Kontent.ai

Terms of Service

Effective from June 2, 2025

These Terms of Service (the "Terms of Service") set out the terms and conditions for the use of the Kontent.ai Service, a cloud-based content management platform with publication services (the “Service”) by you (the “Customer”), as provided by Kontent CZ s.r.o. with its registered office in Brno, Nové sady 996/25, zip code 602 00, Czech Republic, Company Identification Number 173 00 576, incorporated in the Companies Register kept by the Regional Court in Brno, file ref. C129511, or by another affiliated company from its group, as the case may be, if such company is identified as service provider in the relevant order form or in other type of contract from which these Terms of Service are being referenced (the “Provider”).

A. Introductory provisions

  1. The Service
    1. Details and up-to-date specification of the Service and its functions (the “Service Specifications”) is available online at Kontent.ai Learn (https:/ kontent.ai/learn/), which provides information, technical documentation, and API reference about the Service. Provider can change the location of the Service Specification description from time to time at its convenience.
    2. Provider reserves the right to change the Service Specification at any time. Provider will notify Customer of any material changes via the agreed upon contact channels. If Customer does not wish to accept changes to the Service specification, Customer may serve a 30-day termination notice to Provider within 14 days after being notified of the changes that materially negatively impact the Service users.
    3. Provider will use its best efforts to adhere to Security and Technical Measures specified in Annex 3 - Security and Technical Measures.
  2. Subscription Plans
    1. The Service is available in pre-paid subscription plans (the “Subscription Plans”).
    2. The extent and limitations to the Subscription Plans are specified in the Kontent.ai Order Form (as defined below), together with a description of other aspects of the Subscription Plans. 
    3. The section “Common Provisions” hereof applies to all Subscription Plans. The section “Specific Provisions” provides for the terms of specific features of the Service, which apply only in the case where such feature is included in the Service Subscription (as defined below) or agreed upon.
    4. The Parties may agree on a custom Service Subscription based on any existing Subscription Plan. The specificities of the custom Service Subscription, including its term, will be agreed upon in the Kontent.ai Order Form (as defined below), or otherwise in writing. In the case where the custom Service Subscription is provided for a definite time period, after this period lapses, the Service Subscription continues according to the Subscription Plan, on which the custom Service Subscription was based, unless otherwise agreed.
  3. Conclusion of the Agreement
    1. In order to use the Service, the Customer needs to register on the Provider’s website to create his/her user account, which the Customer will later use to access the Service.
    2. Using the user account, the Customer can order a Service Subscription (the “Service Subscription”) based on any Subscription Plan. To order the Service Subscription, the Customer needs to review and accept these Terms of Service by clicking on the “I accept” button or use other similar mechanism provided.
    3. The Customer will be offered a Kontent.ai Order Form, specifying limitations of the Service and other aspects of the Service (the “Kontent.ai Order Form”) based on the Customer’s requirements. By acceptance of the Kontent.ai Order Form by the Customer, the agreement (the “Agreement”) is concluded between the Provider and the Customer (together the “Parties”). The Service under the ordered Service Subscription will be provided from the Service Start Date (as defined below) agreed upon by the Parties in the Kontent.ai Order Form.
    4. The terms of the Agreement are provided in these Terms of Service and other documents referred to in these Terms of Service.
    5. For the avoidance of doubt, it is possible to order several Service Subscriptions (while entering into several Agreements) from one user account.
    6. The Customer must be of legal age (in case he is a natural person) and otherwise eligible to enter into the Agreement or to use the Service. If any third person acts on behalf of the Customer while entering into the Agreement, the person must be entitled to do so.
  4. User accounts
    1. Access to the Service is possible only via accounts. There are two basic types of accounts:
      • admin accounts and
      • user accounts.
    2. Admin accounts enable its users to access the Service Subscription and use the Service as well as to make any changes to the Service Subscription, including its upgrade/downgrade or termination. Further, via admin accounts, other user accounts or admin accounts for other users may be created (via any admin account, a user account may be changed to an admin account and vice versa). Since users of admin accounts may make substantial changes to the Service Subscriptions, these accounts may be created solely for the Customer’s authorized persons.
    3. User accounts enable its users to access the Service Subscription and use the Service. Under the conditions specified in the Service Specification, user accounts may be customized as regards roles of the users and their authorization.
    4. The first account, which the Customer used to order the Service Subscription, is considered as an admin account for the purpose of the ordered Service Subscription, until changed by the Customer.
    5. The Customer is responsible for maintaining the security and confidentiality of all the accounts allowed to use the Service Subscription, including all passwords and accounts’ details used to access the Service Subscription. The Customer is responsible for all use of the accounts, including use of the accounts by others.
    6. A single user account can only be used by one single user. Signing into the Service from a single account shared by multiple users is prohibited.

