Terms and Conditions of Service

These Terms and Conditions of Service (the "Terms") constitute a legally binding agreement between the entity or individual ("Customer", "you") accessing or using the Clarenza platform and Clarenza ("Clarenza", "we", "us"), a company incorporated under the laws of the Federal Republic of Germany with its principal place of business in Hamburg.

Clarenza provides an agentic artificial intelligence platform purpose-built for private capital markets. The Platform automates and accelerates due diligence workflows — from initial deal screening and VDR document analysis to investment memo generation — delivering institutional-grade decision velocity with full traceability, deterministic financial reasoning, and compliance-ready audit trails (collectively, the "Services").

By accessing or using the Platform, you acknowledge that you have read, understood, and agree to be bound by these Terms, together with our Privacy Policy and Data Processing Agreement (where applicable). If you are entering into these Terms on behalf of a legal entity, you represent and warrant that you have the authority to bind that entity.

• "Platform" means the Clarenza software-as-a-service application, including all web interfaces, APIs, agent pipelines, document ingestion modules, and analytical outputs made available by Clarenza.
• "Customer Data" means all customer or third-party data, documents, files, and content uploaded to, processed by, or generated through the Platform by or on behalf of the Customer, including VDR documents, documents, spreadsheets, slides, presentations, scanned images, PDFs, images, balance sheets, reports, financial models, memos, and extracted KPIs.
• "AI Outputs" means any analysis, extraction, summary, memo, financial model, or other output generated by the Platform using artificial intelligence or machine learning components.
• "Confidential Information" means any non-public information disclosed by either party, including business plans, financial data, technical specifications, Customer Data, and proprietary algorithms, whether disclosed orally, in writing, or electronically.
• "Authorised User" means any individual granted access to the Platform under the Customer's subscription, authenticated via the Customer's identity provider.
• "Deal Data Room" or "VDR" means a virtual data room, cloud drive or storage, or document repository connected to or ingested by the Platform for analysis.
• "Subscription Term" means the period during which the Customer is entitled to access and use the Platform, as specified in the applicable Order Form or subscription agreement.
• "Order Form" means the document or electronic order specifying the Services, subscription tier, fees, and other commercial terms agreed between the parties.

3.1 Account Registration

To access the Platform, each Customer must designate at least one administrative account holder who will manage Authorised Users. All access is governed by enterprise-grade identity and access management.

3.2 Authentication and Access Controls

• Single Sign-On (SSO): Integration with institutional SSO providers (Google Workspace) is supported and recommended for all production environments.
• Multi-Factor Authentication (MFA): MFA is enforced at the SSO level for all user roles, including Analysts, Investment Managers, and Administrators.

3.3 Account Security Obligations

You are responsible for maintaining the confidentiality of all access credentials and for all activities that occur under your account. You must notify Clarenza immediately of any unauthorised access or suspected security breach. Clarenza reserves the right to suspend access to any account where a security compromise is reasonably suspected.

4.1 Permitted Use

Subject to these Terms and payment of applicable fees, Clarenza grants the Customer a non-exclusive, non-transferable, non-sublicensable right to access and use the Platform during the Subscription Term solely for the Customer's internal business operations related to investment analysis, due diligence, and portfolio management.

4.2 Acceptable Use Restrictions

The Customer shall not, and shall ensure that its Authorised Users do not:

• Use the Platform for any unlawful purpose or in violation of any applicable law or regulation.
• Attempt to reverse engineer, decompile, disassemble, or otherwise derive the source code of any part of the Platform.
• Circumvent, disable, or interfere with any security features, access controls, or usage limits of the Platform.
• Share, resell, sublicense, or provide access to the Platform to any third party without Clarenza's prior written consent.
• Upload or transmit any malicious code, viruses, or harmful content to the Platform.
• Use the Platform to develop a competing product or service.
• Use automated means (bots, scrapers, crawlers) to access the Platform except through authorised APIs.
• Misrepresent AI Outputs as having been produced by human analysts without appropriate disclosure.
• Take screenshots or images, screen record, screencast, or transmit any images, video, stream, or visuals from the Platform to external sources including email, social media, hosting sites, or streaming sites.

