Terms of Use of Vauban.cloud as of January 1, 2025

PREAMBLE

Vauban.cloud, headquartered at Office 326, 59 Rue de Ponthieu, 75008 Paris, and registered with the Paris Trade and Companies Register under number 930 851 886, is a “Software as a Service” (SaaS) provider. It offers services including Retrieval-Augmented Generation (RAG), AI workflows, and API access. As such, it is the Service Provider delivering the Application Services defined in this Agreement.

The Client seeks to utilize SaaS services from a specialized Service Provider for the operation of the applications described herein.

The Client acknowledges having received all necessary information from Vauban.cloud to evaluate the suitability of the Application Services for their needs and to take all necessary precautions for their proper use.

THIS HAVING BEEN SET OUT, THE FOLLOWING HAS BEEN AGREED:

ARTICLE 1. DEFINITIONS

Terms beginning with a capital letter in this Agreement, whether used in the singular or plural, shall have the following meanings:

• Anomalies: Operational difficulties with the application – recurring and reproducible – which may fall into one of three categories:

• Blocking Anomaly: Any operational anomaly that makes the application unusable.

• Semi-Blocking Anomaly: Any operational anomaly that allows partial use of the application.

• Minor Anomaly: Any minor operational anomaly that allows full use of the application through a workaround.

• API (Application Programming Interface): A set of functions and protocols allowing access to an application’s features or data, a service, or an operating system.

• Specific Development: Software developed exclusively for the Client by the Service Provider.

• Documentation: Printed or digital materials relating to software usage, regardless of format.

• Data: Information, publications, and generally, data and information of any kind within the Client’s database that can only be accessed by Users as part of this Agreement.

• Identifiers: User-specific login credentials (“login”) and connection password (“password”).

• Internet: A network of interconnected systems located across the globe.

• Software: Any software provided by the Service Provider to the Client, including associated Solutions.

• Maintenance: All operations aimed at keeping the applications operational, updated, and available.

• Workstation: Any terminal (computer, tablet, smartphone) through which a User accesses the Solution.

• RAG (Retrieval-Augmented Generation): An AI technique combining information retrieval from a knowledge base with generative AI models to produce data-informed, contextually relevant responses.

• SaaS: “Software as a Service,” i.e., online enterprise applications offered on a subscription basis.

• Server: IT equipment comprising computers, central units, peripherals, or accessories, including, if applicable, the network managing information exchanges.

• Application Service: A service provided in SaaS mode by the Service Provider, allowing the Client to use the Solutions.

• Solutions: Operational features, including RAG and AI services with workflow and API access, made available to the Client under the terms of this Agreement.

• User: Any individual authorized by the Client (employee, representative, etc.) with access to the Application Services via their computer, tablet, or smartphone under the license granted to the Client.

• Administrator User: The person responsible for managing the IT system, including security, functionality, operations, and development.

• Workflow: The orchestration and automation of business processes to systematically coordinate resources and tasks for transforming materials, delivering services, or processing information.

For further sections, I can provide detailed translations as needed.

ARTICLE 2. PURPOSE

The Agreement aims to define the terms and conditions under which Vauban.cloud provides the Client with its RAG and AI Solutions with workflow and API access in SaaS mode.

The Service Provider grants the Client, who accepts:

• A right to access Vauban.cloud’s Servers under the terms defined herein.

• A final right to use the Solutions.

• A set of services defined below, including data hosting, maintenance of the Application Services, technical assistance, and API-related support.

ARTICLE 3. CONTRACTUAL DOCUMENTS

These General Terms constitute the entire agreement between the Parties, collectively referred to as the “Agreement.”

The Agreement supersedes and cancels any prior oral or written commitments related to its subject matter.

The Service Provider may modify the Agreement at each monthly renewal by communicating the updated General Terms to the Client. If the Client does not wish to accept the new terms, they may terminate the Agreement without penalty by notifying the Service Provider before the changes take effect.

ARTICLE 4. EFFECT, DURATION, AND RENEWAL

The Agreement becomes effective from the start date indicated in the Client’s account and is initially valid for one (1) month. It will automatically renew monthly unless terminated by either Party in accordance with the provisions of the Agreement.

The Client may terminate the Agreement at any time by making a simple request via the Administrator User interface, with a fifteen (15) day notice before the end of the current month.

5.1. SOLUTIONS APPLICATIVES

The Service Provider provides the Client with RAG and AI Solutions featuring workflow functionalities and API access. These are accessible on the Service Provider’s remote servers via the Internet.

