General Terms and Conditions (GTC)

1. Scope

1.1 These General Terms and Conditions apply to all contracts for the provision and use of nordnung AI between SecureVibe IT Solutions GmbH, Anne-Frank-Strasse 25, 22587 Hamburg, Germany, hereinafter referred to as the "Provider", and its customers, hereinafter referred to as the "Customer".

1.2 The offer is directed exclusively at entrepreneurs within the meaning of Section 14 German Civil Code (BGB), legal entities under public law, and special funds under public law. Contracts with consumers are excluded.

1.3 Conflicting or supplementary general terms and conditions of the Customer only become part of the contract if the Provider has expressly agreed to their validity in text form.

1.4 In individual cases, individual agreements, offers, service descriptions, order forms, service-level agreements, and data processing agreements take precedence over these GTC.

2. Subject matter of the contract

2.1 nordnung AI is a software and automation platform for IT support and IT operations processes with web-based functions, agents, workflows, governance functions, and documentation functions.

2.2 The scope of services may include, in particular, the following modules:

Phone agent for phone-based or chat-based support without independent system changes, vision agent for analyzing uploaded images, Endpoint Agent for actions in the local client context, VM Agent for isolated sessions on approved target systems, critical systems agent for defined administrative standard actions, and cloud agent for approved cloud integrations, in particular based on defined API methods.

2.3 The specific scope of services is defined by the respective offer, order form, or the respective current service description.

2.4 Unless expressly agreed otherwise, the Provider does not owe a specific economic outcome but the provision of the agreed functions in accordance with these GTC.

3. Conclusion of contract

3.1 A contract is concluded through an individual offer and acceptance, through a separate order form, through a written agreement, or through activation of the agreed scope of services.

3.2 If test access, demos, or pilot phases are provided, this is done on a non-binding basis or on the basis of separate agreements.

4. Right of use

4.1 For the duration of the contract, the Provider grants the Customer a simple, non-exclusive, non-transferable right to use nordnung AI within the agreed scope for its own business purposes.

4.2 The Customer may allow nordnung AI to be used only by its own employees, freelancers, or other authorized users, insofar as they work for the Customer and are bound by confidentiality obligations.

4.3 Transfer to third parties, resale, sublicensing, or use for third parties as an independent service is permitted only with the Provider's express written consent.

5. Customer accounts, permissions, and security

5.1 The Customer is obliged to manage user accounts carefully and grant access only to authorized persons.

5.2 Roles and permissions must be assigned according to the principle of necessity. The Customer shall ensure that only duly authorized persons can trigger approvals, authorizations, or administrative actions.

5.3 The Customer is obliged to keep access credentials confidential and to inform the Provider without undue delay if misuse is suspected or credentials may have been compromised.

6. Approvals, autonomy, and human control

6.1 Depending on product configuration, different approval levels may be used. In particular, the following approval levels may be provided for the Endpoint Agent:

• a) Stage 1: each action requires separate approval
• b) Stage 2: initial approval, then autonomous execution in user context
• c) Stage 3: initial approval, then autonomous execution of defined administrative actions on the client

6.2 The Customer is responsible for choosing an approval level appropriate to the risk profile.

6.3 Actions with potentially significant impact on user accounts, access rights, systems, or processes may only be approved or initiated by appropriately authorized and trained personnel.

6.4 AI-generated results, recommendations, and suggestions must be appropriately reviewed by the Customer before critical actions are taken. This applies in particular to administrative changes, rights assignment, password procedures, session management, onboarding processes, and customer-specific integrations.

7. Permitted use

7.1 The Customer may use nordnung AI only in compliance with applicable law, these GTC, and the agreed service descriptions.

7.2 In particular, the following is prohibited:

use for unlawful purposes, circumvention of security mechanisms, introduction of malware, unauthorized use of third-party credentials, use contrary to documented approval limits or protection mechanisms, and use for prohibited or separately regulated AI use cases without an express written agreement and legal review.

7.3 Without a separate written agreement, nordnung AI may in particular not be used for automated decisions on hiring, termination, performance evaluation, creditworthiness, insurance, medical diagnosis, biometric identification, emotion recognition, or similarly sensitive purposes.

