Terms of Service
Speednet Sp. z o.o. · legal@speednet.pl · EU region
01Software License Agreement
Grant of license
Speednet Sp. z o.o. ("Provider") grants the customer ("Customer") a non-exclusive, non-transferable, revocable license to use the Auditor software platform ("Software") in accordance with these terms and the applicable Order Form.
Deployment & infrastructure
Auditor is deployed exclusively on Customer-controlled infrastructure. The Provider does not host the Software as a SaaS service. Deployment options include:
- Customer VPS / cloud — AWS, Azure, GCP, or any cloud provider of Customer's choice.
- On-premise — Customer's own data centre or private cloud.
- Hybrid — any combination of cloud and on-premise infrastructure.
The Software is platform-agnostic and does not require specific cloud providers, operating systems, or database engines beyond the documented system requirements.
Provider will assist with initial setup, configuration, and integration. Provider does not modify, manage, or have ongoing access to Customer's infrastructure beyond what is explicitly authorised for support purposes.
AI models & providers
The Software supports multiple AI model providers (e.g., Anthropic, OpenAI, Azure OpenAI, Google, AWS Bedrock, self-hosted models). Customer is solely responsible for:
- Selecting and configuring AI model providers.
- Entering into agreements with chosen AI providers.
- Ensuring compliance with AI provider terms of service and applicable AI regulations (including the EU AI Act).
- Registering AI systems in the AI Systems Registry (the Software provides the tooling; registration decisions are Customer's responsibility).
Provider does not mandate, endorse, or assume liability for any specific AI model, provider, or configuration chosen by Customer.
Data ownership & privacy
Customer retains full ownership of all data processed through the Software, including documents, analysis results, evidence packs, and audit trails. Provider:
- Does not access, store, retain, or transmit Customer data outside of Customer's infrastructure.
- Does not use Customer data for training, analytics, benchmarking, or any purpose beyond delivering the licensed Software.
- Has no standing access to Customer's deployment. Access is granted on a case-by-case basis for support purposes and revoked upon completion.
A separate Data Processing Agreement (DPA) is executed prior to any engagement involving access to Customer environments containing personal data, in compliance with GDPR (EU Regulation 2016/679).
02Support & Maintenance SLA
Definitions
- Business Days/Hours — Monday–Friday, 09:00–17:00 CET/CEST (Warsaw), excluding public holidays.
- Incident — an unplanned interruption or reduction in service.
- Service Request — a request for information or standard change (non-incident).
- Workaround/Restoration — a temporary change or fix that restores acceptable service.
- Resolution — a permanent fix delivered as hotfix, patch, or release.
Scope of support
Included: Break/fix support, configuration guidance, product defects, documented features, usage questions, review of product logs and metrics.
Excluded: Customer's infrastructure (compute, network, storage), OS/DB administration, third-party services (cloud providers, IdPs, ETL tools), custom code and integrations, and issues caused by unsupported changes. Provider will offer reasonable guidance on excluded areas.
Hypercare (post-go-live)
30 calendar days from acceptance. 60 engineer-hours included at no additional charge, covering critical defect remediation, infrastructure/integration stabilisation, and analysis performance tuning. Unused hours expire at day 30.
Severity levels
| Priority | Definition | Response | Restoration |
|---|---|---|---|
| P1 — Critical | Production down, data corruption/loss, security incident, no workaround | 30 min (24×7) | 8 hours |
| P2 — High | Major functionality degraded, severe business impact, limited workaround | 1 Business Hour | 2 Business Days |
| P3 — Medium | Minor feature failure, clear workaround available | 1 Business Day | 20 Business Days |
| P4 — Low | Questions, consultations, how-to | 2 Business Days | Next planned release |
Release & patch policy
- Feature releases — twice per year (semiannual).
- Maintenance patches — monthly rollups for non-security fixes.
- Hotfixes — as needed for urgent defects.
