GENERAL TERMS AND CONDITIONS

1. DEFINITIONS

For the purposes of these Terms, the following terms shall have the meanings set out below:

1. "Account" means the Customer's registered account on the Website through which the Customer accesses and manages the Services, including organization settings, project configurations, connected integrations, and billing information.
2. "Agreement" means the contract between the Provider and the Customer formed in accordance with Section 3, comprising these Terms, the pricing information published on the Website, any order or configuration accepted through the Website, and any documents expressly incorporated by reference, including any applicable Data Processing Agreement.
3. "Authorized User" means any natural person who accesses or uses the Services under the Customer's Account, whether as an employee, contractor, agent, or other representative of the Customer.
4. "Consumer" means a natural person who concludes the Agreement outside the scope of that person's trade, business, or profession, within the meaning of Section 419 of the Czech Civil Code (Act No. 89/2012 Coll.).
5. "Credits" means prepaid usage units purchased by the Customer and consumed as autonomous agents perform work, according to the pricing rules published by the Provider on the Website.
6. "Customer" means the legal entity or natural person that enters into the Agreement with the Provider by registering for, accessing, or using the Services.
7. "Customer-Connected Services" means third-party services, platforms, repositories, communication tools, cloud environments, hosting platforms, databases, DNS providers, CI/CD systems, and other external systems that the Customer connects to the Services or authorizes the Services to access, including but not limited to GitHub, Slack, and customer cloud environments.
8. "Customer Data" means all data, content, code, repository contents, documentation, prompts, instructions, metadata, credentials, configuration files, logs, and other materials provided by the Customer or made accessible to the Services through the Customer's Account or Customer-Connected Services.
9. "Force Majeure Event" means any event or circumstance beyond the reasonable control of the affected party, including but not limited to natural disasters, pandemics, war, terrorism, civil unrest, government actions, sanctions, labour disputes, power failures, internet or telecommunications failures, cyberattacks, denial-of-service attacks, AI model provider outages or behavioural changes, cloud infrastructure failures, third-party service disruptions, and changes in applicable law, regulation, or third-party platform policies.
10. "Intellectual Property Rights" means all patents, copyrights, moral rights, rights in designs, trademarks, trade secrets, know-how, database rights, rights to inventions, and all other intellectual property rights of any kind, whether registered or unregistered, and all applications and rights to apply for any of the foregoing, anywhere in the world.
11. "Output" means all code, pull requests, branches, commits, comments, plans, documentation, configuration files, architecture decisions, deployment artifacts, infrastructure definitions, test suites, reports, and other materials generated, modified, or delivered by the Services in the course of performing work for the Customer.
12. "Provider Materials" means the Services, Website, platform software, agent architecture, orchestration systems, agentic flow designs, system prompts, model configurations, agent tooling, templates, documentation, know-how, user interface, trademarks, and all other materials or technology of the Provider or its licensors, excluding Customer Data and Output.
13. "Provider Subprocessors" means the third-party service providers engaged by the Provider to operate and deliver the Services, as listed in Section 6.
14. "Services" means the autonomous AI agent platform operated by the Provider under the 247agents.io brand, including autonomous AI-assisted software development and related operational functionality, together with any associated website, interface, dashboard, GitHub App, integrations, and support made available by the Provider.
15. "Website" means the website available at www.247agents.io and any related subdomains, applications, and interfaces through which the Services are accessed.

2. GENERAL PROVISIONS

1. These Terms define the rights and obligations of the Provider and the Customer and form an integral part of every Agreement concluded between the Provider and the Customer.
2. The Provider operates 247agents.io, an autonomous AI agent platform for building and developing software projects. The Services involve autonomous AI agents that operate with write access to customer-connected systems and may perform actions with material consequences, including modifying code repositories, provisioning cloud infrastructure, managing credentials and secrets, deploying applications, creating or modifying communication channels, and executing development tasks. The Customer acknowledges the autonomous nature of the Services and the associated risks described in these Terms.
3. In the event of any conflict between these Terms and any other document forming part of the Agreement, these Terms shall prevail unless expressly stated otherwise.
4. If the Customer does not agree to these Terms, the Customer must not access or use the Services.

3. CONCLUSION OF THE AGREEMENT

1. The Agreement is concluded when the Customer first does any of the following: creates an Account, installs the Provider's GitHub App, purchases Credits, clicks to accept these Terms, or otherwise accesses or uses the Services.
2. If the Customer enters into the Agreement on behalf of a legal entity or other organization, the person accepting these Terms represents and warrants that they are duly authorized to bind that entity or organization. In such case, "Customer" refers to that entity or organization.
3. By entering into the Agreement, the Customer represents and warrants that: (a) the Customer has full legal capacity and authority to enter into the Agreement; and (b) for business customers, the Customer is entering into the Agreement in the course of its business activities, except where Section 13 expressly applies.
4. The Customer is responsible for all activity occurring under its Account and for all acts and omissions of its Authorized Users. Actions taken by an Authorized User are deemed actions of the Customer. The Customer shall ensure that only Authorized Users access the Services and that all Authorized Users comply with the Agreement.
5. The Customer is responsible for maintaining the confidentiality of login credentials, API keys, access tokens, and other authentication methods used for the Account or connected integrations. The Customer shall notify the Provider without undue delay if it suspects unauthorized access, compromise, or misuse.
6. The Provider may rely on instructions, approvals, and settings submitted through the Account or by Authorized Users designated as administrators by the Customer.

4. SUBJECT MATTER OF THE AGREEMENT

Scope of the Services

1. Under the Agreement, the Provider makes available to the Customer the Services — an autonomous AI agent platform that performs software development, infrastructure, and operational tasks on the Customer's behalf. The Customer may grant the Services permission to access selected repositories and other Customer-Connected Services in order to use autonomous AI agents for software development and related operational work.