8. Customer data and Customer responsibility

8.1 The Customer remains responsible for the lawfulness of content and data submitted by the Customer or its users.

8.2 The Customer shall ensure it has all required rights, permissions, and legal bases to have personal data, documents, images, system information, and other content processed via nordnung AI.

8.3 The Customer shall ensure that no unnecessary sensitive data, passwords, or other secrets are entered or uploaded, unless required for the relevant purpose and legally permissible.

8.4 If the Customer uses or commissions its own connectors, generic nodes, or customer-specific integrations, the Customer is responsible for their lawful configuration and use.

9. Data protection and processing on behalf

9.1 Where the Provider processes personal data under its own responsibility, this is done in accordance with the Privacy Policy and applicable law.

9.2 Where the Provider processes personal data on behalf of the Customer, the parties conclude a data processing agreement.

9.3 In such cases, the Customer remains responsible for fulfilling its own information obligations and lawfulness requirements toward data subjects.

10. Availability, maintenance, and changes

10.1 The Provider endeavors to ensure high availability of the service. Continuous uninterrupted availability is not owed unless expressly agreed otherwise.

10.2 The Provider is entitled to perform maintenance, security updates, bug fixes, and technical changes insofar as this is necessary for operation, security, further development, or legal compliance.

10.3 The Provider may adapt functions, models, technical implementations, and integrations insofar as the contractually agreed core services are not unreasonably restricted.

11. Support and cooperation

11.1 Support services are owed only to the contractually agreed extent.

11.2 The Customer supports the Provider to a reasonable extent in error analysis and incident resolution, in particular by providing comprehensible error messages, technical details, and competent points of contact.

12. Fees and payment terms

12.1 Fees are based on the respective offer, order form, or individual agreement.

12.2 Unless agreed otherwise, invoices are due for payment within 14 days from invoice date without deduction.

12.3 In case of payment default, the Provider is entitled to charge statutory default interest and, after prior notice, temporarily limit services, unless mandatory reasons prevent this.

13. Confidentiality

13.1 The parties undertake to keep confidential all confidential information becoming known in connection with the contractual relationship and to use it only for contractual purposes.

13.2 Confidential information includes in particular technical information, access credentials, security concepts, internal documentation, non-public product information, customer data, and trade secrets.

13.3 Statutory disclosure obligations remain unaffected.

14. Term and termination

14.1 Contract term and notice periods are based on the respective offer or individual agreement.

14.2 If no explicit regulation exists, the contract is concluded for an indefinite period and may be terminated by either party with 30 days' notice to the end of a month.

14.3 The right to extraordinary termination for good cause remains unaffected.

14.4 After contract end, the Customer's right of use ends. Data will be deleted, returned, or anonymized in accordance with contractual agreements, the data processing agreement, and the privacy notices.

15. Warranty rights

15.1 The Provider will remedy defects that occur within a reasonable period, within technical and operational possibilities.

15.2 A defect does not exist if an impairment is only minor, caused by improper use, faulty customer systems, impermissible configurations, or third-party circumstances, or lies outside the agreed scope of services.

16. Liability

16.1 The Provider is liable without limitation for intent and gross negligence, for injury to life, body, or health, and under the German Product Liability Act, where applicable.

16.2 In case of slightly negligent breach of essential contractual obligations, liability is limited to foreseeable damage typical for this type of contract. Essential contractual obligations are those whose fulfillment makes proper performance of the contract possible in the first place and on whose compliance the Customer may regularly rely.

16.3 Otherwise, the Provider's liability is excluded.

16.4 The above limitations of liability also apply to the Provider's legal representatives, employees, and vicarious agents.

17. Final provisions

17.1 The law of the Federal Republic of Germany applies, excluding the UN Convention on Contracts for the International Sale of Goods.

17.2 Place of jurisdiction for all disputes arising out of or in connection with this contract is Hamburg, to the extent legally permissible.

17.3 Should individual provisions of these GTC be or become invalid in whole or in part, the validity of the remaining provisions remains unaffected.