1. Provider & Scope
These Terms of Service govern the purchase and use of the DubeAI Platform — a perpetual, on-premise software product — together with the related onboarding services, supplied by DubeAI (Andreas Dube), Bad Homburg vor der Höhe, Germany (the “Provider”).
By engaging the Provider, you (the “Client”) agree to these Terms. They apply to all business relationships between the Provider and the Client, unless expressly agreed otherwise in writing.
2. Scope of Delivery
The Provider delivers the DubeAI GRC Platform, an AI-native software product covering Governance, Risk, and Compliance — including risk management, internal controls, audit management, executive dashboards, and integrations.
One-time purchase, all modules included. The Client receives the Platform in the state and feature scope existing at the time of purchase, comprising all modules then available. The Client acknowledges that individual modules may be at different maturity levels — ranging from production-ready to early-stage or experimental. The maturity status of each module at the time of purchase is documented in the delivery package.
Reference system “Arche”. The purchase includes a reference codebase named Arche — a pre-configured snapshot of the Platform with example data and configuration, intended as a starting point and reference implementation for the Client’s own deployment.
Delivery method. The Platform and Arche are handed over as a software package via a mutually agreed channel (e.g. file share, cloud storage, or physical media). The Provider does not host, operate, or provide the Platform as a service.
Included onboarding services: (a) basic training on the Platform; (b) knowledge transfer covering architecture and operations; (c) deployment guidance for common target environments (e.g. AWS, Vercel/Neon).
Not included by default. Deployment execution, hosting, day-to-day operations, monitoring, backups, software updates, and ongoing support are the Client’s responsibility. Updates, additional training, custom modifications, and further support are available on demand under separate written agreement.
3. Contract Formation & Duration
A binding contract is formed upon the Client’s written acceptance of a quote, order form, or SOW. Enquiries submitted via the website do not constitute a binding agreement.
The purchase of the Platform is a one-time transaction; the licence granted under Section 4 is perpetual. Any optional on-demand services (updates, additional training, modifications, support) are governed by separate written agreements, including their own term and notice periods.
4. Intellectual Property & Licence
Provider IP. The Platform, the Arche reference codebase, the source code, documentation, AI models, configurations, and all components and methodologies remain the exclusive intellectual property of the Provider. No ownership of the Platform or any of its components is transferred to the Client.
Licence grant. Upon full payment, the Provider grants the Client a perpetual, worldwide, non-exclusive, non-transferable, non-sublicensable, royalty-free licence to use the Platform and Arche for the Client’s own internal business purposes, including the right to install, deploy, operate, modify, extend, configure, integrate, and create derivative works — without ongoing dependency on the Provider.
Prohibition of resale, transfer & disclosure to third parties. The Client shall not sell, sublicense, rent, lease, lend, distribute, transfer, publish, make publicly available, or otherwise provide access to the Platform, Arche, their components, source code, documentation, AI models, configurations, modifications, or any derivative works to any third party. For the avoidance of doubt, “third party” expressly includes any other legal entity — even within the same corporate group as the Client (e.g. parent, subsidiary, sister, or affiliated companies, joint ventures, and other affiliates). Group-wide or affiliate use requires a separate written extension granted by the Provider.
Any unauthorised resale, disclosure, or transfer constitutes a material breach and will result in immediate legal action, including injunctive relief, claims for damages, contractual penalties, and criminal prosecution where applicable. The Provider reserves the right to seek emergency injunctive relief (einstweilige Verfügung) without prior notice. The Client shall be liable for all legal costs incurred by the Provider in enforcing this provision, and the Provider may revoke the licence with immediate effect (see Section 9).
5. Data Protection & Confidentiality
Because the Provider does not host or operate the Platform on the Client’s behalf (see Sections 2 and 7), the Provider does not process Client or end-user data in the Client’s production environment. The Client is the sole controller and processor of all data processed within its own deployment of the Platform.
