Terms of Service

Version 1.0 · May 2025 · EMP42 Consulting Kft.

1. General Provisions

1.1 Contracting parties

These Terms of Service (the “Agreement”) govern the use of and access to the Audit41 platform (the “Platform”). The Platform is operated by EMP42 Consulting Kft. (registered seat: 1077 Budapest, Rottenbiller u. 35.; company registration number: 01-09-451522; the “Service Provider”), a company incorporated and operating under the laws of Hungary.

The person or entity accepting this Agreement (the “Client”) shall be a legal entity or other business organisation entering into a contractual relationship with the Service Provider exclusively for business purposes. This Agreement does not apply to consumers.

1.2 Acceptance of the Agreement

By registering for, accessing, or using the Platform, the Client acknowledges and accepts all provisions of this Agreement as binding. If the Client does not agree to the terms of this Agreement, the Client may not use the Platform.

1.3 Definitions

  • “Platform”: the Audit41 software-as-a-service (SaaS) application, including all artificial intelligence-based compliance tools, dashboards, reports, and related services made available by the Service Provider.
  • “AI Output”: any result, recommendation, report, gap analysis, or other content automatically generated by means of artificial intelligence within the Platform.
  • “Authorised User”: an employee or agent of the Client entitled to use the Platform under the Client’s Subscription.
  • “Subscription”: the time- and scope-limited licence granted by the Service Provider to the Client to access and use the Platform.
  • “Confidential Information”: any non-publicly available data or information disclosed by either party to the other in connection with this Agreement.

2. Subscription and Access

2.1 Licence grant

Subject to payment of the applicable fees and full compliance with this Agreement, the Service Provider grants the Client a limited, non-exclusive, non-transferable, revocable licence to access and use the Platform during the term of the Subscription, solely for the Client’s internal business compliance purposes.

2.2 Authorised Users

The Client shall have the number of user seats specified in the applicable Subscription plan, under which the Client may provide its Authorised Users with access to the Platform. The Client is responsible for all acts and omissions of its Authorised Users.

2.3 Restrictions

The Client shall ensure that neither it nor its Authorised Users shall:

  • resell or otherwise make the Platform available to third parties;
  • attempt to reverse engineer the Platform or access its source code;
  • use the Platform to develop a competing product or service;
  • remove or modify any proprietary notices or markings on the Platform;
  • use the Platform in any manner that violates applicable law or regulatory requirements.

2.4 Suspension

The Service Provider may suspend the Client’s access with immediate effect if the Client breaches this Agreement, fails to pay fees when due, or if such suspension is necessary to protect the security or integrity of the Platform.

3. Fees and Payment Terms

3.1 Fees

The Client shall pay the fees set out in the order form or price list in effect at the time of subscription. Fees stated are exclusive of value added tax (VAT) and any other applicable taxes.

3.2 Payment terms

Fees are payable in advance. Unless otherwise agreed in writing, the payment term is 14 (fourteen) days from the date of invoice. The Service Provider is entitled to charge default interest on amounts paid late, the rate of which shall be the base rate of the Hungarian National Bank (Magyar Nemzeti Bank) in force on the first day of the calendar half-year affected by the delay, increased by 8 (eight) percentage points; for invoices issued in foreign currency (in particular in euro), the rate shall be the European Central Bank’s reference rate in force on the same date, increased by 8 (eight) percentage points.

3.3 Fee adjustment

The Service Provider may amend its fees by giving at least 30 (thirty) days’ prior written notice. If the Client does not agree with the new fees, the Client may terminate the Subscription at the end of the current billing period.

4. Special Provisions Relating to Artificial Intelligence

4.1 Nature of AI Outputs

The Platform produces compliance analyses, gap assessments, recommendations, and reports using artificial intelligence and machine learning technologies. The Client acknowledges and accepts that:

  • AI Outputs are generated automatically, without prior human review by the Service Provider, and constitute informational recommendations only;
  • AI Outputs do not constitute legal advice, regulatory guidance, audited certification, or binding compliance determinations;
  • AI Outputs may contain errors, inaccuracies, or outdated information;
  • the Client bears sole responsibility for all decisions taken on the basis of AI Outputs.

4.2 Transparency – Compliance with the EU AI Regulation

In accordance with Article 50 of Regulation (EU) 2024/1689 (the “EU AI Regulation”), the Service Provider hereby informs the Client that the Platform employs artificial intelligence systems in producing compliance analyses and related content. The Platform is designed and operated in accordance with the applicable transparency requirements of the EU AI Regulation.

