MemScope Software License Agreement
====================================

Version:        Interim v2
Effective:      2026-05-01
Licensor:       Adrian Dumitrescu (Romania)
                — to be assigned to the Licensor's commercial entity
                  upon its registration; users acquire no obligation to
                  re-accept this Agreement on that assignment, and the
                  successor entity inherits all obligations.
Contact:        dumitrescu.adrian121@gmail.com
Distribution:   PyPI as `memscope-fw` (https://pypi.org/project/memscope-fw/)
                — for the gratis core Software (see clause 2).
                Customer-Bound Wheels containing commercial Bundles are
                distributed directly by the Licensor under separate
                purchase contracts (see clause 3).
Governing law:  Romanian law; courts of Bucharest, Romania have
                exclusive jurisdiction (see clause 11).

Copyright (c) 2026 Adrian Dumitrescu. All rights reserved.

By installing, copying, or otherwise using MemScope ("the Software"),
you ("the User") accept the terms below. If you have a separately-
signed master agreement with the Licensor that covers MemScope, that
agreement governs your use and supersedes this LICENSE file where the
two conflict.


==================================================================
PLAIN-ENGLISH SUMMARY (NOT LEGALLY BINDING — see clauses 1-12 below)
==================================================================

This summary exists so a procurement or legal reviewer can decide in
30 seconds whether they need to read further. The binding terms are
in clauses 1-12. Where this summary and those clauses conflict, the
clauses control.

  * THE CORE SOFTWARE IS FREE FOR ANY USE, INCLUDING COMMERCIAL USE
    INSIDE A COMPANY. The `memscope-fw` distribution published on
    the Python Package Index (PyPI) is free of charge. No payment,
    no license key, no seat count, no time limit, no per-user fee.
    Individuals, contractors, startups, and large enterprises may
    install it and run `memscope analyze`, `memscope validate`,
    `memscope diff`, and any other command included in the core
    distribution for any internal business purpose, indefinitely.
    The core makes no network calls and processes no data on the
    Licensor's behalf.

  * OPTIONAL COMMERCIAL BUNDLES extend the Software with paid
    features (e.g. PR/Slack/email notifications, SoC-family-specific
    analysis, ISO 26262 / IEC 62304 / DO-178C compliance evidence
    bundles, customer-specific bespoke extensions). Bundles are NOT
    distributed via PyPI. Each Bundle is compiled into a Customer-
    Bound Wheel — a private build that contains the User's
    organisation name, license id, contracted tier, and expiry baked
    in as compile-time constants and watermarked into every output
    the Bundle produces. The Customer-Bound Wheel is delivered
    directly by the Licensor (or via a private package index the
    Licensor operates) only to the User who purchased it.

  * BUNDLES ARE LICENSED UNDER ONE OF THREE MODELS, set at purchase:
      (a) Subscription Bundle: annual fee, online activation against
          the Licensor's licensing backend on first install,
          cached activation receipt for offline use thereafter,
          renewal required to install new versions.
      (b) One-Time Bundle (bespoke or premium): one-time engineering
          fee, no online activation, no Licensor infrastructure
          obligation; the User keeps the Customer-Bound Wheel they
          received and may use it indefinitely on the Authorised
          Machines.
      (c) Maintenance contract: optional annual fee for ongoing
          updates and security fixes for One-Time Bundles. Lapse
          does not disable the Bundle; only suspends new updates.

      >> Bundle licences are NOT YET GENERALLY AVAILABLE FOR SALE. <<

    The Licensor's commercial entity is in the process of being
    registered. Until Bundle licences are issued, only the gratis
    core Software is operational. Companies can install and use the
    core today without contacting the Licensor.

  * Source code is NOT distributed, NOT open source, and NOT
    licensed under any OSI-approved or FSF-recognised license. You
    receive the binary wheel and the right to use it under the
    terms in clauses 1-12.

  * The core Software makes NO network calls of any kind. The
    licensing backend (Keygen.sh) is contacted only by Subscription
    Bundles, only on activation and on periodic refresh, and only
    receives the License Key, a machine fingerprint hash, and the
    Bundle version (clause 6). No analysis content, build artifacts,
    or report data ever leaves the User's machine.

End of summary. The binding agreement begins below.

VERSION NOTE: this is the Interim v2 of the MemScope EULA. It
replaces the earlier "Free Edition / Trial / Paid Mode" framing of
Interim v1 with the simpler "free core + Customer-Bound Bundles"
framing, in line with the implementation that ships from this
LICENSE's effective date forward. Interim v2 is binding as written.
A successor version, refined with external legal review, is expected
to take effect once the Licensor's commercial entity is registered
and Bundle licences are generally available; users installing or
activating after the successor version takes effect will be governed
by it.


