Vertical Studio
Home
$VERTAI
Blog
Legal

Terms & Conditions

Terms of Service PDFData Processing Agreement PDF

Terms of Service

Update: January 22, 2026
Incorporating service-credits & subscription language

Vertical Studio B.V.
Julianaplein 36, Willemstad, Curaçao

1. Agreement to Terms

These Terms of Service (the "Terms") exclusively govern the relationship, and any Agreement or other agreements, between you ("User", "you", or "your") and Vertical Studio B.V., a company with limited liability incorporated under the laws of Curaçao, registered at: Julianaplein 36, Willemstad, Curaçao with trade register number 169067 ("Company", "we", "us", or "our"), governing your access to and use of the Vertical Studio platform (the "Platform") including any related Services, websites, applications, or associated ("Agreement"). These Terms shall be applicable even if we use third parties to perform the Agreement. No other terms and conditions shall be binding upon Company and will be null and void, unless accepted by it in writing. Company expressly rejects any general terms and conditions used by User.

By accessing or using the Platform, you acknowledge that you have read, understood, and agree to be bound by these Terms. If you do not agree to all of these Terms, you are expressly prohibited from using the Platform and our Services, and must discontinue use immediately. We reserve the right to modify these Terms unilaterally at any time. We will notify you of (material) changes.

New or amended Terms shall be applicable upon 14 days' notice to User, unless otherwise specified in writing unless a longer period is required by law. Continued use of the Platform after changes become effective constitutes acceptance of the revised Terms. If you do not agree with new or amended Terms (e.g. because the change is not in your favor), you may always terminate the Agreement in accordance with clause 5.4.

2. Eligibility

By using the Platform, you affirm that you are at least 18 years old (or the age of majority in your jurisdiction) and have the legal capacity to enter into the Agreement. If you are using the Platform on behalf of a legal entity, you represent and warrant that you have authority to bind that legal entity to these Terms and the remaining part of the Agreement.

3. Platform Services

The Platform provides an integrated, no-code environment for AI model customization, deployment, monetization, and creative content generation. The Platform combines a no-code studio, a unified AI model marketplace, AI-powered creative tooling, and a unified compute layer from decentralized- and partnered centralized sources to allow Users to build, distribute, purchase, and use specialized AI models ("Vertical Models"), foundational AI models ("Horizontal Models"), Datasets, and AI-generated video content.

"Dataset" is any proprietary knowledge base or dataset owned by a User. You will be clearly informed whenever you are interacting with AI-generated content on the Platform, including outputs from fine-tuned AI models, AI-generated video content, or Vertical Models or knowledge databases and Datasets connected through Retrieval-Augmented Generation ("RAG").

Users can either be "Creator" or "End-user", or both. Creators create Vertical Models, AI-generated video content, and/or make Datasets available via the Platform. End-users purchase and/or use Vertical Models, Datasets, and AI-generated video content offered via the Platform. Furthermore, "Revenue Share" means a unit of revenue to be received and used via the Platform, as further specified on the Platform.

Purpose of the Services

Through the Platform, Users interact with other Users of the Platform, and conclude and perform agreements with other Users. These Terms do not govern any (commercial and legal) relationship between Users. We are solely a platform facilitator for Users. The terms and conditions for interactions amongst Users are the subject matter of agreements that Users agree among themselves ("User Agreements"). Company is not a party to such User Agreements and shall not be held liable for any damages as a result of agreements or interactions between Users, as further described in clause 11 of these Terms.

"Services" provided by Company via the Platform are:

I. AI Model Customization

Create Vertical Models by:

  • Adjusting prompts posed to your Vertical Model;
  • Fine-tuning training of your Vertical Model with Datasets consisting of proprietary knowledge bases connected through RAG;
  • Fine-tuning training of your Vertical Model with your own Datasets to be connected;
  • The possibility of using a Dataset-creation agent offered by Company to help convert raw data (e.g., text, CSV, PDF) into structured Datasets for training.

II. Marketplace & Discovery (Vertical Stream)

Discover, exchange, and monetize Vertical Models and Datasets:

  • Creators may list their Vertical Models and Datasets for End-users to access and use via the Platform;
  • End-users can use Vertical Models and Datasets via the Platform interface or a private API and pay per inference with the Vertical Model or Dataset using Credits;
  • Creators earn Revenue Shares (up to 85% as further specified on the Platform) when their Vertical Models or Datasets are used by Users via the Platform;
  • Any agreement or interaction between Creators and End-users creates a direct relationship between the relevant Creator and End-user to which Company is no party.

III. AI Video Generation (Vertical Motion)

Generate multi-scene video content using AI:

  • Vertical Motion enables Users to generate professional video content composed of multiple scenes, transitions, and persistent visual elements through AI-powered video generation models made available via the Platform;
  • Users may define prompts, scene structures, transitions, parameters, and reference materials to guide video generation and request visual consistency of objects across scenes;
  • Vertical Motion is provided strictly as a creative and technical tooling environment. Company does not review, curate, approve, or control any video content generated through Vertical Motion and does not provide creative, editorial, legal, or compliance advice with respect to such content.