The Provider processes personal data only within the scope of contract initiation, delivery, training, knowledge transfer, and any on-demand services expressly agreed — in accordance with the GDPR and applicable German data protection laws. Details are set out in our Privacy Policy.
Both parties agree to maintain the confidentiality of all non-public information received from the other party. This obligation survives termination for three (3) years.
6. Payment Terms
Invoices are payable within 30 days of issue. All amounts are exclusive of VAT and any other applicable taxes or duties. In the event of late payment, the Provider may withhold delivery of the Platform, suspend any agreed on-demand services, and claim default interest in accordance with § 288 BGB, as well as any further statutory remedies.
7. Deployment & Client Environment
The Platform is delivered as a software package; deployment, hosting, configuration, day-to-day operation, monitoring, backups, security patching, and incident response are the sole responsibility of the Client. The Client selects, procures, and operates its own target environment (e.g. AWS, Vercel/Neon, or any other infrastructure of its choice).
As part of onboarding, the Provider supplies deployment guidance for common target environments. Such guidance is informational; the Provider assumes no responsibility for the Client’s chosen infrastructure, third-party services used by the Client, or the operational outcome of the Client’s deployment.
The Provider does not retain access to the Client’s environment after handover, unless expressly agreed in writing for specific on-demand services.
8. Warranty & Liability
As-delivered. The Platform and Arche are provided “as is”, in the state and feature scope existing at the time of delivery. The Client expressly acknowledges that individual modules are at different maturity levels (see Section 2), and that no functional or fitness guarantee is given for modules documented as early-stage or experimental beyond what is stated in the delivery package.
No fitness for a particular purpose. The Provider makes no warranty that the Platform will meet any specific use case, performance target, or regulatory requirement of the Client beyond the functionality described in writing in the order documents and the delivery package.
Statutory rights. The Client’s mandatory statutory warranty rights under German law — in particular in cases of fraudulent concealment of defects (§ 444 BGB) — remain unaffected.
Limitation of liability. The Provider’s total aggregate liability shall not exceed the fees paid by the Client to the Provider in the twelve (12) months preceding the event giving rise to the claim. The Provider shall not be liable for indirect, incidental, or consequential damages, including loss of profits, loss of data, or business interruption. The foregoing limitations do not apply to liability for wilful misconduct or gross negligence, for injury to life, body, or health, or to any other liability that is mandatory under applicable law (in particular under the German Product Liability Act, ProdHaftG).
9. Termination & Licence Revocation
The licence granted under Section 4 is perpetual. As the purchase of the Platform is a one-time transaction, “termination for cause” in this Section primarily concerns any optional on-demand agreements (updates, additional services, support); either party may terminate such optional agreements for cause if the other materially breaches and fails to cure within 30 days of written notice.
Licence revocation. The Provider may revoke the licence to the Platform and Arche with immediate effect in the event of a material breach by the Client of Section 4 (Intellectual Property & Licence) — in particular any unauthorised resale, transfer, sublicensing, disclosure, or provision of access to a third party (including other legal entities within the Client’s corporate group). Upon revocation, the Client shall cease all use of the Platform and Arche, and irretrievably delete or destroy all copies in its possession, confirming the same in writing on request. Damage and injunctive relief claims of the Provider remain unaffected.
10. Governing law & jurisdiction
These Terms of Service are governed by the laws of the Federal Republic of Germany, excluding the conflict-of-laws rules and the UN Convention on Contracts for the International Sale of Goods (CISG).
If the Client is a merchant (Kaufmann) within the meaning of the German Commercial Code, a legal person under public law, or a special fund under public law, the exclusive place of jurisdiction for all disputes arising out of or in connection with these Terms of Service is Bad Homburg vor der Höhe, Germany (or, where required by law, Frankfurt am Main), pursuant to §38 ZPO. For consumers, mandatory statutory provisions on jurisdiction remain unaffected.
11. Contact
DubeAI · Andreas Dube
Bad Homburg vor der Höhe, Germany
Email: ai4grc@dube.eu
Web: www.dube.eu