Under the terms of the “License” article, the Service Provider grants the Client a non-exclusive right to use the Solutions.

The Service Provider ensures data hosting on its Servers, as well as the maintenance and security of the Solutions.

Daily backups are performed to secure application data and Client data, with a retention period of five (5) days.

5.2. NETWORK AND TECHNICAL ENVIRONMENT

The Client is responsible for choosing the network. The Service Provider does not guarantee the chosen network’s reliability and shall not be held liable for line interruptions. The Service Provider highlights the importance of selecting the appropriate network product from the operator.

To access the Solutions, the Client acknowledges and accepts the technical specifications defined by the Service Provider. These include ensuring the compatibility of their local network, equipment (computers, tablets, smartphones), and software with the Application Services and the API integration requirements, as described below:

• Minimum incoming/outgoing bandwidth: 1 Mbps

• Processor: 2 cores at 2.5 GHz or higher

• RAM: At least 4 GB

• Graphics card and monitor: 1024 x 768 resolution or higher

• Internet browser: Chrome (recommended), Firefox, Safari, or Internet Explorer version 10 or later

• Development environment: Compatibility with the Service Provider’s APIs as per the provided documentation

The Service Provider may update these specifications by email if necessary due to the evolution of the provided Solutions, which the Client agrees to.

5.3. RIGHT OF ACCESS TO THE SOLUTIONS

The Client has exclusive access rights and may connect at any time, except during maintenance periods:

• 24/7 availability

• Including Sundays and public holidays

• With technical support available as needed

The access procedure defined by the Service Provider has been provided to the Client, who agrees to follow it strictly.

Access is granted via:

• The Client’s computers, tablets, or smartphones

• Any authorized mobile computer belonging to the Client

• Identifiers (login credentials) provided by the Service Provider

• Secure API keys as per the technical documentation

Service interruptions may occur due to necessary maintenance. The Service Provider commits to informing the Administrator User at least 48 hours before any maintenance that may cause temporary service unavailability.

5.4. USER IDENTIFICATION

The Service Provider provides an initial login and password to the Client’s Administrator User. Additional User accounts are created by the Administrator User under the Client’s responsibility.

Identification is carried out using:

• A unique login assigned to each User by the Client’s Administrator User

• A password set by the Administrator User

• For API access, secure API keys provided by the Service Provider

Identifiers and API keys are personal and confidential. Any loss or theft must be immediately reported, and passwords or API keys should be regenerated.

ARTICLE 6. QUALITÉ DES APPLICATIFS

ARTICLE 6. APPLICATION QUALITY

The Client acknowledges the technical risks inherent to the Internet and the resulting potential service interruptions.

The Service Provider cannot guarantee uninterrupted availability of Application Services executed remotely via the Internet. The Client accepts these limitations and commits to notifying the Service Provider of any increased capacity needs.

Application Services may occasionally be suspended due to maintenance interventions required to ensure proper Server operation. In the event of a suspension for maintenance, the Service Provider commits to following the operational procedure described below, allowing the Client to be adequately informed of the interruption and take necessary measures to avoid disruptions to their activity:

• Minor Anomaly:

• Response time: As soon as possible

• Resolution time: Included in the next version (V+1)

• Semi-Blocking Anomaly:

• Response time: Six (6) hours

• Resolution time: Five (5) business days

• Blocking Anomaly:

• Response time: Six (6) hours

• Resolution time: Two (2) business days

The Service Provider cannot be held liable for any impact that such unavailability may have on the Client’s activities.

ARTICLE 7. LICENSE

The Parties acknowledge that the Solutions, Application Services, and Specific Developments remain the exclusive property of the Service Provider. The Service Provider grants the Client a personal, non-exclusive, non-assignable, and non-transferable right to use the Solutions, Application Services, and Specific Developments for the duration of the Agreement.

The Client may only use the Application Services and Solutions in accordance with their needs and documentation. In particular, the license for the Solutions, Application Services, and APIs is granted solely to enable the Client to use the Application Services, excluding any other purpose.

The Client is informed that this right of use is contingent upon monthly fee payments under the terms and conditions of the Agreement.

The right of use includes the right to display and implement the Application Services for their intended purpose in SaaS mode via an electronic communications network.

The Client may not make the Solutions, including the APIs, available to third parties or use them for any purpose other than as described. This includes, but is not limited to, adaptation, modification, translation, arrangement, dissemination, or decompilation.