4.3 Human oversight

As part of the base service, the Service Provider does not perform human review of individual AI Outputs. The Client is responsible for establishing appropriate internal review and validation processes before relying on AI Outputs for regulatory filings, audit procedures, or contractual performance.

4.4 Client obligations regarding AI use

The Client shall:

  • inform its Authorised Users that the Platform uses artificial intelligence and that results are informational only;
  • not represent AI Outputs as independently certified compliance attestations;
  • maintain appropriate human oversight over all compliance decisions supported by the Platform;
  • notify the Service Provider without delay if any AI Output proves to be materially inaccurate or harmful.

4.5 In-Platform AI disclosure

In addition to this Agreement, and in line with the transparency obligations of the EU AI Regulation, the Platform displays the following notice alongside AI-generated outputs:

“This report has been produced with the involvement of artificial intelligence. It is for informational purposes only, and human review by a qualified professional is mandatory before use for regulatory, audit, legal, or contractual purposes.”

By using the Platform, the Client confirms having read and understood this disclosure.

5. Data Protection and Privacy

5.1 Roles of the parties

For the purposes of Regulation (EU) 2016/679 (the “GDPR”) and applicable national data protection law:

  • the Client acts as data controller in respect of personal data processed by the Client through the Platform;
  • the Service Provider acts as data processor on behalf of the Client in respect of personal data processed through the Platform.

5.2 Data processing agreement

This Section 5 constitutes the data processing agreement required under Article 28 GDPR between the parties. The Service Provider shall process personal data on behalf of the Client exclusively:

  • on the Client’s documented instructions (including those contained in this Agreement);
  • to the extent necessary to provide the Platform and related services;
  • in accordance with applicable data protection law.

5.3 Subject matter, nature and purpose of processing

The Service Provider processes personal data for the following purposes:

  • providing Authorised Users with access to the Platform;
  • producing AI-based compliance analyses on the basis of data submitted by the Client;
  • platform administration, security, and customer support.

Categories of data subjects: Authorised Users and – where the Client supplies such data – employees or third parties whose personal data appears in compliance documentation uploaded to the Platform.

Categories of personal data processed: contact details, professional role and qualifications, and personal data contained in documents or inputs submitted by the Client.

5.4 Security measures

In accordance with Article 32 GDPR, the Service Provider applies and maintains appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. Such measures include at minimum:

  • encryption of personal data in transit and at rest;
  • access control and authentication requirements for Authorised Users;
  • regular security testing and vulnerability assessment;
  • procedures for the detection and handling of personal data incidents.

5.5 Personnel confidentiality

The Service Provider shall ensure that all employees and contractors authorised to process the Client’s personal data are bound by enforceable confidentiality obligations (by contract or by law) and receive appropriate data protection training.

5.6 Prohibition on use of data for AI model training

The Service Provider may not use the Client’s data – including any personal data contained therein – to train, fine-tune, or develop any artificial intelligence or machine learning model, except where the Client has given explicit, prior, written consent. This prohibition applies even where the data is pseudonymised or anonymised prior to processing.

5.7 Restriction on processing of sensitive data

The Client shall not upload to or submit through the Platform any special categories of personal data within the meaning of Article 9 GDPR, data relating to criminal convictions and offences (Article 10 GDPR), or other highly sensitive personal data, unless:

  • the Client has a valid legal basis and documented instruction to process such data; and
  • the Client has notified the Service Provider in writing in advance, and the Service Provider has confirmed that such processing can be accommodated.

The Service Provider shall not be liable where the Client uploads sensitive data to the Platform in breach of this provision.

5.8 Support for data protection impact assessments (DPIAs)

Where the Client is required under Article 35 GDPR to carry out a data protection impact assessment in connection with the use of the Platform, the Service Provider shall provide reasonable assistance, including by making available relevant information about the Platform’s processing activities, security measures, and sub-processors.

5.9 Sub-processors

The Client gives the Service Provider general authorisation to engage further data processors (the “sub-processors”) in providing the Platform. In accordance with Article 28(2)–(4) GDPR, the Service Provider shall: (i) maintain an up-to-date list of sub-processors, available on request; (ii) impose data protection obligations on sub-processors equivalent to those set out in this Agreement; and (iii) notify the Client of planned changes to its sub-processors at least 14 (fourteen) days in advance, allowing the Client to raise reasonable objections.