IV. Token Economy ($VERTAI)

Use the Platform's native ERC-20 token to access economic benefits, including:

  • Purchasing Credits with $VERTAI at a discounted rate (of 15% discount when paying with $VERTAI);
  • Staking tokens to earn Credits;
  • Participating in affiliate and loyalty programs offered through the Platform.

V. Compute Provision (Vertical Cloud)

Access scalable GPU- and cloud infrastructure via the Platform for training, inference, and hosting of Vertical Models:

  • The Platform automatically provides a unified compute layer from decentralized GPU networks (e.g., Akash, Nosana) and partnered centralized cloud providers (e.g., AWS).
  • This unified compute layer reduces costs for training, inference with, and hosting of Vertical Models (possibly equal to a 45% cost reduction vs. traditional cloud providers) through elastic scaling and intelligent load balancing.

4. Account Registration

You may be required to create an account to access certain Services via the Platform. You agree to provide accurate, current, and complete information when creating an account and to keep your details updated. You are responsible for all activities conducted under your account. We may suspend or terminate accounts that violate these Terms or another part of the Agreement.

We provide a mechanism for Users (free of charge via a dedicated online form on our Platform) to:

  • flag illegal or harmful content on or distributed via the Platform; and
  • appeal content moderation- or account suspension decisions. Flags or Appeals can be furthermore submitted via [email protected] and will be reviewed promptly. We commit to process all such reports and appeals promptly and transparently, in accordance with the European Digital Services Act.

5. Payment, Fees & Credits

For purposes of the Agreement, the "Pricing Page" means the Platform webpage currently located at https://www.verticalstudio.ai/pricing or any successor URL that lists current fees charged by Company, billing cycles of Company, subscription terms for Services, introductory offers of Company, and Credit-pack details for use of Services.

5.1 General Payment Terms

Certain Services provided via the Platform require the purchase of Credit(s) by Users or the receipt of Revenue Share(s) by Creators. Credits and Revenue Shares may be obtained or (if applicable) cashed out through payment methods offered by the Platform either constituting of approved cryptocurrencies (such as $VERTAI) or fiat-denominated currencies processed via third-party payment providers which are available in your jurisdiction. By initiating any payment transaction via the Platform, you represent and warrant that:

  • the payment information you provide is complete, current and accurate;
  • you are authorised to use the payment method selected by you; and
  • you authorise us, and any third-party payment provider acting on our behalf, to charge or deposit the amounts due.

Unless expressly stated otherwise in these Terms, all payment transactions via the Platform are final and non-refundable.

Credits constitute digital content that is supplied immediately upon purchase. By purchasing Credits, you expressly consent to immediate delivery of the Credits and acknowledge that you thereby waive your statutory 14-day right of withdrawal (as further specified via the Platform where applicable), unless you have not requested immediate delivery at the time of purchase.

Payments made using $VERTAI or other cryptocurrencies offered via the Platform are subject to network fees, exchange-rate volatility, and applicable blockchain confirmation times. You are solely responsible for ensuring that your relevant wallet address and payment details are complete, current and accurate at the time the payment transaction is executed.

5.2 Service Credits and Access

1. Nature of Credits. Credits represent reserved capacity tied to provision of Services; they have no exchange rate (standalone monetary value for return), are non-transferable and non-refundable, and can only be redeemed within the Platform.

2. Ways to Obtain Credits. Credits may be obtained under:

  • a) One-time Credit packs with defined Platform-access periods ("Pay-as-You-Go"); or
  • b) Recurring subscription plans that renew automatically and include a defined monthly allocation of Credits ("Subscription Plan").

The applicable rates, access periods, and other commercial terms applicable to Pay-as-You-Go and a Subscription Plan are specified on the Pricing Page.

Without limitation to the foregoing:

  • for Vertical Stream, Users may obtain Credits through Subscription Plans with a recurring fee and may optionally supplement such Subscriptions with additional Credit packs of lower denominations, as specified on the Pricing Page;
  • for Vertical Motion, no Subscription Plans are offered and access is provided exclusively through the purchase of one-time Credit packs, currently offered in denominations of EUR 20, EUR 50, and EUR 100, as specified on the Pricing Page.

3. Validity & Expiry.

  • a) Pay-as-You-Go Credit packs remain valid for the access period stated on the Pricing Page and expire automatically thereafter if unused.
  • b) Monthly Credits allocated under a Subscription Plan expire at the end of each applicable billing period if unused.
  • c) Daily bonus Credits (where offered by the Company) expire after the lapse of 24 hours of grant if unused. Such daily bonus Credits offers expire after the lapse of 24 hours since the start of such offer if unclaimed.