2. Depending on the functionality enabled and the permissions granted by the Customer, the Services may perform actions including:

   1. Code generation and modification — analysing repositories and project context, generating, editing, and reviewing code, and creating pull requests containing code changes for Customer review;
   2. Pull request and branch management — creating branches, commits, comments, and pull requests, and managing the development workflow within connected repositories;
   3. Infrastructure provisioning — provisioning, configuring, and managing cloud infrastructure, including Cloud Run services, databases, Firebase Hosting sites, DNS records, secrets, and related cloud resources within Customer-Connected Services;
   4. Secret and credential management — creating, reading, and managing secrets and credentials within Google Cloud Secret Manager or similar services within the scope of permissions granted by the Customer;
   5. Slack integration — creating channels, posting messages, and sending notifications to the Customer's Slack workspace;
   6. Deployment and CI/CD — preparing and executing deployment configurations, interacting with continuous integration and delivery pipelines, and deploying applications to staging and production environments;
   7. Testing — writing, executing, and evaluating automated tests, analysing test results, and iterating on code based on test outcomes;
   8. Documentation — generating, updating, and maintaining project documentation, architecture decisions, and operational outputs;
   9. Dependency management — installing, updating, and managing software dependencies within Customer repositories;
   10. Project management — maintaining a separate project management repository on the Customer's GitHub account containing plans, task tracking, memory, and documentation related to the Customer's projects;
   11. Planning and architecture — performing high-level planning, creating hierarchical task plans, making architecture decisions, and coordinating multi-step development workflows; and
   12. Related actions — carrying out other actions reasonably necessary to execute the Customer's instructions within the granted permissions.

GitHub App Integration

1. The Provider offers a GitHub App that the Customer may install on the Customer's GitHub account or organization. The App requests permission to read and write selected repositories and related metadata. The "read" permission enables the Services to access the selected codebase and its metadata. The "write" permission enables the Services to create branches, pull requests, commits, comments, write to the project management repository, and perform other repository operations within the scope of permissions granted during the installation flow.
2. The full scope of GitHub API access is disclosed in the GitHub App installation flow. The Customer should review the specific permissions requested before completing installation. The Customer is solely responsible for selecting which repositories are accessible to the Services and for configuring appropriate branch protections, pull request approval workflows, and repository settings.

Repository Analysis

1. Once the Customer grants access to selected repositories, the Provider clones, indexes, and analyses those repositories and their metadata to understand the codebase, architecture, dependencies, and current state of the project. Analysis continues on an ongoing basis as the Customer updates the repositories or the agents make changes.
2. The Customer acknowledges that repository analysis may include parsing source code, configuration files, documentation, dependency files, tests, build definitions, issue references, pull request metadata, and similar materials relevant to the requested work.

Autonomous Work Process

1. Based on the Customer's instructions and project context, the Services identify relevant files and systems, reason about the requested work, generate or modify Output, run checks and tests where applicable, and deliver results through pull requests or other operational channels. Where enabled, the Services may also prepare or perform deployment, infrastructure, or communication actions.
2. The Services are highly autonomous by design. The Customer acknowledges that, after receiving instructions and relevant context, autonomous agents may identify files, reason about solutions, generate or modify code, run tools or checks, interact with connected systems, and prepare or perform technical actions with limited or no step-by-step human intervention by the Provider. Agents make decisions about implementation approach, code structure, file organization, dependency selection, and operational steps without requiring per-action Customer approval, unless the Customer configures the Services or their connected environments to require such approval (e.g., through pull request review requirements or deployment gates).
3. The scope of actions taken by the Services depends materially on the permissions, credentials, branch protections, deployment controls, secret-management practices, and other safeguards configured by the Customer in Customer-Connected Services.

Customer-Connected Services Authorization

1. By connecting Customer-Connected Services to the Services, the Customer instructs and expressly authorizes the Provider and the autonomous agents acting on the Customer's behalf to access and use such Customer-Connected Services within the scope of permissions granted by the Customer through the installation, authorization, or configuration flow.

2. The Customer represents and warrants that it has, and throughout the term of the Agreement will maintain, all rights, licences, consents, permissions, and lawful authority necessary to:

   1. provide Customer Data to the Provider;
   2. grant access to Customer-Connected Services;
   3. authorize the Services to read, write, modify, deploy, communicate, or otherwise act within those environments; and
   4. use the Services and Output in the manner contemplated by the Agreement.

3. The Customer is solely responsible for:

   1. selecting which repositories, systems, and environments to connect;
   2. the sufficiency, scope, and appropriateness of permissions granted to the Services;
   3. configuring and maintaining branch protections, approval workflows, deployment controls, environment segregation, secrets management, and credential governance within Customer-Connected Services;
   4. maintaining backups, rollback procedures, disaster recovery procedures, and version history;
   5. reviewing secrets management and credential hygiene;
   6. monitoring infrastructure usage, security, compliance, and spending in Customer-Connected Services;
   7. ensuring that use of the Services complies with applicable law, third-party terms, internal policies, and contractual obligations of the Customer; and
   8. all fees, charges, resource consumption, API usage costs, cloud spend, messaging charges, and other costs incurred in Customer-Connected Services as a result of using the Services, even if such costs are triggered by autonomous actions operating within permissions granted by the Customer.

Credit Consumption

1. Credit consumption depends on the nature, duration, complexity, and number of tasks performed, the repositories and systems analysed, the models used, the tools invoked, and the actions executed. Credit usage may differ materially from the Customer's estimate. The Provider does not guarantee that any particular outcome can be achieved within any particular Credit budget. The Customer is responsible for monitoring its Credit balance.
2. If the Customer's Credit balance is insufficient, the Provider may pause, queue, limit, or stop further work until additional Credits are purchased or payment is otherwise secured.

Human Review Requirement

1. All Output requires review by the Customer. The Customer must review, test, validate, and independently assess all Output before relying on it, using it, merging it, deploying it, sharing it, or otherwise acting upon it. The Provider is not liable for any consequences arising from the Customer's failure to adequately review and validate Output. This obligation is especially important for:

   1. code merged into production or pre-production environments;
   2. infrastructure changes, including provisioning cloud resources, modifying DNS records, and changing database configurations;
   3. database migrations;
   4. secret or credential handling;
   5. dependency changes;
   6. security-sensitive code;
   7. deployment scripts and CI/CD changes; and
   8. communications sent through Slack or other external systems.
2. The Customer shall not enable automated pipelines that apply agent Output to production systems, live databases, or critical infrastructure without appropriate human review and approval by qualified personnel, unless the Customer explicitly accepts full responsibility for the consequences. Infrastructure, deployment, secret-management, and production-affecting actions require particularly careful human review.
3. The Customer shall use dedicated credentials with the minimum permissions reasonably necessary for the intended use of the Services and shall rotate credentials promptly if compromise is suspected.

