Terms of Service

Effective. 12 May 2026.
Status. dbcrate is in beta. These terms apply to that beta. They will be revised on general availability — the substantive promises here will not get less protective of you between now and then; we may add the structural pieces that a v1.0 contract needs (registered legal entity, governing jurisdiction, dispute mechanics).

These Terms of Service (“Terms”) govern your access to and use of the dbcrate product — the agent binary, the control plane (the dashboard and APIs at dbcrate.com and its subdomains), the documentation, and anything else we publish under the dbcrate name. By using any of it, you agree to these Terms. If you do not, do not use the service.

“We”, “us”, and “dbcrate” mean the operators of the service. “You” means the person or organisation accessing it. Where you are using dbcrate on behalf of an organisation, you confirm that you have authority to bind that organisation, and references to “you” mean that organisation as well.

dbcrate is a managed PostgreSQL backup service. The agent runs on your database host, takes scheduled backups under the direction of the control plane, encrypts them end-to-end to your organisation’s public key, and uploads the resulting ciphertext to storage you own. The control plane never holds the backup bytes; it holds configuration, encrypted credentials, schedules, retention rules, and metadata about each backup (its size, its checksum, when it was taken, whether it succeeded).

Two architectural promises shape every clause below:

1. Backup bytes never enter our infrastructure. They flow agent → your storage, encrypted before they leave your machine.
2. Backup-decrypting keys are yours. Your organisation’s private key is held by the control plane only in an envelope-encrypted form that requires our master key to unwrap; you can also download the same key, in standard age format, to your own machine, and decrypt your backups with no dbcrate software involved.

We restate these in the Privacy and Security pages with the technical detail to back them up.

The version of dbcrate available today is a beta. We do not believe it is ready for production data you cannot afford to lose, and we are not, in good conscience, asking you to use it that way until v1.0.

For as long as the service is marked as a beta:

• APIs, configuration formats, on-disk layouts, and dashboard flows may change without warning.
• Features described on this site as on the roadmap (verified restores, point-in-time recovery, alerting, additional database engines) are not commitments. They may ship, they may ship later than we expect, or they may not ship in the form sketched.
• We do not commit to an availability target, a recovery-time target, or any specific support response time.
• We will, however, do our best to give meaningful notice for breaking changes, and we will document every change in the public changelog.

If you choose to use dbcrate during the beta, you do so on the express understanding that it is the only backup of nothing important.

You are responsible for the security of your dbcrate account: who has access to it, what credentials they hold, and how those credentials are stored. You agree to use a password unique to dbcrate, to enable any account-security features we offer, and to keep contact information current so we can reach you about the service.

You will not share an account between humans who could be separate users, attempt to circumvent rate limits or other technical protections, scrape or republish the dashboard, or use the service in ways the documentation calls out as unsupported.

You retain all rights in everything you put into dbcrate — database configurations, schedules, retention rules, the backups themselves — subject to the limited licence below.

You grant us a non-exclusive, worldwide, royalty-free licence to process the data you submit to the control plane to the extent necessary to operate the service for you: scheduling backups, dispatching commands to your agent, storing metadata, generating audit entries, billing, supporting you, and producing aggregate statistics that do not identify you. We do not licence ourselves to read your backup contents; the design does not allow it.

You are responsible for:

• The storage destination you nominate (the bucket or SFTP host), including its credentials, costs, configuration, regional placement, retention defaults, and access policies. If the bucket is misconfigured and exposes your backups, that is on the side of the line you control.
• The database credentials you provision for dbcrate to use. We recommend a least-privilege role with rights only to read what you need backed up.
• The custody of the recovery copy of your organisation’s private key, if you choose to download it. A recovery key downloaded and lost is a recovery key lost; we cannot produce another copy of the same key.
• The accuracy of the information you supply about your own organisation (legal name, billing address, contact details) where we use it for invoicing or notification.

You agree that you will not use dbcrate to:

• Back up data you do not have the right to back up, or use the service to evade rights another party holds over data.
• Run prohibited workloads (child sexual abuse material, content unlawful in the jurisdiction you operate from, material that we are required by law to refuse hosting metadata about).
• Probe, scan, or attempt to compromise the service outside the disclosure programme described in Security.
• Interfere with another customer’s use of the service.
• Reverse-engineer the closed-source parts of the service, except where such reverse-engineering is a non-waivable right under your local law.