4. Non-Refundability. Purchases of Credits are non-refundable.

5.3 Subscription Plan Specifics

The Subscription Plan's term, and applicable fees, billing cycle, Credit-pack details, any introductory offers of Company and applicable scope of Service provision are described on the Pricing Page.

5.4 Subscription Plan Cancellation & Renewal Policy

Subscription Plans renew automatically at the end of each relevant billing period unless cancelled. To avoid renewal, you must cancel your Subscription Plan no later than 24 hours before the end of the current billing period using the cancellation feature provided in your account settings.

You can cancel any Subscription Plan in the same manner as you subscribed for the relevant Subscription Plan, via your account settings, without any additional steps or barriers.

If you cancel less than 24 hours before the end of the current billing period, you authorize us to charge the applicable Subscription Plan fees for the next billing period. Subscription Plan fees are non-refundable and will not be prorated, except when mandatory EU consumer protection laws in your jurisdiction require otherwise.

6. Intellectual Property Rights

Company (or its licensor or supplier, as applicable) is the exclusive owner of all intellectual property rights vesting in and relating to the Platform, including but not limited to software, underlying source- and object code, graphics, logos, AI-powered tooling (including video generation tooling), user interfaces, workflows, and technical infrastructure. These intellectual property rights include but are not limited to patents, patent applications, trademarks, trademark applications, database rights, service marks, trade names, copyrights, trade secrets, licenses, domain names, know-how, property rights and processes ("Intellectual Property Rights"). Nothing in these Terms shall be construed to assign or confer to User any Intellectual Property Rights pertaining to the Platform.

Company grants User a limited, non-exclusive, non-sublicensable, non-transferable and revocable license for the duration of the Agreement to access and use the Platform, including AI-powered creative tooling such as Vertical Motion, solely in accordance with these Terms and other parts of the Agreement as necessary for use of Services purchased by such User, and in a manner that complies with all legal requirements applicable to the use of the Platform. User will not copy, reproduce, exploit, resell, or distribute any part of the Platform without Company's explicit and prior written consent.

The Platform may allow Users to contribute, upload, generate, or share content, including but not limited to input materials, prompts, reference materials, Vertical Models, AI-generated outputs (including video content generated through Vertical Motion), Datasets, feedback, images, text, code, and suggestions (collectively, "Contributions").

As a User, you are responsible for your Contributions and warrant, represent and guarantee that you are the rightful owner and/or have obtained all necessary permission(s), rights, and/or license(s) from the rightful owner(s) of (the rights to) such Contributions and that no rights of third parties or any laws and/or licenses applicable to the Contributions forbid or restrict the reproduction, generation, making available to the public, modification, alteration, transmission, display, distribution, or other use of such Contributions.

By submitting Contributions to the Platform, you grant us a royalty-free, non-exclusive, sub-licensable, worldwide, irrevocable, perpetual license and all necessary permissions and/or consents required (with full right to sub-license) to reproduce, generate, make available to the public, modify, alter, transmit, distribute, display, and use your Contributions and any other materials provided or made available by you on the Platform, inter alia for the operation, maintenance, improvement, and promotion of the Platform and its Services.

If you fine-tune, modify, generate, or provide Vertical Models, AI-generated video content, or Datasets through the Platform as a Creator, you may be considered a "provider" under applicable EU AI law and, to the extent permitted under applicable law, are solely responsible for ensuring compliance with any applicable obligations.

7. Prohibited Activities

You agree not to:

1. Use the Platform and Services for any illegal activities or unauthorized purposes, including but not limited to:

  • a) using Vertical Models, Datasets, AI-generated video content, or other Services for biometric identification, social scoring, manipulative personalization, or other prohibited AI practices and uses which are banned under EU law (specifically the EU AI Act);
  • b) circumventing, disabling, or otherwise interfering with security-related features, safeguards, or technical restrictions of the Platform or any underlying Services;
  • c) uploading, transmitting, or introducing harmful or malicious software, code, or malware, including viruses, trojans, or similar components, to or through the Platform;
  • d) engaging in any activities that may harm, disrupt, overload, or misuse the Platform or its infrastructure, including but not limited to data scraping, automated extraction, reverse engineering, or unauthorized access;
  • e) creating, uploading, generating, or distributing hate speech, violent content, child sexual abuse material, non-consensual explicit content, misinformation, deepfakes, AI-generated deceptive content, or any other content that is unlawful under applicable law;
  • f) using the Platform, Vertical Models, Datasets, or AI-generated video content to generate hateful, offensive, discriminatory, deceptive, or otherwise inappropriate content that violates ethical or legal standards, including but not limited to content intended for fraud, impersonation, or prohibited financial or military applications;
  • g) using Vertical Motion or any AI-generated video content to create, generate, or distribute deepfakes, impersonations, or misleading representations of real persons, organizations, or public figures without a lawful basis or required consent;
  • h) generating or distributing audiovisual content through Vertical Motion that is deceptive, manipulative, or fraudulent in nature, including content presented as authentic or factual where such presentation is unlawful or reasonably likely to cause harm;
  • i) creating political persuasion, election-related content, targeted influence campaigns, or disinformation using Vertical Motion in violation of applicable laws or regulations;
  • j) using prompts, reference materials, or generated video content that infringe intellectual property rights, portrait rights, publicity rights, privacy rights, or other rights of third parties;
  • k) generating or distributing AI-generated video content that violates advertising, consumer protection, media, or audiovisual regulations applicable in the relevant jurisdiction;
  • l) attempting to bypass, override, or manipulate any content controls, usage limitations, safeguards, or restrictions implemented in connection with Vertical Motion or any third-party AI video generation models made available via the Platform.