Service Evolution

1. The Provider may change, improve, add, remove, or suspend features of the Services from time to time, provided that such changes do not deprive the Customer of the essential agreed functionality without reasonable justification. Such changes do not constitute a breach of the Agreement.
2. The Provider does not undertake to provide legal, tax, accounting, cybersecurity, compliance, or other regulated professional advice through the Services, and any Output shall not be treated as such advice.

5. PROHIBITED ACTIVITIES

1. The Customer shall not, and shall ensure that its Authorized Users do not, use the Services:

   1. in violation of applicable law, sanctions, export-control rules, or regulatory requirements;
   2. to develop, generate, distribute, facilitate, or deploy malware, ransomware, phishing, credential theft, unauthorized surveillance, exploitation tools, or other harmful or unlawful code;
   3. to gain or attempt to gain unauthorized access to systems, accounts, networks, repositories, cloud accounts, data, or services for which the Customer does not have explicit authorization;
   4. to interfere with, disrupt, or degrade the integrity, availability, or performance of the Services or any third-party service upon which the Services depend;
   5. to circumvent Credits, rate limits, usage restrictions, access controls, safety features, or security measures of the Services;
   6. to reverse engineer, decompile, copy, scrape, extract, or otherwise misuse the Services or Provider Materials to build, assist, or train a competing product or service, except to the extent such restriction is prohibited by mandatory law;
   7. to upload, submit, or process Customer Data that infringes third-party Intellectual Property Rights or for which the Customer lacks the necessary rights or permissions;
   8. to generate deceptive, fraudulent, defamatory, infringing, or unlawful content or outputs;
   9. to use the Services in a manner that creates a material risk to critical infrastructure, safety-critical systems, or production environments without appropriate human controls and review;
   10. to provide false or misleading information in connection with the Account or the use of the Services;
   11. to resell, sublicence, or make the Services available to third parties other than the Customer's Authorized Users, without the Provider's prior written consent; or
   12. in breach of the terms applicable to any Customer-Connected Service.
2. The Provider may monitor usage patterns, logs, and technical signals as reasonably necessary to detect abuse, maintain security, enforce these Terms, and comply with applicable law.
3. The Provider may suspend or terminate access in accordance with Section 11 if the Customer breaches any provision of this Section 5.

6. THIRD-PARTY SERVICES

1. The Services depend on third-party services, infrastructure, and integrations. The Customer acknowledges that availability, functionality, and performance of the Services may be affected by third-party outages, API changes, model changes, rate limits, policy changes, or actions taken by third-party providers.

Provider Subprocessors

1. The Provider uses the following third-party service providers to operate and deliver the Services. Customer Data may be processed by these providers in the course of delivering the Services, subject to the Provider's agreements with each provider:

   1. Anthropic (https://www.anthropic.com/) — Provider of the primary AI models (Claude) used to generate code, plans, and Output. Customer code, prompts, repository context, and instructions are transmitted to Anthropic's API to deliver the Services. Anthropic's usage policies apply to the use of the Services.
   2. OpenRouter (https://openrouter.ai/) — AI model routing layer that may route requests to one or more underlying model providers to maintain service quality, availability, or capability. Customer Data (including code and prompts) may flow through OpenRouter to underlying model providers selected by the Provider.
   3. Google Cloud Platform (https://cloud.google.com/) — Primary cloud infrastructure for the Provider's compute, database, storage, background processing, and logging. Customer Data is processed on GCP infrastructure in the course of delivering the Services.
   4. Firebase (https://firebase.google.com/) — Used for deployment of customer-facing web applications when agents deploy frontends as part of their work, and for the Provider's own application hosting.
   5. Fly.io (https://fly.io/) — The Provider's agent worker machines run on Fly.io. Customer code and context data are processed on Fly.io infrastructure during agent execution.
   6. Stripe (https://stripe.com/) — Payment processing. Customer billing data (payment card details, transaction records) is processed by Stripe. The Provider does not store payment card data. Payment processing is subject to Stripe's Terms of Service and Privacy Policy.
2. The Provider may add, replace, or remove Provider Subprocessors from time to time, provided that the Provider maintains substantially equivalent data protection standards. The Provider will notify the Customer of material changes to the categories of Provider Subprocessors used for core service delivery at least fourteen (14) days in advance through the Website, the Account, or by email. The Customer may object to such material changes within that fourteen-day period. If the Provider cannot reasonably accommodate the objection, the Customer may terminate the Agreement in accordance with Section 11.5, and Section 11.6(c) shall apply to unused Credits.

Customer-Connected Services

1. The following services may be connected by the Customer to the Services. The Customer is responsible for the scope of permissions granted and for compliance with the terms of each Customer-Connected Service:

   1. GitHub (https://github.com/) — The Customer installs the GitHub App and is solely responsible for: installation scope, which repositories are selected, organization-level permissions granted, branch protections, pull request approval workflows, and repository settings. Agents may read repositories, create and modify branches, open pull requests, write to the project management repository, and perform other operations within the scope of permissions granted. GitHub may independently limit the Provider's access to Customer repositories under GitHub's own terms; the Provider is not liable for disruption caused by GitHub's enforcement of its own terms.
   2. Slack (https://slack.com/) — Where the Customer enables Slack integration, agents may create channels, post messages, and send notifications to the Customer's Slack workspace. The Customer is responsible for the scope of Slack permissions granted and for compliance with Slack's terms.
   3. Customer cloud environments — Where the Customer configures agents to interact with cloud accounts (including Google Cloud projects, databases, DNS providers, hosting environments, and other infrastructure), the Customer authorizes the agents to act within the scope of permissions granted. The Customer is solely responsible for all fees, resource usage, configuration, and compliance within the Customer's cloud accounts.

General Third-Party Disclaimers

1. The Provider has no control over and assumes no responsibility for the content, security, availability, accuracy, terms, privacy policies, or practices of any third-party service used in connection with the Services.
2. The Provider is not liable for outages, latency, degraded performance, API changes, deprecations, rate limits, model behaviour changes, model output quality changes, or service suspensions caused by third-party providers, including but not limited to AI model providers, cloud infrastructure providers, version control providers, payment processors, or communication platforms.
3. The Customer is solely responsible for all fees, charges, and liabilities arising from the use of Customer-Connected Services, including any charges incurred in Customer cloud accounts as a result of agent actions performed within the scope of permissions granted by the Customer.
4. The Customer is responsible for complying with the terms of service of all Customer-Connected Services. The Provider's agreements with third-party providers do not substitute for or supersede the Customer's own obligations to those providers.

