Version 1.0

Terms of service

Draft for legal review. Not yet in effect.

Each section opens with a plain-language summary in a quote block. The summaries are here so you can understand the agreement without a lawyer. If a summary and the section below it ever conflict, the section governs.

1. Who is agreeing to what

You're a nonprofit (or similar organization) subscribing to BloomOS. We're SOBO Consulting LLC, the company that builds and runs it. This agreement starts when you sign an order form or click to accept, whichever comes first.

These terms are an agreement between SOBO Consulting LLC, a California limited liability company with its principal place of business at 1265 Beech St, East Palo Alto, CA 94303 ("SOBO," "we," "us"), and the organization identified on an order form or account registration ("Customer," "you").

The agreement takes effect on the earlier of: (a) the date you sign or accept an order form referencing these terms, including acceptance by email; or (b) the date you first click to accept these terms in the BloomOS interface. The person accepting represents that they have authority to bind the organization.

The agreement consists of these terms, the data processing addendum (incorporated by reference), and any order form. If they conflict, the order form controls, then the DPA as to data processing, then these terms.

2. The service

BloomOS is subscription software for running a nonprofit. We host it, we keep it working, and we improve it over time.

BloomOS is a hosted software service for nonprofit operations: fundraising and constituent management, strategy and KPIs, operations, finance, and related modules ("the Service"). We will provide the Service materially as described on bloomos.org, host it, and support it as described on the availability and support page.

We update and improve the Service continuously. We won't materially reduce the core functionality of your plan during a paid term without the notice described in section 18.

3. Your account and your team

You control who from your organization gets access, and you're responsible for what they do in the system.

You invite and manage your own users and set their roles and permissions. You're responsible for the actions taken under your organization's accounts, for keeping credentials confidential, and for telling us promptly at security@bloomos.org if you suspect unauthorized access. Accounts are for people; no shared logins for the purpose of exceeding plan limits.

4. Plans, fees, and billing

Pricing is public, on the site. You pay monthly, it renews monthly, and you can cancel any time. If we raise prices, you get 30 days' notice and the new price only applies from your next renewal.

Plans and prices are published on bloomos.org. Fees are billed monthly in advance, in US dollars, by the payment method on file, and the subscription renews automatically each month until cancelled. One-time services (such as The Custom Build) are billed per the order form.

[DECISION: annual billing option. If offered, add: "Annual plans are billed yearly in advance at the rate on the order form and renew annually."]

We may change prices with at least 30 days' written notice; changes take effect at your next renewal after the notice period, never mid-cycle. Fees are exclusive of taxes; if we're required to collect any, they'll appear on the invoice. Fees are non-refundable except where these terms say otherwise. If a payment fails, we'll notify you and retry; if it remains unpaid 15 days after notice, we may suspend access until it's resolved. We won't delete your data because of a missed payment; deletion follows only the cancellation schedule in section 5.

5. Term, cancellation, and your data afterward

Cancel whenever you want; you keep access through the period you paid for. Then 30 days read-only to export or change your mind, then we delete everything. That schedule is published and it doesn't change per-customer.

Either party may cancel at any time. Cancellation takes effect at the end of the current billing period, and you keep full access until then. What happens to your data afterward is exactly the schedule published at your data: read-only access and full export for 30 days, then permanent deletion, with encrypted backups rolling off within 7 further days.

Either party may terminate for material breach if the breach isn't cured within 30 days of written notice. We may suspend the Service immediately if your use creates a security risk, legal exposure, or harm to the Service or others, and we'll tell you why and restore access when the issue is resolved.

Sections that by their nature survive termination (including 6, 12, 14, 15, 16, and 19) survive.

6. Your data

Everything you put into BloomOS stays yours. We only touch it to run the service for you. We never sell it and never use one customer's data to build something for another.

"Customer Data" means all data you or your users submit to the Service, including donor, gift, grant, financial, and program participant records. As between you and SOBO, you own all Customer Data. You grant us a limited, non-exclusive license to host, process, transmit, and display Customer Data solely to provide and support the Service, to comply with law, and as you otherwise instruct. That license ends when your data is deleted under section 5.