8. Transparency Reports

We publish periodic transparency reports summarizing our content moderation actions, content statistics flagged by us, and systemic risk mitigation measures taken by us, in accordance with applicable EU law.

9. Privacy Policy

When you use our Platform, we collect certain personal data of you, such as your account credentials. These processing activities are governed by our Privacy Policy, which details how we collect, use, and protect your personal data.

If you as a User are based outside the EU and your Contributions include personal data or personal identifiable information, the warranties, representations and guarantees you make under article 6 of these Terms include any warranties, representations and guarantees with respect to privacy or personal data protection related rights vested in or related to such personal data or personal identifiable information. You shall at all times ensure compliance with any privacy or personal data protection related legislation as applicable to you as a User.

If you as a User are based in the EU and upload personal data on our Platform outside purely personal use, we operate as a Data Processor and you operate as a Data Controller under the EU General Data Protection Regulation. In this context, you as a User and we as Company agree on a Data Processing Agreement, attached as Annex to these Terms.

10. Blockchain-Based Transactions

The Platform utilises blockchain technology to facilitate certain transactions. In addition, the $VERTAI token provides access to premium Services and incentivises User participation. Blockchain transactions are immutable; once confirmed, they cannot be altered or reversed. You are solely responsible for managing your crypto assets, private keys and wallet addresses, and you agree to comply with all applicable laws and regulations regarding cryptocurrencies in your jurisdiction by using the $VERTAI token.

We are not liable for losses arising from your key- or wallet mismanagement or blockchain technology transaction errors. Company reserves the right to monitor, suspend, freeze, or refuse transactions or accounts if there is a reasonable suspicion of fraudulent activity, money laundering, any other form of financial crime, or breaches of applicable law. Users acknowledge that Company may be legally required to report such activities to relevant regulatory authorities and cooperate with law enforcement or compliance investigations.

11. Liability

Company is not liable for any loss or damages connected with or arising out of (your use of) the Platform and Services provided and/or performance of the Agreement, including but not limited to damages:

  1. in the form of indirect, punitive and consequential damages, such as loss of data, loss of profits, loss of goodwill or loss of expected revenue or gains, including any loss of anticipated profits and/or any actual or hypothetical losses, whether direct or indirect, including for example missed sale opportunities, or actions that the User might have taken, should a certain circumstance have not arisen;
  2. resulting or arising from any inaccuracies or any incomplete information provided by the User;
  3. resulting or arising from any actions by the User that violate the Terms, any other terms or policies referenced in these Terms or other part of the Agreement, or any policies published on the Platform;
  4. resulting or arising from any actions of a third party for which Company is not responsible, including any damages resulting from or in connection to third party agreements;
  5. Company's failure to fulfill any obligation under these Terms due to events beyond Company's reasonable control;
  6. resulting or arising from a temporary inaccessibility, malfunctioning or suspension of the Platform and Services;
  7. resulting or arising from loss or corruption of data or information, including Contributions;
  8. resulting or arising from Contributions or any interactions on the Platform between Users;

In the circumstances that Company is liable, such liability is limited to:

  • reasonably direct foreseeable losses or damages in connection to User's use of the Services and Platform, that do not qualify as indirect damages as defined in Article 12(a) above; and
  • this amount is limited to an amount not exceeding and capped at the total amount invoiced by Company to the User in the three (3) months prior to the liability-causing event, and furthermore subject to a total aggregated cap of EUR 5.000.

Nothing in these Terms or other part of the Agreement will exclude or limit the liability of Company if this cannot be excluded or limited under applicable (consumer) laws, such as in case of fraud or fraudulent misrepresentation; in respect of gross negligence or willful misconduct; or if such liability can otherwise not lawfully be limited or excluded.

Any liability claim against Company or any of its affiliated companies lapses upon expiry of twelve (12) months starting from the moment that the User becomes or could reasonably have become aware of the damage (occurring first in a series of related damage causing events).