- Security patches (CVSS-based) — Critical (≥9.0): within 72 hours; High (7.0–8.9): within 7 days; Medium (4.0–6.9): within 30 days; Low (<4.0): next planned maintenance.
Version support
Each GA version is supported for 12 months. Provider gives 6 months' notice before end-of-life. Extended support (security fixes only) may be purchased for up to 12 additional months.
Planned maintenance
≥7 days' notice for standard maintenance; 24 hours for emergency maintenance. Preferred windows: weekends/evenings in Customer's local time.
03Professional Services & Consulting
Provider offers the following professional services on a time-and-materials or fixed-scope basis:
- Deployment & setup — initial installation, configuration, integration, and go-live support.
- Ongoing maintenance — Provider can supply dedicated personnel to maintain the Software on Customer's infrastructure, under Customer's direction.
- Policy & process consulting — assistance in creating compliance policies, reviewing existing processes, designing workflows, and configuring the platform for Customer's regulatory requirements.
- Training — minimum 1 admin workshop, 2 end-user sessions, recordings, and full documentation set. Documentation is kept current with each release.
All professional services are governed by a separate Statement of Work (SOW). Provider personnel operate under Customer's direction and do not make independent decisions about Customer's compliance posture, regulatory obligations, or governance structure.
04Liability & Limitations
Customer responsibility
Customer is solely responsible and liable for:
- All compliance, regulatory, and governance decisions made using the Software.
- The accuracy, completeness, and legal adequacy of policies, frameworks, and documents loaded into the Software.
- AI model selection, configuration, and the outputs produced by chosen AI providers.
- AI system registration, risk classification, and governance decisions (including EU AI Act obligations).
- Infrastructure security, access controls, backups, and disaster recovery.
- Master Data Management (MDM) and data quality.
Provider limitation of liability
The Software is a tool that assists compliance and audit professionals. It does not constitute legal, regulatory, or compliance advice. Provider's aggregate liability under this agreement shall not exceed the total fees paid by Customer in the 12 months preceding the claim.
Provider shall not be liable for indirect, incidental, consequential, special, or punitive damages, including lost profits, lost data (beyond Customer's infrastructure), or business interruption, regardless of the cause of action.
AI output disclaimer
AI-generated analyses, suggestions, gap identifications, and remediation proposals are decision-support outputs, not authoritative determinations. Customer must independently verify all AI outputs before acting on them. Provider makes no warranty regarding the accuracy, completeness, or legal sufficiency of AI-generated content.
Governing law (EU)
This Agreement is governed by the laws of Poland. Disputes shall be resolved by the competent courts in Gdańsk, Poland. Nothing in this Agreement excludes or limits mandatory consumer protections under applicable EU member state law.
05Confidentiality & NDA
Prior to any engagement involving access to Customer's infrastructure or data, both parties execute a mutual Non-Disclosure Agreement (NDA) covering:
- All information disclosed during setup, support, and consulting engagements.
- Customer's documents, policies, regulatory submissions, and business data.
- Provider's proprietary technology, algorithms, and trade secrets.
Duration: the term of the agreement plus 3 years post-termination.
A separate Data Privacy and Handling Policy Agreement is executed for engagements involving personal data or regulated information, specifying data handling procedures, access controls, and audit rights.
06Acceptable Use Policy
Customer shall not:
- Reverse-engineer, decompile, disassemble, or attempt to derive the source code of the Software.
- Sublicense, resell, lease, or distribute the Software to third parties.
- Use the Software to process data on behalf of third parties without Provider's written consent.
- Remove or alter proprietary notices, labels, or marks on the Software.
- Use the Software in violation of applicable laws, including data protection, AI, and sanctions regulations.
- Circumvent or disable security features, access controls, or usage limitations.
Speednet Sp. z o.o.
Olivia Centre (Star), al. Grunwaldzka 472C, 80-309 Gdańsk, Poland
KRS 0000295602 · NIP 5862208698 · REGON 220540536
legal@speednet.pl · speednetsoftware.com