1. DEFINITIONS
--------------

"Licensor" means Adrian Dumitrescu, the copyright holder, or the
   commercial entity to which this Agreement is assigned upon
   its registration.
"User" means the individual or entity installing or using the Software.
"Software" means MemScope, including the gratis core distribution
   published on PyPI and any Customer-Bound Wheel produced by the
   Licensor for a particular User.
"Core Software" means the `memscope-fw` distribution published on
   PyPI without any Bundle compiled in.
"Bundle" means an optional commercial extension to the Core Software,
   compiled into a Customer-Bound Wheel at the Licensor's release
   pipeline. Bundles include (without limitation) Subscription
   Bundles, One-Time Bundles, and Bespoke Bundles.
"Customer-Bound Wheel" means a Python wheel produced by the Licensor
   for one specific User, containing the Core Software, one or more
   Bundles, and the User's organisation name, license id, contracted
   tier, and expiry baked into the wheel as compile-time constants
   and embedded into Bundle outputs as watermarks.
"Subscription Bundle" means a Bundle licensed under an annual
   subscription, requiring an online activation against the
   Licensor's licensing backend on first install (clause 4).
"One-Time Bundle" means a Bundle licensed under a one-time fee,
   requiring no online activation and no ongoing Licensor
   infrastructure obligation; includes Bespoke Bundles by default.
"Bespoke Bundle" means a One-Time Bundle developed under a custom
   engineering engagement with a single User and not made available
   to other Users.
"License Key" means a unique activation token issued by the
   Licensor's licensing backend (currently Keygen.sh) in connection
   with a Subscription Bundle (clause 4).
"Authorised Machine" means a single physical or virtual computer
   on which a Customer-Bound Wheel is installed.


2. GRANT OF LICENSE — CORE SOFTWARE
-----------------------------------

Subject to the User's compliance with this Agreement, the Licensor
grants the User a worldwide, non-exclusive, non-transferable,
revocable license to install and use the Core Software:

  (a) on machines the User owns or is authorized to operate;
  (b) for the User's internal business purposes, INCLUDING use by
      a company, organisation, or public body in connection with
      its commercial activities (this Agreement does not limit
      Core Software use to non-commercial users);
  (c) subject to the restrictions in clause 5.

The Core Software is licensed gratis (without payment) under this
clause 2. No License Key, purchase, registration, or contact with
the Licensor is required to install the Core Software from PyPI
and use it for any internal business purpose, including by for-
profit entities of any size, indefinitely.

The Software is licensed, not sold. The Licensor retains all rights,
title, and interest in and to the Software, including all intellectual
property rights. No rights are granted under any license approved by
the Open Source Initiative or recognized as a Free Software license
by the Free Software Foundation. In particular, the User receives no
right to access, redistribute, publish, or sublicense the source code;
this Agreement covers use of the binary distribution only.


3. OPTIONAL COMMERCIAL BUNDLES
------------------------------

The Licensor may make optional commercial Bundles available, compiled
into Customer-Bound Wheels and delivered separately from the gratis
PyPI distribution. Bundles are NOT included in the gratis Core
Software grant under clause 2.

Each Bundle is licensed under one of the following models, specified
at purchase:

  (a) SUBSCRIPTION BUNDLE: a Bundle licensed under an annual fee.
      The Bundle requires online activation against the Licensor's
      licensing backend on first install, validated against a
      License Key issued to the User. Once activated, the Bundle
      caches a signed activation receipt and operates offline for
      the duration of the receipt (typically twelve (12) months,
      with a 7-day offline grace window for periodic refreshes).
      A Subscription Bundle may be issued under either:
        (i)  an ORGANISATION LICENSE — unlimited Authorised
             Machines inside one named organisation, priced by the
             organisation's contracted tier band; or
        (ii) a PER-SEAT LICENSE — a fixed number of Authorised
             Machines, enforced by the licensing backend.
      The User shall promptly notify the Licensor and upgrade to a
      higher tier band or seat count if usage exceeds the
      contracted limit.

  (b) ONE-TIME BUNDLE: a Bundle licensed under a one-time
      engineering fee for the User who commissioned it. The
      Customer-Bound Wheel containing a One-Time Bundle does NOT
      contact the licensing backend at runtime, requires no online
      activation, and may be used indefinitely on the User's
      Authorised Machines. The User's right to receive subsequent
      versions of the Bundle is governed by an optional separate
      Maintenance contract.

