Terms & Conditions

Version 1.0 · Effective 12 July 2026 · These terms govern business-to-business use of the Sceau Risk service. They apply together with the Order Form, the Data Processing Agreement and the SLA, which together form the "Agreement".

1. Parties and definitions

"Provider": Galactic Automation BV, Wijnhuizestraat 44, 9620 Zottegem, Belgium, KBO/BCE 0768.244.354. "Customer": the legal entity identified in the Order Form. "Service": the Sceau Risk software-as-a-service platform, including its API, MCP interface and documentation. "Customer Data": all data, documents and content submitted to the Customer's tenant. The Service is offered exclusively to businesses and public bodies; consumer protection regimes do not apply.

2. The Service

2.1 Provider grants Customer, for the subscription term and subject to payment, a non-exclusive, non-transferable right for its authorised users to access and use the Service for Customer's internal risk, compliance and governance purposes.

2.2 The tier, included users and optional modules are set out in the Order Form. Read-only auditor accounts and supplier-portal respondents do not count as users.

2.3 Provider may improve the Service continuously. Provider will not materially reduce core functionality during a paid term; material changes are announced at least 30 days in advance through the platform.

2.4 Pilot and trial tenants are provided "as is", may be limited or ended at any time, and are erased 30 days after the pilot ends unless converted.

3. Customer obligations and acceptable use

3.1 Customer is responsible for its users, for the accuracy and lawfulness of Customer Data, and for maintaining the confidentiality of credentials. Customer shall implement appropriate role assignments offered by the Service.

3.2 Customer shall not: (a) use the Service to violate law or third-party rights; (b) attempt to circumvent tenant isolation, access controls or usage limits; (c) probe or test the Service's security other than under the coordinated disclosure process (security@sceau.eu) or a written agreement; (d) resell or provide the Service to third parties except to its auditors, advisers and suppliers within the intended portal features; (e) upload malicious code.

3.3 Provider may suspend access, in whole or in part, where reasonably necessary to address a security threat, unlawful use or overdue payment exceeding 30 days, after notice where circumstances permit. Provider will limit suspension to what is necessary and restore access promptly once resolved.

4. Customer Data, privacy and portability

4.1 Customer Data remains Customer's property. Provider processes it solely as a processor under the Data Processing Agreement and applicable data protection law; the DPA prevails over these terms for that processing.

4.2 Provider will not access Customer Data except to provide and secure the Service, to comply with law, or on Customer's documented instruction (e.g. support).

4.3 Hosting is on EU infrastructure. Provider will not transfer Customer Data outside the EEA without the safeguards and notice described in the DPA.

4.4 Exit: during the term and for 30 days after termination, Customer may export Customer Data in structured formats (including documents and the audit chain). At the end of that period Provider deletes Customer Data from production and, per backup cycle, from backups, and confirms erasure in writing on request.

4.5 Provider may process aggregated, anonymised usage statistics that contain no Customer Data and no personal data, to operate and improve the Service. Customer content is not used to train AI models.

5. AI features

AI-assisted features produce drafts and decision support only; outputs may be inaccurate and require review by qualified users before reliance. Customer remains responsible for decisions taken. Where Customer enables an external model provider, the additional processor terms notified in the DPA annex apply.

6. Fees and payment

6.1 Fees are as stated in the Order Form, exclusive of VAT, invoiced annually in advance unless agreed otherwise, payable within 30 days.

6.2 Late amounts accrue interest and costs in accordance with the Belgian Act of 2 August 2002 on combating late payment in commercial transactions.

6.3 Fees may be adjusted once per contract year, effective on renewal, by no more than the Belgian consumer price index change plus 3%, with at least 60 days' notice; Customer may decline the increase by not renewing.

7. Intellectual property

7.1 The Service, its software, libraries (including framework and control content authored by Provider), documentation and branding remain the exclusive property of Provider and its licensors. No rights are granted except those explicitly stated.

7.2 Customer grants Provider the licence to host and process Customer Data strictly to provide the Service.

7.3 Feedback may be used to improve the Service without obligation; Provider will not identify Customer publicly without consent (a reference may be agreed separately).

8. Confidentiality

Each party will protect the other's confidential information with at least the care it applies to its own, use it only for the Agreement, and disclose it only to personnel and advisers bound by confidentiality. Obligations survive for 5 years after termination; Customer Data remains protected under clause 4 without time limit while held.

9. Warranties and disclaimers

9.1 Provider warrants that it will provide the Service with reasonable skill and care, materially in accordance with the documentation, and maintain the availability commitment in the SLA (target 99.5% monthly for Enterprise, with service credits as sole remedy for availability shortfalls).

9.2 No professional advice: the Service supports, but does not replace, Customer's own risk management, legal and compliance judgment. Framework libraries, regulatory feeds, classifications, forecasts and recommendations are informational tools; Provider does not warrant that use of the Service ensures compliance with any law or standard.

9.3 Except as expressly stated, the Service is provided without other warranties, whether express or implied, including fitness for a particular purpose, to the extent permitted by law.

10. Liability

10.1 Nothing limits liability for fraud, wilful misconduct, or death or personal injury caused by negligence.

10.2 Subject to 10.1, each party's total aggregate liability under the Agreement per contract year is limited to the fees paid or payable by Customer for that year.

10.3 Subject to 10.1, neither party is liable for indirect or consequential damage, loss of profit, loss of business, or loss of data to the extent such loss would have been avoided by Customer exercising the export capabilities of clause 4.4 — save that Provider's obligations under the DPA and clause 4 remain unaffected.

11. Term and termination

11.1 The initial term is 12 months from the start date in the Order Form, renewing automatically for successive 12-month periods unless either party gives written notice at least 60 days before the current term ends.

11.2 Either party may terminate for material breach not cured within 30 days of written notice, or immediately upon the other party's insolvency.

11.3 Clauses intended to survive (including 4.4, 7, 8, 10, 13) survive termination.

12. General

Neither party is liable for failure caused by events beyond its reasonable control. Customer may not assign the Agreement without consent, not unreasonably withheld; Provider may assign to an affiliate or in connection with a merger or sale, with notice. If a clause is invalid, the remainder stands and the clause is replaced by a valid one reflecting its intent. These terms and the Agreement documents constitute the entire agreement; Customer purchasing conditions are expressly excluded. Provider may update these terms for future renewal terms with 60 days' notice.

13. Governing law and jurisdiction

The Agreement is governed by Belgian law, excluding its conflict-of-law rules and the CISG. Disputes fall under the exclusive jurisdiction of the enterprise court of Ghent (Ondernemingsrechtbank Gent), division Ghent, without prejudice to mandatory venue provisions. The parties will first attempt to resolve disputes through good-faith executive discussion for 30 days.

Annexes referenced: Order Form · Data Processing Agreement (Art. 28 GDPR) · Service Level Agreement. Copies are provided with every proposal and available via hello@sceau.eu.