7. PRICE, METHOD OF PAYMENT

1. The price of the Services, including information on whether the price is inclusive or exclusive of VAT, is set out on the Website or other applicable ordering interface of the Provider.
2. The Services are offered on a pay-per-use basis unless expressly agreed otherwise. The Customer purchases Credits, which are consumed as autonomous agents perform work. Details of Credit pricing and consumption rates are available on the Provider's pricing page.
3. All fees, taxes, and other amounts payable under the Agreement are due in United States Dollars (USD) unless expressly stated otherwise. Payment obligations are non-cancellable and, except as expressly stated in these Terms or required by mandatory law, payments are non-refundable.
4. Billing is processed via Stripe. Payment card numbers are entered through Stripe's secure payment interface and are not stored by the Provider.
5. The Customer authorizes the Provider and its payment processor to charge the selected payment method for purchased Credits and other payable amounts.
6. If any charge is rejected, reversed, refunded, disputed, or remains unpaid, or if the Customer's Credit balance is exhausted, the Provider may: (a) suspend the Services until the outstanding amount is paid or sufficient Credits are purchased; (b) suspend agent activity on the Customer's projects; (c) revoke access to integrations; and (d) charge interest on overdue amounts at the rate specified in Section 1970 of Act No. 89/2012 Coll., the Czech Civil Code, or, for business-to-business transactions, at the rate specified in Government Regulation No. 351/2013 Coll. The Provider shall notify the Customer before exercising these remedies, except where immediate suspension is necessary to prevent further Credit consumption.
7. The Customer is responsible for all taxes, duties, and levies applicable to the Customer's purchase and use of the Services, excluding taxes on the Provider's income.

8. Except where mandatory law requires otherwise:

   1. prepaid Credits already consumed are non-refundable;
   2. unused Credits purchased by the Customer are non-refundable if the Agreement is terminated for the Customer's breach; and
   3. if the Provider terminates the Agreement without cause, the Provider may allow the Customer to use remaining paid Credits during a reasonable wind-down period or refund the unused portion on a pro rata basis.
9. The Provider may update prices from time to time. Updated pricing applies prospectively to future purchases of Credits only and shall not affect Credits already purchased.

8. AI-SPECIFIC DISCLAIMERS AND RESPONSIBILITIES

AI Output Disclaimer

1. The Services use large language models (LLMs) and other AI systems to generate Output. The Customer acknowledges and agrees that:

   1. AI-generated Output may be incomplete, incorrect, insecure, misleading, biased, outdated, or unsuitable for a particular purpose, even when it appears correct and well-structured;
   2. LLMs may produce hallucinated content — plausible-sounding but factually incorrect information, including references to non-existent libraries, APIs, services, security practices, packages, or documentation;
   3. AI-generated code may contain security vulnerabilities, including but not limited to injection flaws, authentication weaknesses, insecure dependencies, exposed credentials, or logic errors, even when the code appears syntactically correct and functional;
   4. AI-generated code may inadvertently reproduce or be substantially similar to code subject to third-party copyright, licence restrictions, or other Intellectual Property Rights, and the Provider cannot guarantee that Output is free of third-party Intellectual Property; and
   5. the quality, accuracy, safety, and availability of AI-generated Output are subject to the capabilities and limitations of the underlying AI model providers, which may change over time and which the Provider does not control.

Prompt Injection Disclaimer

1. Agents operating on code repositories and other Customer Data may be influenced by adversarial content embedded in the materials being analysed (prompt injection). The Provider employs reasonable technical measures to mitigate prompt injection risks; however, the Provider cannot guarantee complete protection against adversarial content. The Provider is not liable for harm resulting from prompt injection attacks — that is, when content in repositories, dependencies, documentation, or other Customer-provided or third-party sources manipulates agents into performing actions that the Customer did not intend. The Customer should maintain appropriate safeguards (such as branch protections, review requirements, and environment segregation) to mitigate the consequences of unexpected agent behaviour.

AI Training Opt-Out

1. The Provider shall not use Customer Data, repositories, prompts, or Output to train third-party general-purpose AI models without the Customer's explicit prior consent. The Provider may use aggregated, de-identified usage telemetry (such as error rates, task completion rates, and performance metrics) for internal service improvement.
2. The Provider cannot control how third-party AI model providers (listed in Section 6.2) process data transmitted to their APIs. The Customer should review the data handling and training policies of the applicable AI model providers. As of the effective date of these Terms, the Provider's agreements with its primary AI model providers prohibit the use of Customer Data for model training.

Infrastructure Action Disclaimer

1. Where agents provision, configure, or modify cloud infrastructure, databases, DNS records, secrets, hosting environments, or other operational systems, such actions may have immediate and material consequences, including financial costs in Customer cloud accounts and changes to production systems. The Provider disclaims all liability for infrastructure actions taken within the scope of permissions granted by the Customer where the Customer failed to maintain adequate review processes, environment segregation, spending limits, or rollback procedures.

No Professional Advice

1. Output — including architecture plans, business strategy recommendations, deployment configurations, cost estimates, security assessments, and operational advice — does not constitute professional software engineering, legal, financial, tax, or security advice. The Customer should consult qualified professionals before relying on agent Output for critical business, security, or compliance decisions.

Credential and Secrets Security

1. Where agents handle Customer credentials, API keys, database connection strings, cloud service account keys, or other secrets:

   1. the Customer shall provide dedicated credentials with the minimum permissions necessary for the intended agent activity and shall not provide credentials with broader access than required;
   2. the Provider handles credentials in accordance with its security practices, including use of encrypted secret management services;
   3. the Provider is not liable for credential compromise resulting from Customer security failures, including but not limited to: credentials committed to repositories, insufficient access controls, shared or reused credentials, or failure to rotate credentials after suspected compromise;
   4. in the event of a credential compromise attributable to a breach of the Provider's security measures, the Provider shall notify the Customer without undue delay in accordance with Section 14.12; and
   5. the Customer should promptly rotate any credentials that the Customer suspects may have been compromised.

EU AI Act Compliance

1. The Provider reserves the right to implement measures to comply with Regulation (EU) 2024/1689 (the EU AI Act) and any delegated or implementing acts thereunder, including but not limited to human oversight controls, audit logging, usage restrictions, transparency obligations, and risk classification measures. Such measures may include labelling or marking Output as AI-generated where required by applicable law or codes of practice. The Customer shall cooperate with the Provider in implementing such measures. Implementation of AI Act compliance measures shall not constitute a breach of the Agreement or a material change to the Services.

