Terms and Conditions

(1) These General Terms and Conditions apply to all contracts between SimpleAct UG (haftungsbeschränkt), Tannenstraße 2a, 45661 Recklinghausen (“Provider”), and its customers (“Customer”) regarding the use of the SimpleAct SaaS platform.

(2) The offering is directed exclusively at entrepreneurs within the meaning of Sec. 14 of the German Civil Code (BGB) as well as legal entities under public law and special funds under public law. The Customer confirms its status as an entrepreneur during the registration process.

(3) Deviating or conflicting terms of the Customer shall only become part of the contract if the Provider has expressly agreed to them in text form. The Provider’s silence regarding the Customer’s terms shall not constitute consent.

(4) The version of these General Terms and Conditions valid at the time the contract is concluded shall apply.

(1) The presentation of services on the website does not constitute a legally binding offer but a non-binding invitation to submit an offer (invitatio ad offerendum).

(2) By completing the booking process, the Customer submits a binding offer to conclude a contract.

(3) The contract is concluded by: (a) an express declaration of acceptance by the Provider (e.g. by email), or (b) sending an access link (magic link) for first-time login to the platform. Sending the access link constitutes acceptance of the offer by the Provider.

(4) Where payment is processed via an external payment service provider (currently: Stripe), payment becomes due with or after conclusion of the contract pursuant to para. 3. For payment by invoice, the payment terms in § 6 apply.

(5) The Provider is entitled to reject offers without stating reasons.

(1) The Provider supplies the Customer with a SaaS platform for capturing, assessing, documenting, and managing AI systems and related compliance processes, in particular in the context of Regulation (EU) 2024/1689 (EU AI Act).

(2) The specific scope of services results from the plan selected by the Customer, the product description on the Provider’s website at the time the contract is concluded, and any individual agreements.

(3) The platform is a tool to support the Customer in meeting regulatory requirements. The Provider does not owe any particular economic or legal outcome. In particular, the Provider does not warrant that use of the platform will fully or flawlessly satisfy the Customer’s statutory obligations under the EU AI Act or other legal norms. The Provider’s liability for errors in the processing or display of properly entered Customer data remains unaffected and is governed by § 10 of these Terms.

(4) The substantive accuracy, completeness, and currency of data and information entered by the Customer are solely the Customer’s responsibility. The Provider does not owe legal advice.

(1) For the term of the contract, the Customer receives a non-exclusive, non-transferable, non-sublicensable right to use the platform within the contractually agreed scope.

(2) Access credentials must be kept confidential and must not be disclosed to third parties. The Customer must inform the Provider without delay if it becomes aware of unauthorized use of its access credentials.

(3) The Customer is responsible for all activities carried out via its user accounts unless it is not responsible for unauthorized use.

(4) Unless mandatory permitted under Secs. 69d, 69e of the German Copyright Act or Sec. 3(1) No. 2 of the German Trade Secrets Act, the Customer may not copy, decompile, disassemble, or reverse engineer the software. Use of the platform beyond the contractually agreed scope and granting access to third parties are not permitted.

(1) The Customer shall use the platform only in compliance with applicable law and shall refrain from any abusive use. This includes in particular the prohibition of posting unlawful content, conducting security attacks, or otherwise impairing operation of the platform.

(2) The Customer remains solely responsible for the lawfulness, accuracy, and completeness of content and data it uploads.

(3) The Customer shall ensure that the IT systems it uses meet the Provider’s current minimum requirements (e.g. browser versions, internet connection). The current requirements are set out in the documentation at simpleact.de/doc. The Provider will announce material changes to minimum requirements with reasonable advance notice.

(4) The Customer must ensure that information about AI systems recorded in the platform is truthful and complete. The Provider is not obliged to verify the Customer’s entries for accuracy or completeness. The Provider may rely on the accuracy of the Customer’s information.

(5) The Customer must inform the Provider without delay of circumstances that may impair proper performance, in particular errors, outages, or security incidents.

(1) The prices displayed on the website at the time of booking or individually agreed prices shall apply.

(2) Unless stated otherwise, all prices are in euros net plus the applicable statutory VAT.

(3) Fees are due in advance according to the selected billing interval. Payment is made by direct debit, credit card, or by invoice where individually agreed.

