Terms of Service

Between Sphere2, a French limited joint-stock company (société par actions simplifiée), registered at the trade register of Paris, under number 989 284 955 having its registered office at 40, rue du Louvre, 75001 Paris, France, operating under the commercial name Gradium (“GRADIUM”), and customer subscribing to GRADIUM’s Services (as defined hereafter)  (“Client”).

These Terms of Service are made by and between GRADIUM and Client and entered into as of the Effective Date (as defined below) for the purpose of granting Client a limited subscription to use GRADIUM’s speech-to-text (SST) and text-to-speech (TTS) artificial intelligence models (the “SST Model” and  “TTS Model”, together the “Models”).

1. Definitions

Affiliate means any entity (a) that a Party Controls; (b) that a Party is Controlled by; or (c) with which a Party is under common Control, where “Control” means direct or indirect control within the meaning of Article L233-3 of the French Commercial Code.

Agreement means these Terms of Service, and any document and policy referenced therein including but not limited to the Documentation.

API means the Application Programming Interface provided by GRADIUM to Client to allow Client to use the Models.

Applicable Laws means the laws, rules, regulations, court orders, and other binding requirements of a relevant government authority that apply to or govern the provision and/or use of Services, the Client Service and any part thereof such as Input collection, use and provision.

Applicable Privacy Laws means any applicable privacy or data protection legislation or regulations, governing personal data protection and voice processing, including but not limited to European Data Protection Laws, and the California Consumer Privacy Act, as amended by the California Privacy Rights Act and its implementing regulations as amended or superseded from time to time (“CCPA”) as well as similar laws adopted in other states. European Data Protection laws shall have the meaning ascribed to them in the Data Processing Agreement.

Beta Services has the meaning set forth in Section 1.11 (Beta Services).

Caller means the individuals that will receive and interact with the Models and theirOutput whether or not as part of Client Service.

Client Environment means the systems, platforms, services, devices, software, AI models and systems, servers, sites and/or networks that Client uses for the operation of Client Service to the exclusion of the Services.

Client Data means the data that are submitted to the Services, including Input, by Client or on its behalf, the Voice Sample, the Voice Reproduction and the Output.  

Client Personal Data means Personal Data contained in Client Data.

Client Service means as applicable the service provided by Client to its customers, which integrates the Services.

Confidential Information has the meaning set forth in Section 11.1 (Confidential Information).

Disclosing Party means a Party to the Agreement when the Party is providing or disclosing Confidential Information to the other Party.

Documentation means the usage manuals and instructional materials for the Services that are made available by GRADIUM to Client at the following link and any succeeding link: https://gradium-ai.github.io/gradium-api/documentation/docs.html.

Data Processing Agreement means the document available in Exhibit 1.  

Effective Date means the date of subscription of the Services.

Fees means all the applicable amounts owed by Client to GRADIUM for the Services , which includes the Service Plan Fees, the Usage Overage Fees, and the Zero Data Retention fees and any fees associated to GRADIUM’s commitment not to transfer Personal Data outside the EU, where applicable.

Feedback means suggestions, feedback, or comments from Client or users for improvement of the Services.

Force Majeure Event means an unforeseen event outside a party’s reasonable control where the affected party took reasonable measures to avoid or mitigate the impacts of the event, and which prevents a party from performing its obligations (except payment of Fees) as per Article 1218 of the French Civil Code. Examples of these kinds of events include unpredicted natural disasters like a major earthquake, war, pandemic, riot, act of terrorism, or public utility or internet failure.

GRADIUM Covered Claim has the meaning set forth in Section 8.1 (Indemnification by Client).

Input means the voice recordings and other audio, text descriptions, prompts, videos, or other content submitted by Client or on its behalf to GRADIUM for the provision of the Services, including but not limited to the Voice Sample and voice and text input to be respectively transcribed in writing or vocally transcribed by the Models.

Intellectual Property Rights means any right or protection existing from time to time in any jurisdiction, whether registered or not, under any patent law or other invention or discovery law, copyright law, trademark law, performance or moral rights law, trade-secret law, confidential information law, integrated circuit topography law, semi-conductor chip protection law, data law, database law, trade-mark law, unfair competition law or other similar intellectual property laws and includes related legislation by competent governmental authorities and related judicial decisions under common law or equity.

Malicious Code means code, files, scripts, agents, or programs intended to do harm, including viruses, worms, time bombs, and Trojan horses.

Models means collectively the SST Model and the TTS Model.

Output means the textual or synthetic audio recording generated by the Models and transcribing, whether textually or vocally, the Input provided by Client, whether or not based on a Voice Reproduction. For the avoidance of doubt, Output does not include the Models, the API, any voice embedding and any other artificial intelligence models or systems owned by GRADIUM or powering the Models and their related components.

Party, Parties means either Client or GRADIUM or collectively Client and GRADIUM.

Personal Data has the meaning(s) set forth in the Applicable Privacy Laws for personal information, personal data, personally identifiable information, or other similar term.

Recipient means a Party to the Agreement when the Party receives Confidential Information from the other Party.

Services means the provision of the Models and associated services, together with our website as further described in Client’s subscription and the Documentation, and which includes the Models and as applicable the API, whether for free or in consideration of the Fees, and whether provided by API or via GRADIUM’s website.  

Service Plan means the level of Services selected and subscribed to by Client, which determines the scope of features, usage limits, support entitlements, and other included benefits or limits. Service Plans are described at the time of subscription.

Service Plan Fees means the price associated to each Service Plan as described at the time of finalization of the subscription, and as updated afterwards.

Security Measures means GRADIUM’s security measures described in Appendix 3 to the Data Processing Agreement.

SST Model means the speech-to-text artificial intelligence model provided by GRADIUM and producing text Output based on Client’s voice Input.

Taxes has the meaning set forth in Section 4.5 (Taxes).

Term means the duration of the Agreement as set forth in Section 3.1 (Term).  

Territory means the whole world, except as provided under the Agreement.

TTS Model means the text-to-speech artificial intelligence model provided by GRADIUM and producing voice Output based on Client’s text Input.

Usage Overage Fees means the price associated to any Service Plan overuse if activated by the Client.

Voice Reproduction means the model used to generate voice Output in the form of synthetic audio sounding like the Voice Sample provided by Client and based on the Voice Sample.

Voice Sample means the voice recording provided by Client to GRADIUM to create a Voice Reproduction as part of the provision of the Services.

Zero Data Retention means the feature of deletion of Input and Output as described in Section 1.7 (Zero Data Retention).

1. GRADIUM’s Obligations

1. Services. GRADIUM will provide the Services part of the subscription  to Client.

2. Professional use. The Services are specifically designed for professional and business use. The Services are not intended for personal, consumer, or non-professional use. By accessing or using the Services, Client represents and warrants that any User using the Services is acting on behalf of a business, organization, or professional entity. Where Clients are natural persons, they must be at the age of legal majority where Clients live.

3. Documentation. GRADIUM will make Documentation available to Client.

4. Client Data. GRADIUM will process Client Data submitted to the Services by or on behalf of Client and generated by the Services only according to the Agreement, the Documentation and GRADIUM’s Privacy Policy.

5. Security Measures. GRADIUM will maintain Security Measures to protect Client Data from accidental loss and from unauthorized access, use, alteration, or disclosure. Subject to Section 7.3 (GRADIUM Warranties), GRADIUM may modify the Security Measures from time to time.

6. Personal Data.  Where Client is deemed data controller under Applicable Privacy Laws GRADIUM shall process any Client Personal Data on behalf of Client, as data processor, pursuant to the terms of the Data Processing Addendum, and the Parties agree to comply with such terms. GRADIUM processing of  Personal Data as data controller, whether Client is deemed data controller, are set forth in GRADIUM’s Privacy Policy available at the following link and any succeeding link: https://gradium.ai/privacy

7. Zero Data Retention. If the Zero Data Retention is activated, Client acknowledges and agrees that GRADIUM will not store any Client Data and will immediately delete Client Data after the generation and provision of Output. By exception to the foregoing, GRADIUM may retain Voice Sample and Voice Reproduction solely for the purpose of providing the Services. As applicable, Zero Data Retention is subject to additional Fees.

