Terms of Service
Updated: June 15, 2026
1. Acceptance of Terms and B2B Restriction
These Terms of Service govern your use of the Audinero platform provided by Audinero AI UG (haftungsbeschränkt), Hamburg, Germany.
This service is exclusively intended for entrepreneurs within the meaning of § 14 BGB (German Civil Code). By creating an account, you confirm that you are acting in a commercial or professional capacity. Consumers within the meaning of § 13 BGB are excluded from using the service. By registering, you confirm your status as a business entity via the registration checkbox. Any mandatory consumer or local protective provisions that may apply under Austrian or Swiss law in an individual case remain unaffected.
By accessing or using the Audinero platform, you accept and agree to be bound by these Terms of Service. If you do not agree, do not use the service.
2. Service Description
Audinero is a cloud-based Software-as-a-Service (SaaS) platform that uses AI to analyze compliance documents and map them to industry frameworks (ISO 27001, ISO 9001, ISO 14001, SOC 2, GDPR, TISAX, NIS2). The service is provided by Audinero AI UG (haftungsbeschränkt).
Key Features: Document upload, AI analysis via the "Nero-Ki" assistant (OpenAI API: gpt-4.1-nano for text analysis, gpt-4.1-mini for standards analysis, gpt-4o for image and document analysis; processed exclusively in the eu-central-1 / Frankfurt region), framework mapping, reporting, user and role management.
3. User Accounts
When you create an account:
- You are responsible for maintaining password confidentiality
- You agree to provide accurate information
- You are liable for all activity under your account
- You must be 18+ and legally capable
- Authentication is managed via Convex Auth SDK (password with minimum 8 characters + email OTP verification)
4. Subscription Plans and Pricing
4.1 Plans
We offer tiered subscription plans (Essentials, Professional, Unlimited, Enterprise) with pricing listed at www.audinero.de.
4.2 BYOM (Bring Your Own Model)
The BYOM feature is available exclusively for Unlimited and Enterprise tier customers. Supported providers: Ollama, vLLM, LM Studio, LocalAI, and any OpenAI-compatible endpoint. When using BYOM, you are responsible for the security, data protection, and third-country transfer compliance of your chosen endpoint.
4.3 Free Trial
We offer a 14-day free trial. No payment information is required during the trial period. The trial does not constitute a permanent free tier.
4.4 Billing
Subscriptions are billed monthly or annually based on your selection. Billing is handled exclusively via Polar.
4.5 Auto-Renewal
Your subscription automatically renews unless you cancel at least 30 days before the renewal date.
4.4 Price Changes
We may adjust pricing with 30 days written notice. You have the right to terminate your subscription before the price change takes effect.
5. Acceptable Use
You agree NOT to:
- Use the service for illegal purposes
- Upload malware, viruses, or malicious code
- Hack, reverse-engineer, or attempt to breach the platform
- Share your login credentials with others
- Violate intellectual property rights
- Transmit threatening, offensive, or defamatory content
6. Intellectual Property
6.1 Platform
Audinero AI UG (haftungsbeschränkt) retains all rights to the software, code, design, frameworks, and documentation.
6.2 Your Content
You retain ownership of documents you upload. By uploading, you grant us a limited, non-exclusive license to store, process, and analyze them solely for service delivery. This license terminates upon account deletion.
6.3 Feedback
We may use any feedback you provide without compensation or attribution.
7. Availability & Support
7.1 Uptime Target
We aim for 99.5% monthly uptime. This is a target, not a guarantee. Scheduled maintenance is excluded. If uptime falls below 95% in any calendar month, you may terminate your subscription without penalty with 14 days written notice.
7.2 Maintenance
We perform regular updates and maintenance. We will notify you of scheduled maintenance when possible.
7.3 Support:
Basic support is included with all plans. Premium support levels may be available for Unlimited and Enterprise plans.
8. Warranties & Disclaimers
8.1 Limited Warranty
We provide the service "as is" based on current platform capabilities.