B. COMMON PROVISIONS

  1. Use of the Service
    1. The Customer is solely responsible for all the content it enters, uploads, or distributes in using the Service (the “Content”), and retains all intellectual property rights to this Content. 
    2. If any Content is lost or damaged within the Service, the Provider will exert reasonable effort to restore the Content from a backup. The Provider will not be responsible for any loss, damage, or disclosure of the Content caused by Customer, if Customer breaches in any way Provider’s Service use policy.
    3. Any Content entered or uploaded into the Service will be stored and made available to the Customer for 30 days following the termination of the Service Subscription. After the expiration of the 30-day period, the Content will be irrecoverably deleted. This obligation shall not be affected by termination of the Agreement.
    4. To the extent the Customer or its customers provide Provider with certain data, information, and materials hereunder, including personally identifiable information (collectively, the “Customer Materials”), such Customer Materials will remain the property of the Customer or its customers, as applicable. Provider may use such Customer Materials solely in connection with the provision of the Services and its performance of its obligations under the Agreement.
    5. Customer owns and will maintain all right, title and interest in the Customer Materials, or has full and sufficient authority to allow Provider to use the Customer Materials in the manner contemplated by the Agreement.
    6. Customer Materials and Provider’s use and access thereof will not infringe upon or misappropriate any patent, copyright, trade secret, or another proprietary right of any third party or otherwise violate or conflict with the rights of any third party or any applicable laws, rules or regulations. 
    7. Customer agrees to use the Service in accordance with Acceptable Use Policy specified in Annex 1 - Acceptable Use Policy. In case the Customer does not use the Service in accordance with Acceptable Use Policy, Provider is allowed to cease providing the Service to Customer.
    8. Customer agrees to comply with all state, federal and international laws that apply to the Service or any of its parts (software, etc.), including the U.S., EU, Australian and UK export administration regulations, as well as end-user, end-use, and destination restrictions issued by U.S., EU, Australia or United Kingdom.
  2. Support and Additional Services
    1. Provider will provide to Customer support services in the extent and under the conditions described in Service Specification, Order Form if any, and in Annex 4 - Service Availability (SLA).
    2. Upon Customer’s request, Provider may provide additional services to Customer which will be governed by a relevant Order Form.
  3. Confidentiality
    1. For the purposes of the Agreement, confidential information means any information relating to either Party (the “Disclosing Party”) which is not publicly accessible and which the other Party (the “Receiving Party”) gets acquainted with in connection with the performance of the Agreement, especially information contained in any document provided by the Disclosing Party or in any internal system or software made available by the Disclosing Party (the “Confidential Information”). The Confidential Information includes, but is not limited to, information on products and their development, information on existing and past business cases and projects, business information and strategy, know-how, information related to current, past or potential Customers or suppliers, employees, partners, advisors and associates, and financial information. 
    2. Information that (i) at the date of disclosure to the Receiving Party is publicly known or at any time later becomes publicly known without any fault on the part of the Receiving Party, (ii) was obtained by the Receiving Party from a third party, unless the Receiving Party had reasons to believe such third party is bound by a duty of confidentiality, (iii) was lawfully in the possession of the Receiving Party before the conclusion of the Agreement, or (iv) was independently developed by the Receiving Party without the use of any Confidential Information, will not be considered Confidential Information. 
    3. The Parties undertake not to disclose the Confidential Information to any persons other than to their directors, officers, employees, statutory bodies and advisors, unless such disclosure is based exclusively on the prior consent of the Disclosing Party. Provider is also entitled to disclose Confidential Information to its affiliate companies and their directors, officers, employees, statutory bodies and advisors. Either Party will ensure that any persons, who may acquaint themselves with the Confidential Information, will be bound by the duty of confidentiality in accordance with the terms of the Agreement. 
    4. The Parties undertake to treat the Confidential Information as confidential and use the Confidential Information solely for the purposes of performing the Agreement and only as long as necessary for the purposes of fulfilling obligations under the Agreement. At the request of the Disclosing Party the Receiving Party will promptly return or destroy all copies of the Confidential Information and all notes related to such Confidential Information. 
    5. If, in accordance with generally binding legislation, the Receiving Party has a legal obligation to disclose Confidential Information to courts, administrative bodies or other persons, this will not constitute a breach of the Agreement, provided that the Receiving Party informs the Disclosing Party immediately about request for such disclosure.
  4. Publicity and marketing
    1. Provider reserves the right to reference Customer as a Customer and display Customer’s logo, and name on its website and other promotional materials for marketing purposes. 
    2. Any display of Customer’s logo and trademarks will be in compliance with Customer’s branding guidelines, if made available to Provider by Customer.
    3. Customer will cooperate with Provider in preparing; and agrees with the Provider publishing and reasonably using for its marketing purposes, a written or video testimonial or a case study presenting the benefits of the use of the Service by Customer, in the form as will be further specified by the Parties.
  5. Personal Data Processing
    1. Detailed information on how the Provider will process personal data is provided in Annex 2 - Data Processing Addendum (the “DPA”). 
  6. Intellectual property
    1. Logos, graphics, trademarks, service marks, technology, whether patentable or unpatentable, copyrights, trade secrets, know-how, documentation, text, software, etc., which are part of the Service and owned by Provider, are Provider’s intellectual property (the “Provider’s IP”).
    2. Provider grants to Customer a limited, non-exclusive license for using Provider’s IP solely to the extent set out in the initial page of the Agreement, or, if not set out, in the extent necessary for internal Customer’s use of the Service under the terms of the Agreement. For avoidance of doubt, unless expressly agreed otherwise, the internal Customer’s use does NOT include use (i) for the benefit of; or (ii) by; any third parties including but not limited to members of Customer’s group if not agreed otherwise.