5.10 International transfers

Where the Service Provider transfers personal data outside the European Economic Area, it shall ensure that such transfers are subject to the appropriate safeguards under Chapter V of the GDPR, including the standard contractual clauses approved by the European Commission.

5.11 Assistance with data subject rights

Taking into account the nature of the processing and to the extent technically feasible, the Service Provider shall assist the Client in fulfilling its obligations to respond to requests for the exercise of data subject rights under the GDPR (access, rectification, erasure, data portability).

5.12 Notification of personal data breaches

The Service Provider shall notify the Client without undue delay, and where feasible within 48 (forty-eight) hours, after becoming aware of a personal data breach affecting the Client’s personal data. The notification shall, to the extent information is available, include the information set out in Article 33(3) GDPR. The parties acknowledge that, as a data processor, the Service Provider shall provide the notification in sufficient time to enable the Client to meet its own 72-hour notification obligation to the supervisory authority under Article 33 GDPR.

5.13 Data retention and deletion

On termination or expiry of this Agreement, the Service Provider shall – at the Client’s choice – delete or return all personal data processed on the Client’s behalf, unless retention is required by law. Deletion shall take place within 30 (thirty) days of the Client’s written request.

5.14 Audit rights

The Service Provider shall make available to the Client all information necessary to demonstrate compliance with Article 28 GDPR, and shall allow for and contribute to audits and inspections conducted by the Client or an auditor mandated by the Client, subject to reasonable prior notice and confidentiality obligations.

6. Confidentiality

Both parties undertake to treat the other party’s Confidential Information as confidential and not to disclose it to third parties without the other party’s prior written consent, except where required by law or necessary to perform this Agreement. This obligation shall remain in force for 3 (three) years from termination of this Agreement.

7. Intellectual Property

7.1 Service Provider’s intellectual property

The Platform – including the underlying technology, software, algorithms, AI models, and related documentation – is the exclusive intellectual property of the Service Provider and its licensors. This Agreement does not transfer any ownership rights in the Platform to the Client.

7.2 Client Data

The Client retains all rights in the data, documents, and content it submits to the Platform (the “Client Data”). The Client grants the Service Provider a limited licence to process Client Data solely for the purpose of providing the Platform and related services.

7.3 Feedback

If the Client submits feedback or suggestions regarding the Platform, the Service Provider may use them without restriction and without consideration.

7.4 Marketing reference

The Client consents to the Service Provider using the Client’s name and company logo on its website, reference lists, and marketing materials for promotional purposes. The Client may withdraw this consent at any time by written notice, without giving reasons; withdrawal does not apply retroactively to materials already published.

8. Limitation of Liability

8.1 Disclaimer of warranties

The Platform is provided “as is” and “as available”. The Service Provider gives no warranty, express or implied, including any warranty of merchantability, fitness for a particular purpose, or non-infringement. The Service Provider does not warrant that the Platform will be error-free or available without interruption, or that AI Outputs will be accurate or complete.

8.2 Cap on liability

To the fullest extent permitted by applicable law, the Service Provider’s aggregate liability arising out of or in connection with this Agreement shall not exceed the amount of fees actually paid by the Client in the 12 (twelve) months preceding the event giving rise to the claim.

8.3 Exclusion of consequential damages

In no event shall the Service Provider be liable for any indirect, incidental, special, punitive, or consequential damages, including loss of profits, revenue, data, business, or goodwill, even if it has been informed in advance of the possibility of such damages.

8.4 Liability for AI Outputs

The Service Provider shall not be liable for any damage, regulatory sanction, or legal consequence arising from the Client’s reliance on AI Outputs. The Client assumes full responsibility for verifying the accuracy and suitability of AI Outputs before acting on them.

9. Term and Termination

9.1 Term

This Agreement enters into force on the date the Client first accesses the Platform and remains in force until the end of the Subscription period selected at subscription, after which it automatically renews for periods of equal duration unless terminated by either party.

9.2 Termination for convenience

Either party may terminate this Agreement at the end of the current Subscription period by giving at least 30 (thirty) days’ prior written notice before the renewal date.

9.3 Termination for cause

Either party may terminate this Agreement with immediate effect by written notice if the other party commits a material breach and fails to cure the breach within 14 (fourteen) days of receiving written notice thereof.

