Legal Documents

Last updated: April 9, 2026

Controller and Scope

[COMPANY_NAME], [COMPANY_ADDRESS] ("we", "us") is the controller for personal data processed in connection with the Spoterix RFQ platform.

This notice applies to business users, business contacts, and supplier contacts who use or are referenced in the platform.

Categories of Personal Data

• Account and profile data: name, email, role, company assignment, login metadata.
• Business transaction data: RFQs, quotes, comments, shipment and routing records, attachments.
• Support and audit data: support requests, event logs, change history, security events.
• Technical data: IP address, device/browser metadata, request timestamps, API usage logs.

Purposes and Legal Bases

• Contract performance: provide and operate the platform, authentication, workflow automation, notifications, and reporting.
• Legitimate interests: service reliability, fraud prevention, abuse prevention, product security, auditability, and quality improvements.
• Legal obligations: accounting, tax, regulatory, and lawful disclosure duties.
• Consent where required: specific optional features that send content to external AI services.

Recipients and Processors

We use carefully selected processors for hosting, email delivery, logging, and optional AI-assisted extraction features. Processors are contractually bound to confidentiality and security obligations.

Where we act as processor for customer data, processing is governed by our Data Processing Addendum (DPA).

International Data Transfers

Personal data may be processed in Switzerland, the EEA, the UK, or other countries depending on the selected infrastructure and subprocessors.

Where required by law, we use recognized safeguards such as adequacy decisions and Standard Contractual Clauses (SCCs).

Retention

• Account and operational records are retained for the active contract period and a reasonable post-contract archive period.
• Audit/security logs are retained according to security, compliance, and evidentiary needs.
• Data is deleted or anonymized when no longer required, unless mandatory law requires longer retention.

Security Measures

We apply technical and organizational measures, including role-based access, authentication controls, encrypted transport, logging, backup controls, and least-privilege operations.

No system is fully risk-free; customers remain responsible for secure credential handling and access governance within their organization.

Data Subject Rights

Depending on applicable law, data subjects may request access, correction, deletion, restriction, objection, or portability.

For customer-managed datasets, requests should first be sent to the respective customer organization. We support customers in handling such requests under the DPA.

Cookies and Similar Technologies

The platform is designed to work without non-essential tracking cookies. Technically necessary storage may be used for authentication and security.

Contact

Privacy contact: [PRIVACY_CONTACT_EMAIL]

General legal contact: [LEGAL_CONTACT_EMAIL]

Last updated: April 9, 2026

1. Provider and Contract Scope

These Terms govern the use of the Spoterix platform by business customers. The contracting provider is [COMPANY_NAME], [COMPANY_ADDRESS].

The service is intended for business-to-business use only. Consumer use is excluded.

2. Service Description

Spoterix provides a digital RFQ workflow, supplier quote collection, comparison tooling, nomination support, and audit logs.

Specific functionalities may depend on subscription tier, customer configuration, and feature availability.

3. Customer Responsibilities

• Customer is solely responsible for shipment planning, deadlines, contract execution, payment flows, and legal compliance in transport operations.
• Customer must provide complete and accurate data and ensure that uploaded content may be lawfully processed.
• Customer is responsible for managing user permissions, account access, and internal approval governance.

4. Data Accuracy and No Business Warranty

The platform provides decision support and workflow tooling. We do not guarantee completeness, accuracy, merchantability, fitness for a particular business purpose, or uninterrupted availability.

Operational and commercial decisions remain with the customer. Customer must independently validate data before execution.

5. AI-Assisted Features

Optional document extraction may use external AI services as described in the AI Notice. AI-generated outputs can be incorrect and require human verification.

6. Fees, Billing, and Cancellation

Subscription fees, billing cycles, renewal behavior, and cancellation notice periods are defined in the Billing & Cancellation Policy, which forms part of this contract framework.

7. Availability and Maintenance

We target a professional service level but do not guarantee uninterrupted operation. Planned maintenance, urgent security maintenance, and force majeure events may affect availability.

8. Intellectual Property

All platform software, branding, and documentation remain the property of the provider and licensors. Customer receives a limited, non-exclusive, non-transferable right to use the service during the contract term.

9. Liability Limitation

To the maximum extent permitted by mandatory law, each party excludes liability for indirect, incidental, consequential, and loss-of-profit damages.

Provider liability for direct damages is limited to fees paid by the customer in the 12 months preceding the event giving rise to the claim.

Mandatory-law carve-outs apply, including liability for intent, gross negligence, and non-excludable statutory liability.

10. Term and Termination

Contract term and renewal cycle follow the selected subscription. Either party may terminate for material breach if not cured within a reasonable cure period.

11. Changes

We may update these Terms for legal, regulatory, or service reasons. Material changes become effective after notice and publication of an updated version date.

12. Governing Law and Jurisdiction

Governing law: [GOVERNING_LAW]

Exclusive venue: [JURISDICTION], subject to mandatory-law exceptions.