    3. The use of the Service grants the Customer no right or license to reproduce or otherwise use Provider’s IP, except to the extent necessary for the Customer’s use of the Service under the terms of the Agreement.
    4. Except to the extent necessary for the Customer’s use of the Service under the terms of the Agreement, the Customer is not permitted to copy, modify, republish, download, display, or distribute all or any part of the Provider’s software or documentation. Nor is he/she permitted to reverse compile, disassemble, or reverse engineer such software or make use of such software or documentation to build a product or service that competes with the Service.
  7. Third-Party Software
    1. The Service contains computer programs and computer graphics that are made by a third party and are subject to third-party rights (the “Third-Party Software”). The Third-Party Software is governed by the licensing terms of the relevant third parties. A list of Third-Party Software is included in the Service Specification.
  8. Limitation of Liability
    1. EACH PARTY’S MAXIMUM, CUMULATIVE LIABILITY IN CONNECTION WITH THIS AGREEMENT WILL BE LIMITED TO THE PRICE PAID AND/OR PAYABLE UNDER THE AGREEMENT IN CONNECTION WITH WHICH THE CLAIM HAS ARISEN IN THE TWELVE (12) MONTH PERIOD IMMEDIATELY PRIOR TO SUCH CLAIM ARISING.
    2. NEITHER PARTY WILL BE LIABLE FOR ANY INDIRECT, CONSEQUENTIAL, INCIDENTAL, SPECIAL, PUNITIVE OR EXEMPLARY DAMAGES OR ANY LOSS OF PROFIT, LOSS OF BUSINESS OR CONTRACTS, LOST PRODUCTION OR OPERATION TIME, LOSS OF GOODWILL OR ANTICIPATED SAVINGS, HOWEVER ARISING, WHETHER SUCH LOSS WAS FORESEEABLE OR IF THE PARTY WHICH WOULD OTHERWISE BE LIABLE FOR SUCH LOSS WAS ADVISED OF ITS POSSIBILITY.
    3. PROVIDER BEARS NO LIABILITY FOR THE FUNCTIONALITY OF CUSTOMER’S DATA NETWORK, PUBLIC DATA NETWORKS, HARDWARE AND SOFTWARE RUNNING ON IT, AND THE BACKING UP OF THE DATA.
  9. Indemnity
    1. PROVIDER WILL INDEMNIFY, DEFEND, AND HOLD HARMLESS THE CUSTOMER, ITS OFFICERS, DIRECTORS, EMPLOYEES, CONSULTANTS AND CONTRACTORS FROM AND AGAINST ANY AND ALL CLAIMS, LIABILITIES, DAMAGES, LOSSES, COSTS, EXPENSES (INCLUDING REASONABLE ATTORNEYS' FEES), AND JUDGMENTS ARISING OUT OF OR RELATING TO ANY BREACH OF THE AGREEMENT CONCERNING THIRD PARTY INTELLECTUAL PROPERTY OR THE PROCESSING OF CUSTOMER’S PERSONAL DATA BY PROVIDER. THIS INDEMNIFICATION WILL SURVIVE THE TERMINATION OR EXPIRATION OF THE AGREEMENT.
    2. CUSTOMER WILL INDEMNIFY, DEFEND, AND HOLD HARMLESS THE PROVIDER, ITS OFFICERS, DIRECTORS, EMPLOYEES, CONSULTANTS AND CONTRACTORS FROM AND AGAINST ANY AND ALL CLAIMS, LIABILITIES, DAMAGES, LOSSES, COSTS, EXPENSES (INCLUDING REASONABLE ATTORNEYS' FEES), AND JUDGMENTS ARISING OUT OF OR RELATING TO ANY BREACH OF THE AGREEMENT CONCERNING CUSTOMER’S OBLIGATIONS OR MATERIAL LOSSES SUFFERED BY PROVIDER DUE TO WILLFUL MISCONDUCT OR GROSS NEGLIGENCE BY CUSTOMER IN RELATION TO THE AGREEMENT. THIS INDEMNIFICATION WILL SURVIVE THE TERMINATION OR EXPIRATION OF THE AGREEMENT.
  10. Billing
    1. The Service Subscription is based on a pre-paid billing method.
    2. The price of the Service (the “Price”) and billing period (the “Billing Period”) is specified in the Kontent.ai Order Form. The Billing period starts as of the Service Start Date specified in the Kontent.ai Order Form (the “Service Start Date”). 
    3. The Customer is provided with a Monthly Usage Report (the “Monthly Report”), which contains the following data concerning the finished monthly period:
      • the amount/extent of the units of the Service used during the monthly period,
      • calculation of the additional Price for the monthly period.
    4. For the purposes of the Agreement, a monthly period has the following meaning. The first monthly period starts at 00:00 UTC on the Service Start Date and ends at 24:00 UTC on the day preceding the day in the following calendar month with the same calendar number as the Service Start Date (e.g., 00:00 UTC, January 15 – 24:00 UTC, February 14). In the case where in the following calendar month there is no day with the same calendar number as the Service Start Date, the first monthly period ends at 24:00 UTC on the last day of the following calendar month (e.g., 00:00 UTC, January 30 – 24:00 UTC, February 28). The following monthly period shall always start at 00:00 UTC on the day following the end of the previous monthly period and ends on the day preceding the day in the following calendar month with the same calendar number as the first day of the respective monthly period.
    5. Any payment to the Provider is payable by bank transfer to the Provider’s account specified in the invoice.
    6. If the Customer exceeds the amount/extent of units of the Service included in the subscription fee, the Provider is entitled to additional charges based on the unit prices of additional units as specified in the Order Form and the amount of the additional units used by the Customer.
  11. Term of the Agreement
    1. The Agreement shall commence on the date of the Agreement and shall continue for the duration of the Billing Period. Unless either Party notifies the other Party at least 60 days prior to the expiration of the current Billing Period that it does not want to extend the term of the Agreement, the Agreement automatically extends for the new 12-month billing period (the following Billing Period starts from the day immediately following the last day of the previous Billing Period). The previous sentence applies accordingly to the following Billing Periods, i.e., the term of the Agreement may be extended repeatedly. For the avoidance of any doubt, in the case where the Agreement is extended, the Service will be provided within the extent in which it was provided at the end of the current Billing Period.
    2. The Provider may terminate the Agreement immediately if the Customer breaches the Terms of Service in any way or if the Customer is in default with any payment under this part of the Agreement for more than 30 days.
    3. For the purposes of this procedure, the Billing Period ends upon the expiration of the Billing Period, during which the Agreement was immediately terminated, in the case where the Agreement was terminated because the Customer breached the terms of Service or because the Customer was in default with any payment under this part of the Agreement, i.e., the Customer is obliged to pay the Price for the whole Billing Period.
    4. This Agreement may only be terminated by serving a written notice to the other Party to their respective email address set out above.
    5. The notice regarding the extension of the Agreement or the notice of termination shall be served to the other Party:
      1. to the email address dealdesk@kontent.ai, in the case of the notice served to the Provider,
      2. to the email address of any person with an admin account, in the case of the notice served to the Customer.
  12. Upgrade/downgrade of the Service Subscription
    1. Upgrade or downgrade to another Subscription Plan may be requested via an admin account, however, the conditions of the upgrade or downgrade need to be agreed upon in writing by the Parties.