(4) The Provider may adjust prices at the end of the current billing interval to pass on demonstrable increases in costs incurred by the Provider, in particular increases in infrastructure and hosting costs, personnel costs, third-party licence fees, or statutory charges. If those cost elements decrease, the Provider must reduce prices accordingly. The Provider will notify the Customer of any price adjustment in text form at least six weeks before it takes effect, stating the relevant cost factors. Within any twelve-month period, price increases may not exceed 8% of the price last adjusted. Upon request, the Provider will disclose the underlying cost increases to a reasonable extent.

(5) In the event of a price increase, the Customer has the right to terminate the contract with four weeks’ notice to the effective date of the price change in text form (special termination right). The Provider will refer to this special termination right in the price adjustment notice.

(6) Invoices are provided electronically (by email or via the platform).

(1) If the Customer fails to pay amounts when due, it shall be in default no later than 30 days after due date and receipt of the invoice without a reminder being required (Sec. 286(3) BGB).

(2) During default, the Provider may claim default interest at nine percentage points above the respective European Central Bank base rate (Sec. 288(2) BGB). The assertion of further default damage remains reserved.

(3) The Provider may claim a flat fee of EUR 40.00 per default event for collection costs (Sec. 288(5) BGB). The flat fee shall be credited against any damages owed to the extent the damage consists of costs of legal enforcement.

(4) If the Customer is in default with a non-insignificant amount, the Provider may block access to the platform provided that: (a) the Provider has first demanded payment in text form with a grace period of at least 14 days and expressly threatened blocking, and (b) the Customer has still not paid in full within the grace period. The Provider will unblock access without delay after full payment of outstanding amounts. During blocking, the Customer’s payment obligation continues. The Customer’s data will not be deleted during blocking. The Customer may request export of its data during blocking.

(5) The Customer may set off only if its counterclaims have been finally adjudicated, are undisputed, or have been acknowledged by the Provider, or if the counterclaim arises from the same contractual relationship. The Customer has a right of retention only to the extent it is based on claims from the same contractual relationship.

(1) The Provider shall make the platform available with 99.5% availability on a monthly average, measured against operating hours minus planned maintenance windows. The measurement point is the network interface at the data centre egress of the Provider. Where deviating service levels are agreed, they are governed exclusively by separate SLA agreements.

(2) Planned maintenance will, where possible, be announced at least 48 hours in advance and, where possible, performed outside usual business hours (Monday to Friday, 8:00 a.m. to 6:00 p.m. CET/CEST).

(3) Unplanned interruptions due to security updates are not counted toward availability under para. 1 if they do not exceed four hours in total per month. Downtime beyond that due to security updates constitutes a defect within the meaning of § 9.

(4) The Provider may further develop the platform and make technically necessary adjustments or improvements provided the contractually owed core functionality is not materially impaired. If the Provider plans changes that materially restrict or alter the functional scope of the platform, it will inform the Customer in text form at least six weeks in advance. In that case, the Customer has a special termination right with four weeks’ notice to the effective date of the change.

(5) Force majeure: Neither party is liable for non-performance or delayed performance of contractual obligations to the extent caused by circumstances beyond its reasonable control (force majeure), including natural disasters, pandemics, war, terrorism, official orders, strikes, failure of essential suppliers, or large-scale telecommunications outages. The affected party must inform the other party without delay in text form of the occurrence and expected duration of the impediment. If the impediment lasts longer than 60 days, either party may terminate the contract with 14 days’ notice in text form.

9.1 Legal classification

(1) Provision of the SaaS platform is legally classified as a lease within the meaning of Secs. 535 et seq. BGB. The following provisions apply additionally and, where permitted in B2B contracts, take precedence over statutory provisions.

9.2 Concept of defect

(2) The platform is defective if it does not have the contractually agreed condition or is not fit for the use contemplated under the contract. The agreed condition is determined by the service description of the selected plan and any individual agreements.

(3) A defect exists in particular if:

(a) essential functions of the platform (e.g. capture, risk classification, document generation) are permanently or repeatedly unavailable and this is not due to planned maintenance under § 8;

(b) data properly entered and stored by the Customer is lost or corrupted due to an error of the Provider;

(c) the platform materially deviates from the functionality promised in the service description;

(d) there is a security vulnerability attributable to the Provider that endangers the integrity of Customer data.