8.2 Disclaimer
The service is provided without warranty of accuracy, completeness, or fitness for a particular purpose.
8.3 AI Limitations
"Nero-Ki" AI analysis via OpenAI API (gpt-4.1-nano for text, gpt-4.1-mini for standards analysis, gpt-4o for images and documents) is advisory only. AI may contain errors or hallucinations. We make no guarantee of accuracy. AI outputs do not constitute legal, financial, or compliance advice.
9. Limitation of Liability
9.1 Cardinal Obligations (Kardinalpflichten)
For breaches of essential contractual obligations (cardinal obligations), our liability for foreseeable, typically occurring damages is limited to the total fees paid by you in the 12 months preceding the event giving rise to liability.
9.2 Indirect Damages
We are not liable for indirect damages (entgangener Gewinn, Betriebsunterbrechung, mittelbare Schäden, Folgeschäden), except where such damages result from a breach of cardinal obligations, gross negligence, or willful misconduct.
9.3 Liability Cap
Our total aggregate liability in any 12-month period shall not exceed the total fees paid by you in the 12 months preceding the event giving rise to the claim.
9.4 Mandatory Exceptions
The limitations in Sections 9.1–9.3 do NOT apply to: (a) liability for gross negligence or willful misconduct, (b) liability for bodily harm, (c) liability under the German Product Liability Act (Produkthaftungsgesetz), or (d) fraudulent misrepresentation.
9.4 Late Payment Interest
Late payments shall accrue interest at 9 percentage points above the base rate pursuant to § 288(2) BGB.
10. Data Protection
10.1 Compliance
Data processing is governed by our Privacy Policy, Cookie Policy, and GDPR (supplemented by the German Federal Data Protection Act, BDSG). The competent supervisory authority is the Hamburg Commissioner for Data Protection and Freedom of Information (HmbBfDI). By accepting these Terms, you automatically enter into our Data Processing Agreement (DPA/AVV) pursuant to GDPR Art. 28. The DPA is available as a separate document via hello@audinero.de and is presented during the registration process. Individual agreements pursuant to § 305b BGB take precedence over these Terms.
10.2 Data Storage
Your data is stored on Convex Cloud servers in the EU (Ireland). Encryption at rest is provided by Convex infrastructure (ISO 27001, SOC 2, C5 certified). AES-256-GCM encryption is applied at the application level exclusively for AI provider API keys.
10.3 Sub-Processors
The following sub-processors are used to provide the service:
- Convex, Inc. (USA, Hosting: EU/Ireland) — Backend infrastructure and data storage (EU-US DPF + SCCs)
- OpenAI, L.P. (USA) — AI processing, gpt-4.1-nano / gpt-4.1-mini / gpt-4o, eu-central-1 / Frankfurt region (EU-US DPF + SCCs)
- Polar (USA) — Payment processing (EU-US DPF + SCCs)
- Resend, Inc. (USA) — Transactional emails (EU-US DPF + SCCs)
- Sentry / Functional Software, Inc. (USA) — Error monitoring and session replay, text masked, consent required (EU-US DPF + SCCs)
- Tavily, Inc. (USA) — Web research for checklists (EU-US DPF + SCCs)
10.4 Error Monitoring and Performance Tracking
The application uses Sentry for error monitoring and performance tracking. These are activated only with your explicit consent. Sentry collects error reports, IP addresses, user identifiers, browser information, and session replay data with text masked. For full details, see our Privacy Policy and Cookie Policy.
10.5 Data Deletion
You can request deletion of your account and data at any time. Deletion will be executed within 7 business days of your request. Workspaces solely owned by you will be permanently deleted along with all associated data (documents, audit findings, extracted content, AI analysis results).
10.6 Data Export
You may export your workspace data before account deletion using the built-in export function. Please note that extractedContent and extractedText are excluded from the export due to size limitations.
10.7 Third - Country Transfers
Where transfers of personal data to third countries (in particular the USA) are required, these are based on the EU-US Data Privacy Framework and, additionally, on the EU Standard Contractual Clauses (SCCs).