C. SPECIFIC PROVISIONS

13. Special types of Service Subscription

Monthly billing method with credit card payment
  1. If the Service Subscription is based on a monthly billing method, the following provisions apply.
  2. The Agreement is concluded when the Customer orders a Subscription Plan with a monthly billing method and accepts these Terms of Service. The Service will be provided as soon as possible thereafter.
  3. The price of the Service consists of a monthly subscription fee and any additional charges.
  4. For every monthly period during which the Service is provided, the Customer shall pay the Provider a monthly subscription fee (the “Subscription Fee”). For avoidance of the doubt, monthly period has the meaning as specified in section C, 1.4. of these Terms of Service.
  5. A Subscription Plan may have monthly or cumulative limitations on usage. Monthly limits are set on the first day of every month.
  6. If the Customer exceeds the units of the Service included in the Subscription Fee, the additional charges apply according to the prices of additional units, and the amount of the additional units used by the Customer (the “Additional Charges”).
  7. The Subscription Fee includes the price for Support Services.
  8. The Subscription Fee together with the price of the Additional Services and the Additional Charges, if applicable, is payable in retrospect for the previous monthly period by credit card (or similar card), PayPal, or Amazon via a trusted third-party payment provider. The Provider reserves the right to disable any of the payment methods.
  9. If the Service Subscription is based on monthly billing method, the Agreement is concluded for an indefinite period of time..
  10. The Customer may terminate the Agreement any time via the Service using admin account. The termination takes effect as agreed or, at the latest, 14 days after the Provider receives the termination notice. 
  11. The Provider may terminate the Agreement any time if the Customer breaches the Agreement by written notice sent via email to any admin account with 14 days’ notice period. The termination takes effect at the end of the notice period, unless agreed otherwise.
  12. The Customer is obliged to pay a proportional share of the fees for the month the Agreement is terminated. The Provider is not obliged to refund any paid fees.
  13. The Service Subscription may be upgraded or downgraded to another Subscription Plan anytime via an admin account. The new Service Subscription will be provided as soon as possible starting a new monthly period. The Customer is obliged to pay a proportional share of the fees for using the Service for the monthly period during which Service Subscription change was agreed.
Trial Service Subscription, Developer Plan Service Subscription
  1. In the case of the Trial Service Subscription or the Developer Plan Service Subscription, the following special provisions apply.
  2. The Agreement is made for a limited time period (trial period) specified in the Order Form. The trial period may be extended if agreed upon by the Parties.
  3. The Customer is entitled to terminate the Agreement at any time directly via the Service using any admin account, in which case the Agreement terminates immediately.
  4. The Provider is entitled to terminate the Agreement at any time by written notice, served to the Customer via email address of any person with an admin account, in which case the Agreement terminates immediately.
Partner Plan Service Subscription
  1. In the case of the Partner Plan Service Subscription (any variant thereof) provided to Provider’s solution partners, the following provisions apply.
  2. The Customer (Partner) may use the Service in accordance with limitations specified in the Kontent Solution Partner Program Agreement, which has been concluded between the Provider and the Customer (Partner) separately, or in its schedules (the “Partner Agreement”). The terms hereof apply unless the Partner Agreement contains specific terms.
  3. If the Customer’s usage of the Service exceeds its limitations, the Provider is entitled to take corrective action, including, but not limited to, throttling the Service API, temporarily suspending the Service, or—when other options are unavailable—terminating the Agreement.
  4. The Agreement is made for a limited time period equal to the duration of the Partner Agreement, however, the Customer may use the Service only for the period for which the Customer is entitled to do so under the conditions specified in the Partner Agreement.
  5. The Customer is entitled to terminate the Agreement at any time via email to the Provider’s Primary Business Contact, in which case the Agreement terminates immediately.
  6. The Provider is entitled to terminate the Agreement at any time by written notice, served to the Customer via email to the Customer’s Primary Business Contact, in which case the Agreement terminates immediately.