(4) There is in particular no defect if:

(a) short-term unavailability or performance restrictions fall within the availability limits defined in § 8(1);

(b) there are purely cosmetic or visual deviations (e.g. minor display differences by browser or device) that do not affect functionality;

(c) disruptions are due to incorrect input, misuse, or inadequate IT infrastructure on the Customer’s side;

(d) there are compatibility issues with third-party software used by the Customer unless the Provider has expressly promised compatibility;

(e) disruptions are due to force majeure, third-party network failures, or other circumstances for which the Provider is not responsible;

(f) changes or further development of the platform under § 8(4) do not materially restrict the contractually owed core functionality.

9.3 Defect notice and duty to cooperate

(5) The Customer must notify defects without delay after discovery in text form (e.g. by email to Provider support) with as precise a description as possible of the error, affected function, and steps to reproduce (defect notice).

(6) If the Customer fails to give timely defect notice, it must compensate the Provider for additional damage resulting from delayed knowledge (Sec. 536c(2) BGB by analogy). The Customer’s defect rights remain unaffected to the extent the Provider could not have remedied the defect even with timely notice or knew of the defect.

(7) The Customer must support the Provider in analysing and remedying errors to a reasonable extent, in particular by providing information, logs, screenshots, and access to affected user accounts.

9.4 Remedy

(8) If a defect exists, the Provider has the right and duty to remedy it first. Remedy may be by removing the defect, providing a workaround that substantially replaces the impaired functionality, or providing a new version of the platform.

(9) The remedy period depends on the severity of the defect:

(a) For security-critical defects within the meaning of para. 3(d), the Provider will seek to remedy as quickly as possible and take immediate steps to mitigate damage.

(b) For defects that materially impair core functionality of the platform (para. 3(a)–(c)), the remedy period is 10 business days from receipt of a proper defect notice.

(c) For other defects, the remedy period is 20 business days from receipt of a proper defect notice.

(10) If remedy finally fails after a reasonable period, the Customer has statutory rights, in particular:

(a) reduction of the fee in the ratio of the value of defect-free performance to defective performance;

(b) extraordinary termination if the defect materially and permanently impairs use of the platform and continued performance is unreasonable for the Customer.

(11) The Customer’s damages claims due to defects are governed by § 10 (Liability) of these Terms.

9.5 Limitation

(12) Damages and repayment claims of the Customer due to defects expire 12 months after knowledge of the defect, to the extent permitted by law. The Customer’s claim to maintain the agreed condition during the contract term (Sec. 535(1) sentence 2 BGB) remains unaffected.

(13) The shortening in para. 12 does not apply to:

(a) claims arising from injury to life, body, or health;

(b) claims based on intentional or grossly negligent breach of duty by the Provider;

(c) claims due to fraudulent concealment of a defect;

(d) claims under the Product Liability Act.

For cases (a)–(d), statutory limitation periods apply.

(1) The Provider has unlimited liability for damages arising from injury to life, body, or health based on a breach of duty by the Provider or its legal representatives or vicarious agents.

(2) The Provider has unlimited liability for damages based on intentional or grossly negligent breaches of duty by the Provider or its legal representatives or vicarious agents.

(3) The Provider also has unlimited liability under mandatory provisions of the Product Liability Act and in cases of assumed guarantee.

(4) In cases of slight negligence, the Provider is liable only for breach of an essential contractual obligation. Essential obligations are those on whose fulfilment the contract depends and which the Customer may regularly rely on. These include in particular: (a) the duty to provide the platform with the contractually agreed functionality and availability (§ 8); (b) the duty to preserve the integrity, confidentiality, and availability of data entered by the Customer; (c) the duty to comply with agreed security standards and data protection requirements. In these cases, liability is limited to typical, foreseeable damage at the time of conclusion. This limitation covers all types of damage, including indirect damage and lost profit, to the extent foreseeable. Liability is capped at twice the annual net contract value, but at least EUR 25,000.

(5) Where the Provider’s liability is limited or excluded under the above, this also applies to personal liability of its employees, representatives, and vicarious agents.

(6) The Provider is not liable for damage resulting from incorrect, incomplete, or delayed data entry by the Customer, in particular not for regulatory consequences of inadequate documentation of AI systems by the Customer. This does not apply to the extent the Provider should have recognized incorrectness of entries during processing.

(1) All rights in the platform, source code, trademarks, designs, and documentation remain with the Provider unless expressly agreed otherwise.

