norppa.io

Reseller Agreement

Version: 3 June 2026

This Reseller Agreement (the "Agreement") is entered into between Norteris Oy, a limited liability company incorporated in Finland, Business ID 3621127-2, registered at Sturenkatu 26, 00510 Helsinki, Finland ("norppa.io" or "Supplier"), and the legal entity that accepts this Agreement in the norppa.io Partner Portal ("Partner" or "Reseller"), each a "Party". It is effective as of the date the Partner accepts it electronically (the "Effective Date").

1. Definitions

  • Service — the norppa.io SaaS platform for NIS2 supply-chain security monitoring.
  • End Customer — a business to which the Partner resells access to the Service.
  • Tenant — an isolated End-Customer workspace, owned by the End Customer.
  • Demo — a 14-day, no-charge evaluation Tenant created by the Partner.
  • Activation — the End Customer's acceptance of the Customer Terms and DPA, which converts a Demo into a paid Tenant and starts billing.
  • Fees — the discounted annual fees payable by the Partner under Section 5.

2. Appointment

norppa.io appoints the Partner as a non-exclusive, non-transferable reseller of the Service in the EU and EEA. The appointment grants no exclusivity. The Partner is an independent contractor; nothing creates a partnership, agency, employment or joint venture.

3. Resale model; provisioning

The Partner markets and resells the Service to End Customers and provisions Tenants via the Partner Portal. Each new End Customer is created as a 14-day Demo at no charge; Demo data carries over on Activation. A Tenant becomes payable only upon Activation, and annual billing to the Partner begins on the Activation date.

Each Tenant and all data within it are owned and controlled by the End Customer, who determines whether and at what level (none / read-only / managed) the Partner may access the Tenant, and may change or revoke that access at any time. The Partner is the billed party but acquires no ownership of, or standing right to, End-Customer data beyond the access the End Customer grants.

4. Partner obligations

  • Provision and scope monitoring only for supplier domains the relevant End Customer has authorized.
  • Ensure each End Customer accepts the Customer Terms and DPA at Activation.
  • Market the Service truthfully and in compliance with applicable law; no misrepresentation of the Service, norppa.io, pricing, or this Agreement.
  • Keep Partner Portal user accounts secure; the Partner is responsible for its users' acts and omissions.

5. Fees, discount, billing and renewal

A fixed annual fee per Tenant applies at norppa.io's then-current reseller price list, less the cumulative, volume-based partner discount communicated to the Partner. Each Tenant is billed annually in advance to the Partner on the Tenant's Activation anniversary, by invoice, with Net 14 days payment terms; overdue amounts accrue interest at the statutory rate under the Finnish Interest Act (633/1982).

Each Tenant subscription renews automatically for successive one-year terms unless the Partner cancels it at least 30 days before the renewal date. norppa.io sends a renewal reminder at least 60 days before each renewal. A cancellation takes effect at the end of the then-current term; fees already invoiced are non-refundable. Fees are exclusive of VAT; EU B2B reverse charge applies where applicable. The Partner sets its own resale price; the resulting margin is the Partner's sole compensation.

6. Non-payment, suspension, and customer continuity

norppa.io pursues collection from the Partner and will not solicit the Partner's active End Customers to purchase directly while the relationship is in good standing. Because the End Customer owns its Tenant, it may at any time export its data, revoke Partner access, or assume billing directly. If non-payment leads to suspension, norppa.io may send the affected End Customer a neutral, factual notice of the risk and its options.

7. Data protection

For End-Customer data, the End Customer is the controller and norppa.io is the processor under the DPA between norppa.io and the End Customer. The Partner is not a sub-processor of norppa.io. Where the Partner accesses a Tenant or otherwise processes personal data on the End Customer's behalf, the Partner is responsible for its own lawful basis and any agreement required with the End Customer. Both Parties comply with the GDPR.

8. Intellectual property; brand

norppa.io retains all IP in the Service. norppa.io grants the Partner a limited, revocable, non-exclusive licence to use the norppa.io name and logo solely to market the Service during the term, per norppa.io's brand guidelines. No other trademark rights are granted.

9. Term and termination

This Agreement begins on the Effective Date and continues until terminated. Either Party may terminate on 60 days' written notice, or immediately on a material breach uncured within 30 days of notice or on insolvency. Termination does not delete End-Customer Tenants or data; active Tenants continue until their annual term ends, and End-Customer ownership and the DPA survive.

10. Warranties; disclaimer

The Service is provided "as is" to the maximum extent permitted by law. norppa.io disclaims the implied warranties of merchantability and fitness for a particular purpose and does not warrant that the Service detects all risks or guarantees regulatory compliance, including with NIS2.

11. Limitation of liability

To the maximum extent permitted by law, neither Party is liable for indirect, incidental, special or consequential damages, or lost profits. Each Party's aggregate liability is limited to the Fees paid by the Partner in the 12 months preceding the claim. These limits do not apply to wilful misconduct, gross negligence, breach of confidentiality, the indemnities, or liability that cannot be limited under mandatory law.

12. Indemnification

The Partner indemnifies norppa.io against third-party claims arising from the Partner's misrepresentation, unlawful marketing, breach of Section 4, or provisioning of unauthorized domains. norppa.io indemnifies the Partner against third-party claims that the Service infringes IP rights, subject to Section 11.

13. Compliance

Each Party complies with applicable sanctions (EU, OFAC, UN), anti-bribery and anti-corruption, and export-control laws. The Partner shall not provision the Service for any sanctioned End Customer or domain.

14. Confidentiality

Each Party protects the other's confidential information with reasonable care and uses it only to perform this Agreement, for 3 years after termination.

15. General

Neither Party may assign without consent, except to a successor in a merger or asset sale (norppa.io may assign to an affiliate). norppa.io may use sub-processors per the DPA. Neither Party is liable for events beyond its reasonable control. This Agreement is governed by the laws of Finland, with exclusive jurisdiction of the District Court of Helsinki (Helsingin käräjäoikeus). This Agreement, with the reseller price list and any portal terms, is the entire agreement and supersedes prior understandings; amendments must be in writing or through the Partner Portal with notice. If any provision is unenforceable, the rest remains in effect.

The Partner accepts this Agreement by confirming acceptance in the Partner Portal; the acceptor's identity and the date and time of acceptance are recorded as evidence of execution, and a copy is emailed to the Partner.