D. CLOSING PROVISIONS

1. Final provisions

  1. The Agreement, as well as rights and obligations arising from or in connection with it, will be governed by the laws of the Czech Republic, without regard to choose of law rules.  Each Party irrevocably agrees that courts of the Czech Republic shall have exclusive jurisdiction to settle any dispute or claim arising out of or in connection with the Agreement. 
  2. If any part of the Agreement is found to be invalid under any applicable statute or rule of law, the rest of the Agreement will remain in full force and effect.
  3. The Agreement and its rights and obligations may not be transferred, assigned, or delegated in any manner by the Customer without Provider’s prior written consent. For the avoidance of any doubt, this paragraph applies also to any transfer, assignment, or delegation of the Service Subscription.
  4. Nothing in the Agreement is intended to create a partnership between the Parties or authorize either Party to act in the name or on behalf of the other Party.
  5. The Agreement and Provider’s policies may be changed, reasonably, at any time by the Provider. Posting the changes on the Provider’s website, which the Customer uses in order to access the Service, shall be considered sufficient notice of such changes. If the Customer does not agree with the changes, he/she is entitled to terminate the Agreement by written notice served to the Provider within 10 days of the posting of the change on the Provider’s website. In that case, the Agreement terminates at the time agreed upon by the Parties or, at the latest, 14 days after the Provider was served with the termination notice. For the avoidance of any doubt, the Customer is obliged to pay a proportional share of the fees for using the Service. Continued usage of the Service after the 10-day period to serve the notice constitutes the Customer’s acceptance of such change.

ANNEX NO. 1: Acceptable Use Policy

  1. Acceptable use of the Service
    1. The Customer may use the Service solely for collecting, organizing, managing and collaborating on content or tracking customer data, behaviour and providing personalized experience and for other purposes set out in the documentation. The Customer may not use the Service in any way except as described in the Agreement, the Service Specification and this Annex No. 1.
    2. The Customer may use one Service subscription for any number of its projects, subject only to the limitations described in the Agreement, the Service Specification and this Annex No. 1. 
    3. A single Service subscription can be used only by the Customer for its own projects, by Customer’s subsidiaries for their own projects and by Customer’s implementation provider for Customer’s or Customer’s subsidiaries’ projects. For the purposes of this provision, a “subsidiary” means any other entity in which the Customer owns at least 50% of the outstanding equity interests or shares. Any act or omission by a subsidiary or an implementation provider will be deemed the act or omission of the Customer for all purposes of the Agreement and the Customer will be liable therefore in the same manner as if such act or omission were the act or omission of the Customer.
    4. The Customer will not be entitled to make or obtain otherwise a physical copy of the Service (i.e., the respective software), either in binary or source code, unless the obtaining of a temporary copy ensues from the technological process of remote access to the Service.
    5. The Customer will not use the Service for:
      1. unlawful activities, such as child pornography, gambling, crime, copyright infringement, trademark rights infringement, and/or a breach of other intellectual property laws;
      2. providing or enabling access to the Service to any person from a country on which an embargo has been imposed;
      3. making threats, stalking, defamation, fraud, humiliation, bullying, or intimidation aimed at any person for any reason whatsoever;
      4. invasion of any person’s privacy by unlawful attempts at obtaining, gathering, storing, or publishing of the person’s private information or attributable personal information such as passwords, account information, credit card numbers, addresses, or other contact information without such person’s knowledge and consent;
      5. deliberately abusing minors or their interests or gathering attributable personal information about any minor.
    6. The Customer will not use the Service in a manner that could cause harm to the Service or affect its use by other parties, including but not limited to:
      1. any attempts at gaining unauthorized access to the Service, actions preventing other authorized persons' access to the Service, or enabling/permitting third parties to access or use the Service under Customer’s name;
      2. misusing the Service for attempts at gaining unauthorized access to any other services, data, accounts, or networks by any means;
      3. accessing or using the Service through any automated processes or services unless the procedure of the automated access is described in the Service Specification, such as robots, search modules, or a regular download of the information stored with the Provider, or other third parties, in the cache;
      4. using the Service to dispatch, disseminate, or deliver any unsolicited mass or promotional emails (i.e. spam);
      5. using the API of the Service in any way other than the use described in the Service Specification;
      6. transmitting viruses, worms, Trojan horses or anything which may prevent, impair, or adversely affect the operation of the Service. 
  • Notwithstanding the above, penetration testing by Customer is permitted under the terms and conditions set out in the relevant Provider’s policy. Penetration Testing Policy, current as per the date hereof, is available at https://kontent.ai/penetration-testing-policy/ .
  1. The Customer is responsible for complying with all applicable laws and regulations of the country from where it uses the Service and will ensure it has all necessary permission and consent in place in relation to their use of the Service.
  2. The Service comes with certain limitations on usage of the Service, listed in the Service Specification. If the Customer’s service usage exceeds the limitations for several months, the Provider is entitled to take corrective action, including, but not limited to, throttling the Service API, temporarily suspending the Service, or — when other options are unavailable — terminating the Agreement.
  3. The Provider reserves the right to reject the Customer’s usage of the Service if the Customer uses the Service contrary to this Annex No. 1.
  1. Digital Services Act obligations (DSA)
    1. Customer must not upload or share content that is illegal, harmful, or violates the rights of others or that does not comply with the Acceptable Use Policy outlined above or any other part of the Agreement (“Undesirable Content”).
    2. The Provider may block or delete any Undesirable Content. Any Customer uploading or sharing Undesirable Content may be denied access to the Service for any length of time.
    3. In case Provider moderates, blocks or deletes Customer’s content, Provider will present the Customer with a statement of reasons which will inform the Customer why the content was moderated, blocked or deleted and why it was considered as Undesirable Content.
    4. Customer or any third party can report Undesirable Content by sending a message to security@kontent.ai.
    5. Provider commits to transparency regarding content moderation practices and the use of automated tools. 
    6. Provider will publish annual reports detailing Provider’s content moderation activities, in compliance with DSA requirements.
    7. Customers dissatisfied with content moderation decisions can appeal by sending a message to security@kontent.ai.
    8. Provider will review appeals in a timely manner depending on the complexity of each case.
    9. The single point of contact in all matters regarding the DSA is Kontent.ai Security Team and can be reached at security@kontent.ai.
    10. Where the provided Service consists of the storage of information provided by the Customer, the Provider shall not be liable for the information stored at the request of the Customer, on condition that the Provider:
      1. does not have actual knowledge of illegal activity or illegal content and, as regards claims for damages, is not aware of facts or circumstances from which the illegal activity or illegal content is apparent; or
      2. upon obtaining such knowledge or awareness, acts expeditiously to remove or to disable access to the illegal content.
    11. Art. 2.10 shall not apply where the of the service is acting under the authority or the control of the Provider.

