General Terms and Conditions

For the Use of the SaaS Platform PANTA OS

PANTA RHAI GmbH Grindelberg 15 A, 20144 Hamburg, Germany Email: datenschutz@pantaos.com

As of: 01.01.2026

§ 1 Scope of Application and Definitions

(1) Scope

These General Terms and Conditions (hereinafter "GTC") govern all contractual relationships between PANTA RHAI GmbH, Grindelberg 15 A, 20144 Hamburg, Germany (hereinafter "Provider") and the customer (hereinafter "Customer") in connection with the use of the SaaS platform PANTA OS (hereinafter "Platform").

(2) Exclusivity

These GTC shall apply exclusively. Any conflicting, deviating or supplementary general terms and conditions of the Customer shall not become part of the contract unless the Provider has expressly agreed to their application in writing.

(3) Business Customers Only

The Platform is intended exclusively for entrepreneurs within the meaning of § 14 of the German Civil Code (BGB), legal entities under public law and special funds under public law. By entering into the contract, the Customer confirms that they are acting in the exercise of their commercial or independent professional activity.

(4) Definitions

For the purposes of these GTC, the following terms shall have the meanings set out below:

  • "Platform" means the SaaS solution PANTA OS, including all AI-based functions, workflows, assistants, interfaces and related services contained therein.

  • "Customer" means the company or natural person acting in their capacity as an entrepreneur that enters into a contract with the Provider for the use of the Platform.

  • "User" means the natural persons authorised by the Customer to use the Platform under the Customer's account.

  • "Content" means all data, texts, documents, prompts, inputs and other materials entered or uploaded by the Customer or its Users into the Platform.

  • "AI Outputs" means all texts, analyses, summaries or other results generated by the AI functions of the Platform.

  • "Account" means the Customer's user account on the Platform through which the Customer and its authorised Users are granted access.

§ 2 Subject Matter of the Contract

(1) Service Description

The Provider makes the Platform PANTA OS available to the Customer as a Software-as-a-Service (SaaS) solution via the internet. Access is provided through a standard web browser or via the provided application programming interfaces (APIs).

(2) Scope of Functions

The functional scope of the Platform includes in particular:

  • AI-based assistants and chat functions

  • Automated workflows and data processing procedures

  • Creation, management and execution of AI-supported processes

  • Document processing and analysis

  • User account and tenant management

The precise functional scope is determined by the respective service description and the plan selected by the Customer. The current service description is available on the Provider's website at [URL].

(3) No Guarantee of Results

The Provider owes the provision of the Platform and its functions, but not any particular content-related result of the AI Outputs. AI-generated content may be incomplete, erroneous or inaccurate. The review and use of AI Outputs is the sole responsibility of the Customer.

(4) No Customisation

The Provider does not owe any adaptation of the Platform to the individual needs or IT environment of the Customer unless the parties have expressly agreed otherwise in writing.

§ 3 Conclusion of Contract and Registration

(1) Conclusion of Contract

The contract is concluded upon the Customer's complete registration on the Platform and confirmation of these GTC. Acceptance by the Provider occurs implicitly through activation of the Account or expressly through confirmation in text form.

(2) Registration

The Customer is obliged to provide complete and truthful information during registration. Any changes to the registration data must be communicated to the Provider without delay.

(3) Account Administration

The Customer shall designate at least one natural person as an administrator for their Account. The administrator is authorised to create additional Users and assign permissions. Each User receives individual access credentials which must not be shared with third parties.

§ 4 Usage Rights and Terms of Use

(1) Right of Use

The Provider grants the Customer, for the duration of the contractual relationship, a simple (non-exclusive), non-transferable, non-sublicensable right to use the Platform within the framework of these GTC. Use is limited to the Users authorised by the Customer and the contractually agreed number of user seats.

(2) Usage Restrictions (Acceptable Use Policy)

The Customer undertakes to use the Platform exclusively in accordance with applicable law and these GTC. In particular, the Customer and its Users are prohibited from:

  • Entering or transmitting unlawful, defamatory, libellous, violence-glorifying or pornographic content

  • Attempting to manipulate, circumvent or decompile the Platform, its AI models or security mechanisms (reverse engineering)

  • Using the Platform for automated mass messaging (spam) or other abusive purposes

  • Automated reading, scraping or systematic extraction of data from the Platform

  • Using the Platform in a manner that impairs its operation or use by other customers

  • Sharing access credentials with unauthorised third parties

  • Using the Platform to generate content that infringes copyrights, trademark rights or other third-party rights

(3) Suspension

The Provider is entitled to suspend the Customer's or individual Users' access to the Platform in whole or in part if there is a reasonable suspicion that the Customer or a User is in breach of these GTC or applicable law. The Provider shall inform the Customer of the suspension without delay and lift it as soon as the suspicion has been resolved.