12. User Warranties and Indemnification

User warrants, represents, and guarantees that it complies with all applicable laws and regulations, including but not limited to intellectual property laws, privacy and data protection laws, media and advertising laws, and AI-related regulations (including the EU AI Act), and that it is not located in a country subject to trade sanctions or embargoes, nor listed on any restricted parties lists issued by any competent authority.

User further warrants that it holds all necessary rights, licenses, registrations, permits, consents, and authorizations required to use the Platform and Services, including Vertical Motion, and to upload, generate, use, publish, distribute, or otherwise exploit any Contributions, including prompts, reference materials, images, videos, datasets, Vertical Models, and AI-generated video content.

Without limitation to the foregoing, User warrants and guarantees that:

  • it is the rightful owner of, or has obtained all necessary permissions, licenses, and consents for, any materials used as input for AI-generated video content, including images, video fragments, audio, prompts, reference materials, and likenesses of persons;
  • the generation, use, publication, or distribution of AI-generated video content does not infringe any intellectual property rights, portrait rights, publicity rights, privacy rights, or other rights of third parties;
  • AI-generated video content will not be used for unlawful, deceptive, manipulative, or misleading purposes, including impersonation, disinformation, political influence, or other prohibited uses as set out in these Terms.

User shall indemnify, defend, and hold harmless Company and its affiliates, directors, officers, employees, and agents from and against any and all claims, demands, damages, losses, liabilities, costs, expenses, and reasonable legal fees arising out of or relating to:

  • User's breach of these Terms or any other part of the Agreement;
  • User's use of the Platform or Services, including Vertical Motion;
  • the creation, generation, use, publication, distribution, or commercialization of AI-generated video content;
  • any allegation that User's Contributions or AI-generated video content infringe or violate the rights of any third party or applicable law.

This indemnification obligation shall survive the suspension, termination, or expiration of the Agreement.

13. Disclaimer of Warranties

To the maximum extent permitted by applicable law, Company hereby disclaims all express or implied warranties with respect to the Platform and the Services, including but not limited to implied warranties of availability, merchantability, fitness for a particular purpose, accuracy, reliability, non-infringement, or compliance with User expectations.

The Platform, Services, and any outputs generated through the Platform, including Vertical Models, Datasets, and AI-generated video content created through Vertical Motion, are provided strictly on an "as is" and "as available" basis. Company does not warrant that the Platform or any Services will be uninterrupted, error-free, secure, or free of defects, nor that any outputs will be accurate, complete, consistent, lawful, or suitable for any specific purpose.

Without limitation to the foregoing, Company makes no representations or warranties with respect to:

  • the quality, accuracy, continuity, realism, object consistency, or visual coherence of AI-generated video content;
  • the absence of intellectual property, portrait, publicity, or other third-party rights infringements in AI-generated content;
  • the legality, regulatory compliance, or ethical acceptability of any use of AI-generated content;
  • the availability, performance, or continued operation of third-party AI models or infrastructure used in connection with Vertical Motion.

Company does not review, monitor, approve, or endorse any content generated, uploaded, or distributed by Users through the Platform. Any reliance on AI-generated outputs, including video content, is solely at the User's own risk.

If any arrangements have been made regarding availability or service levels, the availability of the Platform and Services is measured in such a way that unavailability due to preventive, corrective, or adaptive maintenance, notified downtime, third-party service dependencies, or circumstances beyond Company's reasonable control is excluded. Subject to proof to the contrary provided by User, Company's measurements of availability shall be deemed conclusive.

Nothing in these Terms shall exclude or limit any warranties or rights that cannot be lawfully excluded or limited under applicable mandatory consumer protection laws.

14. Termination

We may suspend or terminate your access to the Platform at any time, with or without notice, if you breach these Terms, any other part of the Agreement, or if we deem it necessary for security or legal reasons. Upon suspension or termination, you must cease all use of the Platform, including but not limited to using Credits, immediately.

15. Miscellaneous

Invalidity or Unenforceability

The invalidity or unenforceability of any provision of the Agreement shall not affect any other provisions of the Agreement, unless any such provision is inextricably linked to the invalid or unenforceable provision. Any invalid or unenforceable provision shall be replaced or, insofar possible under applicable law, deemed to be replaced by a valid and enforceable provision which differs as little as possible from the invalid or unenforceable provision and reflects the intent of the invalid or unenforceable provision.

Order of Precedence

In the event of any inconsistency or conflict between the provisions of the following documents, the order of precedence shall be as follows, with the document listed first prevailing over those listed thereafter:

  1. Other terms of (the body of) the main agreement concluded with Users (if any);
  2. the Terms;
  3. the Data Processing Agreement;
  4. other applicable annexes or schedules of the Agreement.

If a conflict arises between provisions within the same document, the specific provision addressing the subject matter in greater detail shall prevail over a general provision.