ARTICLE 8. MAINTENANCE

8.1. TECHNICAL MAINTENANCE

Email support for addressing anomalies is available Monday through Friday, from 9:00 AM to 12:00 PM and 2:00 PM to 6:00 PM. Anomalies must be reported without delay to support@vauban.cloud. The Service Provider will diagnose the anomaly and implement its resolution.

• Blocking anomaly:

• Response time: Within six (6) working hours

• Resolution time: Best efforts, with a workaround provided within two (2) working days

• Semi-blocking anomaly:

• Response time: Within six (6) working hours

• Resolution time: Within five (5) working days, with a workaround to maintain functionality

• Minor anomaly:

• Response time: As soon as possible

• Resolution time: Correction in the next service version as part of evolutionary maintenance

The Service Provider also regularly updates AI models, RAG algorithms, and APIs to optimize service performance.

To fulfill its support and maintenance obligations, the Client agrees to:

• Designate a qualified contact person to centralize and submit User inquiries.

• Maintain qualified and trained Users throughout the Agreement duration.

• Collaborate effectively with the Service Provider by providing timely responses to inquiries.

The Service Provider is not responsible for maintenance in the following cases:

• Client’s refusal to collaborate in resolving anomalies.

• Use of Application Services in a manner not compliant with their intended purpose or documentation.

• Unauthorized modification of the Solutions.

• Breach of the Client’s obligations under the Agreement.

• Use of non-compatible software or systems.

• Electronic communication network failures.

• Acts of sabotage or force majeure events.

8.2. EVOLUTIONARY MAINTENANCE

The Client benefits from updates and functional improvements to the Application Services. Updates for Specific Developments may incur additional charges.

The Service Provider will provide updated documentation for new Solution versions. Service updates may result in temporary unavailability, with 48-hour prior notice provided.

ARTICLE 9. TECHNICAL ASSISTANCE

The Service Provider will respond to Client inquiries via email at support@vauban.cloud from Monday to Friday, 9:00 AM to 12:00 PM and 2:00 PM to 6:00 PM, with a maximum response time of six (6) working hours.

ARTICLE 10. TRAINING

At the Client’s request, the Service Provider may provide training on the Application Services, including API usage. The terms and pricing for such training will be mutually agreed upon between the Parties.

The Service Provider may invoice training services if technical assistance or maintenance logs reveal recurrent usage issues unrelated to anomalies.

Training sessions that are ordered but not completed will be invoiced three (3) months after the Agreement’s signature. The Client may schedule them at any time within three (3) months following invoicing.

ARTICLE 11. DATA PROCESSING

11.1. PURPOSE

These clauses define the conditions under which the Service Provider agrees to process personal data on behalf of the data controller. Both Parties commit to complying with applicable regulations on personal data processing, particularly Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (hereinafter, “the GDPR”).

11.2. DESCRIPTION OF OUTSOURCED DATA PROCESSING

The Service Provider is authorized to process personal data on behalf of the data controller for the following services:

• Hosting of entered data

• Maintenance of the applications used

• Backup of data entered in the applications

• Intervention on databases

• Data processing through RAG and AI services

• API access management and activity monitoring

All data is hosted in Vauban.cloud data centers located in France.

11.3. CLIENT DATA PROCESSING RESPONSIBILITIES

The Client assumes full editorial responsibility for using the Application Services and is solely accountable for the quality, legality, and relevance of the Data and content transmitted. The Client guarantees ownership of intellectual property rights necessary for using the Data and content. Consequently, the Service Provider disclaims liability for breaches of applicable laws, public order, or Client needs.

The Client guarantees the Service Provider against claims or damages arising from third-party actions linked to non-compliance with this warranty. The Client remains solely responsible for content and messages disseminated or downloaded via the Application Services and retains full ownership of Data used within the Solutions.

11.4. SERVICE PROVIDER OBLIGATIONS

The Service Provider agrees to:

1. Process data solely for purposes defined in the Agreement.

2. Comply with the data controller’s instructions. If an instruction violates the GDPR or other applicable laws, the Service Provider will immediately notify the data controller.

3. Maintain the confidentiality of processed personal data.

4. Ensure that authorized individuals processing personal data:

• Commit to confidentiality or are bound by appropriate legal confidentiality obligations.

• Receive training on personal data protection.

5. Implement data protection principles by design and by default in tools, products, and services.

11.5. SECURITY MEASURES

The Service Provider will implement measures to ensure:

• Constant confidentiality, integrity, availability, and resilience of processing systems and services.