We do not sell Customer Data, share it for advertising, or use it to develop products or benchmarks for anyone else. We may use aggregated, de-identified operational data (such as feature usage counts) to run and improve the Service, provided it never identifies you, your users, or any individual in your records.

You're responsible for the lawfulness of the Customer Data you collect and put into the Service, including having any consents your donors, participants, or jurisdictions require.

7. Privacy and data processing

The DPA is part of this contract. It governs how we handle personal information inside your account, including records about minors if you serve young people.

Our processing of personal information within Customer Data is governed by the data processing addendum, which is incorporated into these terms. Our handling of your account and billing information (data we control) is described in the privacy policy.

8. AI features

Some plans include AI features powered by Anthropic's Claude. AI output is a draft for a human to check, not a fact and not advice. The AI never takes an action in your account without a person confirming it.

Certain plans include features powered by a third-party AI model, currently Anthropic's Claude API, as described at how BloomOS uses AI. AI features are invoked deliberately by your users, and data is sent to the AI provider only as that page describes.

AI-generated content is probabilistic and may be inaccurate, incomplete, or out of date. It is provided as a draft for human review, not as fact, and not as legal, financial, or fundraising advice. You're responsible for reviewing AI output before relying on it or sending it to anyone. The Service is designed so that AI features do not send communications or modify records without human confirmation. If you want AI features disabled for your organization, tell us and we'll disable them.

9. Preview features

Things tagged "in preview" (like Reed and Horizon) are early. They can change or break, and they don't carry the same commitments as the rest of the product.

Features identified as "in preview," beta, or similar are provided as-is for evaluation, may be changed or withdrawn at any time, and are excluded from any availability or support commitments. Everything else in this agreement, including the data protections in sections 6 and 7, applies to preview features in full.

10. Acceptable use

Don't use BloomOS to break the law, harm people, or attack the system itself.

You won't use the Service to violate law or the rights of others; to store or distribute malicious code; to send spam or unlawful communications; or to attempt to probe, breach, or disrupt the Service or its isolation between organizations, except for good-faith security research conducted under the disclosure policy on the security overview. You won't resell or provide the Service to third parties as a service bureau, and you won't use it to build a competing product.

11. Our intellectual property, and feedback

We own the software. You own your data. If you send us ideas, we can use them without owing you anything.

SOBO owns the Service, its software, design, and documentation, and all related intellectual property. No rights are granted except the subscription right to use the Service under these terms. If you send us feedback or suggestions, we may use them without restriction or obligation; feedback never includes your Customer Data.

12. Confidentiality

We keep your non-public information confidential and you keep ours. Standard, mutual, with the usual exceptions.

Each party will protect the other's non-public information disclosed under this agreement with at least reasonable care, use it only to perform under this agreement, and not disclose it except to employees and contractors under comparable obligations. This doesn't apply to information that's public through no fault of the recipient, independently developed, or rightfully received from a third party. A party may disclose confidential information when legally compelled, with notice to the other party where lawful. Customer Data is additionally protected by sections 6 and 7, which control over this section for that data.

13. Third-party services

BloomOS runs on named vendors (listed publicly) and can connect to services you choose, like Google. What those companies do is governed by their terms.

The Service is built on the subprocessors listed at subprocessors, which is the authoritative list and the notice mechanism for changes to it. If you connect an optional integration (such as Google Workspace), you authorize the exchange of data described on that page, and your use of the third-party service is governed by its own terms. We're responsible for our subprocessors as set out in the DPA; we're not responsible for services you contract with directly.

14. Warranties and disclaimers

We promise the service will materially work as described and that we'll handle your data as this agreement says. Beyond that, no implied warranties. And an honest one: read the security page, including the "what we don't have" section, because it's part of what you're agreeing to.

We warrant that the Service will perform materially as described in these terms and that we'll process Customer Data as this agreement provides. Your exclusive remedy for breach of this warranty is that we'll use commercially reasonable efforts to fix the issue, and if we can't within 30 days, you may terminate and receive a prorated refund of prepaid, unused fees.