4.3 Usage Limits and Fair Use

The Customer's use of the Platform is subject to the usage limits, processing volumes, and storage quotas specified by Clarenza. Clarenza reserves the right to implement reasonable rate limiting to protect Platform stability and performance for all customers.

5.1 AI System Classification

Clarenza is designed and operated with full awareness of the requirements under Regulation (EU) 2024/1689 (the "EU AI Act"). The Platform employs AI systems to assist with financial document analysis, data extraction, KPI computation, and investment memo drafting. These systems are designed as decision-support tools that augment — but do not replace — human judgment in the investment process.

5.2 Transparency Obligations

In accordance with Article 50 of the EU AI Act, Clarenza aims to provide the following transparency commitments:

• AI Interaction Disclosure: Where AI systems interact directly with users (including through analytical outputs, summaries, or recommendations), the Platform clearly identifies such content as AI-generated.
• Provenance and Traceability: Every AI Output attempts to include source attribution with page-level and bounding-box provenance, enabling users to verify extracted claims against original documents.
• Confidence Scoring: Where applicable and possible, AI Outputs include confidence indicators to support human review and override.

5.3 Human Oversight (Human-in-the-Loop / HITL)

Clarenza is designed to ensure meaningful human oversight at key stages of the analytical pipeline. AI Outputs are presented as recommendations, not final decisions. The Customer retains sole responsibility for all investment decisions made using information derived from the Platform. The Platform provides explicit mechanisms for human review, correction, and override of AI-generated content.

5.4 Deterministic Financial Reasoning

All financial calculations, KPI derivations, and quantitative outputs produced by the Platform use deterministic, formula-driven logic — not probabilistic LLM generation. This ensures that numerical outputs are reproducible, auditable, and free from the hallucination risks inherent in purely generative AI approaches.

5.5 Risk Management and Bias Mitigation

Clarenza will maintain, and is developing, a risk management framework aligned with Articles 9 and 10 of the EU AI Act, including systematic monitoring for bias in document extraction and classification, data governance protocols ensuring training data quality and representativeness, and regular validation of AI system performance against ground-truth benchmarks.

5.6 Technical Documentation and Record Keeping

In accordance with Articles 11 and 12 of the EU AI Act, Clarenza maintains comprehensive technical documentation of its AI systems, including pipeline architecture, model capabilities and limitations, and system-wide audit telemetry via OpenTelemetry with immutable storage. This documentation is available to regulators upon lawful request.

6.1 Commitment to GDPR Compliance

Clarenza is committed to full compliance with Regulation (EU) 2016/679 (the General Data Protection Regulation, "GDPR"). Clarenza is pursuing formal GDPR compliance certification and has implemented its data processing infrastructure with GDPR requirements as a foundational design constraint. Where the Customer provides personal data to the Platform, the parties shall enter into a Data Processing Agreement ("DPA") that governs the processing of such data in accordance with Article 28 GDPR.

6.2 Data Processing Principles

Clarenza processes Customer Data in accordance with the following principles:

• Lawfulness, fairness, and transparency: Data is processed only for specified, legitimate purposes disclosed to the Customer.
• Purpose limitation: Customer Data is processed solely for the purpose of delivering the Services and is not used for any secondary purpose, including training of AI models on Customer Data, unless explicitly authorised.
• Data minimisation: Only data necessary for the delivery of the Services is collected and processed.
• Storage limitation: Customer Data is retained only for the duration of the Subscription Term plus a reasonable wind-down period, after which it is securely deleted.
• Integrity and confidentiality: All data is protected by appropriate technical and organisational measures, as described in Section 8.

6.3 Data Subject Rights

Clarenza supports the Customer in fulfilling its obligations under GDPR with respect to data subject rights, including the right of access, rectification, erasure, restriction of processing, data portability, and the right to object. Customers may submit data subject requests to legal@clarenza.ai.

6.4 Sub-Processors

Clarenza maintains a current list of sub-processors engaged in the delivery of the Services. This list is available upon request and will be updated with reasonable advance notice of any changes, allowing the Customer to object to new sub-processors in accordance with the DPA.