Governing Law

The Agreement and any disputes arising out of or in connection with the Agreement, including any non-contractual claims, are governed by the laws of Curaçao. Nothing in these Terms affects your mandatory EU consumer rights, which shall prevail in all cases where applicable if you are an EU consumer (residing in the European Economic Area, UK or Switzerland).

Competent Court

Any disputes arising out of or in connection with the Agreement, including any non-contractual claims, shall exclusively be resolved by the courts of Curaçao. For EU consumers, the choice of Curaçao law as governing law and choice of forum shall not prejudice the application of mandatory consumer protection rights and the jurisdiction of courts in the consumer's country of residence.

16. Contact Us

For questions regarding these Terms, please email [email protected].

By accessing or using the Vertical Studio Platform, you acknowledge that you have read, understood, and agree to be bound by these Terms of Service.

Annex 1 — Data Processing Agreement

Version: February 2025

Vertical AI B.V.
Julianaplein 36, Willemstad, Curaçao

This Data Processing Agreement ("DPA") is an annex to and integral part of the Platform Agreement between Vertical AI B.V. ("Processor") and the User ("Controller"). This DPA applies insofar as one or more of the territorial scope requirements of the GDPR are met.

1. Definitions

In this DPA, the following terms have the meanings set out below. Terms not defined herein have the same meaning as in the Platform Agreement or the GDPR.

"Approved Measure" means binding corporate rules, a code of conduct or certification mechanism as meant in Article 46 of the GDPR.

"EC Standard Contractual Clauses" means the standard contractual clauses approved or adopted by the European Commission in accordance with Article 46(2)(c) and (d) GDPR.

"Data Subjects" means the natural persons whose Personal Data is processed under the Agreement by Processor or any Sub-Processor on behalf of Controller.

"GDPR" means the EU General Data Protection Regulation 2016/679/EC and any related and applicable national implementation legislation.

"Non-Adequate Country" means a country that is deemed not to provide an adequate level of protection of Personal Data within the meaning of Article 45 GDPR.

"Personal Data" has the meaning as described in Article 4(1) GDPR, insofar as processed by Processor or a Sub-Processor under the Agreement.

"Personal Data Breach" has the meaning as described in Article 4(12) GDPR.

"Sub-Processor" means any third party engaged by Processor that processes Personal Data on behalf of Controller under the instruction or supervision of Processor. The approved Sub-Processors are listed in Schedule 1 to this DPA.

"Third Party" means any party other than the parties to the Agreement or Sub-Processors.

2. Description of the Services

2.1 The subject-matter of this DPA is the processing of Personal Data by Processor on behalf of Controller and in accordance with Controller's written instructions as described in the Platform Agreement, this DPA or otherwise in writing. This includes the following processing activities:

  • Processor processes Personal Data that Users provide as input for sharing and making available to other users of the Platform, using, fine-tuning, training and implementing AI models through the Platform.
  • The nature of the processing consists of, inter alia, collecting, accessing, storing, transferring, generating AI-based outputs from, and deleting the Personal Data as further described in the Agreement.
  • In performing the services, Processor may engage Sub-Processors (as listed in Schedule 1) for infrastructure hosting, database services, AI model inference and routing, serverless deployment, cloud computing and storage, and related technical services.
  • The types of Personal Data processed consist of all Personal Data provided by the Users in order for Processor to provide the services as described in the Platform Agreement, with the exception of special categories of personal data as referred to in Article 9 GDPR.

2.2 For the avoidance of doubt, Vertical AI acts as the Processor for the processing activities specified in Clause 2.1, which are covered by this DPA. For other processing activities, such as managing accounts of Users and securing the Platform, Vertical AI acts as a Controller. The processing activities performed by Vertical AI in its capacity as a Controller do not fall under the scope of this DPA.

2.3 The term of this DPA is the same as the term of the Platform Agreement. This DPA terminates when the Platform Agreement terminates, unless Processor continues to process Personal Data on behalf of Controller, in which case this DPA will terminate when Processor ceases such processing.

3. Instructions

3.1 Processor shall process Personal Data only (i) on behalf and for the benefit of Controller, (ii) in accordance with Controller's written instructions and (iii) for the purposes authorised by the Platform Agreement, this DPA or otherwise in writing by Controller. Provisions in the Platform Agreement and this DPA relating to the processing of Personal Data are Controller's instructions to Processor.

3.2 Other than described in Clause 2.2, Processor shall not process Personal Data further than as instructed in writing and as strictly necessary for the performance of the Agreement, or as required by applicable EU or EU member state law. In such case, Processor shall inform Controller of that legal requirement before the processing takes place, unless that law prohibits such information on important grounds of public interest.

4. Compliance with the GDPR

4.1 Processor shall comply with the GDPR when processing Personal Data. Processor shall ensure that each Sub-Processor listed in Schedule 1 is contractually bound to comply with equivalent data protection obligations.