8. Overuse. The Services are subject to usage limitations described in the applicable Service Plan. GRADIUM shall notify Client by email when its use of the Services reaches both 80% and 100% of the Services use limitation. If not already activated, Client can decide to activate Usage Overage Fees to continue using the Services beyond the Services use limitations for the applicable subscription period. If Usage Overage Fees are not activated, GRADIUM shall block the use of the Services above 100% of the Services use limitation for the current subscription period, without any liability for GRADIUM.

9. Services and Service Plan Updates and Modifications. Subject to Section 7.3 (GRADIUM Warranties), GRADIUM may from time to time and in its discretion provide updates, modifications or upgrades to the Services and Service Plans, but is under no obligation to do so. All references herein to the Services and Service Plans shall include updates and modifications thereto. The Agreement shall govern any update that replaces or supplements the original Services and Service Plan, unless the update is accompanied by separate supplemental terms which will govern the revision. If a modification to Service Plans introduce new or additional Services limitations to Client, Client’s current Service Plan shall remain in force for the duration of the current subscription period. After that subscription period ends or at the date indicated by GRADIUM, Client’s subscription will automatically switch to the modified Service Plan at the time of renewal and for the same duration as the initial subscription term, unless Client terminates the Agreement in accordance with Section 3.1 (Term) and at least ten (10) days before the change of Service Plan takes effect.

10. Upgrade of Service Plan. Subject to GRADIUM’s approval, Client may request to upgrade its Service Plan. The new Service Plan will then replace the previous Service Plan for the same Term, unless otherwise specified in the applicable Service Plan description, and Client shall pay the applicable Service Plan Fees.

11. Maintenance. Access and use of the Services may be interrupted from time to time for maintenance of the Services carried out by GRADIUM. Except for emergency maintenance, GRADIUM shall take commercially reasonable measures to carry out maintenance during French continental non-business hours and to provide reasonable prior notice to Client.

12. Beta Services. From time to time, GRADIUM may offer services identified as beta, pilot, developer preview, non-production, evaluation or by a description of similar import (“Beta Services”). Client may accept or decline Beta Services. If Client accepts Beta Services, Beta Services: (i) are provided only for evaluation purposes; (ii) may not be relied on by Client for production use; (c) may not be supported; and (d) may be subject to additional terms. Unless otherwise stated, any Beta Services trial period will expire on the date that a version of the Beta Services becomes generally available or is discontinued.  GRADIUM may discontinue Beta Services at any time in its sole discretion and may never make Beta Services generally available. ALL BETA SERVICES ARE PROVIDED “AS IS” AND “AS AVAILABLE” WITHOUT ANY WARRANTY OF ANY KIND. BETA SERVICES MAY BE TERMINATED AT ANY TIME. GRADIUM DISCLAIMS ALL OBLIGATION AND LIABILITY UNDER THE AGREEMENT FOR ANY HARM OR DAMAGE ARISING OUT OF OR IN CONNECTION WITH A BETA SERVICE, INCLUDING ANY OBLIGATION OR LIABILITY WITH RESPECT TO CLIENT DATA. ANY CLIENT DATA ENTERED INTO BETA SERVICES MADE TO BETA SERVICES BY OR FOR CLIENT, MAY BE PERMANENTLY LOST IF THE BETA SERVICES ARE SUSPENDED, TERMINATED, OR DISCONTINUED.

2. Client’s Obligations

13. Client’s responsibilities. Client agrees and acknowledges that Client is responsible:

1. For the provision, use and maintenance of Client Environment and Client Service, including but not limited to any telecom service allowing voice exchanges between Callers and Output and any applicable rerouting of Callers to third parties, speech-to-text AI systems transcribing Caller’s speech into text where the SST Model is not provided by GRADIUM, and any AI system inferring responses to be provided to Callers and transmitted to the Services as Input to produce corresponding Output.
2. To inform Callers that they are interacting with an AI system in accordance with Applicable Laws.
3. For properly configuring Client Environment with the Services in accordance with the Documentation as applicable.
4. For providing all equipment, systems, assets, access, and ancillary goods and services needed to access and use the Services, and for ensuring their compatibility with the Services.
5. For interactions of Callers with Client Service and any consequence resulting from such interactions.
6. For storing and making backup of all Callers’ discussions, and relating Input and Output, in accordance with the state of the art. For the avoidance of doubt, this paragraph shall not constitute an obligation upon Client to carry out such backup if it is not necessary for Client, being reminded that GRADIUM shall in any case not be responsible for such task.  

14. Input and Output. Client is responsible, in particular with respect to compliance with Applicable Laws and Applicable Privacy Laws for:

1. Input provided to the Services.
2. Output transcribing faithfully textually or vocally the content of the Input.
3. Providing appropriate and required notices and information to Callers and any individual whose data is processed as Input, Output and/or Voice Reproduction.
4. Obtaining consents where applicable, including but not limited to the collection, recording and transcription of Caller’s speech, Caller’s interaction with an artificial intelligence system and any individual’s voice processed as Input, Output and/or Voice Reproduction. Client shall obtain and maintain any required consents necessary to permit the processing of Client Data by GRADIUM under the Agreement including but not limited to any individual consent required to record Callers, provide Voice Sample to produce Voice Reproduction, provide Input to produce Output, or with respect to any content included into Input such as Intellectual Property Rights.
5. Ensuring every Input submitted through the Services complies with Applicable Laws and are accurate and appropriate for their purpose.

15. Personnel, Users and Performance. As applicable, Client shall be responsible for the performance of its personnel (including employees and contractors) and users’ use of the Services in compliance with the Agreement and Applicable Laws.  Client enters into the Agreement on behalf of the users that make use of the Services under its subscription. Client shall ensure that users comply with the terms of the Agreement and any act, omission, breach, or negligence committed by users will be deemed an act, omission, breach or negligence of Client for all purposes under the Agreement, and Client shall be jointly and severally liable for any such act, omission, breach, or negligence committed by users.

16. Usage Restrictions.  Client shall not:

1. Use the Services in a way that is not compliant with the Agreement and/or Applicable Laws.
2. Direct the Services to generate any Output in violation of any applicable Intellectual Property Right, contractual restriction, privacy or publicity right of any other person, or otherwise violate any Applicable Law.
3. Upload, submit, create, transmit, display, perform, post, store, or otherwise make available through the Services any content, including Input and Voice Output, that is unlawful, threatening, defamatory, obscene, excessively violent, deceptive, fraudulent, libelous, unethical, invasive of privacy or publicity rights, harassing, abusive, hateful, discriminatory, violent, or cruel, or otherwise use the Services in a manner that is obscene, excessively violent, harassing, hateful, cruel, abusive, inciting, organizing, promoting or facilitating violence or criminal activities.
4. Direct and/or use the Services to impersonate another person or business without their explicit authorization.
5. Direct and/or use the Services to create, provide, disseminate disinformation, misleading, inaccurate or false content or information, promote unlawful activities or for political reasons (e.g. campaigning, lobbying, fundraising, solicitation etc).
6. Direct and/or use the Services to provide medical, legal or financial advice without the necessary qualifications.
7. Use the Services to access GRADIUM’s Intellectual Property Rights except as permitted under the Agreement.
8. Use the Services to store, transmit or display Malicious Code.
9. Modify or try to modify the Services and Documentation.
10. Interfere with or disrupt the integrity or performance of the Services.
11. Attempt to gain unauthorized access to any of GRADIUM’s datacenters, systems, models or networks.
12. Permit direct or indirect access to or use the Services in a way that circumvents a usage or capacity limit of the Services, or for a purpose that is not authorized under the Agreement.
13. Sell, resell, license, sublicense, distribute, redistribute, rent, make publicly available or lease the Services.
14. Copy, modify, improve the Services or create a derivative work of the Services or any part, feature, function, or user interface thereof.
15. Access, use, modify, copy, analyze any part of the Services, including Output and Voice Reproduction, or the Documentation to develop a competitive AI model, AI system, product, software or service.
16. Access, duplicate, reverse engineer, decompile, translate, disassemble, decode or otherwise attempt to extract any or all of the source code, algorithm, object code, underlying structure, sequence, organization, file formats, non-public APIs, or ideas of any part of the Services for any purpose, even to correct errors, this ability being exclusively reserved to GRADIUM.
17. Alter, remove or obscure any copyright, trademark or other proprietary notices or confidentiality legend on the Services.
18. Frame or mirror the Services without GRADIUM's express prior written consent or use any robot, spider, site search/retrieval application or other manual or automatic device to retrieve, index, “scrape,” “data mine,” or in any way gather any messages, text, files, images, photos, video, sounds, profiles, works of authorship, or any other content from the Services or reproduce or circumvent the navigational structure or presentation of the Services without GRADIUM’s express prior written consent.
19. Use the Services in any situation of medical and drugs advice, emergency healthcare and emergency services, healthcare diagnostic, assessment and prescription, aircraft or other modes of human mass transportation or nuclear or chemical facilities.
20. Circumvent, disable or otherwise interfere with security-related features of the Services that prevent or restrict use or copying of any content or that enforce limitations on use of the Services.

