Terms and Conditions for Algorithma's Chatbot Service

2.1 Collection of Web Data

Algorithma crawls the Customer's public website to collect text data. The Customer is responsible for ensuring that:

• The website may be crawled by Algorithma (including compliance with robots.txt, external terms and any technical limitations); and
• Algorithma's access to and use of the website data does not violate third party terms or rights.

The Customer is responsible for ensuring that all crawled content does not infringe the intellectual property rights of third parties. Algorithma assumes no responsibility for any such infringement arising from the Customer's content, subject to section 3.3 (Indemnity).

2.2 Processing and Embeddings

Algorithma generates embeddings and performs other processing based on the collected text data. The processing aims to create a vectorized knowledge base and related artefacts necessary for the functionality of the chatbot and related AI components.

2.3 Configuration of AI Agent

Algorithma sets up an AI agent that uses the embeddings and other configured resources as knowledge sources. Algorithma configures the agent according to the agreed functionality and use cases.

2.4 Operations and Hosting

Algorithma hosts the agent in its own or third-party environments. The solution is provided as a service, which means that Algorithma is responsible for operations, maintenance, monitoring and the technical platform.

Unless otherwise agreed in a separate service level agreement ("**SLA**"), Algorithma uses reasonable efforts to ensure availability and performance but does not guarantee uninterrupted or error-free operation.

2.5 Availability for End Users

The Service is used by end users interacting with the agent. End users may submit text data, including personal data, in their messages. The Customer controls the context in which the agent is made available to end users and how the output is used.

3.1 Algorithma's Responsibilities

Algorithma is responsible for:

• Providing the Service according to the agreed specification;
• Handling and storing data securely in accordance with these Terms and the DPA;
• Implementing technical and organisational measures to protect personal data, as further described in the DPA;
• Maintaining reasonable availability and stability of the Service, subject to section 2.4 and any agreed SLA.

3.2 The Customer's Responsibilities

The Customer is responsible for:

• Possessing and maintaining all necessary rights to allow Algorithma to crawl the website and use the website data for the purposes of the Service;
• Ensuring that all website data and other content provided to Algorithma may be used by Algorithma to provide the Service without infringing third party rights;
• Ensuring that no content provided by the Customer violates third party intellectual property rights, applicable law or third party terms;
• Informing end users that interactions with the agent may involve the processing of personal data and ensuring that a valid legal basis exists for such processing;
• Complying with all applicable legislation regarding personal data processing, including the GDPR, and providing instructions to Algorithma in accordance with the DPA;
• Configuring and using the Service in a manner that complies with applicable sector-specific regulations and internal policies.

3.3 Indemnity for Customer Content and Compliance

The Customer shall indemnify and hold Algorithma harmless from and against any claims, damages, costs and expenses (including reasonable legal fees) arising out of or in connection with:

• Any allegation that content on the Customer's website, or other content provided by the Customer, infringes third party intellectual property rights, violates applicable law or breaches third party terms;
• The Customer's failure to comply with applicable data protection legislation (including GDPR), including but not limited to providing adequate information to end users and establishing a valid legal basis for the processing of personal data;
• The Customer's use of the Service in breach of these Terms, the DPA or the Customer's own internal policies.

The indemnity in this section shall not apply to the extent the relevant claim is caused by Algorithma's wilful misconduct or gross negligence.

4.1 Distribution of Roles and DPA

The Customer is the data controller for all personal data processed in connection with the Customer's use of the Service, including personal data contained in:

• Text data from the Customer's website; and
• End user messages and other input to the agent.

Algorithma is the data processor and processes personal data on behalf of the Customer, in accordance with the Customer's documented instructions and the DPA. In case of conflict between these Terms and the DPA regarding personal data, the DPA shall prevail.

4.2 Data Types Processed

Algorithma processes the following categories of data for the purpose of providing and operating the Service:

• Text data from the Customer's website and other content provided by the Customer;
• User messages and other input submitted to the agent;
• Metadata and system data generated by the operation of the Service (including logs as described in section 4.3).

Any personal data contained in such data is processed only for the purposes agreed between the parties and as further set out in the DPA.

4.3 Storage, Logs and Deletion

Algorithma stores data to the extent required to deliver, maintain and secure the Service and to comply with legal obligations.

Operational and system logs may be stored for a longer period than end user content where necessary for troubleshooting, security, audit and compliance purposes. Such logs are deleted or anonymised in accordance with Algorithma's standard routines and/or as specified in the DPA and any agreed retention rules.

Upon termination of the Service or upon the Customer's request, data will be deleted or anonymised in accordance with the DPA, agreed retention rules and Algorithma's standard routines, subject to applicable legal obligations to retain certain data.

4.4 Security

Algorithma implements appropriate technical and organisational measures to protect data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or unauthorised access. Such measures include, where appropriate, encryption, access control and logging, as further described in the DPA.

4.5 Third Party AI Providers, Sub-Processors and Data Transfers

Algorithma uses third-party providers for large language models, cloud hosting and related services, including but not limited to Google Cloud Platform, Google Gemini, OpenAI and Vercel (the "**Sub-processors**").

By accepting these Terms, the Customer consents to:

• Text data and user messages (to the extent necessary) being transferred to such Sub-processors solely for the purpose of hosting the Service, generating responses and creating embeddings or other AI-related artefacts;
• Such Sub-processors acting as sub-processors in the meaning of the GDPR.

Algorithma maintains a current list of Sub-processors, available upon request, and shall inform the Customer of material changes to the list before such changes take effect, in accordance with the DPA.

Algorithma shall ensure that:

• Sub-processors are bound by written data protection obligations which are no less protective than those set out in the DPA; and
• Where personal data is transferred outside the EU/EEA, appropriate safeguards are implemented in accordance with applicable data protection legislation (including the GDPR), such as standard contractual clauses or equivalent legal mechanisms.