  (c) BESPOKE BUNDLE: a One-Time Bundle developed for a single User
      and not made available to other Users. Distribution and
      licensing terms beyond this Agreement are set out in the
      engagement contract between the User and the Licensor.

  (d) MAINTENANCE: an optional annual contract that entitles the
      User to receive updates, security fixes, and Bundle-specific
      improvements compatible with new Core Software releases.
      Lapse of a Maintenance contract does not disable the Bundle;
      it only suspends the User's right to receive new versions.

A Customer-Bound Wheel is licensed only to the named User identified
in the wheel's compile-time constants. The User shall not redistribute,
share, lend, or otherwise make the Customer-Bound Wheel or any Bundle
contained within it available to any third party, including any
parent, subsidiary, affiliate, or sister company of the User, except
where the receiving entity is itself a separate User of the Licensor
under its own purchase contract.

Bundles carry watermarks, provenance footers, or licence-holder
identifiers embedded in their generated outputs (HTML reports, CSV
exports, signed evidence files). The User shall not remove, alter,
or obscure these identifiers.

AVAILABILITY NOTICE: as of the date this LICENSE was published,
Bundle licences are NOT YET GENERALLY AVAILABLE FOR SALE. The
Licensor's commercial entity is in the process of being registered.
Until Bundle licences are issued, only the gratis Core Software
(clause 2) is operational. Users wishing to be notified when
Bundles become available should contact the Licensor at the email
address in this LICENSE's preamble.


4. LICENSE KEYS (SUBSCRIPTION BUNDLES ONLY)
-------------------------------------------

License Keys are issued only in connection with Subscription Bundles
(clause 3(a)). License Keys are:

  (a) issued by the Licensor in exchange for payment;
  (b) bound to a User organisation and a contracted seat count or
      tier band at issuance time;
  (c) valid for the term printed in the key (typically one year);
  (d) subject to a 7-day offline grace window between online
      check-ins after first activation;
  (e) revocable by the Licensor in case of fraudulent use, breach
      of this Agreement, or chargeback.

Moving a License Key activation from one Authorised Machine to
another (where machine-bound) requires running the Bundle's
deactivation command on the original machine first, or contacting
the Licensor to release the seat manually.

One-Time Bundles (clause 3(b)) and Bespoke Bundles (clause 3(c)) do
NOT require a License Key. Their Customer-Bound Wheel does not
contact the licensing backend at runtime.


5. RESTRICTIONS
---------------

The User shall NOT:

  (a) redistribute, resell, sublicense, rent, lease, lend, or
      otherwise transfer the Software, any Customer-Bound Wheel,
      or any License Key to any third party without prior written
      permission from the Licensor; this prohibition includes
      sharing across separate legal entities even where related by
      ownership (parent/subsidiary/affiliate/sister company);
  (b) reverse engineer, decompile, disassemble, or attempt to derive
      the source code of the Software's licensing mechanism, license
      gates, activation system, or Bundle binding logic, except to
      the extent expressly permitted by applicable law notwithstanding
      this restriction (including without limitation Article 6 of EU
      Directive 2009/24/EC for interoperability purposes);
  (c) circumvent, disable, or otherwise interfere with the License
      Key validation, the Customer-Bound Wheel binding, the watermark
      generation, or any feature-gating mechanism of the Software;
  (d) remove, alter, or obscure any copyright, trademark, license,
      proprietary notice, watermark, or licence-holder identifier
      included in or generated by the Software;
  (e) use the Software in any manner that violates applicable law;
  (f) re-bind a Customer-Bound Wheel to identify a different User
      than the one named in the wheel's compile-time constants
      (this is a specific case of (b) and (c) and is called out
      separately because it constitutes active forgery of another
      entity's identity);
  (g) deny the Licensor a reasonable annual audit, on at least
      thirty (30) days' notice and at the Licensor's expense, of
      the User's compliance with the seat count or tier band
      contracted under clause 3(a). This right of audit is limited
      to a written attestation by an officer of the User as to the
      number of Authorised Machines and the User organisation
      headcount, except where the Licensor has reasonable grounds
      to suspect material non-compliance.

Inspecting and modifying the Software's analyzer logic for the User's
own internal use is permitted; redistribution of any modified version
is not.


6. DATA + PRIVACY
-----------------

The Core Software runs entirely on the User's machine. The Core
Software makes no network calls of any kind in normal operation. No
build artifacts (ELF, MAP, linker scripts), analysis reports, file
paths, symbol names, or any other content from the User's environment
is transmitted by the Core Software to the Licensor or any third
party.