Client shall be solely responsible for any consequence resulting from its violation of this Section. In the event GRADIUM reasonably believes a violation of this Section has occurred, GRADIUM will have the right, but not the obligation, to investigate the suspected violation and suspend access from the Services for so long as reasonably necessary to address the potential violation. GRADIUM will notify Client by email of any such suspension and work with Client in good faith to resolve the potential violation. Such suspension notice will be provided in advance, unless GRADIUM reasonably believes the suspected violation creates an urgent or emergency situation where a failure to take immediate action may put GRADIUM, Client, or other GRADIUM clients at risk of imminent harm. If Client materially fails to comply with Client’s obligations under this Section (Usage Restrictions), GRADIUM may terminate the Agreement immediately for cause pursuant to Section 3.2 (Termination for Cause).

17. Moderation. GRADIUM does not undertake to review all Client Data and disclaims any duty or obligation to undertake any monitoring or review of any Client Data. Without prejudice to the foregoing, GRADIUM may delete or remove Client Data or refuse to generate any Output if such Client Data violates the Agreement and/or Applicable Laws.

18. Client Login Information. Client must protect the confidentiality of Services login credentials provided by GRADIUM. Login credentials and any Client’s account are personal and cannot be shared. Client shall be responsible to prevent unauthorized access to or use of the Services, and shall accordingly for breach of the Agreement caused by any unauthorized use of the Services. Client shall promptly notify GRADIUM if it suspects or knows of (i) any fraudulent activity with its accounts, passwords, or credentials, (ii) if they are lost or become compromised, and/or (iii) in case of unauthorized access or use of the Services via Client’s login credentials.

3. Term and Termination

19. Term. The Agreement duration shall be based on Client’s subscription, which may either be a monthly subscription (based on calendar months) or an annual subscription (based on the Effective Date). Client’s subscription shall be tacitly and automatically renewed at the end of each current term for an additional month or year as the case may be, unless either Party gives notification to the other Party of its intent not to renew the Agreement with a ten (10) day prior notice for monthly subscriptions and sixty (60) days prior notice for annual subscriptions before the end of the subsequent term (the initial subscription term and any subsequent terms being together the “Term”).

20. Termination for Cause. Client or GRADIUM may terminate the Agreement for cause (i) upon fifteen (15) days’ written notice to the other Party in the event of a material breach, including but not limited to the representations and warranties set forth in Section 7 (Warranties), if the material breach remains uncured at the expiration of the notice period, (ii) immediately in case of material breach if such material breach cannot be cured, or (iii) if the other Party (x) becomes the subject of a proceeding relating to insolvency, receivership, liquidation or assignment for the benefit of creditors to the extent permitted by Applicable Laws, (y) goes out of business or (z) ceases its operations.

21. Effect of Termination. Upon any expiration or termination of the Agreement, (i) Client will no longer have any right to use the Services; (ii) each Recipient will return or destroy Disclosing Party’s Confidential Information in its possession or control without undue delay, including but not limited to Voice Sample and Voice Reproduction, except for Client Data licensed pursuant to Section 5.1 (Client Data) for Services improvement and AI model training; and (iii) subject to Section 4.4 (Payment Disputes), the Parties will make any payments required under Section 3.4 (Refund or Payment upon Termination).

22. Refund or Payment upon Termination. If Client terminates the Agreement in accordance with Section 3.2 (Termination for Cause), Section 1.9 (Services and Service Plan Updates and Modifications), Section 4.2 (Fees Revision) or Section 22 (Modifications), GRADIUM will refund any prepaid Fees covering the remainder of the Term after the effective date of termination. If the Agreement is terminated by GRADIUM in accordance with Section 3.2 (Termination for Cause), Client will pay any unpaid Fees covering the remainder of the current Term. In no event will termination relieve Client of its obligation to pay any Fees payable for the period prior to the effective date of termination. If Client terminates the Agreement without cause prior to the end of the then current Term, Client shall be immediately liable for the balance of the Fees for the remainder of the current Term and there shall be no refund for partially used subscription periods.

4. Fees and Payment

23. Fees. Client will pay all Fees to Client. Fees details are described during the subscription process and Client will receive a summary of the applicable Fees once its subscription is complete . If Client agrees to Usage Overage Fees, and in the event Client’s usage exceeds the volume provided under its Service Plan, Client shall be charged the applicable Usage Overage Fees as described by the Usage Overage Fees financial conditions and failure to pay Usage Overage Fees may result in the suspension of use of the Services as described therein.  

24. Fees Revision. GRADIUM may change the Fees, including Usage Overage Fees, charged for the Services at any time by notifying updated pricing through the Services; provided, however, that the Fees for Client’s ongoing subscription shall remain in force for the duration of the current subscription period. After that subscription period ends, Client’s use of the Services shall be charged at the then-current subscription Fees or at the date indicated by GRADIUM. If Client does not agree to this Fees revision, Client must terminate the Agreement in accordance with Section 3.1 (Term) and at least ten (10) days before the change of Fees takes effect. In absence of such termination, Client’s subscription will automatically switch to the then-current Fees at the time of renewal or the date indicated by GRADIUM.

25. Payment methods. Client shall pay the Fees through the payment method set forth in the subscription process. Client represents and warrants that it has the right to use any payment method that is submitted in connection with a payment and that all payment information provided is true and correct. Client is responsible for any payment charge associated with its payment method. By submitting its payment information, Client hereby authorizes GRADIUM to collect and store Client’s payment information and charge Client for the Fees (including Usage Overage Fees) with no further action required from Client in accordance with the Agreement. Client is responsible for any payment fee associated to the payment method used for the payment of the Fees.

26. Invoicing Terms. Client will pay correct and undisputed invoices within seven (7) days from issuance of such invoice. Client shall pay upfront Fees on the day of subscription for the ongoing subscription period, and each subsequent Fees on an upfront basis on the subsequent subscription anniversary date(s) whether for monthly or yearly subscription periods (for illustration purpose, for a monthly subscription started on May 7th, the next payment date shall be June 7th).  

27. Late payment. If Client fails to pay undisputed Fees within five (5) days of the payment due date, GRADIUM reserves the right to suspend the provision of the Services after providing Client with a two (2) days’ prior notice of non-payment by email to Client. Suspension of the Services does not relieve Client of its obligation to pay all outstanding amounts and will last until full payment of the Fees due. Without prejudice of GRADIUM’s right to suspend the Services in accordance with this Section, and to terminate the Agreement for material breach in accordance with Section 3.2 (Termination for Cause), in the event of late payment, Client shall pay to GRADIUM an interest on the overdue amount accrued at the rate of ten (10) percentage points above the European Central Bank’s reference rate, from the due date until full payment is made, and recovery costs which may not be lower than (40) euros. This late payment compensation and interest are due automatically without the need for a formal reminder.