9. LIMITATION OF LIABILITY

1. Mandatory law preserved. Nothing in the Agreement excludes or limits liability to the extent such exclusion or limitation is prohibited by applicable law, including liability for:

   1. death or personal injury caused by negligence;
   2. fraud or fraudulent misrepresentation;
   3. any liability that cannot be limited or excluded under mandatory consumer, data-protection, or other mandatory law, including mandatory provisions of the Czech Civil Code (Act No. 89/2012 Coll.);
   4. damage caused by the Provider's intentional misconduct or gross negligence, in accordance with Section 2898 of the Czech Civil Code (Act No. 89/2012 Coll.); and
   5. the Customer's indemnification obligations under Section 10.
2. "As Is" Disclaimer. Except for any mandatory statutory rights that cannot be excluded or limited under applicable law, the Services and all Output are provided "as is" and "as available" without any additional warranties of any kind, whether express, implied, or statutory. The Provider shall use commercially reasonable efforts to make the Services available and to operate them with reasonable care. However, the Provider does not guarantee the continuous availability, error-free operation, or any particular performance level of the Services. All Output is provided "as is" and "as available" without warranties of any kind to the maximum extent permitted by applicable law. The disclaimers in this Section 9.2 do not limit the Provider's obligation to provide the Services with reasonable care to the extent required by mandatory Czech law.
3. Exclusion of indirect damages. To the maximum extent permitted by applicable law, the Provider, its affiliates, licensors, subprocessors, and their respective directors, officers, employees, and contractors shall not be liable for any indirect, incidental, special, punitive, or consequential damages, or for any loss of profits, revenue, business opportunity, goodwill, anticipated savings, data, or business interruption, even if advised of the possibility of such damages.

4. Aggregate liability cap. To the maximum extent permitted by applicable law, the Provider's total aggregate liability arising out of or in connection with the Agreement, the Services, or the Output, whether in contract, tort (including negligence), statute, breach of statutory duty, or otherwise, shall not exceed the greater of:

   1. the total fees actually paid by the Customer to the Provider under the Agreement during the twelve (12) months immediately preceding the event giving rise to the claim; or
   2. EUR 500.

   This limitation applies in the aggregate to all claims, regardless of the form of action or theory of liability. This limitation does not apply to liability arising from the Provider's gross negligence or intentional misconduct, nor to any liability that cannot be limited under mandatory provisions of applicable law, including Section 2898 of the Czech Civil Code (Act No. 89/2012 Coll.). The aggregate liability cap is the Customer's exclusive monetary remedy against the Provider to the maximum extent permitted by law.

5. GDPR liability. Liability for breaches of obligations under Regulation (EU) 2016/679 (GDPR) shall be governed by the applicable provisions of data protection law and is not subject to the contractual liability cap set forth in Section 9.4.
6. Customer backup and rollback responsibility. The Customer is solely responsible for maintaining adequate backups, branch protections, version control practices, and rollback procedures for all repositories, infrastructure, data, and systems connected to the Services. The Services do not provide a backup or disaster recovery function. The Provider is not liable for data loss, corruption, or unintended changes that the Customer could have prevented or reversed through appropriate backup and version control practices.
7. Outcome disclaimer. The Customer acknowledges that the success or failure of projects built using the Services is determined by the Customer's decisions, the Customer's review and acceptance of Output, market conditions, and other factors outside the Provider's control. The Provider does not guarantee any particular business outcome, revenue, accuracy rate, success rate, or commercial result from the use of the Services.

10. CUSTOMER INDEMNIFICATION

1. This Section 10 applies only to Customers acting in the course of their business activity. The Customer shall compensate the Provider, its affiliates, licensors, subprocessors, and their respective directors, officers, employees, contractors, and agents (collectively, "Provider Parties") for all damages, costs, and reasonable expenses (including legal fees) arising from third-party claims, demands, or proceedings relating to:

   1. Customer Data, repositories, prompts, or instructions provided by the Customer;
   2. the Customer's or any Authorized User's use of the Services or Output in violation of the Agreement, applicable law, or third-party rights;
   3. the Customer's instructions, approvals, deployments, or operational decisions;
   4. the Customer's lack of rights, permissions, or lawful basis to provide Customer Data or to authorize access to Customer-Connected Services;
   5. infringement or alleged infringement of third-party Intellectual Property Rights by Customer Data, or by the Customer's use of Output in combination with Customer-provided data, instructions, repositories, or other materials — excluding, for the avoidance of doubt, any infringement arising solely from the Provider's AI models generating infringing Output independently of Customer-provided materials;
   6. products, services, applications, or deployments created, modified, or operated by the Customer using the Services or Output; or
   7. the Customer's breach of the Agreement, applicable law, or the terms of any Customer-Connected Service.
2. The Provider shall: (a) give the Customer reasonably prompt written notice of any claim for which indemnification is sought; (b) permit the Customer to participate in the defence and settlement of the claim in a manner consistent with applicable procedural law; and (c) provide reasonable cooperation at the Customer's expense. The Customer shall not settle any claim in a manner that admits fault of, or imposes non-monetary obligations on, the Provider without the Provider's prior written consent, not to be unreasonably withheld. The Provider reserves the right to participate in the defence of any claim at its own expense.
3. The indemnification obligations under this Section 10 shall survive termination of the Agreement.

11. SUSPENSION AND TERMINATION

Immediate Suspension

1. The Provider may suspend, limit, or disable access to the Services, in whole or in part, immediately and without prior notice where reasonably necessary to:

   1. protect the security, integrity, or availability of the Services or any third-party service;
   2. prevent fraud, abuse, or unlawful activity;
   3. comply with applicable law, regulatory requirements, or requests of public authorities;
   4. comply with requirements, restrictions, or actions of third-party providers, including AI model providers, cloud providers, or version control providers;
   5. investigate a suspected material breach of the Agreement, including any breach of Section 5; or
   6. mitigate material risk of harm to the Provider, other customers, third parties, or Customer-Connected Services.
2. Where reasonably practicable, the Provider shall inform the Customer of a suspension and the main reason for it without undue delay. The Provider shall use reasonable efforts to restore access as soon as the underlying cause is resolved, unless restoration would violate applicable law or endanger the Provider's systems.