OTHERWISE, THE SERVICE IS PROVIDED "AS IS" AND WE DISCLAIM ALL OTHER WARRANTIES, EXPRESS OR IMPLIED, INCLUDING MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. We don't warrant that the Service will be uninterrupted or error-free. The current limitations of the system, including backup and recovery characteristics, are published at the security overview, and you acknowledge you've had the opportunity to review them.

15. Limitation of liability

If something goes wrong, the most either side owes the other is what you paid us in the last 12 months. Neither side is liable for indirect losses. The cap doesn't apply to a few serious things, like a party's breach of its data obligations.

NEITHER PARTY IS LIABLE FOR INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, OR FOR LOST PROFITS, REVENUES, OR GOODWILL, EVEN IF ADVISED OF THE POSSIBILITY. EACH PARTY'S TOTAL LIABILITY UNDER THIS AGREEMENT IS CAPPED AT THE FEES PAID OR PAYABLE BY CUSTOMER IN THE 12 MONTHS BEFORE THE EVENT GIVING RISE TO THE CLAIM.

The cap and exclusions don't apply to: (a) your payment obligations; (b) a party's breach of section 6 or the DPA; (c) a party's indemnification obligations; or (d) a party's gross negligence, willful misconduct, or fraud.

[COUNSEL: confirm the carve-out set; consider whether (b) should itself carry a super-cap, e.g. 2x fees, which is common when the vendor is small.]

16. Indemnification

If someone sues you claiming BloomOS itself infringes their IP, we defend you. If someone sues us because of data you put in or how you used the system, you defend us.

We'll defend you against third-party claims that the Service, as provided by us and used as permitted, infringes a US patent, copyright, or trademark, and we'll pay resulting damages finally awarded or agreed in settlement. If such a claim arises, we may modify the Service, procure rights, or, if neither is practicable, terminate and refund prepaid unused fees. This doesn't cover claims arising from Customer Data, combinations with things we didn't provide, or use in violation of these terms.

You'll defend us against third-party claims arising from Customer Data, your collection of it, or your use of the Service in violation of law or these terms, and pay resulting damages finally awarded or agreed in settlement.

The indemnified party must give prompt notice, sole control of the defense to the indemnifying party, and reasonable cooperation.

17. Publicity

We don't put your logo on our site or name you as a customer without your written permission.

We won't identify you as a customer or use your name or logo publicly without your prior written consent, which you can revoke at any time.

18. Changes to the service and to these terms

If we change these terms in a way that's worse for you, you get 30 days' notice and the right to walk away with a refund of what you haven't used.

We may update these terms. For material changes that reduce your rights or increase your obligations, we'll give at least 30 days' notice by email to your primary contact before they take effect, and they'll apply from your next renewal. If you object, you may terminate before the change takes effect and receive a prorated refund of prepaid, unused fees. Continued use after the effective date is acceptance. The version and effective date at the top of this page always identify the current terms, and prior versions are available on request.

19. Governing law and disputes

California law, San Mateo County courts, and we both agree to try talking before suing.

This agreement is governed by California law, without regard to conflicts of law rules. The state and federal courts located in San Mateo County, California have exclusive jurisdiction, and each party consents to venue there. Before filing suit, the parties will attempt in good faith to resolve any dispute through direct discussion for at least 30 days after written notice of the dispute. Each party waives jury trial to the extent permitted by law.

[COUNSEL: confirm venue preference and the jury waiver; advise whether arbitration is worth it at this scale. Recommendation is courts, not arbitration, for simplicity.]

20. Notices

Legal notices go to a real address and a real inbox, listed here.

Notices to SOBO: SOBO Consulting LLC, 1265 Beech St, East Palo Alto, CA 94303, with a copy to hello@bloomos.org. Notices to you: the primary contact email on your account. Email notice is effective when sent, provided no bounce is received.

21. The rest

The standard closing provisions, in one place.

Neither party may assign this agreement without the other's consent, except to a successor in a merger, acquisition, or sale of substantially all assets, with notice. Neither party is liable for delay or failure caused by events beyond its reasonable control, except your payment obligations. If a provision is unenforceable, the rest stands. A waiver must be in writing and isn't a waiver of anything else. The parties are independent contractors. This agreement, with the documents it incorporates, is the entire agreement and supersedes prior discussions about its subject.

Questions about these terms: hello@bloomos.org.