28. Taxes. Fees for Services do not include any taxes, levies, duties, or similar governmental assessments of any nature, including, for example, value-added, sales, use, or withholding taxes assessable by any jurisdiction whatsoever and applicable to the provision of the Services (collectively, “Taxes”). Client is responsible for paying all Taxes associated with the Fees. If GRADIUM is obligated by law to pay or collect Taxes for which Client is responsible, GRADIUM will invoice Client and Client will pay that amount unless Client can provide a valid tax exemption certificate authorized by the appropriate taxing authority. Client will provide GRADIUM any information GRADIUM reasonably requests to determine whether GRADIUM is obligated to collect Taxes.  Each Party is solely responsible for taxes assessable against its income, property, and employees in accordance with Applicable Laws.

5. Licenses and Intellectual Proprietary Rights

29. Client Data. As between the Parties and to the extent Client Data is protected by Intellectual Property Rights, Client shall own and retain all Intellectual Property Rights in Client Data. Client hereby grants GRADIUM and its Affiliates for the Term, a worldwide, nonexclusive, irrevocable, non-transferable (except as permitted in Section 9 (Assignment)), non-sublicensable (except to GRADIUM’s service providers for the below purposes), royalty-free, and limited license to use, store, copy, modify, transmit, display, publish, distribute, reproduce Client Data, and create derivative works thereof as necessary for GRADIUM to provide, manage, maintain and optimize the Services, which includes debugging, assessing, reviewing and correcting the performance of the Services in accordance with the Agreement, and exercise its rights under the Agreement. Except in case of activation of the Zero Data Retention, Client hereby grants GRADIUM and its Affiliates a worldwide, nonexclusive, irrevocable, non-transferable (except as permitted in Section 9 (Assignment)), non-sublicensable (except to GRADIUM’s service providers for the below purposes), royalty-free, and limited license to use, store, copy, modify, transmit, display, publish, distribute, reproduce Client Data, and create derivative works thereof as necessary for GRADIUM to analyse and improve the current and future Services, and train and develop any underlying AI model, including but not limited to the Models, for the greater of the duration necessary to achieve the intended purposes or the duration of the legal protection of any Intellectual Property Rights contained in Client Data. Except otherwise expressly provided in this Agreement, GRADIUM acquires no right, title, or interest from Client under the Agreement in or to Client Data. Client acknowledges that due to the nature of generative AI tools, Outputs may not be unique and users of the Services may receive their own Output that is similar or the same as Client’s Output. Client hereby waives and releases GRADIUM and any of its Affiliates from any claim that another user’s Output is the same as, or reproduces, any of Client’s Output.

30. Services and Models. As between GRADIUM and Client, GRADIUM shall own and retain all Intellectual Property Rights in (a) the Services including but not limited to the Models, the API, the Documentation, text, graphics, images, photographs, videos, illustrations, its website and other content contained therein, and all improvements, enhancements or modifications thereto; and (b) any software, applications, inventions or other technology developed in connection with the Services, its website or support. Client shall not take any action inconsistent with GRADIUM’s Intellectual Property Rights. In consideration of the Fees, GRADIUM grants Client for the Term and Territory a personal, limited, non-exclusive, non-transferable, non-sublicensable license to use the Services in accordance with the Agreement and solely for the provision of Client Service. Where the Service Plan subscribed is a free plan, the aforementioned license is only given for Client’s internal and non-commercial purposes. No rights are granted to Client except as expressly set forth in the Agreement

31. Feedback. Client may, but is not required to, give GRADIUM Feedback, in which case Client gives Feedback “AS IS”. Client acknowledges and expressly agrees that any contribution of Feedback does not and will not give or grant Client any right, title or interest in the Services or in any such Feedback. All Feedback becomes the sole and exclusive property of GRADIUM, and GRADIUM may use, transfer, sub-license and disclose Feedback in any manner and for any purpose whatsoever, including AI model training and current and future Services improvement, without further notice or compensation to Client and without retention by Client of any proprietary or other right or claim, for the whole world and for the greater of the duration necessary to achieve the intended purposes or the duration of the legal protection of any Intellectual Property Rights contained in the Feedback if any.

6. Liability

32. Limitation of Liability.  UNLESS EXPLICITLY STATED OTHERWISE IN THE AGREEMENT, IN NO EVENT WILL GRADIUM’S (TOGETHER WITH ALL OF ITS AFFILIATES) AGGREGATE LIABILITY ARISING OUT OF OR RELATED TO THE AGREEMENT (REGARDLESS OF THE NUMBER OF INDIVIDUAL INCIDENTS GIVING RISE TO LIABILITY) EXCEED ONE HUNDRED PERCENT (100%) OF THE TOTAL AMOUNT PAID BY CLIENT HEREUNDER FOR THE SERVICES GIVING RISE TO THE LIABILITY IN THE SIX (6) MONTHS PRECEDING THE FIRST INCIDENT OUT OF WHICH THE LIABILITY AROSE OR ONE-HUNDRED (100) EUROS, WHICHEVER THE GREATER. THE ABOVE LIMITATIONS WILL APPLY WHETHER AN ACTION IS IN CONTRACT OR TORT AND REGARDLESS OF THE THEORY OF LIABILITY. HOWEVER, THE ABOVE LIMITATIONS WILL NOT LIMIT CLIENT’S PAYMENT OBLIGATIONS UNDER SECTION 4 (FEES AND PAYMENT) OR CLAIMS FOR WHICH LIABILITY CANNOT BE LIMITED UNDER APPLICABLE LAWS.

33. Exclusion of Consequential and Related Damages. IN NO EVENT WILL GRADIUM HAVE ANY LIABILITY TO CLIENT, TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAWS, FOR ANY INDIRECT DAMAGES INCLUDING LOST PROFITS, LOST MARGIN, LOST OPPORTUNITIES, INTERRUPTION OF BUSINESS, LOSS OF DATA, OR SPECIAL, INCIDENTAL, CONSEQUENTIAL, COVER, OR PUNITIVE DAMAGES, WHETHER AN ACTION IS IN CONTRACT OR TORT AND REGARDLESS OF THE THEORY OF LIABILITY, EVEN IF GRADIUM HAS BEEN ADVISED OF THE POSSIBILITY OF THESE TYPES OF DAMAGES OR A GRADIUM’S REMEDY OTHERWISE FAILS OF ITS ESSENTIAL PURPOSE. THE FOREGOING DISCLAIMER WILL NOT APPLY TO THE EXTENT PROHIBITED BY APPLICABLE LAWS.

7. Warranties

34. Mutual Warranties.  Each Party represents and warrants to the other that it:

1. Any individual signing on behalf of each Party has the legal power and authority to enter into the Agreement on behalf of said Party.
2. Is duly organized, validly existing, and in good standing under the Applicable Laws of the jurisdiction of its origin.

35. Client Warranty. Client represents and warrants that:

1. It has at all times all the rights, licenses, consents, authorizations, permissions, power and/or authority necessary to provide to Gradium any Input and create any Output or Voice Reproduction based on Client’s Input, and to grant the rights necessary to GRADIUM on Client Data pursuant to the Agreement.
2. Client Data do not and will not infringe any third party right, including Intellectual Property Rights, data protection or privacy rights.
3. Client and users shall use the Services in accordance with the Agreement and Applicable Laws.
4. The warranties given to a Client’s customer pursuant to the Client Service and covering the subcontracted Services do not go beyond the ones given in the Agreement; any such warranty, promises or commitments given or made by Client are not binding for GRADIUM and are at the sole responsibility of Client.

36. GRADIUM Warranties. GRADIUM represents and warrants to Client that during the Term, GRADIUM:

1. will not materially reduce the general functionality of the Services and the overall effectiveness of the Security Measures.
2. Takes industry standard steps to help ensure when used in accordance with the Agreement, the Services do not include Malicious Code.

