Terms of Service

Version 1.0 — As of: March 2026

This is a convenience translation. In the event of any discrepancies, the German version shall prevail.

The following General Terms and Conditions govern the use of the SaaS platform "Aldric", operated by CONPORT Services GmbH. They apply exclusively to entrepreneurs within the meaning of Section 14 of the German Civil Code (BGB).

§ 1 Scope

(1) These General Terms and Conditions (hereinafter "GTC") apply to the use of the SaaS platform "Aldric" (hereinafter "Platform"), operated by CONPORT Services GmbH, Alte Benninghofer Str. 24, 44263 Dortmund, Germany (hereinafter "Provider").

(2) The Platform is exclusively directed at entrepreneurs within the meaning of Section 14 BGB. By registering, the Customer confirms that they use the Platform exclusively for commercial or independent professional purposes.

(3) Deviating, conflicting, or supplementary terms and conditions of the Customer shall only become part of the contract if the Provider has expressly agreed to their validity in text form (Section 126b BGB). This shall also apply if the Provider provides services without reservation in knowledge of conflicting terms of the Customer.

§ 2 Subject Matter

(1) The Provider provides the Customer with a web-based SaaS platform for compliance management. The scope of features depends on the chosen edition (Company Edition or Provider Edition) and the booked modules according to the current Service Description.

(2) The Service Description in its current version is an integral part of these GTC. The Provider is entitled to further develop the Service Description, provided that the contractually agreed scope of features is not materially reduced.

§ 3 Term and Termination

(1) The contract is concluded upon activation of the Customer account or order confirmation in text form. The minimum term is 12 months from the conclusion of the contract.

(2) The contract shall be automatically renewed for successive periods of 12 months each, unless terminated by either party with 3 months' notice prior to the end of the respective term in text form.

(3) The right to extraordinary termination for cause remains unaffected. Cause exists in particular if:

the other party violates material contractual obligations despite a warning with a 30-day grace period;
insolvency proceedings are opened against the other party's assets, or the opening is rejected for lack of assets;
the monthly availability pursuant to the SLA falls below 95% for three consecutive months.

§ 4 Provider Services

The Provider renders the following services:

Provision of the Platform via the Internet (SaaS) within the scope of the Service Description
Data storage on servers within the European Union (EU/EEA)
Daily backups of Customer data with a retention period of 30 days
Regular maintenance, security updates, and feature updates of the Platform
Support according to the agreed Service Level Agreement

Platform availability is governed by the SLA (see § 8).

§ 5 Customer Obligations

(1) The Customer undertakes to:

keep access credentials (in particular passwords and API keys) confidential, store them securely, and protect them from unauthorized third-party access;
use the Platform only within the scope of agreed usage and the applicable usage policies;
not process or store any unlawful content through the Platform;
inform the Provider immediately of security incidents, misuse, or suspected unauthorized use;
not decompile, disassemble, or otherwise reverse-engineer the Platform, unless permitted by mandatory legal provisions (in particular Section 69e German Copyright Act).

(2) The Customer is solely responsible for the lawfulness of the data processed by them. The Customer ensures that the use of the Platform complies with all applicable legal requirements.

§ 6 Fees and Payment

(1) Fees are based on the number of booked user seats and activated modules according to the applicable price list. The price list valid at the time of contract conclusion or renewal shall apply.

(2) Invoicing occurs monthly in advance. Invoices are payable within 14 days of receipt without deduction.

(3) Payment is made by direct debit, credit card, or bank transfer. The Provider uses the payment service provider Stripe (Stripe Payments Europe, Ltd., Dublin, Ireland) for payment processing.

(4) In the event of late payment, the Provider is entitled to charge default interest at a rate of 9 percentage points above the respective base interest rate (Section 288(2) BGB). The right to claim further damages for default remains reserved.