§ 5 Availability and Service Level Agreement (SLA)

(1) Availability

The Provider shall endeavour to ensure the highest possible availability of the Platform. The Platform is deemed available when the Customer can reach and use its essential functions via the internet.

(2) Availability Commitment

The Provider targets an availability of the Platform of 99.5% on a monthly average, measured at the handover point of the data centre. The following shall not count as unavailability:

  • Scheduled maintenance works announced with a notice period of at least 3 business days and, where possible, carried out outside normal business hours (Mon–Fri 8 am – 6 pm CET)

  • Disruptions caused by force majeure, acts of third parties or circumstances beyond the Provider's control (e.g. internet outages, DDoS attacks, governmental orders)

  • Disruptions attributable to the Customer's IT infrastructure or area of responsibility

(3) Extended SLA

If the parties have agreed on an extended Service Level Agreement, the availability quotas, error categories, response times and escalation procedures set out therein shall take precedence. The SLA shall form part of the contract as a separate annex.

(4) Service Credits

If the Provider falls short of the agreed availability in any calendar month, the Customer shall, upon request, receive a pro-rata credit on the monthly fee in accordance with the provisions of the SLA. To the extent permitted by law, such credit shall constitute the Customer's sole and exclusive remedy for unavailability.

§ 6 Support and Maintenance

(1) Support Services

The Provider makes technical support available to the Customer via email. Support includes assistance with the use of the Platform, receipt of error reports and handling of technical enquiries.

(2) Support Hours

Support is available during normal business hours: Monday to Friday, 9:00 am to 5:00 pm CET, excluding public holidays at the Provider's registered office (Hamburg, Germany).

(3) Response Times

The Provider shall acknowledge receipt of a support request within one business day. Further processing shall take place within a reasonable time, taking into account the severity of the reported issue. Deviating response times may be set out in the SLA (if agreed).

(4) Updates and Further Development

The Provider is entitled and endeavours to continuously develop, improve and update the Platform. Updates that do not restrict the essential functionality of the Platform shall be implemented without separate notice. The Customer shall be informed of material changes to the functional scope with a notice period of at least 30 days. If a material change adversely affects the Customer to more than an insignificant extent, the Customer shall have a special right of termination effective as of the date the change takes effect.

§ 7 Fees and Payment Terms

(1) Fees

The Customer shall pay the fees agreed upon in the respective plan for the use of the Platform. The current plans and prices are available on the Provider's website and are communicated to the Customer upon conclusion of the contract.

(2) Due Date

Fees are due in advance, either monthly or annually, depending on the billing period selected. The first payment is due upon activation of the Account.

(3) Payment Methods

Payment shall be made by credit card, direct debit or invoice, to the extent offered by the Provider. In the case of payment by invoice, the invoice amount shall be due within 14 days of receipt of the invoice without deduction.

(4) Late Payment

If the Customer is in default of payment, the Provider shall be entitled to charge default interest at a rate of 9 percentage points above the respective base interest rate of the European Central Bank (§ 288 (2) BGB). Furthermore, after an unsuccessful reminder with a reasonable grace period, the Provider shall be entitled to suspend access to the Platform until the outstanding balance has been paid in full. The right to terminate for cause shall remain unaffected.

(5) Price Adjustments

The Provider shall be entitled to adjust fees with a notice period of at least 90 days effective as of the end of the current contract year. The Customer shall be informed of the price adjustment by email. In the event of a price increase, the Customer shall have a special right of termination with a notice period of 30 days effective as of the date the price increase takes effect.

§ 8 Customer Obligations (Duties to Cooperate)

(1) System Requirements

The Customer shall ensure at its own expense that the technical requirements for using the Platform on its side are met. These include in particular a current web browser, a stable internet connection and compliance with the system requirements communicated by the Provider.

(2) Access Credentials

The Customer is responsible for the confidential treatment of its access credentials and those of its Users. The Customer shall ensure that only authorised persons have access to the Platform. In the event of suspected unauthorised access, the Customer shall inform the Provider without delay and change the affected access credentials.