GRADIUM shall not be liable for any breach of the warranties set forth in this Section if such non-compliance results from:

1. Services degradation or suspension as a result of Client exceeding any applicable limits set forth under the Agreement.
2. Client’s breach of the Agreement or use of the Services not in compliance with the Agreement or Documentation.
3. Client’s failure to configure the Services, and Client Environment in accordance with the Documentation.
4. Failures of, or issues with, Client Environment and Client Service.
5. Force Majeure Events.
6. Unavailability of the Services that result from equipment and/or software of third parties where such equipment and/or software is not within the control or responsibility of GRADIUM.
7. GRADIUM’s suspension or termination of the Services pursuant to the Agreement.  

Without limiting GRADIUM’s obligations pursuant to Section 1 (GRADIUM’s Obligations), Client’s exclusive remedies for a breach of a warranty in this Section (GRADIUM Warranties) shall be to exercise the express rights described in Sections 3.2 (Termination for Cause) and 3.4 (Refund or Payment upon Termination).  

37. Disclaimers. EXCEPT AS EXPRESSLY PROVIDED IN THIS SECTION OR IN THE AGREEMENT, THE SERVICES ARE PROViDED “AS IS” AND GRADIUM MAKES NO WARRANTY OR GUARANTY OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE, AND GRADIUM SPECIFICALLY DISCLAIMS ALL WARRANTIES, WHETHER IMPLIED, EXPRESS, OR STATUTORY, INCLUDING ANY IMPLIED WARRANTY OF TITLE, MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT, TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAWS. EXCEPT AS OTHERWISE INDICATED IN THE AGREEMENT, GRADIUM DISCLAIMS ANY WARRANTY THAT THE OPERATION OF THE GRADIUM SOFTWARE OR THE SERVICES WILL BE ERROR-FREE, ACCURATE OR UNINTERRUPTED.

8. Indemnification

38. Indemnification by Client. Client will indemnify and defend GRADIUM against any and all third party claims (subject that such claims are not initiated by GRADIUM’s Affiliates), suits or proceedings (each a “GRADIUM Covered Claim”) and all resulting judgments, liabilities, awards, damages, and costs, including reasonable attorneys’ fees and expenses, finally awarded by a court of competent jurisdiction, or included as part of a final settlement payable to a third party based on a claim arising out of or in connection with:

1. Input.
2. Client’s violation of its warranties set forth in Section 7.2 (Client Warranties).
3. Client’s use of the Services in breach of the Agreement and/or Applicable Laws.

Provided GRADIUM (x) promptly gives Client written notice of the GRADIUM Covered Claim; (y) gives Client sole control of the defense and settlement of the GRADIUM Covered Claim (except that Client may not settle any GRADIUM Covered Claim unless it unconditionally releases GRADIUM of all liability related to the GRADIUM Covered Claim); and (z) give Client all reasonable assistance in connection with the defense or settlement of such GRADIUM Covered Claim, at Client’s expense. The above defense and indemnification obligations do not apply to the extent a GRADIUM Covered Claim arises from GRADIUM’s breach of the Agreement.  

39. Additional Indemnities. For purposes of this Section 8 (Indemnification), a GRADIUM Covered Claim shall include a claim against GRADIUM, GRADIUM’s Affiliates, and GRADIUM’s or its Affiliates’ officers, directors, and employees.

9. Assignment. Neither Party may assign any of its rights or obligations under the Agreement, whether by operation of law or otherwise, without the other Party’s prior written consent (not to be unreasonably withheld) provided, however, GRADIUM may assign the Agreement in its entirety, without Client’s consent (a) to its Affiliates or (b) in connection with a merger, acquisition, corporate reorganization, or sale of all or substantially all of its assets. The Agreement will bind and inure to the benefit of the Parties, their respective successors, and permitted assigns.

10. Manner of Giving Notice

40. Updates. All updates to any cross-referenced document or policy will be posted online to its designated address. Updates to the Documentation and Security Measures will be effective upon notification.

41. Notices.  Any notice, request, or approval about the Agreement must be in writing and sent to the notice address set out in the preamble or the subscription process, unless explicitly provided otherwise in the Agreement. Notices will be deemed given (i) upon confirmed delivery if by email, registered or certified mail, or personal delivery; or (ii) two days after mailing if by overnight commercial delivery.

11. Confidentiality

42. Confidential Information. “Confidential Information” means all information disclosed by a Party ("Disclosing Party") to the other party ("Recipient"), whether orally or in writing, that is designated as confidential or, given the nature of the information and the circumstances of disclosure, should be understood to be confidential. Client’s Confidential Information includes but is not limited to Client Data and Output. GRADIUM’s Confidential Information includes but is not limited to the Services, the Models, the API and the Documentation. Confidential Information of each Party includes but is not limited to the non-public terms and conditions of the Agreement, pricing, business and marketing plans, technology and technical information, developments, product plans and designs, and business processes disclosed by each Party in connection with the Agreement and more generally any information exchanged pursuant to the Agreement. Confidential Information does not include information that: (i) is at the time of disclosure, or later becomes, generally known to the public through no fault of Recipient; (ii) was known to the Recipient with no obligation of confidentiality prior to disclosure by Disclosing Party, as proven by records of Recipient; (iii) is disclosed to Recipient by a third party who did not directly or indirectly obtain the information subject to any confidentiality obligation; or (iv) is at any time independently developed by Recipient without use of Disclosing Party’s Confidential Information as proven by records of Recipient.

43. Protection of Confidential Information. Except as provided in Section 11.3 (Compelled Disclosure) Recipient shall not disclose or otherwise make available any Confidential Information of Disclosing Party to anyone except those of its employees, directors, attorneys, agents and consultants who: (i) need to know the Confidential Information in connection with the purpose of the Agreement and (ii) who have previously agreed to be bound by confidentiality obligations no less stringent than those in the Agreement. Each Party shall (i) safeguard all Confidential Information of the other Party with at least the same degree of care (but no less than reasonable care) as it uses to safeguard its own Confidential Information and (ii) not use any Confidential Information of the other Party for any purpose outside the scope of the Agreement.

44. Compelled Disclosure. If Recipient is compelled by law to disclose Confidential Information of Disclosing Party, then to the extent legally permitted, Recipient shall provide Disclosing Party with prior notice of the compelled disclosure and reasonable assistance, at Disclosing Party’s cost, if Disclosing Party wishes to contest the compelled disclosure. Any compelled disclosure shall be limited to the extent required and shall be subject to confidentiality protections to the extent practicable. If Recipient is compelled by law to disclose Disclosing Party’s Confidential Information as part of a proceeding to which Disclosing Party is a party, and Disclosing Party is not contesting the disclosure, Disclosing Party will reimburse Recipient for its reasonable cost of compiling and providing secure access to that Confidential Information.

45. Duration of confidentiality obligations. Confidentiality obligations set forth under this Section shall apply for five (5) years after the end of the Agreement.         

12. Export regulations. Client acknowledges and expressly agrees that the Services provided by GRADIUM may be subject to applicable export control and sanctions laws and regulations, including but not limited to those imposed by the European Union, the United States, the UK, France and other jurisdictions. By accessing or using the Services, Client represents and warrants that:

46. it is not located in, organized under the laws of, or a resident of a country or territory subject to comprehensive sanctions or embargoes, including but not limited to Cuba, Iran, North Korea, Syria, or the Crimea, Donetsk, and Luhansk regions of Ukraine;
47. it is not identified on any government-issued list of prohibited or restricted parties;
48. it shall not, directly or indirectly, use, export, re-export, transfer, divert, or disclose any portion of the Services or related technology:

1. to or for the benefit of any entity or individual prohibited under applicable export control or sanctions laws;
2. to or for the benefit of any entity or individual located in, organized under the laws of, or a resident of a country or territory subject to comprehensive sanctions or embargoes, including but not limited to Cuba, Iran, North Korea, Syria, or the Crimea, Donetsk, and Luhansk regions of Ukraine; or
3. in any manner that would cause GRADIUM or its Affiliates to be in violation of applicable export control or sanctions laws.

