Terms of Service for Easy Gsm Pro Products

Effective date: May 20, 2026
Last updated: May 20, 2026

1. Acceptance of terms

By installing, accessing, or using the Easy Gsm Pro mobile/desktop application (the "App"), the EasyGSM CMS server software (the "CMS"), or the EasyGSM Pro license portal at https://easygsmpro.com (the "Portal") — collectively, the "Products" — you agree to these Terms of Service ("Terms") and to our Privacy Policy. If you do not agree, stop using the Products.

2. About us

The Products are provided by Luis Enrique Moya Rozas, an individual developer who resides in Mexico. The Portal infrastructure is hosted in Germany by Hetzner Online GmbH.

Contact: luisenriquemr96@gmail.com

3. License grant

Subject to your compliance with these Terms, we grant you a non-exclusive, non-transferable, revocable license to:

• The App: install and use the mobile/desktop application on devices you own or control, for personal or business use, to interact with a CMS instance operated by you or your service provider.
• The CMS: when you have purchased a license key, run one instance of the CMS per valid license on the hardware/cloud of your choice, according to the license tier you purchased (single-server, machine-binding applies).
• The Portal: access publicly available pages, manage your licenses if you are a customer, and submit privacy requests.

We retain all rights, title, and interest in the Products and their source code not expressly granted to you in these Terms.

4. License restrictions

You must not:

• Reverse-engineer, decompile, disassemble, or attempt to bypass the license-validation, anti-tampering, or obfuscation mechanisms of the CMS or App, except where such restriction is prohibited by applicable law.
• Redistribute, resell, sublicense, lease, or rent the CMS or App to third parties, except as permitted by your specific license tier.
• Use the Products for any unlawful purpose, including without limitation: circumventing carrier locks in violation of applicable laws, processing stolen device identifiers, money laundering, or fraud.
• Share, copy, or use a license key on more machines than your tier permits. Cloned installations are detected via machine-fingerprinting and trigger license revocation.
• Use the Products to harm, harass, or violate the privacy of others.

5. CMS operators (service providers)

If you operate a CMS instance and offer services to end-users via your CMS, you are the data controller for those end-users under GDPR, CCPA, LFPDPPP, LGPD and equivalent laws. You agree to:

• Publish your own privacy policy at your CMS's /privacy URL (the CMS admin panel includes a built-in Markdown editor for this — see Section 5.1 below for the full list of compliance features we ship).
• Publish your own terms of service at your CMS's /terms URL (same built-in editor).
• Handle end-user data subject requests (access, deletion, rectification, restriction, portability) promptly. The CMS provides built-in self-service endpoints for end-users so you do not have to handle most requests manually.
• Configure your legal identity (company name, jurisdiction, DPO email, effective date) in /admin/settings/legal.
• Configure cookie / consent / age-verification settings as required by your jurisdiction.
• Comply with all applicable laws, including consumer protection, anti- money-laundering, telecommunications, and import/export controls.
• Accept the Data Processing Agreement (/legal/dpa) as governing the limited data processing we perform on your behalf via the backup and optional-logging channels of the Portal.

5.1 Built-in compliance features in the CMS and App

We ship the CMS and the App with the technical mechanisms required by modern privacy law (GDPR Art. 7, 8, 15-22, 25, 30, 32; CCPA §1798.105-130; LFPDPPP; LGPD). The CMS operator is responsible for activating, configuring and operating them; we are responsible for keeping the underlying code working. The features bundled at no additional cost include:

• Right of access & portability (GDPR Art. 15 & 20) — every end-user can download a structured JSON of all data the CMS holds about them via /user/profile/data-export (web) or GET /mobile/v1/account/export (mobile).
• Right to erasure (GDPR Art. 17) — end-users can delete their account themselves via POST /user/profile/erase or DELETE /mobile/v1/account, with hard-delete when referential integrity allows and in-place anonymization when financial-ledger integrity (credit transfers) requires preserving the row. Orphan files on disk (payment proofs, order attachments) are purged automatically.
• Right to restriction of processing (GDPR Art. 18) — end-users can freeze their account themselves, reversibly, via POST /user/profile/freeze or POST /mobile/v1/account/freeze.
• Right to rectification (GDPR Art. 16) — end-users can update name, phone, language, timezone, and currency from the profile UI (web) and the mobile app (PUT /mobile/v1/profile).
• Consent capture & versioning (GDPR Art. 7) — the registration form requires explicit, granular consent to Privacy Policy and Terms of Service, with the version number captured at the moment of acceptance so re-consent can be triggered if you publish a new version.
• Marketing opt-in — separate from required consent; opt-out by default.
• Age verification (GDPR Art. 8 + COPPA) — registration requires an age-confirmation checkbox and optional birth-year input that validates server-side against the 16-year EU strict threshold.
• Cookie consent banner (ePrivacy) — ships enabled on the public pages; the CMS currently uses only strictly necessary cookies (session, CSRF, locale).
• Admin-editable Privacy & Terms pages — Markdown editor under /admin/settings/legal; rendered server-side with XSS-safe sanitization (bleach + linkify) and Unicode-bidi protection.
• Audit log for accountability (GDPR Art. 5(2)) — tamper-evident hash-chained append-only log records consent at registration (user_register_consent) and every erasure event (user_erasure_initiated / user_erasure_completed) with versioning, actor, IP and user agent. Configurable retention with defensible defaults (7 years).
• Records of Processing Activities (GDPR Art. 30) — a template RoPA is published at https://easygsmpro.com/docs/RoPA.md that the CMS operator can adapt to their own activities.
• Data Breach Response runbook (GDPR Art. 33-34) — a documented procedure is published at https://easygsmpro.com/docs/BREACH_RESPONSE.md with notification templates for supervisory authorities and affected data subjects, plus a 72-hour decision flow.
• Encryption of secrets at rest — passwords as bcrypt hashes, TOTP secrets and payment-provider credentials as Fernet ciphertext, recovery codes as bcrypt hashes. Even if a backup is exfiltrated, those fields are not readable.
• Rate limiting and abuse detection — strict per-IP throttle on the GDPR-sensitive endpoints (erase, freeze, data-export, login) to deter abuse of the self-service rights.
• Privacy-by-design defaults — no third-party analytics, no advertising SDKs, no tracking in the App; backup network logs to the Portal are off by default and require the operator to opt in.