ANNEX NO. 2: Data Processing Addendum

  1. Definitions
    1. In this Annex No. 2, the following terms will have the meanings set out below and cognate terms will be construed accordingly:
      1. Customer Personal Data” means any Personal Data processed by the Provider or any Provider Affiliate on behalf of the Customer pursuant to or in connection with the Agreement; 
      2. Data Processing Terms” means Provider’s Privacy Policy, as updated from time to time, as available as per the execution hereof at https://kontent.ai/privacy/
      3. GDPR” means EU General Data Protection Regulation 2016/679;
      4. Provider Affiliate” means any of the following entities: Kontent s.r.o., Nové Sady 996/25, 602 00 Brno, Czechia, Organization ID: 17278325, VAT Number: CZ 17278325, Kontent s.r.o. is a company incorporated in the Companies Register kept by the Regional Court in Brno, Section C, Insert 129435, and/or Kontent US, LLC, a company having a principal office at Chrysler Building, 405 Lexington Ave, New York, NY 10174, United States and/or Kontent B.V., Company Registration Number: 63347857, having a principal office at Hogehilweg 19, 1101 CB Amsterdam, The Netherlands and/or Kontent UK Ltd, with its registered office at 14th Floor, 33 Cavendish Square, W1G 0PW London, United Kingdom, ID No.: 14261589 and/or Kontent AU Pty Ltd, having a principal office at Level 10, 32 Walker Street, North Sydney, NSW 2060, Australia; 
      5. Services” means the services and other activities to be supplied to or carried out by or on behalf of Provider for Customer pursuant to the Agreement;
      6. Sub-processor” means any person appointed by or on behalf of Provider or any Provider Affiliate to process Personal Data on behalf of Customer in connection with the Agreement. Provider makes available to the Customer an up-to-date list subprocessors, as updated from time to time, at https://kontent.ai/learn/docs/architecture/behind-kontent-ai  , https://kontent.ai/privacy/  , and https://kontent.ai/learn/docs/security/personal-data-in-kontent-ai  .
    2. The terms defined in the GDPR will have the same meaning as in the GDPR.
  2. Processing of Customer Personal Data
    1. If the Provider processes any Customer Personal Data on the Customer’s behalf when performing its obligations under the Agreement, the Customer is the data controller, and the Provider is the data processor (eventually the Customer is the data processor, and the Provider is the sub-processor) for the purposes of the GDPR or any applicable personal data protection legislation (“Data Protection Legislation”). The Customer hereby authorises the Provider to process Customer Personal Data according to the conditions stipulated in this Annex No. 2.
    2. Customer Personal Data will be used or otherwise processed only to provide Services including purposes compatible with providing Services.
    3. If any Provider Affiliate processes Customer Personal Data on Provider’s behalf, such Provider Affiliate will process Customer Personal Data only under the same conditions as the Provider under this Annex No. 2.
    4. Provider will process Customer Personal Data only on documented instructions from the Customer, including with regard to transfers of Customer Personal Data to a third country or an international organisation, unless required to do so by Data Protection Legislation, in which case Provider will  to the extent permitted by applicable laws inform Customer of that legal requirement before the relevant processing of that Customer Personal Data, unless that law prohibits such information on important grounds of public interest. 
    5. The Provider may process any Customer Personal Data of any data subjects (e.g., Customer’s customers, partners, or employees) which the Customer will enter, upload, or distribute in using the Service. The nature of processing the Customer Personal Data includes, without limitation, storage of the Customer Personal Data using the cloud computing service and access, gathering, storing, using, sorting or combining, blocking, and disposal of the Customer Personal Data by the Provider’s personnel to the extent necessary for the provision of the Service according to this Agreement. The Provider will process the Customer Personal Data solely for the purposes of fulfilling its obligations under this Agreement.
  3. Customer’s obligations
    1. The Customer will fulfil all obligations arising out of his role as a data controller according to the Data Protection Legislation, or, in the case where the Customer is a data processor, fulfil all obligations arising out of his role as a data processor and ensure that the data controller fulfils all obligations arising out of his role as a data controller. The Customer will ensure that it has all necessary appropriate consents and notices in place to enable lawful transfer of the Customer Personal Data to the Provider for the duration and purposes of this Agreement so that the Provider may lawfully use, process and transfer the Customer Personal Data in accordance with this Agreement on the Customer’s behalf.
  4. Data Subject Rights
    1. Provider will, taking into account the nature of the processing, upon the Customer’s written request, assist the Customer by appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of the Customer's obligation to respond to requests for exercising the data subject's rights laid down in Chapter III of the GDPR.
  5. Compliance
    1. Provider will maintain complete and accurate records and information to demonstrate his compliance with this Annex No. 2.
    2. Provider will upon Customer’s written request provide the Customer with all information necessary to prove the compliance with this Annex No. 2.
    3. Provider will upon Customer’s written request, enable audits, including inspections, carried out by an independent auditor authorised by Customer and assist with these audits. Customer needs to notify to the Provider the intention to carry out the audit and identity of the authorized auditor in advance and enable the Provider to raise objections against the identity of the authorized auditor. The audit will be carried out in time adequate to the extent of the audit and capacities of the Provider, agreed upon by the Parties. Prior to the audit, the authorized auditor will enter into a non-disclosure agreement with the Provider or prove that he is subject to a statutory obligation of confidentiality.