The agent itself, today, is closed source. If and when that changes, the licence under which it is distributed will be stated in the agent’s source tree and in the changelog.

dbcrate is free to use during the beta. We will give meaningful notice (no fewer than 30 days, in the dashboard and to your account email) before we begin charging anyone for paid features. Paid features that are listed today as on the roadmap (verified restores, point-in-time recovery, advanced alerting) will be priced and described in writing before they are enabled on any account.

When we do introduce billing:

• Subscriptions will be billed in advance, monthly or annually, in the currency stated on the order page.
• You are responsible for indirect taxes (sales tax, VAT, GST) where applicable; we will collect and remit them where the law requires us to.
• Payments will be processed by a third-party payments provider (Stripe). We do not store full card numbers; we receive only a tokenised reference back from the processor. The processor’s terms and privacy notice apply in addition to ours.
• You can cancel a subscription at any time. Cancellation stops future charges; we do not pro-rate refunds for the unused portion of an already-charged term unless required to by law.
• If we materially raise prices we will give you no fewer than 30 days’ notice and a window in which to cancel before the new price applies.

You are getting a beta. We provide it “as is”, without warranty of any kind, express or implied, including merchantability, fitness for a particular purpose, and non-infringement, to the maximum extent the law allows us to disclaim.

We do not warrant that the service will be uninterrupted or error-free, that any specific backup will succeed, that any specific restore will succeed, that the schedule will fire on time every time, that storage providers we sit in front of will perform to their own commitments, or that any feature listed as on the roadmap will ship by any particular date or at all.

The two things we will say, because they are load-bearing:

1. We will not knowingly transmit your backup ciphertext to anyone other than the storage destination you nominated.
2. We will not knowingly retain your organisation’s private key in any form other than the envelope-encrypted form described in Security.

To the maximum extent the law allows:

• Neither party will be liable for indirect, incidental, special, consequential, or punitive damages, or for lost profits, lost data, or lost goodwill, even if advised of the possibility.
• Our total aggregate liability for any claim arising out of or relating to these Terms or the service will not exceed the greater of (a) the fees you actually paid us in the twelve months preceding the event giving rise to the claim, and (b) one hundred United States dollars (US $100).
• Nothing here limits or excludes liability that the law of your jurisdiction does not allow us to limit or exclude (for example, death or personal injury caused by negligence, fraud, fraudulent misrepresentation, or statutory rights a consumer cannot waive).

The $100 floor and these limits reflect the bargain: dbcrate is, at this stage of its life, a tool whose authors do not believe it is yet a substitute for whatever you are already doing. Use it accordingly.

You will defend, indemnify, and hold us harmless from third-party claims arising out of (a) your use of the service in violation of these Terms or applicable law, (b) data you put through the service that you did not have the right to put through it, or (c) your breach of section 6 (Acceptable use). We will tell you promptly when a claim is made, let you direct the defence (subject to our reasonable approval), and cooperate at your expense.

These Terms apply for as long as you have an account or are otherwise using the service.

You may terminate by closing your account in the dashboard. On termination:

• We will stop dispatching commands to your agents.
• Backup files that already exist in your storage destination remain there and remain yours; we do not, and cannot, reach in and delete them.
• We will retain account metadata and audit-log entries to the extent and for the period described in the Privacy policy.

We may suspend or terminate your access if you breach these Terms, if we are required to by law, or if continued operation poses an immediate risk to the service or to other users. We will give you reasonable notice and a chance to cure where the circumstances allow it. Suspension for a breach you do not cure within a reasonable period may become termination.

We will give you notice by email to the address on your account and, for material changes, by a banner in the dashboard. You will give us notice by writing to [email protected].

We may revise these Terms. Material revisions take effect no sooner than 30 days after we post them, except where a faster change is required by law or by a security or operational necessity, in which case we will tell you why. Continued use after the effective date is your acceptance of the revised version.

These Terms are the entire agreement between us with respect to their subject matter, and supersede prior agreements on that subject. If a court holds any part of them unenforceable, the rest remains in force. A failure or delay in enforcing a right is not a waiver of it. You may not assign these Terms without our consent; we may assign them to a successor in a merger, acquisition, or sale of substantially all our assets, on notice to you.

Force majeure (events beyond our reasonable control: a major regional network outage, an act of a government, a pandemic, a war) suspends our obligations for the duration of the event.

Governing law, venue, and dispute mechanics will be stated in writing on this page when dbcrate exits beta and a registered entity is announced. Until then, any dispute that cannot be resolved by writing to us will be resolved in good faith, in English, in writing, with all the patience the parties can muster.

Questions, comments, or notices about these Terms go to [email protected]. We read every one.