10.8 Cookies and Consent
Cookies and comparable technologies that are not strictly necessary are only used on the basis of consent pursuant to § 25 TDDDG (formerly TTDSG). The Digital Services Act (DDG) and the German Interstate Media Treaty (MStV) apply additionally.
11. Confidentiality
Both parties agree to keep confidential any non-public information shared during the business relationship. This obligation survives termination of the contract for a period of 2 years.
12. Termination
12.1 By You
You can cancel your subscription at any time with 30 days notice to the end of the current billing period.
12.2 By Us
We may terminate if you breach these Terms and do not cure the breach within 14 days of written notice.
12.3 Effect
Upon termination, your access will be revoked after any remaining paid period. You will have 30 days from the effective termination date to export your data.
12.3 Extraordinary Termination
Either party may terminate immediately for cause (wichtiger Grund) pursuant to § 314 BGB, including material breach, insolvency, or cessation of business.
Force Majeure
Neither party shall be liable for failure to perform obligations where such failure results from events beyond its reasonable control, including but not limited to natural disasters, pandemics, government actions, war, infrastructure failures, or prolonged service outages of third-party providers (e.g., Convex, OpenAI). If a force majeure event persists for more than 90 days, either party may terminate the affected portion of this agreement without penalty.
14. Dispute Resolution
14.1 Negotiation
In the event of a dispute, the parties shall first attempt to resolve the matter through good-faith negotiations within 30 days.
14.2 Mediation
If negotiations fail, the parties may submit the dispute to mediation. Any mediation proceedings must be initiated within 60 days of the failed negotiation period.
14.3 Jurisdiction
If mediation fails or is not pursued, the courts of Hamburg, Germany shall have exclusive jurisdiction.
Governing Law
These Terms are governed by German law (BGB, HGB) without regard to conflict of law principles.
Amendments
We may update these Terms with at least 30 days written notice to your registered email address. Material changes will be clearly communicated. If you do not agree with the amended Terms, you have the right to terminate your subscription without penalty before the changes take effect. Continued use after the notice period constitutes acceptance.
17 Severability (Salvatorische Klausel)
If any provision of these Terms is held to be invalid, illegal, or unenforceable, the remaining provisions shall continue in full force and effect. The invalid provision shall be replaced by a valid provision that most closely reflects the economic purpose of the original provision, in accordance with § 306 BGB.
18 Entire Agreement
These Terms, together with our Privacy Policy, Cookie Policy, and Data Processing Agreement (DPA/AVV), constitute the entire agreement between us and supersede all prior agreements.
19 Supplementary Information for Users / Data Subjects in Austria
Where the offering concerns users established in Austria or the processing of data of persons in Austria, the following applies additionally:
- Disclosure obligations under § 5 ECG and § 25 MedienG are observed.
- In addition to the GDPR, the Austrian Data Protection Act (DSG) applies.
- The competent supervisory authority is the Austrian Data Protection Authority (Datenschutzbehörde, DSB).
- Cookies and comparable technologies that are not strictly necessary are only used on the basis of consent pursuant to § 165 TKG 2021.
- The governing law and place of jurisdiction remain Hamburg / Germany; mandatory local protective provisions remain unaffected where applicable.
20 Supplementary Information for Persons in Switzerland
Where data of persons in Switzerland is processed, the following applies additionally:
- The revised Swiss Federal Act on Data Protection (revFADP / revDSG, in force since September 1, 2023) applies additionally.
- The competent supervisory authority is the Federal Data Protection and Information Commissioner (FDPIC / EDÖB).
- Transfers of data to the USA are based on the Swiss-US Data Privacy Framework and, additionally, on the Standard Contractual Clauses (SCCs).
- Where required, a representative in Switzerland pursuant to Art. 14 revDSG must be appointed: [representative in CH to be designated if applicable].
- The governing law and place of jurisdiction remain Hamburg / Germany; mandatory local protective provisions remain unaffected where applicable.