(2) The Customer retains all rights in its own data and content uploaded to the platform. The Customer grants the Provider a simple, non-transferable licence limited to the contract term to use such data to the extent necessary for contractual performance (including backup, maintenance, and support). Any use of Customer data beyond that, in particular for analytics or product improvement, requires separate consent.

(3) The Customer warrants that content it uploads does not infringe third-party rights. If the Customer breaches this duty at fault, it shall indemnify the Provider against justified third-party claims arising therefrom, including reasonable costs of legal defence. The Provider will inform the Customer without delay of third-party claims and give the Customer opportunity to comment and cooperate in defence. The Provider may not acknowledge third-party claims without the Customer’s prior consent.

(1) Both parties shall treat confidential information of the other party as confidential and use it only for the purposes of this contract. Confidential information includes all information marked as confidential or confidential by nature, in particular business and trade secrets, technical information, customer data, and price calculations. This duty continues after the end of the contract as long as the information has not become public.

(2) Where the Provider processes personal data on behalf of the Customer, the parties conclude a separate data processing agreement (DPA) under Art. 28 GDPR. The DPA is part of this contract and is available in its current version at simpleact.de/legal/avv-dpa. The Customer accepts the DPA together with these Terms as part of the registration process.

(3) The Provider implements technical and organisational measures to protect Customer data in line with the state of the art, including encryption in transit and at rest, access controls and permission management, regular backups, measures to detect and defend against attacks, and regular review of effectiveness. Further details are in the security documentation at simpleact.de/security.

(4) Upon request, the Provider enables the Customer to verify compliance with obligations under the DPA and these Terms, in particular by providing audit reports, certifications, or other suitable evidence (Art. 28(3)(h) GDPR). On-site audits are possible after prior coordination and subject to confidentiality. The Customer bears the cost of on-site audits unless there is reasonable suspicion of a breach by the Provider.

(1) The contract term results from the selected plan or individual agreement.

(2) Unless otherwise agreed, the contract renews automatically for the respective billing interval unless terminated with the following notice periods before the end of the current billing interval: (a) monthly billing: 14 days; (b) annual billing: 2 months.

(3) Termination must be in text form (e.g. email). Termination via the platform itself (if available) also satisfies the text form requirement.

(4) The right to extraordinary termination for good cause remains unaffected. Good cause exists in particular if: (a) a party repeatedly breaches material contractual obligations despite warning in text form; (b) the Customer is in default of payment by more than 60 days; (c) circumstances arise that concretely and seriously endanger performance of contractual obligations, in particular cessation of business or unsuccessful enforcement. This termination right does not apply where exercise is excluded under Secs. 103, 119 of the German Insolvency Code or Sec. 44 StaRUG.

(5) Data export and provider switch: After the contract ends, the Provider will make the Customer’s data available for export for 30 days in a structured, common, machine-readable format (e.g. CSV, JSON, PDF). At the Customer’s request, the Provider will support migration to an alternative processing service. The Provider ensures business continuity during the transition. After the 30-day period, the Provider may delete the Customer’s data unless statutory retention obligations apply.

(1) The law of the Federal Republic of Germany applies, excluding the UN Convention on Contracts for the International Sale of Goods (CISG).

(2) If the Customer is a merchant within the meaning of the German Commercial Code, a legal entity under public law, or a special fund under public law, exclusive place of jurisdiction for all disputes arising out of or in connection with this contract is the Provider’s registered office.

(3) Should individual provisions of these Terms be or become wholly or partly invalid, the validity of the remaining provisions remains unaffected. Invalid provisions are replaced by applicable statutory provisions (Sec. 306(2) BGB).

(4) Amendments and supplements to these Terms require text form. The priority of individual agreements (Sec. 305b BGB) remains unaffected.

(5) Changes to these Terms by the Provider: (a) The Provider may amend these Terms with at least six weeks’ notice in text form. The change notice must contain the amended clauses, the effective date, and a comparison of old and new wording. (b) Changes that materially affect main performance duties, remuneration, liability, or the Customer’s termination rights require the Customer’s express consent. If the Customer does not agree to a material change, the contract continues on the previous terms. (c) Non-material changes made solely to reflect changes in law, official requirements, or supreme court case law, or that do not worsen the Customer’s legal position, are deemed approved if the Customer does not object in text form within six weeks of receipt. The change notice will clearly state the objection period, consequences of not objecting, and the special termination right. (d) In case of a change under (b) or (c), the Customer may terminate the contract with four weeks’ notice to the effective date of the change.