cmpliancethe agentic workforce

Legal

Terms of service

Last updated: 28 May 2026

1. Parties and agreement

These terms ("Terms") govern the subscription to and use of cmpliance.ai (the "Service"), operated by paterhn GmbH ("paterhn", "we", "us"), Gotthardstrasse 26, 6300 Zug, Switzerland.

By creating an account, accepting these Terms, signing an order form, or using the Service, the organisation you represent ("Customer", "you") agrees to be bound by these Terms. If you act on behalf of an organisation, you confirm that you have authority to bind that organisation.

2. The service

cmpliance.ai provides AI-assisted compliance workflow software for regulated teams. The Service is designed to support work such as:

  • KYC and AML onboarding workflows
  • Counterparty risk assessment support
  • EU AI Act documentation support
  • Evidence pack and audit trail preparation
  • API-first workflow orchestration for compliance teams

The Service produces decision-support outputs for authorised users to review. Customers remain responsible for configuring appropriate controls and for human review before using outputs for legal, regulatory, financial, onboarding, rejection, or similarly significant decisions.

cmpliance.ai is a compliance operations tool. It is not legal advice, regulatory advice, financial advice, or a substitute for qualified compliance, legal, or risk professionals.

3. Accounts and authorised users

The Customer is responsible for:

  • Maintaining the confidentiality of account credentials
  • All activity that occurs under Customer accounts
  • Ensuring that only authorised personnel access the Service
  • Configuring user roles and access rights appropriately
  • Notifying us promptly at cmp@cmpliance.ai if credentials are compromised

Accounts may not be shared between organisations or used to process data on behalf of third parties unless the applicable customer agreement permits it.

4. Subscriptions, order forms, and payment

Commercial terms, fees, billing periods, plan limits, and payment methods are set out in the applicable order form, subscription confirmation, pricing page, or written customer agreement.

Unless otherwise stated in the applicable order:

  • Fees are payable in advance
  • Fees exclude VAT and other applicable taxes
  • Customers are responsible for taxes, duties, and similar governmental charges
  • Late payment may result in suspension after reasonable notice

Self-service, trial, pilot, or free assessment access may be limited, changed, or withdrawn where required for security, abuse prevention, legal compliance, or operational reasons.

5. Customer data and data processing

Ownership

Customer Data remains the Customer's property. We claim no ownership rights in Customer Data beyond the rights needed to provide, secure, support, and improve the Service under these Terms and the applicable customer agreement.

Our role as processor

When the Customer submits personal data about its own clients, counterparties, beneficial owners, directors, signatories, employees, or other third parties for compliance assessment, paterhn GmbH acts as a data processor and the Customer acts as data controller, unless a signed agreement states otherwise.

The Customer is responsible for:

  • Having a lawful basis for processing personal data
  • Providing any required notices to data subjects
  • Ensuring that use of the Service is permitted under applicable law
  • Deciding whether outputs may be used in a particular compliance or business process

The terms governing our processing of Customer Data as a processor are set out in our Data Processing Agreement and any signed customer agreement. DPA coverage is required before production or pilot processing of real customer personal data. Synthetic demos are separate.

Customer Data restrictions

Customers should not upload sensitive production data, special category data, criminal-offence data, or regulated KYC/AML production data unless applicable written terms are in place and the Customer has confirmed that the processing is lawful.

Workspaces, assessments, or demos identified as synthetic, sandbox, pre-production, or evaluation environments must not be used for real production personal data or regulated KYC/AML data unless we have expressly enabled that use under a written customer agreement and applicable data-processing terms.

No model training on Customer Data

We do not use Customer Data to train public or foundation AI models. Customer Data is processed to provide the Service and as otherwise permitted by the applicable customer agreement.

6. AI-assisted outputs and human review

The Service may generate, classify, summarise, extract, or organise information using AI-assisted systems. These outputs may be incomplete, incorrect, outdated, or dependent on the quality of the source material provided.

Customers are responsible for:

  • Reviewing outputs before relying on them
  • Maintaining appropriate human oversight
  • Deciding whether outputs are suitable for a specific use
  • Labelling or disclosing AI-generated or AI-assisted content where required by law
  • Keeping records required by their own regulatory obligations

The Service must not be used as the sole basis for decisions that produce legal, regulatory, financial, onboarding, rejection, employment, credit, or similarly significant effects without appropriate human review and customer-controlled safeguards.

7. Intellectual property

Our technology

cmpliance.ai, its software, workflows, templates, interfaces, models, orchestration logic, documentation, and related know-how are owned by or licensed to paterhn GmbH and protected by applicable intellectual property law. These Terms do not transfer ownership of our technology to the Customer.

Customer materials and outputs

The Customer retains ownership of Customer Data. Subject to payment of applicable fees and compliance with these Terms, the Customer may use outputs generated from Customer Data for its internal compliance operations.

Customer ownership of outputs does not transfer ownership of our platform, templates, generic know-how, models, prompts, workflows, or reusable product logic.

8. Acceptable use

The Customer agrees not to:

  • Use the Service in violation of applicable law or regulation
  • Submit data that the Customer is not authorised to process
  • Use the Service to make unlawful, discriminatory, or solely automated significant decisions
  • Attempt to circumvent access controls, probe systems outside authorised testing, reverse-engineer the Service, or extract models or prompts
  • Resell, sublicense, or provide third-party access without written permission
  • Use the Service in a way that could damage, disable, overload, or impair availability

We may suspend or terminate access if we reasonably believe the Customer has breached this section or if continued access creates security, legal, or operational risk.