9.4 Effects of termination

On termination, all licences granted to the Client shall immediately cease. The Client shall cease using the Platform and, on request, confirm in writing that it has done so. Sections 6, 7, 8, and 10 shall survive termination of this Agreement.

10. Governing Law and Dispute Resolution

10.1 Governing law

This Agreement shall be governed by Hungarian law and applicable European Union law, excluding their conflict-of-laws rules.

10.2 Dispute resolution

The parties shall seek to resolve any dispute arising out of or in connection with this Agreement through good-faith negotiation. If the dispute cannot be resolved within 30 (thirty) days, either party may submit it to the courts of Budapest, Hungary, which shall have exclusive jurisdiction.

10.3 Compliance with EU law

This Agreement shall be interpreted and applied in accordance with applicable EU law, including in particular the GDPR, the EU AI Regulation, the NIS2 Directive, and the national legislation implementing them.

11. Miscellaneous

11.1 Entire agreement

This Agreement, together with the applicable order form and the Privacy Notice, constitutes the entire agreement between the parties on its subject matter and supersedes all prior agreements, representations, and understandings.

11.2 Amendment

The Service Provider may amend these Terms of Service from time to time. The Client shall be notified of material changes at least 14 (fourteen) days before they take effect. Continued use of the Platform after the amended terms take effect shall be deemed acceptance by the Client.

11.3 Severability

If any provision of this Agreement is found to be invalid or unenforceable, the remaining provisions shall remain in full force and effect.

11.4 Waiver

The failure or delay of either party in exercising any right or remedy under this Agreement shall not constitute a waiver of that right or remedy.

11.5 Notices

All notices under this Agreement shall be in writing and shall be sent to the e-mail notification address specified in the order form or otherwise communicated in writing. Notices to the Service Provider may be sent to legal@emp42.ai.

11.6 Assignment

The Client may not assign or transfer this Agreement or any rights or obligations under it without the Service Provider’s prior written consent. The Service Provider may assign this Agreement in connection with a merger, acquisition, or sale of all or substantially all of its assets.

11.7 Force majeure

Neither party shall be liable for any failure to perform or delay in performance of its obligations under this Agreement to the extent caused by an event beyond its reasonable control which is unforeseeable and could not be avoided by reasonable measures (force majeure). Force majeure includes in particular: natural disasters, war, terrorism, statutory general strike, government or regulatory action, and prolonged failure of global internet or cloud infrastructure (including the cloud service provider used by the Service Provider) not attributable to the Service Provider. The party invoking force majeure shall notify the other party in writing without delay.

12. Formation of the Agreement – Electronic Acceptance

12.1 Clickwrap acceptance

This Agreement is concluded electronically. Prior to account creation during registration, the Client must confirm the following:

Mandatory checkbox:

“I have read and accept Audit41’s Terms of Service and Privacy Notice.”

Optional checkbox:

“I consent to receive marketing communications from Audit41. I may withdraw my consent at any time.”

The following informational text appears above the “Create account” button on the registration page:

“By creating an account, you confirm that you are authorised to accept these terms on behalf of your organisation. Audit41 uses artificial intelligence to produce compliance outputs – these are informational only, and human review by a qualified professional is mandatory before use for regulatory, audit, legal, or contractual purposes.”

Registration and access to the Platform are conditional upon confirmation of the mandatory checkbox. Failure to tick the optional marketing checkbox does not prevent registration.

12.2 Authority to accept

The person completing registration on behalf of the Client represents and warrants that they have full legal authority to bind the Client to this Agreement. The Service Provider may rely on this representation without further verification.

12.3 Recording of acceptance

The Service Provider records and retains a time-stamped log of every acceptance event. The following data is captured at the time of registration:

  • Terms of Service version number;
  • Privacy Notice version number;
  • timestamp (UTC);
  • user’s e-mail address;
  • company name;
  • IP address;
  • browser user agent;
  • status of each checkbox (accepted / not accepted);
  • language and version of the documents presented to the user.

This log constitutes proof of the Client’s acceptance and may be made available to the Client or to a competent authority on request.

12.4 Amended terms

Where these Terms of Service are amended, the Client shall be notified by e-mail and/or in-Platform notification at least 14 (fourteen) days before the change takes effect. Continued use of the Platform after the amended terms take effect shall be deemed acceptance by the Client. In the case of material changes, the Service Provider may require renewed confirmation via an updated checkbox mechanism before the Client may continue to access the Platform.

© 2025 EMP42 Consulting Kft. All rights reserved.