6.5 Cross-Border Data Transfers

Where Customer Data is transferred outside the European Economic Area, Clarenza ensures that appropriate safeguards are in place, including EU Standard Contractual Clauses (SCCs) and, where applicable, supplementary measures in accordance with the Schrems II decision. The Platform's default data residency and transmission is within the European Union.

7.1 Mutual Obligations

Each party agrees to hold the other party's Confidential Information in strict confidence and not to disclose it to any third party, except to employees, contractors, or advisors who have a legitimate need to know and are bound by obligations of confidentiality no less restrictive than those contained herein.

7.2 Scope of Protection

Confidential Information includes, without limitation, all defined terms in Section 2 of this document, all Customer Data, investment theses, deal pipeline information, VDR contents, financial models, and any information marked as confidential or that a reasonable person would understand to be confidential given its nature and the circumstances of disclosure.

7.3 Exceptions

Confidentiality obligations do not apply to information that: (a) is or becomes publicly available through no fault of the receiving party; (b) was lawfully in the receiving party's possession prior to disclosure; (c) is independently developed without reference to the disclosing party's Confidential Information; or (d) is required to be disclosed by law, regulation, or court order, provided the receiving party gives prompt notice to the disclosing party where legally permitted.

7.4 Duration

Confidentiality obligations survive termination of these Terms for a period of five (5) years, except with respect to trade secrets, which shall be protected for as long as they remain trade secrets under applicable law.

8.1 Sovereign Trust Architecture

Clarenza is designed as a Sovereign Trust Architecture for zero-data leakage and full tenant isolation. Document ingestion and AI inference are performed within secure, containerised environments. The Platform is configured for zero-data retention of raw inside information unless explicitly requested by the Customer for institutional memory features.

8.2 Encryption

• Encryption at Rest: All data stored by the Platform, including the database and associated file storage, is encrypted using AES-256 encryption.
• Encryption in Transit: All communications between users and the Platform, and between internal services, are conducted over TLS 1.3 or higher.

8.3 Infrastructure Security

• Tenant Isolation: Each customer's data is logically isolated within the Platform, preventing cross-tenant data access.
• Database Sovereignty: The primary database is hosted within the Platform's secure infrastructure to prevent unauthorised external query access.
• Independent Backups: Database, application, and operating system components are backed up independently, with encrypted offsite storage at SOC-2 compliant facilities.

8.4 Monitoring and Incident Response

Clarenza employs continuous security monitoring, providing real-time observability into system behaviour, access patterns, and potential anomalies. In the event of a security incident affecting Customer Data, Clarenza will notify the Customer without undue delay and in any event within 72 hours, in accordance with GDPR Article 33 requirements.

9.1 Current Compliance Posture

Clarenza is designed from the ground up to meet institutional compliance requirements. Our current compliance posture is as follows:

• EU AI Act: The Platform is designed and operated in alignment with the requirements of the EU AI Act (Regulation (EU) 2024/1689), including transparency obligations, human oversight mechanisms, risk management, and technical documentation.
• GDPR: Clarenza is pursuing formal GDPR compliance certification. The Platform has been designed with GDPR principles embedded at the architectural level, including data minimisation, purpose limitation, and privacy by design. A Data Processing Agreement is available for execution.
• ISO 27001: Clarenza is actively working toward ISO 27001 certification for information security management. Our security controls and policies are designed in alignment with ISO 27001 requirements.
• SOC 2 Type II: Clarenza is pursuing SOC 2 Type II attestation. Our security, availability, and confidentiality controls are designed to meet the Trust Services Criteria established by the AICPA. Formal audit engagement is planned for 2026.

9.2 Compliance Roadmap Transparency

Clarenza is committed to transparency regarding its compliance journey. Certifications and attestation reports will be made available to Customers as they are obtained. Customers may request a current summary of Clarenza's compliance status and security posture at any time by contacting security@clarenza.ai.

9.3 Regulatory Cooperation

Clarenza will cooperate with competent regulatory authorities, including data protection supervisory authorities and AI regulatory bodies, in the exercise of their lawful functions, and will assist Customers in meeting their own regulatory obligations to the extent reasonably practicable.