    4. In case where the Provider provides the Customer with any assistance or cooperation according to this Annex No. 2 (especially pursuant to Article4.1 7.35.3), the Customer will pay to the Provider corresponding charges according to the Kontent.ai price list valid at the time of the respective activity, upon Provider’s request.
  6. Transfer of Customer Personal Data to Third Countries
    1. Should the processing involve transfer of personal data from European Economic Area to any Provider Affiliate located in countries outside the European Economic Area (the “EEA”), such transfers are subject to the terms of the standard contractual clauses annexed to the EU Commission Decision 2021/914/EU of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council (the “Standard Contractual Clauses”) incorporated into this Annex No. 2 by reference. For the purposes of the Standard Contractual Clauses the Customer acts as the data exporter and each Provider Affiliate located in countries outside the EEA acts as the data importer.
  7. Security
    1. Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing of the Personal Data as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, each Party will implement appropriate technical and organizational measures to ensure a level of security of the Personal Data appropriate to the risk. Provider’s Security and Technical Measures are specified in Annex 3.
    2. Provider will ensure that their personnel authorized to process the Personal Data are subject to contractual or statutory obligation of confidentiality.
    3. Provider will upon Customer’s written request, assist the Customer in ensuring compliance with the obligations pursuant to Articles 32 to 36 of the GDPR (e.g., security, breach notifications, impact assessments) taking into account the nature of processing and the information available to the Provider.
    4. Provider will notify Customer without undue delay on becoming aware of a Customer Personal Data breach.
  8. Duration of the Processing
    1. Provider will process Customer Personal Data under the Agreement for the duration of storage of the data in the Service, or, at the latest, until the termination of the Agreement. Within 14 days of the date of cessation of Services, Provider will return or delete all copies of Customer Personal Data.
    2. Provider may retain Customer Personal Data to the extent required by applicable legislation requires storage of personal data and only to the extent and for such period as required by applicable legislation.
  9. Sub-processing
    1. Customer consents to the Provider appointing third-party Sub-processors of Personal Data under this Agreement specified in https://kontent.ai/learn/docs/security/personal-data-in-kontent-ai , including but not limited to Microsoft Corporation (a cloud computing services provider), Fastly, Inc. (a global Content Delivery Network (CDN) provider), Auth0 by Okta, eventually including their subcontractors and affiliates, and affiliated companies of the Provider. The Provider confirms that it has entered or will enter with the third-party Sub-processors into written agreements imposing on the third-party Sub-processors the appropriate data protection obligations under the Data Protection Legislation. In the case where the Provider appoints any third-party Sub-processor, they will proceed in accordance with Article 28 (2 and 4) of the GDPR. In the case where any third-party Sub-processor is seated outside the European Union, the Provider will ensure any Personal Data will be transferred to such processor in accordance with the Data Protection Legislation, especially to provide appropriate safeguards in relation to the transfer. As between the Customer and the Provider, the Provider will remain fully liable for all acts or omissions of any third-party Sub-processor appointed by it pursuant to the Article 6 of the Agreement.
    2. The Provider uses the Microsoft Corporation and its affiliates as a cloud computing services provider (“Microsoft Azure Services”). Therefore, any data entered, uploaded, or distributed in using the Service will be processed by the Microsoft Corporation or its subcontractors (a list of the subcontractors is available at  https://servicetrust.microsoft.com/DocumentPage/badc200c-02ab-43d9-b092-ed9b93b9b4a8) using Microsoft Azure Services. By entering into the Agreement, the Customer agrees with the above-mentioned means of processing of the data when using the Service.
    3. Microsoft Azure Services are provided under the licensing terms of Microsoft Corporation, namely, but not limited to, the Online Services Terms (OST) available at https://www.microsoft.com/en-us/Licensing/product-licensing/products.aspx (“Microsoft Licensing Terms”). When providing the Service to the Customer, the Provider is bound by the obligations specified in this Annex No. 2 to the extent the Microsoft Corporation is bound by the Microsoft Licensing Terms when providing Microsoft Azure Services to the Provider. In case of any change in such terms, Provider’s obligations to Customer will be changed accordingly to correspond to the amended Microsoft Licensing Terms.
    4. Provider reserves the right to change unilaterally the cloud computing services provider, replace any other third-party Sub-processor of the Personal Data or engage a new one, in which case. In such a case, the Provider will ensure the level of data protection under the new cloud computing services will be commensurate with Microsoft Azure Services.
  10. Details of processing of Customer Personal Data required by Article 28(3) of GDPR
    1. Subject matter and duration of the processing of Customer Personal Data:
      1. The subject matter and duration of the processing of the Customer Personal Data are set out in the Agreement and the Data Processing Terms.
    2. The nature and purpose of the processing of Customer Personal Data:
      1. Customer Personal Data will be processed as necessary to perform the Services pursuant to the Agreement, as further specified in the documentation related to the Services, in Data Processing Terms and as further instructed by Customer in its use of the Services. 
    3. The types of Customer Personal Data to be processed are set out in the Data Processing Terms.
    4. The categories of Data Subjects to whom the Customer Personal Data relates:
      1. Customers;
      2. Employees, subcontractors.