13. Anti-corruption. Client shall not take any action that would be a violation of any Applicable Laws that prohibit the offering, giving, promising to offer or give, or receiving, directly or indirectly, money or anything of value to any third party to assist GRADIUM or Client in retaining or obtaining business. Examples of these kinds of laws include the U.S. Foreign Corrupt Practices Act, the French Act Sapin 2 and the UK Bribery Act 2010.

14. Right violation notification. If anyone believes that any content on the Services infringe any Intellectual Property Right, or privacy right that they  own or control, they may notify GRADIUM as follows:

By Certified Mail:
Sphere II
40, rue du Louvre, 75001 Paris, France
By Email: legal@gradium.ai

Please see Section 512(c)(3) of the Digital Millennium Copyright Act (DMCA) for the requirements of a proper notification. Failure to comply with all of the requirements of Section 512(c)(3) of the DMCA may result in the notice not being effective. Any knowingly material misrepresentation that any activity or material on the Services is infringing may give rise to liability and right for GRADIUM to claim damages.

15. Governing Law and Jurisdiction. The Agreement shall be governed by and construed in accordance with the laws of France excluding rules governing conflict of law and choice of law. The civil courts in Paris, France shall have exclusive jurisdiction to adjudicate any dispute arising out of the Agreement The Parties agree that the UN Convention on Contracts for the International Sale of Goods (Vienna, 1980) and the Uniform Computer Information Transaction Act or similar federal or state laws or regulations shall not apply to the Agreement nor to any dispute or transaction arising out of the Agreement.  

16. Subcontracting. Subject to the Data Processing Agreement, Client authorizes GRADIUM to subcontract part or all the Services, provided that GRADIUM shall remain liable for the performance of the Services in accordance with the Agreement and for any breach of the Agreement caused by its subcontractors.

17. Publicity. If explicitly indicated and authorized by Client, GRADIUM may use Client’s name and logo and general description of Client’s relationship with GRADIUM in press releases and other marketing materials and appearances.

18. Force Majeure. Neither Party will be liable for a delay or failure to perform its obligations of this Agreement if caused by a Force Majeure Event. However, this Section does not excuse Client’s obligations to pay Fees.

19. Relationship of the Parties. The parties are independent contractors. The Agreement does not create a partnership, franchise, joint venture, agency, fiduciary, or employment relationship between the Parties.

20. Third-Party Beneficiaries. There are no third-party beneficiaries under the Agreement.  

21. Entire Agreement. The Agreement supersedes all prior and contemporaneous agreements, proposals, or representations, written or oral, concerning its subject matter. In the event of any conflict or inconsistency among the following, the order of precedence shall be: (i) the Terms of Service and the Data Processing Agreement, and (iii) the Documentation and any document or policy cross-referenced in the Agreement. Any term or condition stated in a Client’s purchase order or other Client order documents is void.

22. Modification. To the extent permitted by Applicable Laws, GRADIUM may update the Terms of Service from time to time, including but not limited to changes to reflect changes of the Services, including to introduce new features or functionality or improve Services quality, changes to Applicable Laws;or security or safety reasons. GRADIUM will give Client at least thirty (30) days advance notice of changes to these Terms of Service that materially adversely impact Client via email. When Client’s subscription is on yearly basis, the aforementioned revised Terms of Service will apply, as indicated in GRADIUM’s notification, either at the renewal of the next subscription period, or after a thirty (30) day prior notice.Client may oppose the notified changes to the Terms of  Services in such delay and terminate the Agreement within this period. All other changes will be effective as soon as GRADIUM notify them to Clients.

23. Waiver. No failure or delay by either Party in exercising any right under the Agreement will constitute a waiver of that right.

24. Severability. If any provision of the Agreement is held by a court of competent jurisdiction to be contrary to law, the provision will be deemed null and void, and the remaining provisions of the Agreement will remain in effect.  

25. Interpretation. All reference in the Agreement to “including” means “including but not limited to”. All references to hours, days, months or years refer to calendar hours, days, months or years unless explicitly stated otherwise.

26. Survival. Any term or condition that by its nature is clearly intended to survive the expiration or termination of the Agreement, shall survive any expiration or termination of the Agreement, including but not limited to Sections 2.4 (Usage Restrictions), 3.3 (Effect of Termination), 3.4 (Refund or Payment upon Termination), 4 (Fees and Payment), 5 (Licenses and Intellectual Property Rights), 6 (Liability), 8 (Indemnification), 11 (Confidentiality), and 15 (Governing Law and Jurisdiction).

27. Signature. The Agreement shall be considered signed and accepted by Client by the subscription and/or use of the Services.

Exhibit 1- Data Processing Agreement

This Data Processing Agreement governs the Processing of Personal Data carried out by GRADIUM as part of its provision of the Services to Client, as Data Processor.

1. DEFINITIONS 

All capitalized terms used in this Data Processing Agreement will have the following meanings.

• Client Personal Data means any Personal Data Processed by GRADIUM as a Data Processor on behalf of Client or Third-Party Controller.
• Data Controller, Data Processor, Data Security Breach, Data Subject, Personal Data, Processing, and Supervisory Authority shall have the meaning given to them under European Data Protection Laws.
• Data Processing Agreement means this document.
• European Data Protection Laws means the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the e-Privacy Directive 2002/58/EC (as amended by Directive 2009/136/EC), their national implementations in the EEA, including the European Union, and all other data protection laws of the EEA, the United Kingdom (“UK”), and Switzerland, each as applicable, and as may be amended or replaced from time to time.
• International Data Transfer means any transfer of Personal Data to a Restricted Country.
• Non-EEA Country means any country located outside of the European Economic Area (EEA), regardless of whether it benefits from an adequacy decision from the European Commission.
• Restricted Country means any country located outside of the European Economic Area (EEA) and that does not benefit from an adequacy decision from the European Commission.
• SCC means the clauses annexed to the European Commission Implementing Decision 2021/914 of June 4th, 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to the GDPR.
• Sub-Processor means any Data Processor appointed by GRADIUM.
• Third-Party Controller means a Data Controller for which Client is a Data Processor.
• UK Addendum means the addendum to the SCCs issued by the UK Information Commissioner under Section 119A(1) of the UK Data Protection Act 2018 (version B1.0, in force March 21, 2022).
• The terms ”Share”, and ”Shared” shall have the same meaning given to them under the CCPA. The terms ”Sell” and ”Selling” shall have the meaning defined in Applicable Privacy Laws in the U.S.

All capitalized terms not defined herein shall have the meaning ascribed to them in the Terms of Service.

2. ROLE OF THE PARTIES AND PURPOSE OF THE PROCESSING

Client is the Data Controller and GRADIUM is the Data Processor with respect to the Processing detailed in Appendix 1. GRADIUM processes Client Personal Data on behalf of Client when Client uses the Services, as set out in Appendix 1.

If Client is a Data Processor on behalf of a Third-Party Controller, then Client shall act (i) as the single point of contact for GRADIUM; (i) obtain all necessary authorizations from such Third-Party Controller; (iii) ensure that the Third Party Controller provided notice and obtained any consents necessary for Processing by Service Provider as set forth in this Data Processing Agreement; and (iv) undertakes to issue all instructions and exercise all rights on behalf of such other Third-Party Controller.

3. MUTUAL OBLIGATIONS

Each Party shall comply with their respective obligations under the Applicable Privacy Laws and shall not, by any act or omission, cause the other to be in breach of any such obligations under the Applicable Privacy Laws.

4. OBLIGATIONS OF DATA PROCESSOR

The Parties agree that the subject matter, nature, purpose and duration of Processing performed by GRADIUM under this Data Processing Agreement as Data Processor, the type of Personal Data, and categories of Data Subjects, are as described in this Agreement and in Appendix 1.