These features are part of the CMS license. Updating the CMS to a new version delivers improvements to the compliance tooling automatically. The operator is expected to keep their CMS up to date; we do not back-port security or compliance fixes to versions older than 12 months.

6. Payment and refunds

License purchases are processed via the payment gateways we accept at the time of purchase. Prices are listed at the time of purchase. Refunds are evaluated case by case within 14 days of purchase, provided the license has not been used to activate a CMS instance in production.

Recurring subscriptions auto-renew unless cancelled at least 24 hours before the next billing cycle. Cancel via the customer portal or by emailing luisenriquemr96@gmail.com.

7. Service availability

We make reasonable efforts to keep the Portal available, but we do not guarantee uninterrupted service. Scheduled maintenance, infrastructure incidents, and unforeseen events may cause downtime. CMS instances run on YOUR infrastructure — their availability is your responsibility.

8. License revocation

We may suspend or revoke your license without refund if you:

• Violate these Terms.
• Use the Products for unlawful purposes.
• Tamper with or attempt to bypass anti-tampering mechanisms.
• Run more instances than your license permits (cloned installations).
• Charge back a payment in bad faith.

9. Warranties and disclaimers

THE PRODUCTS ARE PROVIDED "AS IS" AND "AS AVAILABLE", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, OR UNINTERRUPTED USE. WE DO NOT WARRANT THAT THE PRODUCTS WILL UNLOCK ANY SPECIFIC DEVICE, NOR THAT UPSTREAM PROVIDERS WILL DELIVER THE RESULTS YOU EXPECT.

10. Limitation of liability

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT WILL WE BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, OR ANY LOSS OF PROFITS, REVENUES, DATA, OR USE. OUR TOTAL CUMULATIVE LIABILITY ARISING FROM OR RELATED TO THESE TERMS OR THE PRODUCTS SHALL NOT EXCEED THE AMOUNT YOU PAID US IN THE TWELVE (12) MONTHS PRECEDING THE EVENT GIVING RISE TO THE CLAIM, OR USD 100, WHICHEVER IS GREATER.

11. Indemnification

You agree to indemnify and hold us harmless from any claims, damages, losses, liabilities, costs, and expenses (including reasonable attorney fees) arising from: (a) your use of the Products; (b) your violation of these Terms; (c) your violation of any third-party rights or applicable laws; (d) any data you process through the Products in your role as CMS operator.

12. Modifications

We may update these Terms at any time. Material changes will be communicated through the Portal or via email to active license holders. Continued use of the Products after the effective date of an update constitutes acceptance.

13. Termination

You may stop using the Products at any time by uninstalling them and (if applicable) cancelling your license. We may terminate your access to the Products as described in Section 8. Sections that by their nature should survive termination (including ownership, disclaimers, limitations of liability, indemnification, and governing law) will survive.

14. Governing law and dispute resolution

These Terms are governed by the laws of Mexico, excluding its conflict-of-laws rules. Any dispute arising from or related to these Terms shall be resolved in the competent courts of Mexico, except where applicable law requires otherwise (for example, mandatory consumer protections of the country where you reside).

15. Miscellaneous

These Terms, together with the Privacy Policy and the Data Processing Agreement, constitute the entire agreement between you and us regarding the Products. If any provision is held unenforceable, the remaining provisions remain in full effect. Our failure to enforce any right is not a waiver.

16. Contact

Luis Enrique Moya Rozas (Mexico)
Email: luisenriquemr96@gmail.com
Web: https://easygsmpro.com