Terms of Service

Deepflare sp. z o.o.

Table of Contents

  1. About These Terms
  2. Who Can Use the Platform
  3. What the Platform Does
  4. Your Data, Your IP
  5. DeepFlare's IP
  6. Acceptable Use
  7. EU AI Act Compliance
  8. Fees and Payment
  9. Service Level
  10. Limitation of Liability
  11. Indemnification
  12. Confidentiality
  13. Term and Termination
  14. Data Processing and GDPR
  15. Governing Law and Disputes
  16. Amendments
  17. General
  18. Schedule A — Contact Information

1. About These Terms

These Terms of Service ("Terms") govern your use of DeepFlare's cloud-based protein engineering platform ("Platform"). By using the Platform, you agree to these Terms.

DeepFlare sp. z o.o. ("DeepFlare", "we", "us") is a Polish limited liability company registered in the National Court Register (KRS) under number 846289.

"Customer" ("you") means the legal entity that enters into an agreement with DeepFlare for use of the Platform.

"Authorized User" means any individual you authorize to use the Platform under your account.

"Customer Data" means everything you upload to the Platform — protein sequences, structures, parameters, annotations, and any other inputs.

"Generated Outputs" means everything the Platform produces from your data — predicted structures, designed sequences, scores, metrics, reports, and all other computational results.

2. Who Can Use the Platform

The Platform is a B2B service for organizations in biotech, pharma, and life sciences research. It is not available for personal or consumer use. By agreeing to these Terms, you confirm you are a legal entity with authority to enter binding agreements.

You are responsible for:

  • Keeping your account credentials secure
  • Everything that happens under your account
  • Making sure your Authorized Users follow these Terms

3. What the Platform Does

DeepFlare provides a cloud-based computational protein engineering platform for designing, analyzing, and optimizing proteins. Services include:

  • Protein backbone generation
  • Sequence design and optimization
  • Structure prediction
  • Property prediction (stability, solubility, toxicity, etc.)
  • Metrics computation
  • Project management tools

No guarantee of experimental outcomes. The Platform provides computational predictions. We do not guarantee that computationally generated outputs will work when you test them in the lab. Experimental validation is your responsibility.

Service modifications. We may update and improve the Platform. We will give you reasonable notice of material changes that would adversely affect your use, and we will not materially reduce core functionality during your subscription without your consent.

4. Your Data, Your IP

You Own Your Data

You retain all rights — including all intellectual property rights — to your Customer Data. Nothing in these Terms transfers ownership of your data to us.

You Own Generated Outputs

As between you and DeepFlare, you own all Generated Outputs. To the extent any IP rights in Generated Outputs vest in DeepFlare by operation of law, we assign them to you.

Important note on AI-generated works: Generated Outputs are produced through computational processes using AI models. Under Polish copyright law, copyright protection requires creative activity by a natural person (Art. 1 and Art. 8 of the Polish Copyright Act). To the extent that Generated Outputs lack sufficient human creative input, they may not qualify for copyright protection. We make no representation about the copyrightability of Generated Outputs in any jurisdiction. Regardless, we will never claim IP rights in your Generated Outputs.

Our License to Provide the Service

You grant us a limited, non-exclusive, non-transferable license to process your Customer Data and Generated Outputs solely to provide the Platform services. This license ends when your contract ends.

We Do Not Train on Your Data

We do not use your data or Generated Outputs to train, fine-tune, or improve any AI models — ours or anyone else's. This is absolute. No exceptions, no "anonymized" loopholes. We may collect anonymized, aggregated operational metrics (system performance, error rates) that cannot identify you or reconstruct your data ("Usage Data") for Platform improvement.

5. DeepFlare's IP

We retain all rights to the Platform, its underlying technology, algorithms, models, interfaces, and documentation. These Terms do not transfer any DeepFlare IP to you.

Restrictions. You may not:

  • Reverse engineer, decompile, or disassemble the Platform, except to the extent such restriction is prohibited by applicable law (including the rights under Art. 75(2) and (3) of the Polish Copyright Act regarding program observation and interoperability decompilation)
  • Modify the Platform or create derivative works from it
  • Sublicense, resell, or make the Platform available to unauthorized third parties
  • Remove proprietary notices
  • Use the Platform to build a competing product
  • Circumvent security or access controls

6. Acceptable Use

You agree to use the Platform only for lawful purposes. You must not use it for:

  • Biological weapons or bioterrorism — designing, developing, or producing biological or chemical weapons
  • Dangerous pathogen engineering — deliberately enhancing pathogenicity or immune evasion outside proper biosafety oversight
  • Export control violations — activities violating EU Dual-Use Regulation (2021/821) or applicable sanctions
  • Human rights violations — developing biological agents for torture or population-level harm
  • Circumventing ethical oversight — bypassing IRB, IBC, or equivalent requirements

Sequence screening: You are responsible for screening all protein sequences (input and output) against biosecurity databases before any physical synthesis or experimental use.

We may suspend your access immediately if we reasonably believe you are in material violation of this section.

7. EU AI Act Compliance

Roles

DeepFlare acts as provider/deployer of AI systems in the Platform. We comply with applicable EU AI Act obligations including transparency (Art. 50) and prohibited practices (Art. 5).

You are responsible for your own downstream use of Generated Outputs, including any transparency obligations when you integrate AI-generated content into your own products or communications.