When providing the Services, GRADIUM makes the following commitments as Data Processor:

1. GRADIUM shall process Client Personal Data only on Client's documented lawful instructions as set out in this Data Processing Agreement or as otherwise necessary to provide the Services. In this regard, such instructions may be provided by Client via the use of the Services and via this Data Processing Agreement. GRADIUM shall process Client Personal Data for no purpose other than as authorized under this Data Processing Agreement, unless required to do so by applicable laws. In such a case, GRADIUM shall promptly inform Client of such legal requirement, unless prohibited to do so by applicable laws.

2. GRADIUM shall ensure that GRADIUM’s staff members have committed themselves to confidentiality of Client Personal Data, that staff members Processing Client have a need to know the relevant Client Personal Data for the provision of the Services and that Sub-Processors are under confidentiality obligations substantially similar to the confidentiality obligations imposed on GRADIUM pursuant to the Data Processing Agreement.

3. Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing, as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, GRADIUM shall implement and maintain the Security Measures to protect Client Personal Data from any Data Security Breach. The Security Measures implemented by GRADIUM under this Data Processing Agreement are listed in Appendix 3. Client acknowledges that such Security Measures are subject to technical progress and development and that GRADIUM may update them from time to time, provided that such updates do not materially decrease the overall security of the Processing governed by this Data Processing Agreement. GRADIUM shall provide Client with reasonable and timely assistance to allow Client to comply with its obligations under Article 32 of the GDPR.

4. Taking into account the nature of the Processing and the information available to GRADIUM, GRADIUM shall notify Client without undue delay and not later than forty-eight (48) hours after having become aware of a Data Security Breach affecting Client Personal Data. GRADIUM shall cooperate with Client, and if requested by Client, GRADIUM shall (i) provide Client with reasonable information about the Data Breach in its possession such as the nature of the personal data affected, or the cause and origin of the Data Security Breach, and (ii) provide reasonable assistance to Client to mitigate or remediate the Data Security Breach.

GRADIUM has no obligation to assess Client Personal Data in order to identify if they are subject to any specific legal requirements.

Upon Client’s written request, taking into account the nature of the Processing and the information available to GRADIUM, this latter shall provide Client with commercially reasonable assistance to conduct a data protection impact assessment and to conduct a prior consultation with a Supervisory Authority when required by Applicable Privacy Laws and reasonably requested by Client, solely with respect to the Processing and Client Personal Data.

Taking into account the nature of the Processing, GRADIUM shall provide Client with commercially reasonable assistance (by appropriate technical and organizational measures) with respect to the fulfilment of Client’s obligation to respond to requests from Data Subjects to exercise their rights under the Applicable Privacy Laws (a “Data Subject Request”). In the event GRADIUM receives a Data Subject Request directly from a Data Subject, it shall (unless prohibited by applicable laws) promptly notify Client of such Data Subject Request, and direct the Data Subject to Client. Client will be responsible for responding to any such Data Subject Request.

GRADIUM shall immediately inform Client if, in its opinion, Client’s Processing instruction infringes the Applicable Privacy Laws. In such event, GRADIUM is entitled to refuse to perform the Processing of Client Personal Data that it believes to be in violation of the Applicable Privacy Laws.

5. USE OF SUB-PROCESSORS

Client hereby provides a prior and general authorization allowing GRADIUM to appoint any Sub-Processors to assist GRADIUM in the provision of the Services and in the Client Personal Data Processing described in Appendix 1, in accordance with the terms provided in this Data Processing Agreement.

GRADIUM commits that Sub-Processors (i) are to fulfil obligations at least equivalent to those set out in this Data Processing Agreement with respect to Personal Data protection; (ii) provide guarantees regarding Personal Data protection at least equivalent to those presented by the measures implemented by GRADIUM. GRADIUM remains liable to Client for the fulfilment by the Sub-Processors of their contractual obligations towards GRADIUM.

Client hereby agrees that GRADIUM may appoint Sub-Processors from the list of Sub-Processors in Appendix 2 of this Data Processing Agreement. GRADIUM shall update the list of any Sub-Processor to be appointed at least thirty (30) days prior to the date on which the Sub-Processor shall commence the Processing of Client Personal Data.

Client may object in writing to GRADIUM’s appointment of a new Sub-Processor within fifteen (15) days of such notice, provided that such objection is based on reasonable and substantiated grounds relating to compliance with Applicable Privacy Laws. If Client provides observations during this fifteen (15) days period, GRADIUM and Client will consult and negotiate in good faith to find a mutually acceptable resolution to address any objections raised by Client. If GRADIUM chooses to retain the Sub-Processor, GRADIUM shall inform Client at least thirty (30) days before authorizing the Sub-Processor to Process Client Personal Data, and either party may immediately discontinue providing or using the relevant parts of the Services, as applicable, and may terminate the relevant parts of the Services within thirty (30) days.

6. INTERNATIONAL TRANSFER OF CLIENT PERSONAL DATA

Unless GRADIUM otherwise explicitly commits not to transfer any Client Personal Data to a Non-EEA Country, Client authorizes GRADIUM to transfer Client Personal Data directly or indirectly to any country deemed to have an adequate level of data protection by the European Commission. Client also authorizes GRADIUM to perform International Data Transfers directly or indirectly to a Restricted Country (a) on the basis of adequate safeguards in accordance with Applicable Privacy Laws, including but not limited to the EU-US Data Privacy Framework, or (b) pursuant to the SCCs, as the case may be the UK Addendum if applicable, or any other transfer mechanism allowed pursuant to Applicable Privacy Laws.

This Section only applies if Client is located in a Restricted Country. By accepting this Data Processing Agreement, GRADIUM and Client conclude Module 4 (Processor-to-Controller) of the SCCs where Client is a Data Controller, and Module 3 (Processor-to-Processor) of the SCCs to the extent Client is a Data Processor on behalf of a Third-Party Controller, which are hereby incorporated and completed as follows and apply to any International Data Transfer conducted by GRADIUM acting as a Data Processor:

1. The “data exporter” is GRADIUM and the “data importer” is Client.
2. The optional docking clause in Clause 7 is not implemented.
3. Option 2 of Clause 9(a) is implemented and the time period therein is specified in Section 5 above.
4. The optional redress clause in Clause 11(a) is struck.
5. Option 2 in Clause 17 is implemented and the governing law in Clause 17 is the law of France.
6. The courts in Clause 18  are the Courts of France.
7. Annex I and II to the Modules 3 and 4 of the SCCs are Appendices 1 and 3 to this Data Processing Agreement respectively.

If GRADIUM has explicitly committed not to transfer any Client Personal Data to a Non-EEA Country a, the aforementioned parts of this Section shall not apply and GRADIUM undertakes not to transfer any Client Personal Data to a Non-EEA Country.

7. AUDIT

Documentary audit. Upon Client’s written request, GRADIUM will make available all documents and information to demonstrate that the Processing carried out by GRADIUM as Data Processor complies with this Data Processing Agreement in a timely manner, to the extent that is commercially reasonable and required by the Applicable Privacy Laws, subject to confidentiality and trade secrets. Documentary audits can be requested maximum once per year.

Onsite audit. For this Section, “Auditor” will have the meaning of either Client or the third-party auditor mandated by Client under this Section to conduct an audit or inspection as set out in this Section solely with respect to the Processing and compliance with this Data Processing Agreement. Only to the extent Client cannot reasonably be satisfied with GRADIUM’s compliance with this Data Processing Agreement through the exercise of the documentary audit set out in this Section, Auditor may conduct up to one (1) onsite audit per year to verify GRADIUM’s compliance with this Data Processing Agreement, under the conditions defined below:

1. Client demonstrates that Auditor is subject to strict confidentiality obligations.
2. Client demonstrates that Auditor is independent, impartial and with expertise in data protection, and is not a competitor of GRADIUM.
3. The procedure described below is followed:

1. Client gives GRADIUM a thirty (90)-days prior written notice of such audit or inspection (hereafter “Audit”).
2. During this thirty (90)-days period, Client and GRADIUM mutually agree in writing upon the scope (which must be limited to Processing operations related to the provision of Services to Client), timing and duration and starting date of the Audit.
3. Client ensures that the Audit will not impact GRADIUM’s organization or GRADIUM’s activities, and is carried out during regular business hours.