4.2 Controller shall comply with the GDPR when giving instructions to Processor. In particular, Controller guarantees that it (i) has a valid legal ground for the processing of Personal Data by Processor and its Sub-Processors on behalf of Controller, (ii) has been sufficiently transparent to the Data Subjects with respect to the processing of Personal Data by Vertical AI and its Sub-Processors and (iii) has otherwise ensured compliance with the GDPR, given the possible consequences for Data Subjects when their Personal Data is processed for development and deployment of artificial intelligence systems.

5. Non-Disclosure and Confidentiality

5.1 Processor shall keep Personal Data confidential and shall not disclose Personal Data to any Third Party without the prior written approval of Controller, except where such disclosure is required for the performance of the Agreement or the processing by a Sub-Processor as listed in Schedule 1, or where Personal Data need to be disclosed for audit purposes as described in Clause 11.

5.2 Processor shall ensure that any person working under the direct authority of Processor or any Sub-Processor is committed to respect and maintain the confidentiality of the Personal Data.

6. Security

6.1 Processor shall implement and maintain appropriate technical and organisational security measures to prevent accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Personal Data. These measures shall take into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing as well as the risk of likelihood and severity for the rights of the Data Subjects.

6.2 Processor shall ensure that each Sub-Processor implements and maintains technical and organisational security measures that are at least equivalent to those described in Clause 6.1, taking into account the specific processing activities performed by each Sub-Processor.

6.3 Acknowledging that the measures described in Clause 6.1 are subject to technical progress and development, parties agree that Processor is authorised to implement adequate alternative measures, provided that such measures shall not materially fall short of the level of security described in Clause 6.1.

7. Sub-Processors

7.1 Controller hereby grants Processor general written authorisation to engage Sub-Processors for the processing of Personal Data on behalf of Controller. Processor shall remain fully liable to Controller for the performance of each Sub-Processor's obligations under this DPA.

7.2 Processor shall ensure that each Sub-Processor is contractually bound to terms which offer at least the same level of protection for Personal Data as those set out in this DPA.

7.3 Controller is deemed to have consented to the processing of Personal Data by the Sub-Processors listed in Schedule 1 to this DPA. Processor shall inform Controller of any intended changes concerning the addition or replacement of Sub-Processors, thereby giving Controller the opportunity to object to such changes. Such objection shall not be unreasonable. Failing the Controller's objection within one (1) month, Controller will be deemed to consent to the engagement of the relevant Sub-Processor.

7.4 If Controller objects to the engagement of a new Sub-Processor, Processor and Controller will consult to find a reasonable alternative. Any additional costs incurred in the agreed alternative will be payable by Controller.

7.5 Processor shall maintain an up-to-date list of Sub-Processors in Schedule 1 and shall make this list available to Controller upon request.

8. Cooperation Obligations

8.1 Insofar as this is possible and taking into account the nature of the processing, Processor shall cooperate and assist Controller by appropriate technical and organisational measures in cases where Data Subjects wish to exercise their rights of access, rectification, erasure, restriction or data portability.

8.2 Processor shall promptly inform Controller of any complaints, requests or enquiries received from Data Subjects directly. Processor shall not respond to such Data Subjects except where specifically instructed by Controller in writing.

8.3 Processor shall cooperate with and assist Controller — taking into account the nature of the processing and the information available to Processor — insofar as this is necessary for Controller to be able to comply with its data protection impact assessment and prior consultation obligations under the GDPR.

9. Personal Data Breaches

9.1 Processor shall inform Controller without undue delay after becoming aware that a Personal Data Breach has occurred, whether at Processor or at any Sub-Processor.

9.2 In the event of a Personal Data Breach, Processor shall promptly take required and appropriate measures to remediate the breach. Processor shall require each affected Sub-Processor to do the same. Furthermore, Processor shall provide Controller with all relevant information as reasonably requested regarding the breach and provide any other assistance as reasonably required to allow Controller to comply with its notification obligations.

10. Return and Destruction of Personal Data

10.1 Upon termination of the Agreement or at the written request of Controller, Processor shall, at the option of Controller, return the Personal Data and all copies thereof to Controller and/or shall securely destroy such Personal Data and all copies thereof, including any copies held by Sub-Processors, except to the extent applicable EU or EU member state law requires longer storage. In such case:

  • a. Processor shall keep the Personal Data confidential and shall only process the Personal Data to the extent required by the applicable law.
  • b. Controller shall reimburse any costs associated with the foregoing to Processor.

10.2 Processor shall ensure that each Sub-Processor deletes or returns all Personal Data in accordance with this Clause 10 within a reasonable timeframe.