10.1 Clarenza IP

Clarenza and its licensors retain all right, title, and interest in and to the Platform, including all software, algorithms, models, interfaces, documentation, and related intellectual property. Nothing in these Terms transfers ownership of any Clarenza intellectual property to the Customer.

10.2 Customer Data Ownership

The Customer retains all right, title, and interest in and to Customer Data. The Customer grants Clarenza a limited, non-exclusive, non-transferable licence to process Customer Data solely for the purpose of delivering the Services during the Subscription Term.

10.3 AI Outputs

AI Outputs generated from Customer Data are owned by the Customer, subject to Clarenza's underlying intellectual property rights in the Platform and its analytical methodologies. For the avoidance of doubt, Clarenza does not claim ownership of investment memos, financial analyses, or other outputs produced by the Platform using Customer Data.

10.4 Feedback

If the Customer provides suggestions, enhancement requests, or other feedback regarding the Platform, Clarenza may use such feedback without restriction or obligation to the Customer, provided that no Confidential Information of the Customer is disclosed in connection with implementing such feedback.

11.1 Fees

The Customer shall pay the fees specified in the applicable Order Form. All fees are quoted in Euros unless otherwise specified and are exclusive of applicable taxes, which shall be the Customer's responsibility.

11.2 Payment Terms

Invoices are due within thirty (30) days of the invoice date unless otherwise specified in the Order Form. Late payments may accrue interest at the rate of 1.5% per month or the maximum rate permitted by law, whichever is lower.

11.3 Subscription Renewal

Subscriptions renew automatically for successive periods of the same duration as the initial Subscription Term unless either party provides written notice of non-renewal at least sixty (60) days prior to the end of the then-current term.

11.4 Fee Adjustments

Clarenza may adjust fees upon renewal by providing at least ninety (90) days' written notice prior to the start of the renewal term. If the Customer does not agree to the adjusted fees, the Customer may elect not to renew by providing written notice within thirty (30) days of receiving the fee adjustment notice.

12.1 Availability Target

Clarenza targets a monthly Platform availability of 99.5%, measured as the percentage of time the Platform is operational and accessible, excluding scheduled maintenance windows. Specific service level commitments may be set out in a separate Service Level Agreement ("SLA") annexed to the Order Form.

12.2 Scheduled Maintenance

Clarenza will provide reasonable advance notice of scheduled maintenance that may affect Platform availability. Where practicable, scheduled maintenance will be performed outside of European business hours.

12.3 Support

Clarenza provides technical support in accordance with the support tier specified in the Customer's Order Form. All Customers receive access to email support at support@clarenza.ai during European business hours.

13.1 AI Outputs Disclaimer

AI Outputs are provided as decision-support information and do not constitute investment advice, financial advice, legal advice, or professional recommendations of any kind. The Customer acknowledges that AI Outputs may contain errors, omissions, or inaccuracies and that all investment decisions remain the sole responsibility of the Customer.

13.2 Limitation

To the maximum extent permitted by applicable law, Clarenza's aggregate liability under or in connection with these Terms, whether arising in contract, tort (including negligence), strict liability, or otherwise, shall not exceed the total fees paid by the Customer to Clarenza during the twelve (12) months immediately preceding the event giving rise to the claim.

13.3 Exclusion of Consequential Damages

In no event shall either party be liable to the other for any indirect, incidental, special, consequential, or punitive damages, including loss of profits, loss of revenue, loss of data, loss of business opportunity, or cost of procurement of substitute services, regardless of the cause of action or the theory of liability, even if advised of the possibility of such damages.

13.4 Exceptions

The limitations set out in this Section 13 shall not apply to: (a) either party's breach of confidentiality obligations under Section 7; (b) either party's indemnification obligations; (c) the Customer's obligation to pay fees; or (d) liability that cannot be limited or excluded under applicable law, including liability for wilful misconduct or gross negligence.

14.1 Clarenza Indemnification

Clarenza shall indemnify, defend, and hold harmless the Customer from and against any third-party claims alleging that the Customer's use of the Platform in accordance with these Terms infringes the intellectual property rights of a third party.