• Timely restoration of personal data access in case of a physical or technical incident.

• Regular testing and evaluation of technical and organizational measures to ensure processing security.

The Service Provider will notify the data controller of any data breach within 48 hours of discovery and will provide documentation to assist with any necessary notifications to the relevant supervisory authority.

ARTICLE 12. FINANCIAL CONDITIONS

12.1. FEES

The Client shall pay a monthly fee for Application Services as per the rates published on the website. Fees are quoted in euros, excluding taxes and additional charges, and invoices are sent electronically.

The Service Provider may revise pricing, with at least thirty (30) days’ notice before implementation. The Client may terminate the Agreement if they disagree, as per Article 4.

The following services are excluded from the fees and will be invoiced separately:

• Training services

• Technical support services

• On-site deployment services

• Specific development services

12.2. PAYMENT TERMS

Services are invoiced monthly, at the start of each month, and are payable on the first (1st) day of the month using payment methods available on the website. Fees are subject to VAT at the prevailing rate.

The billing for subscription-based services will be processed upon payment of the renewal, no later than the renewal date of the service.

Consumption will be billed at a minimum on a monthly basis or upon exceeding predefined thresholds in the Client Administrator’s interface.

12.3. DEFAULT OF PAYMENT

In the event of non-payment of an invoice by the Client by its due date, the following shall apply automatically, without prejudice to any damages or compensation:

• Late payment interest: Applied at a rate equal to three (3) times the legal interest rate, without prior notice, starting from the first day of delay. Additionally, the Service Provider will charge a fixed recovery fee of forty (40) euros.

• Bank and administrative fees: Including costs related to recovery efforts, emails, phone reminders, and the representation of rejected payments.

• Immediate suspension of Application Services.

• Termination of the Agreement by default: Effective thirty (30) days after sending a notice via email that remains unresolved.

• Immediate payment of outstanding fees: The Client shall be required to pay all remaining fees due under the Agreement immediately.

ARTICLE 13. INTELLECTUAL PROPERTY

The content of Vauban.cloud’s website and Application Services is the property of the Service Provider and its partners and is protected by French and international intellectual property laws.

Any total or partial reproduction of this content is strictly prohibited and may constitute an act of infringement.

The Client retains ownership of all Data they use through the Application Services under this Agreement. The Service Provider retains ownership of all components of the Application Services and Solutions made available to the Client, including the underlying IT infrastructure (software and hardware).

The Agreement grants the Client no ownership rights over the Solutions. Temporary access to the Solutions under the Agreement shall not be construed as a transfer of intellectual property rights to the Client.

The Client agrees not to:

• Reproduce any element of the Solutions, Application Services, or their associated documentation, in any form or by any means.

• Transfer or sublicense any rights or obligations under the Agreement to a third party without prior written consent from the Service Provider.

ARTICLE 14. WARRANTY OF QUIET ENJOYMENT

The Service Provider declares and guarantees:

• That the Solutions it has developed are original and comply with French intellectual property law.

• That it holds all necessary intellectual property rights to enter into this Agreement.

The Service Provider further guarantees that the Solutions do not infringe upon the rights of third parties.

ARTICLE 15. RISK ACCEPTANCE AND LIMITATION OF LIABILITY

15.1. RISK ACCEPTANCE

The Client declares that they have evaluated the suitability of the Solutions for their needs during the pre-contractual phase and, if necessary, consulted a qualified advisor.

The Client acknowledges the inherent risks and limitations of Internet-based services, including:

• Risks and imperfections of the Internet that may lead to temporary decreases in technical performance, increased response times, or temporary unavailability of servers.

• The necessity of taking appropriate measures to protect their IT equipment and local network from threats, including viruses or third-party intrusions.

The Client also recognizes that AI-based Application Services may produce probabilistic results, and the Service Provider does not guarantee the absolute accuracy of information generated by AI or RAG models.

15.2. LIMITATION OF LIABILITY

Each Party is responsible for the consequences of their own faults, errors, or omissions causing direct harm to the other Party.

The Service Provider’s liability is limited to:

• Direct and foreseeable damages.

• Compensation for proven damages: Up to the amount of fees paid by the Client for the Services during the three (3) months preceding the incident.

The Service Provider shall not be held liable for:

• Indirect or unforeseeable damages: Including loss of business, revenue, clientele, or opportunities.

• Telecommunication or utility failures: Caused by third-party providers.

• Force majeure events: As defined in Article 16.

For any proven interruption of the Application Services, compensation will be limited to fees for the last month, minus a deductible of eight (8) working hours per incident.

ARTICLE 16. FORCE MAJEURE

Neither Party shall be held liable for any failure or delay in performance caused by circumstances beyond their reasonable control, including but not limited to:

• Government actions or decisions.

• Strikes, whether internal or external to the company.

• Natural disasters or catastrophic events.

• War or armed conflict.

• Telecommunications or power outages.

• Cyberattacks or hacking.

The affected Party must notify the other Party immediately and take steps to minimize the impact of the force majeure event.

The suspension of obligations or delays caused by such events shall not result in liability or penalties for either Party.

ARTICLE 17. TERMINATION

In the event of a breach by either Party of their contractual obligations, the Agreement may be terminated automatically by the other Party thirty (30) days after a notice of default is sent via email and remains unresolved. The notice must outline the identified breaches.

In the event of termination, the Client will cease using all access codes to the Solutions and Application Services. Reversibility measures will be implemented in accordance with Article 18.

ARTICLE 18. REVERSIBILITY

The purpose of reversibility is to enable the Client to retrieve their Data under the best possible conditions. Reversibility must be initiated by notifying the Service Provider.

18.1. Management of RAG Data

Data inserted into the Retrieval-Augmented Generation (RAG) system is processed and immediately deleted after use, ensuring confidentiality and the protection of the Client’s information.

18.2. Retention and Deletion of Generated Data

Data generated by Users through the Solutions will be retained according to the retention parameters defined during the API key generation. If the configured retention duration exceeds forty-five (45) days, the data will nevertheless be deleted forty-five (45) days following the termination of the Agreement.

18.3. Reversibility Procedure

Upon termination of the Agreement, the Service Provider will make the Client’s Data available for download for a period of forty-five (45) calendar days following the termination or non-renewal of the Agreement. During this period, the Client may retrieve their Data in the format provided by the Service Provider.

After this forty-five (45) day period, all Client Data will be permanently deleted without further notice, including any backup copies, in accordance with the Service Provider’s internal data security procedures.

ARTICLE 19. NON-SOLICITATION OF PERSONNEL

Both Parties agree not to hire or engage, directly or indirectly, any employee of the other Party without prior written consent. This restriction applies for the duration of the Agreement and for twelve (12) months following its termination.

ARTICLE 20. CONFIDENTIALITY

Both Parties agree to:

• Keep confidential all information received from the other Party.

• Not disclose the other Party’s confidential information to any third party, except employees or agents requiring such information.

• Use the other Party’s confidential information solely for exercising rights and fulfilling obligations under the Agreement.

Exceptions to confidentiality obligations include information that:

• Becomes public without fault of the receiving Party.

• Is independently developed by the receiving Party.

• Is known to the receiving Party before being disclosed by the other Party.

• Is lawfully received from a third party without confidentiality obligations.

• Must be disclosed by law or court order, provided the disclosing Party is informed beforehand.

Confidentiality obligations remain in effect for the duration of the Agreement and for three (3) years following its termination.

ARTICLE 21. MISCELLANEOUS PROVISIONS

21.1. Right to Reference

The Service Provider may reference the Client in marketing materials unless the Client expressly objects at the time of Agreement signing. This includes using the Client’s name and logo in promotional materials, websites, and trade shows.

21.2. Independence of Parties

The Parties remain independent business partners throughout the Agreement’s execution.

21.3. Non-Transferability

The Client’s rights to use the Solutions are personal, non-transferable, and non-exclusive. The Agreement cannot be assigned to a third party without the Service Provider’s prior written consent.

21.4. Severability

If any provision of the Agreement is deemed invalid or unenforceable, the remaining provisions will remain in effect. The Parties may agree to replace invalid provisions.

21.5. Governing Law

The Agreement is governed by French law.

21.6. Jurisdiction

Disputes arising from the Agreement shall be submitted to the Commercial Court of Paris.

ARTICLE 22. CLAIMS AND MEDIATION

For any claims, the Client may contact the Service Provider’s customer service using the contact details provided in Article 1.

The Client may also opt for mediation through:

• CMAP (Email: cmap@cmap.fr)

• The European Online Dispute Resolution Platform: https://ec.europa.eu/consumers/odr/main/

ARTICLE 23. LANGUAGE OF THE AGREEMENT

This Agreement is drafted in French. In the event of translation into other languages, only the French version will prevail in case of a dispute.

ARTICLE 24. EFFECTIVE DATE

These General Terms of Use take effect on January 1, 2024.