WP·Care
⚠ This is a translated version for international readers. The legally binding version is the Italian original.
Legal document · Contract terms

Service Agreement

Version 1.0 · In force from May 5, 2026 · Civil law · Italian B2B
Operational draft. Document structured to provide the safeguards required by TUTTUU and operator Fabrizio but to be reviewed by a lawyer before go-live, in particular clauses on limitation of liability, compensation cap, jurisdiction and acceptance of autonomous AI. Placeholders [xxx] to be filled in with actual data.
Clause index
  1. Parties and recitals
  2. Definitions
  3. Subject matter
  4. Plans and fees
  5. Term and renewal
  6. SLA and service levels
  7. Provider's obligations
  8. Customer's obligations
  9. Autonomous AI actions
  10. Limitation of liability
  11. Warranty exclusions
  12. Indemnification
  13. Force majeure
  14. Termination (right to withdraw)
  15. Resolution
  16. Payments and invoicing
  17. Confidentiality
  18. Privacy and data
  19. Intellectual property
  20. Amendments and applicable law

01 Parties and recitals

This agreement (the "Agreement") governs the relationship between:

PROVIDER: [TUTTUU legal name · e.g. TUTTUU S.r.l.], with registered office in [address], VAT no. [xxxxxxxxxxx], Tax code [xxxxxxxxxxx], represented by its legal representative [legal representative name], operating under the commercial brand WPSonar (hereinafter "TUTTUU" or "Provider").

CUSTOMER: the natural or legal person who signs this Agreement through the wpsonar.tuttuu.it platform, registering with their own billing details and activating one of the available subscription plans (hereinafter "Customer").

Whereas:

  • The Provider professionally delivers maintenance, monitoring, security and optimization services for websites built on the WordPress platform.
  • The Customer is a B2B entity (company, professional, organization) that owns or manages a WordPress site and intends to entrust its maintenance to the Provider.
  • The Provider also delivers the Service through artificial intelligence software tools that operate autonomously within precise pre-authorized safelists.
  • The parties intend to govern the contractual relationship under the terms and conditions that follow.

02 Definitions

Service The set of services described in clause 3, delivered by the Provider to the Customer in accordance with the subscribed plan.
Customer Site The WordPress website that is the subject of the Service, identified by the URL provided by the Customer at activation.
Bridge Technical plugin installed on the Customer Site that allows the Provider to perform the maintenance operations covered by the plan.
AI Agent Software component of the Service that performs autonomous actions on the Customer Site within the agreed Safelist.
Safelist List of pre-authorized actions that the AI Agent may perform without human intervention (e.g. cache clear, disabling of plugins known to be buggy, restore from verified backup).
SLA Service Level Agreement · service levels guaranteed for each subscribed plan (response time, intervention frequency, etc.).
Fee The recurring consideration owed by the Customer for the use of the Service under the subscribed plan.

03 Subject matter

The Provider delivers to the Customer, against payment of the Fee, the WPSonar Service for maintenance and monitoring of the Customer Site, comprising — depending on the subscribed plan — the following services:

  • WordPress core, plugin and theme updates, with safelist and automatic rollback
  • Periodic filesystem and database backups, AES-256 encrypted, stored off-site
  • Security scanning (malware scan, CVE check, file integrity, login audit)
  • Uptime monitoring with email and/or WhatsApp alerts
  • Performance optimization (cache, WebP images, Core Web Vitals)
  • Security headers hardening (HSTS, CSP, X-Frame-Options, etc.)
  • Periodic audit with monthly report
  • Email and ticket support, according to the plan SLA
  • WordPress emergency response (site offline, hacked, 500 error) for Plus or Pro plans · at additional cost for Basic

The updated details of plans and included services are published on wpsonar.tuttuu.it and form an integral part of this Agreement at the time of subscription.

04 Plans and fees

At the time of signing the Agreement, the Customer chooses one of the available plans (Basic, Pro, Plus) and pays the Fee under the following terms:

  • Frequency: monthly, billed in advance
  • Effective date: from the Service activation date
  • Amount: as per the price list in force on the website at the time of subscription, with any promotional discounts applied for the first 3 months ("Early Pricing") or under expressly indicated offers
  • VAT: all amounts shown are net of VAT, unless otherwise indicated

The Provider may amend the price list with at least 30 days' notice; changes apply from the next renewal. The Customer may withdraw without penalty if it does not accept the new economic conditions, by giving notice within 15 days of the announcement.

05 Term and renewal

The Agreement has a monthly term and is tacitly renewed month by month, unless terminated under clause 14 (Termination). No binding minimum term is foreseen, except for plans with promotional discount (Early Pricing) which may carry a 3-month commitment.

06 SLA and service levels

The guaranteed service levels vary depending on the subscribed plan:

Indicator Basic
Support response time72 business hours
Backup frequencyweekly
24/7 emergency responseoptional at € 199 per intervention
Emergency response SLA4h from report
Indicator Pro
Support response time24 business hours
Backup frequencydaily
24/7 emergency response1 intervention/month included
Emergency response SLA2h from report
Indicator Plus
Support response time4 business hours · 8h non-business hours
Backup frequencydaily + 365-day retention
24/7 emergency responseunlimited
Emergency response SLA1h from report
Emergency response refund75% of monthly fee if not resolved within 4h

SLAs apply to business days from Monday to Friday, 9:00 AM — 7:00 PM (CET), unless otherwise indicated for the specific plan. Times attributable to the Customer (failure to provide credentials, failure to respond to clarification requests) and the events under clause 13 (Force majeure) are excluded from the SLA calculation.

07 Provider's obligations

The Provider undertakes to:

  • Deliver the Service with the diligence of a professional operator pursuant to art. 1176 of the Italian Civil Code
  • Respect the service levels (SLA) provided by the subscribed plan
  • Notify the Customer, with reasonable promptness, of any critical anomaly detected on the Site
  • Keep confidential any Customer information learned in the performance of the Agreement (see clause 17)
  • Process the Customer's personal data in compliance with the Privacy Policy and the GDPR
  • Retain logs of the activities performed on the Customer Site for 5 years
  • Preserve off-site backups of the Site according to the retention provided by the plan

The Provider's obligations constitute obligations of means and not of result. The Provider does not guarantee, in particular, the absolute absence of downtime, of zero-day vulnerabilities, of compromises caused by third parties or by software components outside its own control.

08 Customer's obligations

The Customer undertakes to:

  • Provide correct and up-to-date credentials for accessing the Site (WordPress admin, hosting/cPanel, any necessary API keys)
  • Keep active the Bridge installed by the Provider on the Customer Site, except in cases of withdrawal or technical emergency
  • Not tamper with the files and configurations installed by the Provider (in particular bridge, security plugins, backup files)
  • Promptly notify the Provider of: changes of credentials, changes of hosting, manual changes to the site that may interfere with the Service, third-party reports (Garante, authorities) regarding the site
  • Pay the Fee according to the agreed terms and timing
  • Inform the Provider of any custom plugins, ad-hoc code, or proprietary integrations that require special precautions
  • Ensure that the Customer Site complies with Italian and European law and does not contain unlawful, counterfeit, or third-party rights infringing material
  • Not install on its own initiative plugins or themes of dubious origin ("nulled", cracked, from unofficial sources) that may compromise the security of the Site

The Customer acknowledges that failure to comply with these obligations may compromise the performance of the Service and relieves the Provider from liability for any malfunction, damage or interruption arising therefrom.

09 Autonomous AI actions · express acceptance clause

By signing this Agreement, the Customer expressly authorizes the Provider to operate on the Customer Site artificial intelligence systems (AI Agent) that autonomously perform maintenance and remediation actions within the Safelist below.

The Safelist at the time of signing includes, on a non-exhaustive basis:

  • WordPress core, plugin and theme updates with automatic rollback in case of failure
  • Cache clear (LiteSpeed, WP Rocket, W3TC, Cloudflare, etc.)
  • Disabling of plugins with known vulnerabilities (public CVE) or documented conflicts
  • Restore of WordPress core files if tampered with (file integrity check)
  • Restore from verified backup in case of site offline or malware
  • Security headers hardening (.htaccess or web.config)
  • Reset of non-compliant file/directory permissions (chmod)
  • Cleanup of backdoors/malware found with known patterns

All Safelist actions are reversible through pre-action backup and rollback logs. The Provider maintains an append-only audit log of every operation performed, accessible to the Customer on request.

Actions outside the Safelist (e.g. structural changes to the site, intervention on custom databases, installation of unrequested plugins) require express Customer authorization on a case-by-case basis.

The Customer acknowledges that — even with all precautions in place — an automated action may in exceptional cases produce unintended effects. The Provider's liability in such cases is governed by clause 10 (Limitation of liability).

10 Limitation of liability

Save in cases of willful misconduct or gross negligence, the Provider's total liability towards the Customer for any claim arising from the Agreement — contractual, non-contractual or otherwise — is expressly limited in accordance with the following criteria:

  • Maximum cap: the compensation owed by the Provider may in no case exceed the equivalent of 3 (three) monthly Fees paid by the Customer in the 12 months preceding the harmful event, and in any case no more than € 3,000.00 (three thousand/00)
  • Indirect, consequential damages or loss of profit (lost earnings, loss of customers, reputational damages, loss of SEO ranking, loss of business opportunities) are excluded
  • Damages arising from the following are excluded: hacking pre-existing to the Service and not detected, "nulled" plugins/themes installed by the Customer, changes to the site made by the Customer or third parties without the Provider's knowledge, downtime of the Customer's hosting, network interruptions of third-party providers, force majeure events
  • The Provider is not liable for the loss of content or configurations introduced by the Customer on the Site between one backup and the next
  • The Provider does not guarantee the compatibility of the Customer's proprietary plugins or themes with updates of WordPress core or other plugins

These limitations apply to the maximum extent permitted by applicable Italian law.

11 Warranty exclusions

The Service is provided "as is" within the SLA specifications of the subscribed plan. The Provider does not in particular guarantee:

  • 100% uptime of the Customer Site · uptime also depends on the Customer's hosting, which is outside the Provider's control
  • The absence of zero-day vulnerabilities · by definition not detectable at the time of discovery
  • The SEO ranking of the Site · depends on factors not controllable by the Provider
  • Future compatibility with new releases of WordPress, PHP, MySQL · best effort under safelist and rollback
  • Full recovery of the site in case of total compromise · best effort from the most recent available backup
  • The absence of false positives in malware detection · subject to manual verification before any critical action

12 Customer's indemnification

The Customer undertakes to indemnify and hold harmless the Provider (and its directors, employees, collaborators, in particular Mr. [Fabrizio · last name] in his capacity as technical operator) from any claim, action, damage, cost (including legal fees) arising from:

  • Unlawful content, content infringing third-party rights, or content not compliant with current regulations on the Customer Site
  • Unlawful processing of personal data by the Customer on the Site (e.g. collection without consent)
  • "Nulled" plugins or themes installed by the Customer and which the Customer requests not to disable
  • Failure to provide the Provider with information relevant for the proper performance of the Service
  • Actions or omissions by the Customer or third parties acting on its behalf that contributed to the occurrence of the damage
  • Claims by third parties whom the Customer has involved in the management of the Site without informing the Provider

13 Force majeure

Neither party shall be liable for non-performance due to force majeure events, meaning unforeseeable events outside the reasonable control of the affected party, including on a non-exhaustive basis: natural disasters, acts of war or terrorism, general strikes, electrical or internet network interruptions at regional level, pandemics and related restrictive measures, large-scale cyberattacks (e.g. DDoS) on the third-party providers used, measures of public authorities.

The impeded party shall notify the event to the other party within 5 (five) days and take any reasonable measure to limit its effects.

14 Termination (right to withdraw)

14.1 Customer's right to withdraw

The Customer may withdraw from the Agreement at any time, with effect at the end of the current monthly period, by giving notice of withdrawal via email to care@tuttuu.it with a minimum notice of 15 days. No penalty is owed, except in the case of plans with promotional commitment (Early Pricing) for which early withdrawal entails the loss of the discount and the billing of the difference at the base list price.

14.2 Provider's right to withdraw

The Provider may withdraw from the Agreement with 30 days' notice via email, even without specific reasons, refunding to the Customer any prepaid monthly Fees for the unused period.

14.3 Effects of termination

Upon termination of the Agreement, the Provider: (i) discontinues the Service; (ii) makes the existing backups available to the Customer for 30 days; (iii) deletes or anonymizes the Customer's data as provided in the Privacy Policy; (iv) revokes the credentials for accessing the Customer Site.

15 Resolution

The Agreement is automatically resolved, pursuant to art. 1456 of the Italian Civil Code, in the event of:

  • Failure to pay the Fee for more than 15 days from the invoice due date, after formal notice to comply
  • Material breach by the Customer of the obligations under clause 8
  • Use of the Site for unlawful purposes, contrary to law or public order
  • Repeated hostile conduct by the Customer against the Provider or its collaborators (insults, threats, abuse of support)
  • Subjection of either party to insolvency proceedings

In the event of resolution due to a cause attributable to the Customer, the Provider shall be entitled to retain what has already been invoiced and to claim compensation for any greater damage suffered.

16 Payments and invoicing

Payments are made monthly in advance through one of the following channels chosen by the Customer:

  • Credit/debit card (Visa, Mastercard, Amex) via Stripe
  • SEPA Direct Debit with mandate
  • Bank transfer (for prepaid annual amounts)

The Provider issues an electronic invoice to the SDI (Italian Exchange System) within the legal terms. In case of late payment, default interest under Italian Legislative Decree 231/2002 shall apply.

The Customer acknowledges that the Service may be suspended in case of non-payment after 7 days from the invoice due date, until payment. Suspension does not interrupt invoicing.

17 Confidentiality

The parties mutually undertake to keep confidential the information they become aware of in the performance of the Agreement, in particular: commercial, technical, organizational data, credentials, internal procedures, security strategies.

The confidentiality obligation remains for 5 years after termination of the Agreement. Information that is in the public domain, already known to the receiving party prior to disclosure, obtained from legitimate third-party sources, or made public by legal obligation is excluded from the obligation.

18 Privacy and data protection

The processing of personal data is governed by the Privacy Policy available at wpsonar.tuttuu.it/privacy, which the Customer declares to have read.

For personal data processed by the Provider on behalf of the Customer (e.g. data of users of the Customer Site collected through contact forms), the Provider acts as a Data Processor pursuant to art. 28 GDPR. Upon Customer's request, a separate Data Processing Agreement (DPA) shall be signed.

19 Intellectual property

The Customer retains full ownership of the contents, layout, and custom code present on its own Site.

The Provider retains full ownership of its own software tools, Bridge plugin, AI Agent, knowledge base, prompts and models developed in the delivery of the Service. The Customer is granted a non-exclusive, non-transferable license, limited to the duration of the Agreement and functional to the use of the Service.

Suggestions, feedback and ideas from the Customer transmitted to the Provider may be freely used by the latter to improve the Service, with no obligation of compensation or acknowledgment.

20 Amendments · applicable law · jurisdiction

The Provider reserves the right to amend the terms of the Agreement with 30 days' notice. Amendments are deemed accepted if the Customer continues to use the Service after the effective date; the Customer may withdraw without penalty if it does not accept the new conditions.

This Agreement is governed by Italian law. For any dispute arising from or connected with the Agreement, the Court of [TUTTUU registered office · e.g. Rome] shall have exclusive jurisdiction, save for any mandatory jurisdiction of the consumer's court if the Customer qualifies as such pursuant to art. 33 of the Italian Consumer Code.

The parties undertake to attempt the amicable settlement of any dispute before bringing court proceedings; failing agreement within 30 days from the first formal communication, each party may bring the matter before the competent court.

Specific approval of the unfair clauses pursuant to articles 1341 and 1342 of the Italian Civil Code — The Customer, by digitally signing this Agreement through the dedicated procedure on wpsonar.tuttuu.it, declares to have read and to specifically approve the following clauses: clause 9 (autonomous AI actions with express acceptance), clause 10 (limitation of liability with compensation cap), clause 11 (warranty exclusions), clause 12 (Customer's indemnification), clause 14.2 (Provider's right to withdraw), clause 15 (express resolution clause), clause 20 (jurisdiction).