use Regulation (EU) 2021/821 or any applicable export-control or sanctions regime
• resale, sublicensing, or onward transfer to parties in jurisdictions where the product is restricted, embargoed, or prohibited

Legal context (German criminal law). The §202c StGB "Hackerparagraph" was constitutionally narrowed by the Federal Constitutional Court (BVerfG, 2 BvR 902/06 et al., 18 May 2009): liability requires specific intent that the program be used to commit an offence under §202a/b. ZeroTrace products are designed, marketed, and sold solely for authorised security work; this section memorialises that intent and binds the buyer to use the products only within that lawful scope.

Violation of this section is a material breach of these Terms. It may lead to immediate termination of the account, the licence, and any pending or future orders, and ZeroTrace reserves the right to report misuse to competent law enforcement and to cooperate with lawful investigations.

• A dashboard account may be registered from age 16 (GDPR Art. 8(1) as transposed in Germany).
• Purchase of ZeroTrace dual-use security hardware or related firmware is restricted to persons aged 18 or older (see §15 Buyer Attestation).
• You are responsible for the confidentiality of your credentials and all activity under your account.
• We may suspend or terminate accounts that violate these Terms, applicable law, or that pose a security risk to the Service or other users.
• You may delete your account at any time via the dashboard or by emailing us; legal retention applies.

ZeroTrace is liable without limitation for damages arising from intent (Vorsatz) or gross negligence (grobe Fahrlässigkeit), for injury to life, body, or health, under the Product Liability Act (Produkthaftungsgesetz), and within the scope of any guarantee given.

For slight negligence, we are liable only for the breach of essential contractual duties (cardinal duties — kardinale Pflichten), and only for foreseeable, typical contract damage. Any further liability is excluded.

The Service is provided as-is to the extent permitted by §475a BGB and consumer-protection law.

Processing of personal data is governed by our Privacy Policy.

We are neither obliged nor willing to participate in dispute resolution proceedings before a consumer arbitration board (§36 VSBG). The EU Online Dispute Resolution platform is available at ec.europa.eu/consumers/odr.

The law of the Federal Republic of Germany applies, to the exclusion of the UN Convention on Contracts for the International Sale of Goods. For consumers, this choice of law does not deprive you of the protection of mandatory consumer-protection provisions of the law of the country in which you habitually reside (Art. 6 Rom-I-Verordnung).

Contract languages. These Terms are concluded in English. A German translation is available on request. In the event of any discrepancy, the English text shall prevail except for mandatory provisions of German consumer-protection law, which apply in their German statutory form.

Place of jurisdiction (B2B only). Where the customer is a merchant (Kaufmann), a legal person under public law, or a special fund under public law, the exclusive place of jurisdiction for all disputes arising out of or in connection with these Terms is Cologne, Germany. Statutory exclusive jurisdiction venues remain unaffected. For consumers, jurisdiction follows the statutory rules.

By placing an order, you attest that:

• You are at least 18 years old (or the age of majority in your jurisdiction).
• You have read and accept these Terms, the Acceptable Use provisions, the Privacy Policy, and the Widerrufsbelehrung.
• You will use the products only for lawful, authorised security research, defensive testing, training, or educational purposes.
• You are not on any applicable sanctions list (EU, UN, OFAC) and you are not ordering on behalf of a sanctioned person, entity, or jurisdiction.
• You will not resell or transfer the products to parties in jurisdictions where their import, possession, or use is restricted or prohibited.

ZeroTrace may, at its sole discretion and prior to dispatch, decline, cancel, or delay any order where there is a reasonable indication of unlawful intent, sanctions exposure, payment fraud, or where the buyer cannot or will not provide reasonable identity or use-case confirmation when requested. In such cases any payment received will be refunded in full, and no further obligation arises.

ZeroTrace products and services may be subject to the EU Dual-Use Regulation (EU) 2021/821, the German Foreign Trade and Payments Act (AWG/AWV), and equivalent national export-control regimes. By ordering you confirm that:

• You will not export, re-export, supply, or transfer the products or any embedded technology to embargoed or sanctioned jurisdictions (including but not limited to the Russian Federation, the Republic of Belarus, the Islamic Republic of Iran, the Democratic People's Republic of Korea, the Syrian Arab Republic, the non-government-controlled areas of Ukraine and Georgia, and any other jurisdiction subject to a comprehensive EU, UN, or German embargo).
• You will not supply the products to persons or entities listed on EU, UN, or OFAC sanctions lists.
• You are solely responsible for obtaining any export, re-export, or transfer authorisations required by the law of the country from which the product is dispatched, the law of any transit jurisdiction, and the law of the destination country.
• Where the product is classified as dual-use under Annex I of Regulation (EU) 2021/821, you will not put it to a use covered by Articles 4 or 5 of that Regulation (e.g., weapons of mass destruction, internal repression, serious violations of human rights or international humanitarian law) and will notify us if you become aware of such an intended use.

ZeroTrace reserves the right to refuse or cancel any order, suspend any account, and report to competent authorities where there is a reasonable indication of export-control or sanctions violation.

Should any provision of these Terms be or become invalid, the validity of the remaining provisions remains unaffected. We may update these Terms; material changes affecting consumers will be communicated by email or in-app notice before they take effect, and consumers may object within the notice period.