(5) The Provider is entitled to adjust prices with 3 months' notice prior to the end of the respective contract term. Price increases are limited to a maximum of 5% per year, unless they are attributable to increased third-party costs (e.g., hosting, licenses). In the event of price increases exceeding 5%, the Customer shall have a special right of termination.

§ 7 Data Protection

(1) The Provider processes personal data in accordance with the Privacy Policy and applicable data protection regulations, in particular the GDPR and the German Federal Data Protection Act (BDSG).

(2) Insofar as the Provider processes personal data on behalf of the Customer, the parties shall conclude a Data Processing Agreement pursuant to Art. 28 GDPR. The Data Processing Agreement is an integral part of these GTC.

(3) The Provider shall only engage sub-processors with the prior approval of the Customer. The current list of sub-processors is attached as an annex to the Data Processing Agreement.

§ 8 Availability

(1) The Provider guarantees a monthly platform availability of 99.5%. Details are set out in the Service Level Agreement (SLA).

(2) Scheduled maintenance is generally performed on Saturdays between 02:00 and 06:00 (CET/CEST) and announced at least 5 business days in advance. Scheduled maintenance windows are not counted as downtime.

(3) If the guaranteed availability is not met, the Customer is entitled to Service Credits in accordance with the SLA.

§ 9 Intellectual Property

(1) All rights in the Platform, including source code, databases, design, documentation, and all related materials, remain with the Provider or its licensors.

(2) The Customer receives a non-exclusive, non-transferable, revocable right to use the Platform for the duration of the contract within the scope of the agreed terms of use.

(3) Data and content entered into the Platform by the Customer remain the property of the Customer. The Provider receives only the usage rights necessary for the performance of the contract.

§ 10 Liability

(1) The Provider shall be liable without limitation for intent and gross negligence, as well as for damages arising from injury to life, body, or health.

(2) In cases of slight negligence, the Provider shall only be liable for breach of material contractual obligations (cardinal obligations). In such cases, liability is limited to the foreseeable, contract-typical damage.

(3) Liability cap: The Provider's total liability for all claims arising from or in connection with this contract — regardless of the legal basis — is limited to the total fees paid by the Customer in the 12 months preceding the damaging event. This does not apply to the cases referred to in paragraph (1).

(4) The Provider shall not be liable for indirect damages, lost profits, data loss (insofar as it could have been avoided through proper data backup), or damages arising from the breach of non-material ancillary obligations in cases of slight negligence.

(5) The above limitations of liability shall also apply in favor of the Provider's vicarious agents and legal representatives.

§ 11 Confidentiality

(1) Both parties undertake to keep confidential information of the other party secret and to use it only for the purposes of this contract. Confidential information includes, in particular, trade secrets, technical information, pricing terms, and customer data.

(2) The confidentiality obligation does not apply to information that:

is publicly known or becomes publicly known without fault of the receiving party;
was already known to the receiving party prior to disclosure;
was lawfully communicated to the receiving party by a third party without a confidentiality obligation;
must be disclosed due to legal requirements or official orders.

(3) This confidentiality obligation shall remain in effect for the duration of the contract and 3 years beyond its termination.

§ 12 Indemnification

(1) The Customer shall indemnify the Provider against all claims by third parties that arise from unlawful use of the Platform by the Customer or with the Customer's tolerance, or from data protection violations by the Customer.

(2) The Customer shall bear the costs of the Provider's legal defense, including all court and attorney fees at statutory rates. The Provider shall promptly inform the Customer of any such claims.

§ 13 Data Export and Deletion

(1) Upon termination of the contract, the Provider shall make all Customer data stored in the Platform available for export in a common, machine-readable format (e.g., JSON, CSV) upon request.

(2) The Customer has 30 days after contract termination to export their data. After this period, the Provider is entitled and obligated to irrevocably delete all Customer data, unless statutory retention obligations require otherwise.

(3) Data subject to statutory retention obligations (in particular tax and commercial law retention periods) shall be retained for the duration of the statutory period and deleted upon its expiry. Access to such data during the retention period is limited to the legally required minimum.