(3) Responsibility for Content

The Customer is solely responsible for all Content entered or uploaded by the Customer or its Users into the Platform. The Customer warrants that the Content entered does not infringe any third-party rights and does not violate applicable law. To the extent the Content contains personal data, the Customer shall ensure that it has the requisite legal basis for processing.

(4) Data Backup

The Customer is responsible for regularly backing up its Content, unless the Provider has expressly committed to providing a backup service. The Provider recommends that the Customer regularly back up its data using the export function provided.

(5) Notification Duty

The Customer is obliged to notify the Provider without delay of any identified errors, disruptions or security incidents and to cooperate to a reasonable extent in error analysis and resolution.

§ 9 Data, Rights to Content and Intellectual Property

(1) Customer Data

All Content entered, uploaded or otherwise transmitted by the Customer or its Users into the Platform shall remain the property of the Customer. The Provider does not acquire any rights to the Content beyond what is necessary for the provision of services.

(2) Limited Purpose Licence

The Customer grants the Provider a simple, non-transferable right to use the Content entered, limited in time and scope to the provision of the contractual services. This right shall expire upon termination of the contract and deletion of the data.

(3) AI-Generated Content

Outputs generated by the AI functions of the Platform may be freely used by the Customer. The Provider does not warrant the accuracy, completeness, lawfulness or usability of the AI Outputs. The Customer is solely responsible for reviewing and using the AI Outputs. The Provider points out that AI-generated content may not be protectable, or may be protectable only to a limited extent, under copyright law.

(4) Provider's Intellectual Property

All rights to the Platform, including the software, algorithms, AI models, design, trademarks and documentation, shall remain with the Provider or its licensors. The Customer is not granted any ownership or other rights to the Platform beyond the contractual right of use.

(5) Data Export After Termination

The Provider shall make an export function available to the Customer for a period of 30 days after termination of the contract, allowing the Customer to export its Content in a common, machine-readable format. After expiry of this period, the data shall be deleted in accordance with the provisions of the DPA.

§ 10 Data Protection

(1) Privacy Policy

The Provider processes personal data of the Customer and its Users in compliance with the GDPR and the German Federal Data Protection Act (BDSG). Details on the collection, processing and use of personal data are set out in the Provider's Privacy Policy, available at [URL].

(2) Data Processing Agreement

To the extent the Provider processes personal data on behalf of the Customer in the course of service provision, the parties shall enter into a Data Processing Agreement (DPA) pursuant to Art. 28 GDPR. The DPA constitutes a separate document forming part of this contract and can be requested.

(3) Roles

With regard to the processing of Content entered by the Customer or its Users into the Platform, the Customer acts as the controller within the meaning of Art. 4(7) GDPR and the Provider acts as the processor within the meaning of Art. 4(8) GDPR.

(4) Technical and Organisational Measures

The Provider shall implement appropriate technical and organisational measures to protect personal data in accordance with Art. 32 GDPR. Details are set out in the annex to the DPA.

§ 11 Liability and Warranty

(1) Unlimited Liability

The Provider shall be liable without limitation for damages arising from injury to life, body or health based on an intentional or negligent breach of duty by the Provider, its legal representatives or its vicarious agents. The Provider shall also be liable without limitation for damages based on intent or gross negligence, as well as for damages arising from the assumption of a guarantee or under the German Product Liability Act (Produkthaftungsgesetz).

(2) Limited Liability for Slight Negligence

In cases of slight negligence, the Provider shall only be liable for the breach of material contractual obligations (cardinal obligations), the fulfilment of which is essential for the proper performance of the contract and upon which the Customer may regularly rely. In such cases, liability shall be limited to the foreseeable, contract-typical damage.

(3) Liability Cap

The Provider's liability for foreseeable, contract-typical damages shall be limited in amount to the fees paid by the Customer to the Provider in the 12 months preceding the event giving rise to the damage, but in no case less than EUR 10,000.

(4) Strict Liability

The Provider's strict liability for defects existing at the time of contract conclusion pursuant to § 536a (1) Alt. 1 BGB shall be excluded to the extent permitted by law.

(5) AI Outputs

The Provider shall not be liable for the accuracy, completeness or suitability of outputs generated by the AI functions. The Customer is solely responsible for reviewing and using the AI Outputs. In particular, AI Outputs must not be relied upon without human review as the basis for legally binding, medical, financial or safety-related decisions.

(6) Data Loss

In the event of data loss, the Provider shall only be liable for the effort that would have been required to restore the data from a proper data backup by the Customer. Liability presumes that the Customer has backed up its data at reasonable intervals.