Algorithma shall ensure that personal data sent to third-party AI providers is not used to train their public foundation models, in accordance with the providers' enterprise terms.

4.6 Sensitive Personal Data and High-Risk Use

The Customer shall not use the Service to intentionally process:

• Special categories of personal data as defined in Article 9 GDPR (including data concerning health, religious beliefs, political opinions, etc.);
• Data relating to criminal convictions and offences; or
• Other information of a highly sensitive nature,

unless this has been expressly agreed in writing and appropriately regulated in the DPA, including specific safeguards and instructions.

Algorithma may implement technical measures to reduce the likelihood that such sensitive data is stored or used, including filters and blocking of certain content types. Algorithma may suspend or limit the Service if the Customer's use repeatedly leads to processing of sensitive data in breach of this section.

For use of the Service in regulated sectors (including financial services, healthcare and legal advice), the Customer is responsible for implementing appropriate human review, domain-specific controls and additional safeguards to ensure compliance with sector-specific legislation and guidance.

4.7 Security Incidents and Notifications

If Algorithma becomes aware of a personal data breach affecting personal data processed on behalf of the Customer, Algorithma shall notify the Customer without undue delay after becoming aware of the breach and shall provide information reasonably available to assist the Customer in meeting its legal obligations, including any notification obligations towards supervisory authorities and data subjects.

Algorithma shall, at the Customer's cost to the extent permitted by applicable law and as set out in the DPA, provide reasonable assistance in investigating, mitigating and responding to such incidents.

5.1 Customer Content

The Customer retains all rights, title and interest to the website data and all other content provided by the Customer, including any intellectual property rights therein.

5.2 Algorithma's Technology

Algorithma retains all rights, title and interest to its methodology, infrastructure, software, code, embeddings models, prompts, system configurations and all other components, tools and know-how used to deliver the Service, including any improvements and modifications thereto.

5.3 Embeddings and Model Configuration

Algorithma may use embeddings and other artefacts created from the Customer's data solely to operate, configure, improve and develop the agent and associated features for the Customer, and for maintaining and improving the Service in a way that does not disclose the Customer's content to other customers.

No ownership in embeddings, models, prompts or other technical artefacts is transferred to the Customer.

6.1 Permitted Use

The Service may only be used for the purposes defined in the agreement between Algorithma and the Customer and in accordance with these Terms and the DPA.

6.2 Prohibited Use

The Customer may not:

• Use the Service in a way that violates applicable law, third party rights or export control regulations or applicable sanctions;
• Attempt to circumvent or interfere with security or access control mechanisms;
• Reverse engineer, decompile or attempt to derive the source code of the Service except to the extent permitted by mandatory law;
• Use the Service to develop or train competing AI or chatbot systems without Algorithma's prior written consent.

6.3 AI Output, Customer Controls and High-Risk Contexts

The Customer acknowledges that the AI agent may generate incorrect, incomplete, misleading or inappropriate information and that the Service is not a substitute for professional advice, human judgment or the Customer's own quality assurance processes.

The Customer is responsible for:

• Configuring and testing the agent for the Customer's specific use cases and data;
• Determining in which workflows and for which purposes the agent may be used;
• Implementing appropriate control mechanisms (including human review where reasonably required) before relying on or acting upon the agent's output;
• Ensuring that the agent is not presented as providing legally, medically or financially binding advice, or other regulated advice, unless this has been specifically agreed in writing and additional safeguards have been implemented.

7.1 Indirect Damages

Algorithma is not liable for indirect damages, loss of profit, loss of data (beyond what follows from applicable law or the DPA), loss of production, loss of goodwill or other economic consequential damages arising out of or in connection with the use of or inability to use the Service.

7.2 AI Agent Responses

Algorithma is not liable for incorrect, incomplete or misleading responses generated by the AI agent. The Customer is responsible for implementing suitable control mechanisms and notices to end users as set out in section 6.3.

7.3 Liability Cap

Algorithma's total aggregate liability under these Terms, regardless of the legal basis, is limited to the total amount paid by the Customer for the Service during the twelve (12) months preceding the event giving rise to the claim.

7.4 Third-Party Providers and Dependencies

The Customer acknowledges that the Service depends on third-party providers (including cloud and AI model providers). Algorithma shall not be liable for interruptions, limitations or changes in the Service that are directly caused by such providers, provided that Algorithma has exercised reasonable care in its choice of providers and in its handling of incidents.

7.5 Remedies

Unless otherwise agreed in an SLA, the Customer's sole and exclusive remedies for persistent or material deficiencies in the Service shall be:

• A proportionate reduction of fees for the affected period, not exceeding the amounts actually paid for the Service during that period; and/or
• Termination of the Service with thirty (30) days' written notice.

This section shall apply without prejudice to the liability cap in section 7.3 and the carve-outs in section 7.4.

10.1 Pricing

Fees for the Service are set out in the separate quote, order form or price list agreed between the Customer and Algorithma. All prices are exclusive of VAT and other applicable taxes.

10.2 Invoicing and Payment Terms

Unless otherwise agreed, invoicing occurs monthly or annually in advance. The payment term is thirty (30) days from the invoice date.

10.3 Late Payment

In the event of late payment, Algorithma is entitled to charge penalty interest in accordance with the Swedish Interest Act and a statutory reminder fee.

10.4 Suspension of Service

If payment is not received within the specified time, Algorithma may temporarily suspend the Customer's access to the Service until full payment has been received. Suspension does not affect Algorithma's right to claim payment, interest or other remedies.

10.5 Price Adjustments

Algorithma may adjust prices annually. The Customer will be informed of any price adjustments at least thirty (30) days before they take effect.