Terms of Service — mortar

*Effective 2026-05-16.*

These Terms govern your use of the mortar platform (the "Service"), operated by mortar. By creating an account or using the Service you agree to these Terms.

1. The Service

mortar provisions, builds, and hosts EU-compliant web applications from composable modules. The Service includes the control plane, the wizard, the embedded agent, and the apps you provision through it.

2. Accounts and acceptable use

• You are responsible for safeguarding your credentials and for all activity under your account.
• You must not use the Service to build or operate applications that are unlawful, that infringe third-party rights, or that attempt to circumvent the platform's security, audit, or tenant-isolation controls.
• You must comply with the licence terms of every module you install.

3. Plans, billing, and cancellation

• Paid plans are billed in advance through our payment processor, Polar. Taxes are handled by Polar as merchant of record where applicable.
• Plan limits (including the number of customer apps) are enforced by the platform; exceeding a limit requires an upgrade.
• You may cancel at any time; access continues until the end of the paid period and is not pro-rata refunded unless required by law.

4. Your data and EU compliance

Processing of personal data is described in our Privacy Policy and Data Protection Impact Assessment. For data you process as a controller through apps you provision, mortar acts as your processor under the Data Processing terms referenced in the Privacy Policy. The audit log of platform operations is hash-chained and tamper-evident.

5. Subprocessors

The Service relies on the following subprocessors. This list is generated from the platform manifest and is identical to the list in the Privacy Policy and DPIA — it cannot drift:

• Clerk (US)
• PostHog (EU Cloud) (DE)
• Polar (US)
• Neon (DE)
• Cloudflare (US)
• Resend (US)
• Sentry (US)
• Better Stack (CZ)

6. Warranties and liability

The Service is provided "as is" without warranties of any kind to the extent permitted by law. Nothing in these Terms limits liability that cannot be limited under applicable law (including liability for death, personal injury, or gross negligence).

7. Termination

mortar may suspend or terminate access for material breach of these Terms. On termination you may export your data for 30 days, after which it is deleted in accordance with the Privacy Policy.

8. Changes

We may update these Terms; material changes are notified by email or in-product before they take effect.

9. Contact

Questions about these Terms: privacy@mortar.dev.

*mortar dogfoods its own compliance tooling: the subprocessor list above is generated from the same manifest that produces the Privacy Policy and DPIA.*