9. Security

We apply technical and organisational measures appropriate to the nature of the Service and the risks involved. Our current security posture is summarised on the Security page and in the Technical and Organisational Measures.

Security features and controls may vary by plan, configuration, deployment model, and customer agreement.

10. Subprocessors

We use subprocessors and service providers to operate, secure, support, and improve the Service. A public summary is available on the Subprocessors page. The applicable customer agreement controls final subprocessor notice, objection, transfer, and audit rights.

11. Service availability

We use commercially reasonable efforts to operate the Service reliably. Unless a signed order form or customer agreement states otherwise, availability targets are operational targets only and do not create service-credit rights.

We may perform maintenance, updates, or emergency changes where needed for security, reliability, legal compliance, or product operation.

12. Confidentiality

Each party agrees to protect the other party's confidential information using reasonable care and not to disclose it except:

  • To personnel, contractors, subprocessors, or advisers who need access and are bound by confidentiality obligations
  • As required by law, regulation, court order, or supervisory authority
  • As permitted under these Terms or the applicable customer agreement

Confidential information excludes information that is public through no breach, already known without confidentiality restriction, independently developed, or lawfully received from a third party.

13. Warranties and disclaimers

We will provide the Service with reasonable skill and care.

Except as expressly stated in these Terms or a signed customer agreement, the Service is provided "as is" and "as available". We disclaim all implied warranties to the maximum extent permitted by law, including warranties of merchantability, fitness for a particular purpose, non-infringement, uninterrupted operation, error-free output, or regulatory sufficiency.

The Customer remains responsible for determining whether the Service and its outputs are suitable for the Customer's legal, regulatory, and operational requirements.

14. Limitation of liability

To the maximum extent permitted by Swiss law:

  • Neither party is liable for indirect, consequential, punitive, special, or incidental damages, loss of profits, loss of business opportunity, or loss of goodwill
  • Our aggregate liability for claims arising from or related to these Terms is limited to the fees paid by the Customer for the Service in the three months before the event giving rise to the claim
  • The limitation does not apply to liability that cannot be excluded or limited by applicable law

Different caps, exclusions, or risk allocations may apply under a signed enterprise, pilot, or production customer agreement, including for confidentiality, data protection, security incidents, intellectual-property claims, unpaid fees, or other agreed categories.

15. Indemnity

The Customer will defend and indemnify paterhn GmbH against third-party claims arising from:

  • Customer Data submitted to the Service
  • Customer's unlawful use of the Service
  • Customer's breach of these Terms
  • Customer decisions made using Service outputs

We will defend and indemnify the Customer against third-party claims alleging that the Service, as provided by us and used in accordance with these Terms, infringes third-party intellectual property rights. This obligation does not apply to claims arising from Customer Data, customer-specific configurations, unauthorised modifications, misuse, or combination with systems not provided by us.

16. Term and termination

These Terms apply from the date you first access or use the Service and continue until terminated.

Either party may terminate as set out in the applicable order form or customer agreement. If no separate term is stated, either party may terminate for convenience with 30 days written notice.

We may suspend or terminate access immediately where necessary to address security risk, illegal use, non-payment after notice, or material breach.

After termination, Customer Data will be retained for export for a limited period and then deleted or anonymised according to the applicable retention terms, unless legal retention obligations require otherwise.

17. Assignment and successor entity

paterhn GmbH may assign or transfer these Terms, related customer agreements, and related data-processing obligations to an affiliate, successor, acquirer, or dedicated cmpliance entity as part of a corporate reorganisation, financing, merger, acquisition, sale of assets, or establishment of a dedicated operating company, provided the Customer's rights are not materially reduced.

The Customer may not assign these Terms without our prior written consent, except to a successor in connection with a merger, acquisition, or sale of substantially all assets, provided the successor assumes the Customer's obligations.

18. Governing law and disputes

These Terms are governed by Swiss law, excluding conflict-of-law rules.

Any dispute arising from or related to these Terms that cannot be resolved by the parties within 30 days of written notice shall be submitted to the exclusive jurisdiction of the courts at the seat of paterhn GmbH in Zug, Switzerland, unless mandatory law provides otherwise.

19. Changes to these Terms

We may update these Terms from time to time. We will publish the updated version with a new "Last updated" date. For material changes affecting active customers, we will provide reasonable notice where required by the applicable customer agreement, which may include email or in-product notice to account administrators.

20. General

  • Entire agreement: These Terms, together with the DPA and any order form or subscription confirmation, form the agreement between the parties for the Service unless a signed agreement states otherwise.
  • Severability: If any provision is unenforceable, the remaining provisions continue in effect.
  • No waiver: Failure to enforce a provision is not a waiver.
  • Force majeure: Neither party is liable for delay or failure caused by events beyond reasonable control.
  • Notices: Notices must be in writing and sent to the contact addresses provided by the parties.

21. Contact

cmp@cmpliance.ai paterhn GmbH, Gotthardstrasse 26, 6300 Zug, Switzerland