Termination for Breach

1. Either party may terminate the Agreement if the other party materially breaches the Agreement and fails to remedy the breach within fourteen (14) days after receiving written notice specifying the breach and requiring its remedy.

Termination for Convenience

1. The Provider may terminate the Agreement for convenience upon thirty (30) days' written notice to the Customer.
2. The Customer may terminate the Agreement at any time by written notice to the Provider, by ceasing to use the Services, removing integrations, and closing the Account, provided that termination does not affect accrued payment obligations and consumed Credits remain payable.

Credit Handling on Termination

1. Upon termination of the Agreement:

   1. where the Customer terminates due to the Provider's material breach, unused pre-paid Credits shall be refunded in full;
   2. where the Provider terminates the Agreement due to the Customer's material breach or violation of Section 5, unused Credits are forfeited and no refund shall be payable; and
   3. in all other cases of termination, pre-paid unused Credits will be refunded on a pro-rata basis within thirty (30) days of the effective date of termination, unless termination results from the Customer's breach of this Agreement.

Post-Termination

1. Upon termination or expiry of the Agreement:

   1. the Customer's right to use the Services ends;
   2. the Provider will cease agent activity on the Customer's projects;
   3. the Provider may revoke access tokens, app permissions, and other authorizations;
   4. the Customer shall promptly remove or disable integrations where applicable;
   5. the Customer remains responsible for any fees or charges incurred prior to termination; and
   6. the Provider may delete or anonymize retained Customer Data in accordance with Section 14, subject to legal retention obligations.
2. The Customer may request export of Customer Data for a period of thirty (30) days following the effective date of termination. The Customer is responsible for exporting or retrieving any data from the Services within this period. The Provider is not obligated to maintain or provide Customer Data after the expiration of this thirty-day post-termination period.
3. Sections that by their nature should survive shall survive, including Sections 1, 5, 6, 8, 9, 10, 12, 14, 15, 16, and 17.
4. Suspension or termination does not limit any other rights or remedies available to the Provider under the Agreement or applicable law.

12. INTELLECTUAL PROPERTY

Customer Ownership of Output

1. As between the Provider and the Customer, the Customer retains all right, title, and interest in and to the Customer Data and the Customer's codebase.
2. Subject to payment of applicable fees and to the maximum extent legally possible, the Customer shall own all right, title, and interest that may subsist in Output generated specifically for the Customer through the Services, excluding any Provider Materials, third-party materials, open-source software, or pre-existing Intellectual Property Rights of the Provider or its licensors incorporated therein. This ownership extends to all modifications, additions, and derivative works created by the agents within the Customer's repositories. Assignment of these rights takes effect automatically upon creation of the relevant Output.
3. To the extent any rights in such Output do not automatically vest in the Customer under applicable law, the Provider hereby assigns, and shall procure that its relevant personnel assign, such rights to the Customer to the maximum extent legally possible upon creation or, if required by law, upon full payment of the applicable fees.

Provider Platform Intellectual Property

1. The Provider retains all right, title, and interest in and to the Provider Materials, including the platform, agent architecture, orchestration systems, agentic flow designs, system prompts, model configurations, agent tooling, and all underlying technology and infrastructure. No rights are granted to the Customer in Provider Materials except the limited right to use the Services during the term of the Agreement in accordance with these Terms.

Licences

1. The Customer grants the Provider a non-exclusive, worldwide, royalty-free licence for the term of the Agreement to host, reproduce, transmit, process, analyse, adapt, and otherwise use Customer Data solely as necessary to provide, secure, support, maintain, and improve the Services in accordance with the Agreement.
2. The Provider may use aggregated and de-identified usage data, performance metrics, diagnostics, and telemetry generated in connection with the Services to operate, secure, support, and improve the Services, provided such data does not identify the Customer or disclose Customer Data.

Third-Party IP Disclaimer

1. The Provider does not warrant that Output is free of third-party Intellectual Property Rights, open-source licence obligations, attribution requirements, or other restrictions. AI-generated code may inadvertently reproduce or be substantially similar to pre-existing code subject to copyright, patent, or licence restrictions. The Customer is responsible for reviewing Output for licensing, attribution, export-control, compliance, and Intellectual Property issues before use, distribution, or deployment.

13. SPECIAL PROVISIONS FOR CONSUMERS

1. This Section 13 applies exclusively to a Customer who is a Consumer. In the event of conflict between this Section 13 and any other provision of these Terms, this Section 13 prevails to the extent required by mandatory consumer law.
2. Right of withdrawal. If the Agreement is concluded by means of distance communication, the Consumer has the right to withdraw from the Agreement without giving any reason within fourteen (14) days from the date of its conclusion, in accordance with Section 1829(1) of Act No. 89/2012 Coll., the Czech Civil Code, as amended (the "Civil Code"). To exercise the right of withdrawal, the Consumer must send a clear statement of the decision to withdraw from the Agreement (e.g., by email to support@247agents.io or by post to the Provider's registered office).
3. Request for immediate performance. The Consumer hereby expressly requests, within the meaning of Section 1823 of the Civil Code, that the Provider commence the provision of the Services immediately after conclusion of the Agreement, i.e. within the withdrawal period. If the Services have been fully provided before expiry of the withdrawal period and the Consumer was informed that, by giving such consent, the Consumer loses the right to withdraw once performance has been completed, the Consumer shall not be entitled to withdraw after full performance to the extent provided by applicable law.
4. Consequences of withdrawal. If the Consumer withdraws from the Agreement after having expressly requested that the Provider begin providing the Services during the withdrawal period, the Consumer shall pay the Provider a proportionate part of the agreed price corresponding to the Services actually provided up to the effective date of withdrawal, in accordance with Section 1834 of the Civil Code.
5. Limitation of liability for Consumers. The limitation of liability provisions in Section 9 shall apply to Consumers only to the extent permitted by mandatory provisions of Sections 1810 to 1867 of the Civil Code. Where any provision of these Terms is found to be contrary to mandatory consumer protection law, such provision shall not apply to the Consumer, and the relevant mandatory legal provision shall apply instead.
6. Consumer indemnification exclusion. Section 10 (Customer Indemnification) does not apply to Consumers. The Provider's remedies against a Consumer are limited to those available under mandatory law.
7. Consumer credit refund on termination. Where the Provider terminates the Agreement under Section 11.4 (termination for convenience) and the Customer is a Consumer, unused pre-paid Credits shall be refunded on a pro-rata basis within thirty (30) days.
8. Defective performance. The rights and obligations of the contracting parties with regard to the Provider's liability for defects are governed by the relevant generally binding provisions of Czech law, in particular Sections 1914 to 1925 of the Civil Code (general obligations of proper performance), Sections 2586 to 2635 of the Civil Code (contract for work), and for Consumers additionally the provisions of the Civil Code transposing Directive (EU) 2019/770 on the supply of digital content and digital services.
9. Pre-contractual information. The pre-contractual information required under Section 1811 of the Civil Code is provided on the Website before conclusion of the Agreement.
10. Out-of-court dispute resolution. In the event that a dispute arises between the Provider and the Consumer which cannot be resolved by mutual agreement, the Consumer may submit a proposal for out-of-court settlement of such dispute to the designated body for out-of-court settlement of consumer disputes, which is the Czech Trade Inspection Authority (Ceska obchodni inspekce), internet address: https://adr.coi.cz/. The Consumer may also use the online dispute resolution platform established by the European Commission at https://ec.europa.eu/consumers/odr/.