(7) Limitation Period

Claims by the Customer for defects shall become time-barred after 12 months from knowledge of the defect, unless mandatory statutory provisions prescribe a longer limitation period.

§ 12 Confidentiality

(1) Confidential Information

The parties undertake to treat all confidential information of the other party obtained in the course of the contractual relationship in strict confidence and to use it exclusively for the performance of the contract. Information shall be deemed confidential if it is marked as confidential or is to be regarded as confidential in the circumstances, including trade secrets, technical information, customer data and contract terms.

(2) Exceptions

The confidentiality obligation shall not apply to information that was already publicly known at the time of disclosure or becomes publicly known without fault of the receiving party, was already known to the receiving party prior to disclosure, was demonstrably independently developed by the receiving party, or the disclosure of which is required due to a statutory obligation or official order.

(3) Survival

The confidentiality obligation shall continue to apply for a period of three years after the end of the contractual relationship.

§ 13 Term and Termination

(1) Commencement and Term

The contract commences upon activation of the Account. The minimum term is determined by the plan selected by the Customer (monthly or annually). For annual contracts, the minimum term is 12 months from the commencement of the contract.

(2) Renewal

The contract shall be automatically renewed for the respective billing period selected (month or year) unless terminated with a notice period of 30 days prior to the end of the respective billing period.

(3) Termination

Termination must be in text form (email shall suffice). The Customer may also declare termination through the account management section of the Platform.

(4) Termination for Cause

Either party shall be entitled to terminate the contract for cause without notice. Cause shall exist in particular if:

  • the other party fails to remedy a material breach of contract despite a warning with a reasonable grace period,

  • the other party intentionally or through gross negligence violates data protection provisions or the DPA,

  • insolvency proceedings are opened against the other party's assets or such opening is rejected for lack of assets,

  • the Customer is in default of payment of at least two monthly instalments despite a reminder and a reasonable grace period.

(5) Consequences of Termination

Upon termination of the contract, the Customer's right to use the Platform shall end. Data export and deletion shall be governed by § 9(5) of these GTC and the provisions of the DPA.

§ 14 Amendment of the GTC

(1) Right to Amend

The Provider shall be entitled to amend these GTC with effect for the future, provided that such amendment is necessary to adapt to changed legal or technical conditions, to take account of new functions or services, or to close regulatory gaps, and the core functionality of the Platform is preserved.

(2) Notification

The Customer shall be notified of any changes to these GTC at least 30 days before the planned effective date by email. The amended GTC shall be deemed approved if the Customer does not object to them in text form within 30 days of receipt of the notification of change.

(3) Objection

If the Customer objects to the change in a timely manner, the contract shall continue under the previous terms. In this case, the Provider shall be entitled to terminate the contract with a notice period of 30 days effective as of the end of the current billing period. The Provider shall specifically draw the Customer's attention to the significance of the objection and the legal consequences in the notification of change.

§ 15 Final Provisions

(1) Form Requirements

Amendments and supplements to this contract shall require text form (§ 126b BGB) unless a stricter form is required elsewhere. This shall also apply to the waiver of this form requirement.

(2) Governing Law

This contract and all disputes arising from or in connection with it shall be governed by the laws of the Federal Republic of Germany, excluding the UN Convention on Contracts for the International Sale of Goods (CISG).

(3) Jurisdiction

The exclusive place of jurisdiction for all disputes arising from or in connection with this contract shall be Hamburg, Germany, provided the Customer is a merchant (Kaufmann), a legal entity under public law or a special fund under public law.

(4) Priority of Individual Agreements

Individual agreements between the parties shall take precedence over these GTC. Proof of such individual agreement shall require text form.

(5) Severability

Should individual provisions of these GTC be or become invalid, the validity of the remaining provisions shall remain unaffected. The invalid provision shall be replaced by a valid provision that comes closest to the economic purpose of the invalid provision.

(6) Dispute Resolution

The Provider is neither obliged nor willing to participate in dispute resolution proceedings before a consumer arbitration body, as the offer is directed exclusively at business customers.

(7) Language

The contractual language is German. Foreign language versions of these GTC serve for information purposes only; in case of doubt, the German version shall prevail.

Annexes

The following documents form part of the contract:

  • Annex 1: Service Description PANTA OS

  • Annex 2: Service Level Agreement (SLA) – if agreed

  • Annex 3: Price List / Fee Schedule

  • Annex 4: Data Processing Agreement (DPA) pursuant to Art. 28 GDPR

  • Annex 5: Acceptable Use Policy (detailed usage guidelines)