ANNEX NO. 3: Security and Technical Measures

  1. The Provider hereby agrees to provide adequate level of security of Service and related customer data including any Content and Personal Data. At minimum, the Provider shall implement and maintain the following safeguards:
    1. Governance and compliance
      • Adequate roles and responsibilities for security shall be set
      • Information Security policies shall be defined, approved and shared with all employees
      • Industry standard security control frameworks such as ISO/IEC 27001, ISO/IEC 27017 or Trusted Services Criteria (SOC 2) shall be followed
      • Regular security reviews, audits and/or penetration tests shall be performed by internal or external security experts
    2. Risk management
      • The level of risk, associated with Service, Content and Personal Data, shall be assessed, measured and treated
      • Risk re-assessments shall be done on a periodic basis, but at least once every 12 months
    3. Organizational measures
      • Employees, sub-contractors, and affiliates received training including information security and reaffirm their understanding of their information security obligations
      • Change management procedures shall be defined
      • Incident management and communication procedures shall be defined
      • The Provider shall follow a secure Software Development Lifecycle (SDLC) process for the Service development and maintenance.
    4. Technical measures
      • Strong authentication methods (e.g., complex passwords, multi-factor authentication) shall be enforced for relevant Service infrastructure
      • Encryption at rest shall be implemented for hard drives containing Content and Personal Data
      • Centrally managed anti-malware protection shall be put in place
      • Vendor-supplied security updates shall be installed regularly
      • Service shall contain security features that customers can manage to improve security of their Service instance and data
      • Logging shall be put in place to enable monitoring of security events
      • Portability options shall be made available for customers wanting to export their data from the Service
      • Disaster recovery plans shall be prepared and regularly tested at least once every 12 months
    5. Shared Security Responsibility Model
      • Provider shall provide guidance in a format of Shared Security Responsibility Model, outlining roles of cloud customer and cloud provider in the Service. This can be achieved e.g. via making Consensus Assessments Initiative Questionnaire available to the Customer.
    6. Responsible AI
      • Adequate measures shall be put in place to ensure responsible use of Artificial Intelligence technology in the Service
      • Service Specification further outlines respective security capabilities of the Service.

ANNEX No. 4 – Service Availability

  1. Subject to the Provider’s rights to postpone provision of the Service according to this Agreement, the Provider will use commercially reasonable endeavours to ensure that the Service is available at all times. In case where the Actual Service Availability is below the Guaranteed Service Availability level specified in the Order Form during any Monthly Period, the Provider will refund to the Customer a part of the Price, calculated in accordance with sec. 1.5, for any period during which the Service is not available, save where such unavailability is due to a fault of the Customer, or due to force majeure (including but not limited to flood, riot, fire, judicial or governmental action, labour disputes, act of God, or any other causes beyond the control of Provider). 
  2. For the purposes of the Agreement, the Service Availability means the time during which both of the following services are available:
    • The administration interface,
    • The Content Delivery API. 
  3. The Service may be stopped or limited in order to perform necessary maintenance, including but not limited to, delivering new functionalities, important fixes and improvements in Service performance and stability (the “Maintenance”). A total time of such stoppage or limitation of up to one hour per Monthly Period shall not be considered a breach or failure to reach Service Availability for the purpose of this Agreement. The Maintenance may be conducted in case where:
    • the Maintenance was announced by the Provider at least 10 days in advance via email address of any person with an admin account and on the Status page (https://status.kontent.ai/) or
    • the stability or security of the Service is severely endangered (in that case, the Maintenance may be conducted immediately without prior notice).
  4. The Actual Service Availability is calculated as ([total time in minutes of the Service Availability in the given Monthly Period] + [total time in minutes during which the Service is not available due to any fault of the Customer or due to force majeure in the given Monthly Period]) / (number of minutes in the given Monthly Period) x 100.
  5.  The amount to be refunded will be calculated as follows: ([Guaranteed Service Availability] - [Actual Service Availability]) % x Price per month.