Subscription Bundles (clause 3(a)) contact the Licensor's licensing
backend (Keygen.sh) on first activation and on periodic refresh
intervals. Each contact transmits only:

  - The License Key
  - A machine fingerprint hash (SHA-256 of stable host identifiers)
  - The Subscription Bundle name and version
  - An OS summary (`platform.uname()` output equivalent)

Subscription Bundles do NOT transmit analysis content, build
artifacts, file paths, symbol names, target names, toolchain
identifiers, or any report data, ever.

One-Time Bundles and Bespoke Bundles (clauses 3(b)-(c)) make NO
network calls of any kind in normal operation, identical to the Core
Software.

Opt-in telemetry, if enabled by the User in `memscope.toml`, is
described separately in `docs/public/privacy.md`. Telemetry is OFF
by default; the User specifies the recipient endpoint, and the
Licensor neither receives nor stores telemetry data.


7. WARRANTY DISCLAIMER
----------------------

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND
NON-INFRINGEMENT. THIS DISCLAIMER DOES NOT EXCLUDE OR LIMIT
WARRANTIES THAT CANNOT BE EXCLUDED OR LIMITED UNDER APPLICABLE
CONSUMER PROTECTION LAW, INCLUDING WHERE THE USER IS A NATURAL
PERSON ACTING OUTSIDE THEIR TRADE, BUSINESS, OR PROFESSION.


8. LIMITATION OF LIABILITY
--------------------------

IN NO EVENT SHALL THE LICENSOR BE LIABLE FOR ANY DIRECT, INDIRECT,
INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING
BUT NOT LIMITED TO PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE. NOTHING IN THIS LIMITATION EXCLUDES
LIABILITY THAT CANNOT BE EXCLUDED UNDER APPLICABLE LAW.


9. TERMINATION
--------------

This license terminates automatically if the User materially breaches
any of its terms and fails to cure the breach within thirty (30) days
of written notice (where the breach is capable of being cured). Upon
termination, the User must cease all use of the Software and destroy
all copies in their possession.

The Licensor may revoke any License Key for material breach of this
Agreement, fraudulent use, or chargeback. Revocation of a License
Key affects only Subscription Bundles tied to that key; it does not
affect the User's right to continue using the Core Software under
clause 2 or any One-Time Bundle delivered prior to revocation.


10. CONTACT
-----------

For Bundle purchases, support inquiries, machine swaps, refunds,
audit communications, or any questions about this Agreement:

    dumitrescu.adrian121@gmail.com


11. GOVERNING LAW + JURISDICTION
--------------------------------

This Agreement is governed by and construed in accordance with the
laws of Romania, without regard to its conflict-of-laws provisions
and excluding the United Nations Convention on Contracts for the
International Sale of Goods.

The courts of Bucharest, Romania have exclusive jurisdiction over
any dispute, controversy, or claim arising out of or relating to
this Agreement, the Software, or its use, and the User irrevocably
submits to the exclusive jurisdiction of those courts.

Nothing in this clause limits a User who is a natural person acting
outside their trade, business, or profession (a "consumer") from
bringing proceedings in the courts of their country of habitual
residence where mandatory consumer-protection law of that country
grants them that right; in such cases, the substantive provisions
of this Agreement still apply to the maximum extent permitted by
that mandatory law.


12. ENTIRE AGREEMENT + SEVERABILITY
-----------------------------------

This Agreement (including the binding clauses 1-12; the Plain-English
Summary at the top is non-binding) is the entire agreement between
the Licensor and the User concerning the Software and supersedes all
prior or contemporaneous understandings, communications, or
representations on the same subject matter, except for any
separately-signed master agreement referenced in the preamble above.

If any provision of this Agreement is held by a court of competent
jurisdiction to be invalid, illegal, or unenforceable, that provision
shall be severed and the remaining provisions shall continue in full
force and effect. The Licensor and the User shall negotiate in good
faith a substitute provision that comes as close as possible to the
intent of the severed provision while remaining enforceable.


--------------------------------------------------------------------
This is the Interim v2 of the MemScope EULA. A successor version,
refined with external legal review, is expected to take effect once
the Licensor's commercial entity is registered and Bundle licences
are generally available. Customers entering into significant
commercial relationships are welcome to request the Licensor's
then-current master agreement and a Data Processing Addendum (see
docs/public/privacy.md).
--------------------------------------------------------------------