14. PRIVACY POLICY

Data Controller

1. The Provider, WriteIt.ai s.r.o., ID No.: 04518136, acts as the data controller for personal data processed in connection with the Services. The Provider takes personal data protection seriously and processes personal data in accordance with applicable law, in particular Regulation (EU) 2016/679 (the "GDPR"), and these Terms. For data protection enquiries, the Provider may be contacted at privacy@247agents.io. The Provider has not appointed a Data Protection Officer as it does not meet the criteria set out in Article 37 of the GDPR.

Legal Basis for Processing

1. The Provider processes personal data on the following legal bases: (a) performance of the Agreement concluded between the Provider and the Customer (Article 6(1)(b) GDPR); (b) compliance with legal obligations (Article 6(1)(c) GDPR); (c) consent provided by the Customer for a specified purpose (Article 6(1)(a) GDPR); or (d) the legitimate interest of the Provider in operating its business and providing the Services (Article 6(1)(f) GDPR).

Categories of Personal Data

1. The Provider may process the following categories of personal data: name, email address, company details, authentication-related identifiers, GitHub account and organization metadata, GitHub installation IDs, repository selections, repository metadata, commit and pull request metadata, repository contents (temporary clones), code snippets, prompts, generated Output, Slack workspace identifiers and channel metadata, Stripe customer identifiers, transaction records, invoice details, payment status, IP address, log entries, timestamps, device or browser signals, error reports, and audit events.

Purpose of Processing

1. Personal data is processed for the purposes of: (a) concluding and performing the Agreement and delivering the Services; (b) billing, accounting, invoicing, and tax compliance; (c) communication with the Customer; (d) security, fraud prevention, abuse prevention, and service integrity; (e) compliance with legal obligations; and (f) establishing, exercising, or defending legal claims.
2. The Provider may use aggregated, de-identified usage telemetry to improve the Services. Customer Data and Output are not used by the Provider to train third-party AI models. See also Section 8.3.

Data Recipients and Transfers

1. The Provider transfers personal data to third parties solely for the purposes described above. Recipients include the Provider Subprocessors listed in Section 6.2 (Anthropic, OpenRouter, Google Cloud Platform, Firebase, Fly.io, Stripe), as well as external accountants, auditors, and legal advisers where necessary. The Provider uses contractual clauses and appropriate safeguards when transferring personal data and acts in accordance with GDPR requirements.
2. The Provider primarily uses infrastructure within the EU or EEA. Where personal data is transferred to countries outside the EU/EEA without an adequacy decision by the European Commission, the Provider relies on standard contractual clauses adopted under Article 46(2)(c) GDPR and related supplementary measures.

Data Retention

1. The Provider processes personal data for the periods necessary for fulfilment of contractual obligations and protection of its rights:

   1. Billing and accounting records: retained for the period required by applicable Czech tax and accounting legislation (currently up to 10 years for tax documents, 5 years for accounting records);
   2. Account and contractual data: retained for the duration of the Agreement and for 3 years after its termination, unless a longer period is required by law or needed for legal claims;
   3. Repository contents and temporary clones: retained only for as long as reasonably necessary to provide the Services; deleted within 30 days of the Customer revoking access or terminating the Agreement;
   4. Usage logs, diagnostics, and security records: generally retained for 90 days, unless a longer retention period is necessary for security investigations, legal claims, or legal obligations; and
   5. Data subject to a legal hold or ongoing claim: retained for the duration of the relevant legal proceeding or investigation.

Data Subject Rights

1. The Customer and Authorized Users have the right to request access to their personal data, their rectification or erasure, restriction of processing, and data portability, in accordance with Articles 15 to 20 of the GDPR. The Customer may also object to processing based on legitimate interest (Article 21 GDPR). If the Customer has granted consent to processing, the Customer may withdraw that consent at any time without affecting the lawfulness of processing carried out prior to withdrawal. These rights may be exercised by contacting the Provider at privacy@247agents.io, at its registered office by post, or by other means published on the Website.
2. If the Customer considers that the processing of personal data is unlawful, the Customer may contact the Provider or lodge a complaint with the competent supervisory authority, which for the Czech Republic is the Office for Personal Data Protection (Urad pro ochranu osobnich udaju), www.uoou.cz.

Data Processing Agreement

1. Where the Provider processes personal data on behalf of the Customer as a processor within the meaning of Article 28 GDPR, the parties shall be governed by the Provider's applicable Data Processing Agreement ("DPA"). For Customers who are data controllers, the Provider will enter into a Data Processing Agreement in accordance with GDPR Article 28 upon request. Until a separate DPA is executed, the data processing terms set out in this Section 14 shall apply to such processing.

Security Breach Notification

1. In the event of a personal data breach as defined in Article 4(12) of the GDPR that is likely to result in a risk to the rights and freedoms of the Customer or Authorized Users, the Provider shall notify the Customer without undue delay and in any event no later than seventy-two (72) hours after becoming aware of the breach, in accordance with Articles 33 and 34 of the GDPR. The notification shall include, to the extent known at the time: the nature of the breach, the categories and approximate number of data subjects and records affected, the likely consequences, and the measures taken or proposed to address the breach. The Provider shall also notify the competent supervisory authority (the Office for Personal Data Protection, Urad pro ochranu osobnich udaju) within 72 hours of becoming aware of any breach likely to result in a risk to the rights and freedoms of natural persons, in accordance with Article 33 of the GDPR. Where the Provider acts as a processor on behalf of the Customer, the Provider shall notify the Customer of any personal data breach without undue delay, regardless of the assessed level of risk, to enable the Customer to fulfil its own notification obligations under applicable law.