§ 14 Final Provisions

(1) The law of the Federal Republic of Germany shall apply, excluding the UN Convention on Contracts for the International Sale of Goods (CISG).

(2) The exclusive place of jurisdiction for all disputes arising from or in connection with this contract is Dortmund, Germany, insofar as the Customer is a merchant, legal entity under public law, or special fund under public law.

(3) Amendments and supplements to these GTC require text form (Section 126b BGB). This also applies to any amendment of this text form clause.

(4) The Customer is not entitled to assign or transfer rights and obligations under this contract to third parties without the Provider's prior consent in text form.

(5) Should individual provisions of these GTC be or become invalid or unenforceable, the validity of the remaining provisions shall not be affected. The invalid or unenforceable provision shall be replaced by one that most closely approximates the economic purpose of the invalid provision.

Annex: Provider Edition — Additional Terms

The following provisions apply in addition to Customers using the Aldric Platform in the Provider Edition who grant their own customers (hereinafter "Sub-Tenants") access to the Platform.

A1 — Subject Matter and Scope

(1) The Provider Edition enables the Customer (hereinafter "Provider") to offer the Platform as a white-label solution under their own brand and branding to their Sub-Tenants.

(2) The Provider is an independent contractual partner of CONPORT Services GmbH. No contractual relationships exist between CONPORT Services GmbH and the Sub-Tenants. The Provider is the sole contractual partner and point of contact for their Sub-Tenants.

A2 — Sub-Tenant Management

(1) The Provider may independently create, manage, and deactivate Sub-Tenants through the Platform. Each Sub-Tenant receives an isolated tenant space with complete data separation.

(2) The Provider is responsible for compliance with legal requirements vis-a-vis their Sub-Tenants, particularly with regard to contract formation, data protection, and information obligations.

A3 — White Label and Branding

(1) The Provider may offer the Platform under their own brand and branding. The white-label appearance (logo, colors, domain) is configured through the designated configuration interface.

(2) The Provider may only use the brand names "Aldric" or "CONPORT" with prior written consent. A "Powered by Aldric" notice in the footer is permitted and can be optionally activated by the Provider.

A4 — Fees and Commissions

(1) Fees for the Provider Edition consist of a monthly base fee and a usage-dependent component per Sub-Tenant and Seat, according to the individual commission agreement.

(2) The Provider is free to set their own pricing for Sub-Tenants. CONPORT Services GmbH does not impose minimum or maximum prices.

(3) Billing between CONPORT Services GmbH and the Provider is monthly. Commission statements are provided to the Provider by the 10th business day of the following month.

A5 — Data Protection and DPA Cascade

(1) The Provider is obligated to conclude a separate Data Processing Agreement pursuant to Art. 28 GDPR with each of their Sub-Tenants, insofar as the Provider processes personal data on their behalf.

(2) The Provider ensures that the obligations from the DPA concluded between the Provider and CONPORT Services GmbH are passed through in full to their Sub-Tenants (DPA cascade obligation).

(3) The Provider informs their Sub-Tenants about the engagement of CONPORT Services GmbH as a sub-processor and ensures the necessary authorization.

A6 — Liability and Indemnification (Provider)

(1) The Provider shall indemnify CONPORT Services GmbH against all claims from their Sub-Tenants arising from the use of the Platform by the Provider or their Sub-Tenants.

(2) The liability limitations from § 10 also apply to the relationship between CONPORT Services GmbH and the Provider. The liability cap pursuant to § 10(3) refers to the fees paid by the Provider, not the fees of the Sub-Tenants.

A7 — Termination and Transition

(1) Upon termination of the Provider contract, the notice periods from § 3 apply. The Provider is obligated to inform their Sub-Tenants in a timely manner about the discontinuation of the service.

(2) At the Provider's request, CONPORT Services GmbH may transfer Sub-Tenants to a direct contract (migration). Details shall be agreed individually. There is no entitlement to migration.

As of: March 2026