4. GRADIUM will not give access to its premises for the purposes of the Audit:

1. To an Auditor’s employee who does not provide GRADIUM with reasonable evidence of identity and authority.
2. To any Auditor’s employee who requests access to GRADIUM’s premises outside regular business hours.

5. GRADIUM will not give access to premises other than its corporate site; for example, GRADIUM will not provide access to Sub-Processors’ premises.
6. The Audit is conducted by the Auditor in a reasonable manner and in good faith, an identical copy of the Audit report shall be given to both Parties following the completion of the Audit. Each Party may make observations regarding the Audit report.
7. All costs relative to the Audit will be at the charge of Client unless the Audit reveals a breach by GRADIUM of this Data Processing Agreement or Applicable Privacy Laws.

8. OBLIGATIONS OF DATA CONTROLLER

Client agrees and commits to the following:

1. Client is responsible for compliance with the requirements of Applicable Privacy Laws applicable to Data Controllers. In particular, Client guarantees that the Processing is compliant with the Applicable Privacy Laws and in particular that the Data Subjects are informed of the Processing via an appropriate information notice and have given their consent as necessary to comply with Applicable Privacy Laws, in particular where the Processing described in Appendix 1 includes sensitive data or special categories of data within the meaning of Applicable Privacy Laws.
2. Client is solely responsible for the accuracy and appropriateness of Personal Data and the means by which such Personal Data is acquired in compliance with the Applicable Privacy Laws. Client is solely responsible for providing GRADIUM with instructions that comply with this Data Processing Agreement and the Applicable Privacy Laws.
3. Client undertakes to document in writing any additional instructions regarding the Processing by GRADIUM.

9. RETURN AND DESTRUCTION OF PERSONAL DATA

Upon the termination of Client’s access to and use of the Services, GRADIUM will, up to forty-five (45) days following such termination, delete or return to Client, at Client’s choice, all Client Personal Data detained by GRADIUM except as otherwise authorized under the Terms of Service. Client acknowledges and accepts that Client Personal Data will no longer be accessible upon the expiry of the forty-five (45) day period. Without prejudice of any Zero Data Retention feature implemented as applicable, GRADIUM may retain Client Personal Data to the extent required by applicable law but only to the extent and for such period as required by such law and always provided that GRADIUM shall ensure the confidentiality of all such Client Personal Data.

10. California Provisions

These CCPA Terms apply when the California Consumer Privacy Act of 2018, Cal. Civ. Code §§1798.100–1798.199.100, as amended, and the CCPA regulations, Cal. Code Regs. §§7000–7304 (together, the “CCPA”) applies to Client’s use of the Services to process the Personal Information contained in Client Personal Data and Account Data.

Where the CCPA applies, GRADIUM acknowledges that it does not receive Personal Data as consideration for any Services provided to Client. GRADIUM: (i) is responsible for compliance with its obligations under this Data Processing Agreement, (ii) is responsible for compliance with its obligations as a service provider under the CCPA, and (iii) shall provide the same level of privacy protection as required by the CCPA. GRADIUM shall notify Client if it reasonably determines that it cannot meet its obligations under the CCPA, and in such circumstances, and upon provision of notice to GRADIUM, Client shall be entitled to take reasonable and appropriate steps to remediate unauthorized use of Personal Data. GRADIUM must not process the Personal Data for any purpose other than for the purpose of performance of the Agreement, except where and to the extent permitted by the CCPA.

GRADIUM shall not: (i) Sell or Share Client Personal Data; (ii) retain, use, or disclose Client Personal Data for any purpose other than for the purpose of performance of the Services except as expressly permitted under the CCPA; (iii) retain, use, or disclose Client Personal Data with Personal Data obtained from, or on behalf of, sources other than Client, except as expressly permitted under the CCPA; or (iv) process Client Personal Data for targeted and/or cross context behavioral advertising. GRADIUM certifies that it understands the restrictions set out in this Section and will comply with them. Solely for the purpose of the CCPA, GRADIUM shall promptly notify Client if it determines that it can no longer meet its obligations under the CCPA.

11. PROCESSING OF GRADIUM AS DATA CONTROLLER

GRADIUM processes Personal Data as Data Controller for the purposes set forth in GRADIUM’s Privacy Policy available at the following link and any succeeding link: dpo@gradium.ai.

Unless the Zero Data Retention feature is applicable or Client objected to the Processing, Client also authorizes GRADIUM and its Affiliates, and any party replacing GRADIUM to the Agreement, to reuse Client Personal Data for the purpose of improving current and future Services, and training any AI model or product as an independent Data Controller.  

GRADIUM undertakes to comply with the Applicable Privacy Laws in relation to all Processing for which it is classified as Data Controller. The information related to such Processing are set forth in Gradium’s Privacy Policy and Client undertakes to direct all its users of the Services to this Privacy Policy.

12. DURATION

This Agreement will remain in force as long as Client uses the Services.

13. JURISDICTION AND GOVERNING LAW

Any dispute arising from this Data Processing Agreement will be resolved by the competent courts of Paris, France in accordance with the Terms of Service.

This Data Processing Agreement is governed by the laws of France.

Appendix 1

Detail of Processing

1. PARTIES

Client as Data Controller or Data Processor of a Third-Party Controller, and data importer for the purposes of SCCs as applicable.

GRADIUM as Data Processor and data exporter for the purposes of SCCs as applicable.

2.          DURATION OF PROCESSING

If the Zero Data Retention feature is not activated, GRADIUM shall store Client Personal Data as Data Processor solely for the duration of the Services.

If the Zero Data Retention feature is applicable, GRADIUM shall not store any Input and Output after their respective ingestion and generation for a duration longer than necessary to the generation of Output and shall not be retained further. Notwithstanding the foregoing, GRADIUM may retain Voice Sample recordings that are (i) explicitly and separately provided by Client for the sole purpose of Voice Reproduction, and (ii) reasonably necessary to deliver the Voice Reproduction pursuant to the Services.

3.         SUBJECT-MATTER AND NATURE OF PROCESSING

Generation of Output and Voice Reproduction based on Client’s Input at Client’s request.

4.         FREQUENCY OF THE PROCESSING

On a continuous basis.

5.         PURPOSE OF PROCESSING

The purpose of the Processing of Client Personal Data is provision of the Services.

6.         DATA SUBJECTS

Data subjects whose characteristics, such as their voice, are present in Client’s Input and, as applicable, reproduced in Output.

7.         CATEGORIES OF PERSONAL DATA

Voice input, voice recordings, text input, or other content included in Client’s Input, and text or voice Output generated by GRADIUM based on Input provided by Client.

8.         SENSITIVE DATA

The Processing is not designed to include sensitive data or special categories of data within the meaning of Applicable Privacy Laws. If such Personal Data are processed, they will only be collected and processed according to Client’s instructions for providing the Services.

Appendix 2

Sub-Processors List

The list of Sub-Processors is available on our website https://gradium.ai/

Appendix 3

Security Measures

 GRADIUM implements the following Security Measures:  

• Real-time monitoring systems are implemented across the organization’s IT infrastructure to detect, log, and alert on suspicious or unauthorized activity. Alerts generated by the monitoring tools are reviewed promptly by the IT security team to ensure rapid response and incident containment.
• All internal and external web traffic is encrypted using HTTPS with Transport Layer Security (TLS), ensuring that data transmitted between clients, servers, and third-party services remains confidential and protected against interception or tampering. This encryption protocol provides robust authentication and integrity assurance, preventing man-in-the-middle attacks and safeguarding personal and business-critical information in transit.
• GRADIUM uses a virtual private cloud (VPC) which isolates GRADIUM’s cloud and traffic from the open web and whose entry points are controlled by GRADIUM via API to further strengthen access control and protect internal systems from external exposure.

As GRADIUM develops and expands, more organisational and technical measures will be implemented. Together, these measures form a cohesive security framework designed to maintain the confidentiality, integrity, and availability of data while supporting GDPR compliance.