Cookies and Technical Storage

1. The Provider does not currently use analytics or tracking scripts requiring cookie consent on the Website. Essential technical storage (cookies or local storage) may be used where necessary for authentication, session management, security, fraud prevention, and core service functionality.

15. FORCE MAJEURE

1. Neither party shall be liable for any failure or delay in performing its obligations under the Agreement where such failure or delay results from a Force Majeure Event.
2. Without limiting the generality of the definition in Section 1.9, Force Majeure Events expressly include: outages, degradation, or discontinuation of AI model providers (including Anthropic and any provider accessible through OpenRouter); cloud infrastructure failures (including failures of Google Cloud Platform, Firebase, Fly.io, or other hosting platforms); GitHub or other version control platform outages or policy changes; Slack or other communication platform disruptions; cyberattacks, including distributed denial-of-service attacks; changes in applicable law, regulation, or government orders that prevent performance; and supply chain disruptions affecting critical service dependencies.
3. The affected party shall notify the other party promptly of the Force Majeure Event and its expected duration, and shall use reasonable efforts to mitigate the impact and resume performance as soon as practicable.
4. If a Force Majeure Event continues for more than thirty (30) consecutive days, either party may terminate the affected Services on written notice, without prejudice to accrued rights and payment obligations for Services already provided. Section 11.6(c) shall apply to unused Credits.

16. DIGITAL SERVICES ACT COMPLIANCE

1. In accordance with Regulation (EU) 2022/2065 (the Digital Services Act), the Provider designates the following as its single point of contact for communications with authorities of EU Member States, the European Commission, the European Board for Digital Services, and recipients of the Services. The contact details are prominently available on the Website:

   Email: dsa@247agents.io
   Postal address: WriteIt.ai s.r.o., Na Folimance 2155/15, Vinohrady, 120 00 Prague 2, Czech Republic
   Languages: English, Czech

2. Any person or entity who becomes aware of illegal content hosted on or generated through the Services may submit a notice to the Provider at the contact point above. The notice should include: (a) identification of the allegedly illegal content with sufficient detail to locate it; (b) an explanation of the reasons why the content is considered illegal; (c) the name and contact details of the reporting person; and (d) a statement of good faith belief that the information in the notice is accurate and complete.
3. The Provider shall process notices of illegal content without undue delay, in a non-arbitrary and objective manner, taking into account the nature of the content and the urgency of the matter. The Provider shall inform the reporting person of its decision and the reasons therefor. Where the Provider determines that content is illegal, it shall promptly remove or disable access to such content and inform the affected Customer.
4. The Provider publishes annual transparency information regarding content moderation activities in accordance with Article 15 of the Digital Services Act, to the extent applicable to the Provider's size and nature of services.

17. MISCELLANEOUS

Governing Law

1. The Agreement and any non-contractual obligations arising out of or in connection with it are governed by the laws of the Czech Republic, in particular Act No. 89/2012 Coll., the Czech Civil Code, as amended, excluding conflict-of-law rules to the extent their exclusion is permitted.

Jurisdiction

1. Any disputes arising out of or in connection with the Agreement shall be submitted to the competent courts of the Czech Republic. For business customers, the local court having jurisdiction over the Provider's registered seat (Prague) shall have territorial jurisdiction, unless mandatory law provides otherwise. For Consumers, the competent court shall be determined in accordance with mandatory provisions of applicable law, which may include the court of the Consumer's domicile.

Entire Agreement

1. The Agreement constitutes the entire agreement between the Provider and the Customer concerning its subject matter and supersedes any prior or contemporaneous proposals, understandings, statements, or agreements relating to that subject matter, except for fraud and except for any separate written agreement expressly prevailing over these Terms.

Severability

1. If any provision of these Terms is found by a court or other competent authority to be invalid, illegal, or unenforceable, such provision shall be severed to the minimum extent necessary. The remaining provisions shall remain in full force and effect. Where possible, the invalid provision shall be interpreted or reformed to achieve, as closely as possible, the intended effect of the original provision, to the extent permitted by applicable law.

No Waiver

1. No failure or delay by either party in exercising any right, power, or remedy under the Agreement shall constitute a waiver of that right, power, or remedy. A waiver of any provision shall be effective only if made in writing.

Assignment

1. The Customer may not assign or transfer the Agreement or any rights or obligations under it without the Provider's prior written consent. Any purported assignment in violation of this provision is void. The Provider may assign or transfer the Agreement, in whole or in part, to an affiliate or in connection with a merger, acquisition, corporate restructuring, or sale of all or substantially all of the relevant business or assets, upon written notice to the Customer.

Relationship of the Parties

1. The parties are independent contractors. Nothing in the Agreement creates a partnership, franchise, joint venture, agency, fiduciary, or employment relationship between the parties.

Notices

1. Unless these Terms provide otherwise, notices under the Agreement may be given by email to the address associated with the Customer's Account (for notices to the Customer) or to the Provider's contact email address published on the Website (for notices to the Provider). Notices are deemed received when the sending party receives confirmation of delivery or, in the absence of such confirmation, twenty-four (24) hours after sending.

Language

1. These Terms are drafted in English. If the Provider makes available a translation, the English version shall prevail to the extent permitted by law, unless mandatory law requires otherwise.

Changes to These Terms

1. The Provider may amend these Terms from time to time.
2. If the amendment materially adversely affects the Customer's rights or obligations, the Provider shall provide at least fourteen (14) days' advance notice by email, through the Account, or through the Website before the updated Terms become effective.
3. If the Customer does not agree to a material amendment, the Customer may terminate the Agreement before the effective date of the updated Terms by written notice or by discontinuing use of the Services and closing the Account. Continued use of the Services after the effective date constitutes acceptance of the updated Terms. In such case, Section 11.6(c) shall apply to unused Credits.
4. Non-material changes, including corrections of obvious errors, clarifications that do not alter the substance of obligations, updates reflecting changes in subprocessors, security measures, contact details, or legal references, may take effect upon publication on the Website, unless mandatory law requires otherwise.

18. EFFECTIVE DATE

These Terms are effective as of March 25, 2026.