11. Compliance and Right of Audit

11.1 Controller shall have the right to verify Processor's compliance with the obligations under this DPA. Any such inspection will be conducted by Controller or on behalf of Controller by a qualified auditor. Processor shall make its processing systems, facilities and supporting documentation relevant to the processing of Personal Data available for the audit and provide all assistance reasonably required. Controller shall bear all costs of such audit.

11.2 Where a Sub-Processor does not permit direct auditing by Controller, Processor shall request the Sub-Processor's most recent SOC 2 Type II report, ISO 27001 certificate, or equivalent independent audit report and make such report available to Controller upon request.

11.3 Controller shall (a) give Processor reasonable notice of the intention to have an audit performed, (b) ensure that such audit is performed in compliance with Processor's confidentiality provisions, (c) ensure such audit does not unreasonably interfere with Processor's business operations and (d) conduct not more than one audit per year, unless Controller has a reasonable pressing reason to conduct more.

12. International Data Transfer

12.1 Any transfer of Personal Data to a Sub-Processor located in a Non-Adequate Country shall be governed by the terms of the appropriate EC Standard Contractual Clauses as concluded between Processor and Sub-Processor, or by another lawful transfer mechanism as included in Chapter 5 of the GDPR.

12.2 Clause 12.1 will not apply if the transfer is covered by Approved Measures applicable to the Sub-Processor. When becoming aware that the Sub-Processor no longer maintains the Approved Measure, Processor will ensure that the necessary EC Standard Contractual Clauses or another valid transfer mechanism are concluded.

12.3 Schedule 1 specifies the applicable transfer mechanism for each Sub-Processor located in a Non-Adequate Country. Processor shall conduct a transfer impact assessment where required and implement supplementary measures as necessary.

13. Liability

13.1 Controller and Processor expressly agree that liability between the Parties shall be governed by the provisions set out in the Platform Terms.

13.2 In deviation of Clause 13.1, Controller shall indemnify, keep indemnified and hold harmless Processor against any claims, damages and losses of any Third Parties, including Data Subjects and enforcement actions of Data Protection Authorities, arising out of or resulting from Controller's failure to comply with Clause 4.2(i)–(iii).

13.3 Processor shall be liable for the acts and omissions of its Sub-Processors to the same extent as if Processor were performing those processing activities itself, unless Processor proves that the act or omission causing the damage is not attributable to the Sub-Processor.

Schedule 1 — Approved Sub-Processors

The following Sub-Processors are approved by Controller as of the date of this DPA. Processor shall update this Schedule when Sub-Processors are added or replaced in accordance with Clause 7.3.

Sub-Processor Services / Processing Activities Location Transfer Mechanism
Amazon Web Services (AWS) Cloud infrastructure, computing, storage and hosting of the Platform and Personal Data (incl. S3, EC2, Lambda and related services) EU (Frankfurt, Ireland) / US AWS Data Processing Addendum; EC SCCs for US transfers
Google Cloud Platform (Google LLC) Cloud computing, AI/ML services (incl. Vertex AI, Cloud Storage, BigQuery), analytics and data processing infrastructure EU (Netherlands, Belgium) / US Google Cloud Data Processing Terms; EC SCCs for US transfers
fal.ai (fal.ai, Inc.) AI model inference and execution, serverless GPU computing for AI workloads, model hosting and API services US EC SCCs; DPA with fal.ai
Railway (Railway Corp.) Application hosting, deployment infrastructure, backend services, logging and container orchestration US EC SCCs; Railway DPA
Supabase (Supabase, Inc.) Database hosting (PostgreSQL), authentication services, real-time data synchronisation, storage of User data and Platform data US (AWS us-east-1) / EU available EC SCCs; Supabase DPA
OpenRouter (OpenRouter, Inc.) AI model routing and API gateway, forwarding User prompts and inputs to third-party AI model providers for inference US EC SCCs; OpenRouter DPA
Vercel (Vercel, Inc.) Frontend hosting, serverless functions, edge network and CDN, handling of User requests and session data Global (Edge) / US EC SCCs; Vercel DPA

For each Sub-Processor listed above, Processor has ensured that:

  • A data processing agreement is in place that meets the requirements of Article 28 GDPR.
  • Appropriate technical and organisational security measures are implemented.
  • Where Personal Data is transferred to a Non-Adequate Country, a valid transfer mechanism (EC Standard Contractual Clauses or Approved Measure) is in place, supplemented by a transfer impact assessment where required.
  • The Sub-Processor's compliance posture is reviewed periodically, including available SOC 2 Type II reports, ISO 27001 certifications, or equivalent independent audit reports.

Note regarding OpenRouter: As OpenRouter routes User inputs to downstream AI model providers (such as OpenAI, Anthropic, Meta and others), Processor shall ensure that OpenRouter's terms contractually require equivalent data protection obligations from each downstream model provider. Controller acknowledges that the specific downstream model provider may vary depending on the model selected by the User.