Prohibited AI Uses

You must not use the Platform to:

  • Infer emotions or mental states from biometric data in workplace or educational settings (Art. 5(1)(f))
  • Perform social scoring (Art. 5(1)(c))
  • Deploy real-time remote biometric identification in public spaces (Art. 5(1)(h))
  • Any other practice prohibited under Article 5 of the EU AI Act

AI-Generated Content Transparency

From 2 August 2026 (or earlier), AI-generated outputs from the Platform will be marked in machine-readable format per Art. 50(2). If you publish or distribute AI-generated content from the Platform, you are responsible for complying with applicable transparency disclosure requirements under Art. 50(4).

8. Fees and Payment

  • Fees are specified in your Order Form
  • All fees in EUR unless otherwise agreed
  • Invoices due within 30 days (NET-30)
  • Late payments bear statutory interest under Polish law
  • All fees are exclusive of taxes — you are responsible for applicable taxes
  • Fee adjustments on renewal with at least 60 days' notice

9. Service Level

  • Uptime target: 99.5% monthly availability
  • Planned maintenance: Saturdays 0200-0600 CET, 72 hours' notice
  • Service credits: If we miss the target — 5% credit (99.0-99.49%), 10% (95.0-98.99%), 25% (below 95%)
  • Credits must be claimed within 30 days and cap at 25% of monthly fee
  • Nothing in this section limits your statutory rights under Polish law

10. Limitation of Liability

Liability cap: Each party's total liability under these Terms is limited to the fees paid or payable by you in the 12 months before the claim arose.

No consequential damages: Neither party is liable for indirect, incidental, special, or consequential damages (lost profits, lost data, cost of substitute services), regardless of theory of liability.

Exceptions — these limits do NOT apply to:

  • Breach of confidentiality obligations
  • Breach of data protection obligations or the DPA
  • Breach of the no-training commitment
  • Breach of acceptable use policy
  • Indemnification obligations
  • Liability for willful misconduct (wina umyslna) or gross negligence (razace niedbalstwo) — which cannot be limited under Polish law (Art. 473(2) KC)

11. Indemnification

We indemnify you against third-party claims arising from: (a) the Platform infringing third-party IP when used as intended, (b) our breach of data protection obligations, (c) our gross negligence or willful misconduct.

You indemnify us against third-party claims arising from: (a) your Customer Data or use of Generated Outputs, (b) your breach of acceptable use, (c) your use of Generated Outputs violating applicable law, (d) your gross negligence or willful misconduct.

Standard indemnification procedures apply: prompt notice, cooperation, sole control of defense by the indemnifying party.

12. Confidentiality

Both parties agree to keep each other's confidential information confidential and use it only for purposes of this agreement. Standard exclusions apply (public information, independently developed, etc.). Confidentiality survives for 5 years after termination; trade secrets for as long as they qualify.

13. Term and Termination

  • Term: As specified in your Order Form (default: 12 months)
  • Auto-renewal: Unless either party gives 90 days' notice of non-renewal
  • Termination for cause: 30 days to cure after written notice of material breach
  • Immediate termination: For material acceptable use violations posing imminent biosecurity or safety risk

After Termination

  • You get 60 days to export your data (in standard, machine-readable format)
  • After the export period, we delete everything within 30 additional days and certify deletion on request
  • Sections that survive: data ownership, no-training, liability, indemnification, confidentiality, data processing, governing law

14. Data Processing and GDPR

Where we process personal data on your behalf, the terms of our Data Processing Agreement (DPA) apply. The DPA is available on request and covers:

  • Sub-processor management (current list, 30-day change notification, objection rights)
  • Data breach notification
  • Data subject access request cooperation
  • Security measures
  • Cross-border transfer safeguards (SCCs)
  • Deletion/return of data on termination
  • Audit rights

For GDPR purposes, you are the data controller and we are the data processor. Unless otherwise agreed, all Customer Data is processed and stored in the EU (Google Cloud, Belgium).

See our Privacy Policy at https://deepflare.ai/legal/privacy for full details on how we handle personal data.

15. Governing Law and Disputes

Governing law: Polish law. The UN Convention on Contracts for the International Sale of Goods (CISG) is excluded.

Dispute resolution:

  1. Negotiate first — 30 days to resolve amicably after written notice
  2. Arbitration — if negotiation fails, disputes are settled by arbitration at the Court of Arbitration at the Polish Chamber of Commerce (Warsaw), in English. The award is final and binding.
  3. Injunctive relief — either party may seek urgent injunctive relief in any competent court

16. Amendments

Material changes (pricing, liability, data processing, IP): Require your written consent. We give at least 60 days' notice with clear description of changes and impact. If you don't consent, either party may terminate at the end of the current term without penalty.

Non-material updates (clarifications, legal compliance): Take effect 30 days after written notice, unless you object in writing.

17. General

  • Entire agreement: These Terms + Order Form + DPA = the whole deal
  • Severability: If a provision is invalid, the rest stands
  • No waiver: Not enforcing a right doesn't waive it
  • Assignment: Neither party can assign without consent, except in mergers/acquisitions
  • Independent contractors: We are not partners, joint venturers, or employer-employee
  • Language: English prevails if there's a conflict with any translation

Schedule A — Contact Information

DeepFlare sp. z o.o. KRS: 0000846289 NIP: 7010986785 REGON: 386316445 Registered office: ul. Złota 7/28, 00-019 Warszawa, Poland Share capital: 24 750,00 PLN (paid in full) Management Board: Piotr Grzegorczyk (President), Grzegorz Preibisch (Board Member)

Email for notices: legal@deepflare.ai Email for support: support@deepflare.ai Email for data protection: privacy@deepflare.ai

DeepFlare sp. z o.o. | KRS 846289 | Terms of Service