13. Contact

Legal contact: [LEGAL_CONTACT_EMAIL]

Last updated: April 9, 2026

1. Scope

This policy applies to paid business subscriptions for the Spoterix platform and forms part of the contractual framework together with the Terms & Conditions.

2. Subscription Term and Renewal

Subscriptions are purchased for the selected billing cycle (for example monthly or annual).

Unless cancelled in time, subscriptions renew automatically for the same billing cycle at the then-applicable price.

3. Invoicing and Payment

• Fees are invoiced in advance for each billing period unless otherwise agreed in writing.
• Invoices are due by the stated due date and must be paid in full without unauthorized deductions.
• Late or failed payment may lead to service restrictions, suspension, or termination after notice.

4. Cancellation Notice and Effective Date

Customer may cancel an active paid subscription at any time through the available account settings or by written notice to [BILLING_CONTACT_EMAIL].

Cancellation takes effect at the end of the current paid billing period. Mid-period termination without notice is not available unless required by mandatory law.

5. No Refund Policy

Payments already made for started billing periods are non-refundable. No prorated refunds or credits are granted for partial use, non-use, or downgrades during an active period, except where mandatory law requires otherwise.

6. Plan Changes

Upgrades, downgrades, and cycle changes may be offered in the product UI and become effective according to the selected effective date (immediate or next renewal), as shown during confirmation.

7. Taxes

Unless explicitly stated otherwise, fees are exclusive of applicable taxes, duties, and levies. Customer is responsible for such charges, except taxes on provider net income.

8. Changes to This Policy

We may update this policy for legal, regulatory, or operational reasons. Updated versions are published with a new version date and apply from their stated effective date.

9. Contact

Billing contact: [BILLING_CONTACT_EMAIL]

Last updated: April 9, 2026

1. Parties and Roles

This DPA applies when customer acts as controller and [COMPANY_NAME] acts as processor for personal data processed through the platform.

2. Subject Matter and Duration

Processing covers hosted provision of the RFQ platform, support services, security operations, and data lifecycle handling for the duration of the service contract.

3. Nature and Purpose of Processing

• Storage, organization, retrieval, comparison, and transmission of logistics procurement data.
• User and permission management.
• Security monitoring, audit logging, and incident handling.
• Customer support and troubleshooting under documented instructions.

4. Types of Data and Data Subjects

Typical data subjects include customer users, supplier users, consignee contacts, and logistics business contacts referenced in RFQ workflows.

5. Processor Obligations

• Process data only on documented customer instructions, unless legally required otherwise.
• Ensure personnel confidentiality commitments.
• Implement appropriate technical and organizational measures (TOMs).
• Support customer in responding to data subject requests and supervisory requests.
• Notify customer without undue delay of confirmed personal data breaches concerning customer data.

6. Annex A - Technical and Organizational Measures (TOMs)

• Access control: role-based authorization, authentication checks, least-privilege assignment.
• Transport security: encrypted transmission channels and secure endpoint configuration.
• Integrity and availability: backup routines, logging, monitoring, and change traceability.
• Confidentiality: restricted administrative access and controlled operational procedures.
• Resilience: incident response processes and recovery playbooks.

7. Annex B - Subprocessor List

Current subprocessors and categories are maintained as part of service documentation and may include:

• Hosting and infrastructure providers
• Email delivery providers
• Security logging/monitoring providers
• Optional AI processing provider for document extraction (where feature is enabled)

We remain liable for subprocessor obligations to the extent required by law and contract.

8. Annex C - International Transfers

Where personal data is transferred outside Switzerland/EEA/UK, transfers rely on recognized mechanisms such as adequacy decisions and SCCs (as applicable).

9. Data Subject Request (DSR) Support

Customer remains primary contact for DSRs. Processor will provide reasonable support and technical assistance upon request.

10. Return and Deletion

Upon contract termination, customer data is returned or deleted according to contractual instructions and retention obligations under applicable law.

11. Contact

DPA contact: [DPO_CONTACT_EMAIL]

Last updated: April 9, 2026

Feature Scope

This notice applies to optional AI-assisted extraction of packaging and shipment details from uploaded documents.

What Data Is Sent

• Uploaded document content relevant to extraction requests.
• Minimal technical metadata required to execute and monitor the extraction request.

External Processor

When this feature is used, document content may be transmitted to an external AI API provider (currently OpenAI) for processing.

Purpose Limitation

Data is sent only to extract structured RFQ-relevant fields and return suggested values. It is not intended to replace professional or legal review.

Output Quality and Human Review

AI outputs may be inaccurate, incomplete, or inconsistent. Users must verify extracted values before saving or using them operationally.

Retention and Logging

Extraction operations may be logged for security, support, and auditability. Uploaded source files and extraction artifacts are retained according to configured retention windows and then deleted.

Consent Relationship

Use of this feature requires explicit in-app consent. Consent for AI extraction is separate from general registration consent for Privacy Notice and Terms & Conditions.

Contact

AI/privacy contact: [PRIVACY_CONTACT_EMAIL]