Platform
Third-Party Open-Source Notices
ChefSphere’s own software is not open source. This page explains how we use third-party open-source components in our stack and how to obtain notices and source offers where licences require them.
ChefSphere’s applications, backend, and related services are proprietary. ChefSphere OÜ does not publish ChefSphere source code under an open-source licence, and nothing here should be read as doing so.
Like most modern software, ChefSphere incorporates third-party open-source software (“OSS”) — for example libraries pulled in through package managers for our web stack, mobile clients, and server-side code. Those third-party components are what this page is about: attribution, transparency, and copyleft source-offer obligations that apply to those dependencies, not a release of ChefSphere itself.
This page is published:
- to satisfy attribution requirements under permissive licences such as MIT, BSD-2-Clause, BSD-3-Clause, ISC, and Apache-2.0 where they apply to redistributed components;
- to describe how we handle source-offer obligations for copyleft components where they apply (LGPL-2.1, LGPL-3.0, MPL-2.0, and similar);
- to support supply-chain transparency for security and compliance review, including expectations under NIS2 (Directive (EU) 2022/2555) and the Cyber Resilience Act (Regulation (EU) 2024/2847) as they apply to the Service.
1. Where notices live
- Web: https://chefsphere.app/legal/open-source-licenses is this notice page.
- Per-package detail: A full, versioned list of dependencies and their licence identifiers for a given ChefSphere release is not hosted as a separate public file here today. If you need that list for a specific product, platform, or version, email [email protected] and we will provide reasonable assistance (for example a dependency export or pointers to upstream projects), subject to operational limits.
2. Categories of third-party licences we commonly see
The following summarises typical licence families in our dependency graphs. It is not a complete inventory; upstream packages and versions change between releases.
- MIT — common for JavaScript, TypeScript, Dart/Flutter, and Node dependencies (including many framework and utility libraries).
- Apache-2.0 — used by various infrastructure, cryptography, and telemetry-related dependencies.
- BSD-2-Clause / BSD-3-Clause / ISC — common for long-standing utilities and helpers in the Node ecosystem.
- MPL-2.0 — file-level copyleft; applicable files are normally used unmodified from upstream.
- LGPL-2.1 / LGPL-3.0 — may apply where linked; source offers are handled as in § 3.
- OFL-1.1 — may apply to redistributed fonts.
- Unicode-DFS-2016 / Unicode-TOU — may apply to Unicode data files where redistributed.
- CC0-1.0 / CC-BY-4.0 / CC-BY-SA-4.0 — may apply to documentation or data where upstream chose a Creative Commons licence.
3. Source offer for copyleft components
For any third-party component distributed under LGPL-2.1, LGPL-3.0, MPL-2.0, or another copyleft licence that requires a corresponding source offer when we distribute a build that includes it, the corresponding source — including any modifications we have made and, where required, the scripts used to control compilation and installation — is available free of charge for three (3) years after the relevant ChefSphere release, on request to:
- Email: [email protected] with subject line
OSS source offer — <library name>. - Mail: ChefSphere OÜ, c/o E-Residency Hub OÜ, Ahtri tn 12, 10151 Tallinn, Harju maakond, Estonia. Please identify the ChefSphere product (web, iOS, Android, or other), the approximate release or build date if known, and the library name.
We may provide source by download link or on physical media at our discretion; we may charge only the marginal cost of media and postage where applicable.
4. Licence texts
Third-party OSS is licensed on its own terms. Full licence texts are maintained by upstream projects; we do not replace upstream licence text with our own. Where a licence requires additional notices, we apply them in addition to the original notice.
5. No warranty, no liability (for third-party OSS)
Third-party OSS is, per its licences, often provided “AS IS”, without warranty from the authors. ChefSphere’s own Terms of Service, consumer-protection rules under Directive (EU) 2019/771 (sale of goods), the European Accessibility Act (Dir. (EU) 2019/882), the Consumer Rights Directive (2011/83/EU), and the GPSR (Reg. (EU) 2023/988) apply to the Service that ChefSphere OÜ provides — not to stripping warranty or liability from upstream OSS licences themselves.
6. Reporting security issues in the OSS supply chain
Security issues that may affect ChefSphere through a third-party dependency can be reported to:
- [email protected] (preferred).
- The upstream project’s security channel where one exists.
We coordinate remediation and disclosure in line with responsible disclosure practice and applicable product-security rules, including Article 11 of the Cyber Resilience Act once its obligations apply to the Service.
7. Trademarks and brand assets
Nothing on this page grants a right to use the ChefSphere name, logo, colour palette, or app icon. Third-party OSS licences address copyright (and sometimes patents) for those projects; ChefSphere branding remains ours. See Terms § 11 (Intellectual Property).
8. Changes
We update this page when we materially change how we describe third-party OSS practices or when legal or regulatory expectations change. The version and effective date in the header reflect the last such update — not an automated dump of every dependency version.