14.2 Customer Indemnification

The Customer shall indemnify, defend, and hold harmless Clarenza from and against any third-party claims arising from: (a) the Customer's breach of these Terms; (b) the Customer's use of AI Outputs in a manner inconsistent with these Terms; or (c) Customer Data that infringes the rights of a third party.

15.1 Term

These Terms are effective from the date the Customer first accesses the Platform and continue for the duration of the Subscription Term, subject to earlier termination as provided herein.

15.2 Termination for Cause

Either party may terminate these Terms immediately upon written notice if the other party: (a) commits a material breach of these Terms and fails to cure such breach within thirty (30) days of receiving written notice; or (b) becomes insolvent, makes an assignment for the benefit of creditors, or becomes subject to bankruptcy or similar proceedings.

15.3 Effect of Termination

Upon termination: (a) the Customer's right to access and use the Platform ceases immediately; (b) each party shall return or destroy all Confidential Information of the other party; and (c) Clarenza shall make Customer Data available for export in a standard, machine-readable format for a period of thirty (30) days following termination, after which Customer Data shall be securely deleted.

15.4 Data Portability

In accordance with GDPR Article 20 and general best practice for institutional SaaS platforms, Clarenza supports data portability. Upon termination or upon the Customer's written request, Clarenza will provide Customer Data in a structured, commonly used, and machine-readable format (JSON or CSV) within a reasonable timeframe, not to exceed thirty (30) days.

15.5 Surviving Provisions

Sections 2 (Definitions), 6 (Data Protection), 7 (Confidentiality), 10 (Intellectual Property), 13 (Limitation of Liability), 14 (Indemnification), and 17 (Governing Law) shall survive termination of these Terms.

Clarenza reserves the right to update or modify these Terms from time to time. Material changes will be communicated to the Customer at least thirty (30) days in advance via email or through the Platform. Continued use of the Platform following the effective date of any modifications constitutes acceptance of the updated Terms. If the Customer does not agree to the modified Terms, the Customer may terminate the subscription in accordance with Section 15.

17.1 Governing Law

These Terms shall be governed by and construed in accordance with the laws of the Federal Republic of Germany, without regard to its conflict of law provisions. The application of the United Nations Convention on Contracts for the International Sale of Goods (CISG) is expressly excluded.

17.2 Jurisdiction

The courts of Hamburg, Germany shall have exclusive jurisdiction over any disputes arising out of or in connection with these Terms, subject to each party's right to seek injunctive or other equitable relief in any court of competent jurisdiction.

17.3 Alternative Dispute Resolution

Prior to initiating any legal proceedings, the parties agree to attempt to resolve disputes through good faith negotiations between senior representatives of each party for a period of not less than thirty (30) days.

18.1 Entire Agreement

These Terms, together with any applicable Order Form, DPA, and SLA, constitute the entire agreement between the parties with respect to the subject matter hereof and supersede all prior and contemporaneous agreements, proposals, and representations, whether written or oral.

18.2 Severability

If any provision of these Terms is held to be invalid or unenforceable, the remaining provisions shall continue in full force and effect, and the invalid or unenforceable provision shall be modified to the minimum extent necessary to make it valid and enforceable.

18.3 Waiver

The failure of either party to enforce any right or provision of these Terms shall not constitute a waiver of such right or provision.

18.4 Assignment

The Customer may not assign or transfer these Terms without Clarenza's prior written consent, except in connection with a merger, acquisition, or sale of all or substantially all of the Customer's assets. Clarenza may assign these Terms to an affiliate or successor entity without the Customer's consent.

18.5 Force Majeure

Neither party shall be liable for any failure or delay in performing its obligations under these Terms to the extent that such failure or delay is caused by circumstances beyond its reasonable control, including natural disasters, war, terrorism, pandemics, government actions, or failures of third-party telecommunications or power supply.

18.6 Notices

All notices under these Terms shall be in writing and sent to the addresses specified in the Order Form, or to legal@clarenza.ai for notices to Clarenza. Notices are deemed received upon delivery if sent by courier, upon transmission if sent by email with confirmation of receipt, or three (3) business days after mailing if sent by registered post.

For questions, concerns, or requests related to these Terms, please contact: