Terms of Service

Yolodex SaaS Terms of Service and Data Processing Addendum

Version 1.1 – 12 August 2025

These Terms form a binding contract between Yolodex Ltd (company no. 16382837) of 63 Clapton Square, London E5 8HE, United Kingdom (Yolodex, we, us) and the person or entity that creates an account or clicks “I agree” (Customer, you). If you are accepting on behalf of a company, you represent that you have authority to bind that company.

Quick index

  • 1. Definitions

  • 2. Services and scope

  • 3. Accounts and access

  • 4. Fees, taxes and renewals

  • 5. Acceptable use

  • 6. Ownership, licences and feedback

  • 7. Confidentiality

  • 8. Security and incident response

  • 9. Support and availability

  • 10. Warranties and disclaimers

  • 11. Indemnities

  • 12. Liability

  • 13. Term, termination and data export

  • 14. Changes to these Terms

  • 15. Publicity

  • 16. Notices

  • 17. Assignment, force majeure and other terms

  • 18. Governing law and venue

  • Schedule A. Data Processing Addendum (GDPR/UK GDPR and CCPA)

1. Definitions

Service means the Yolodex software-as-a-service platform that helps identify and manage VIP customers and related insights, including web applications, APIs, dashboards, and any hosted components.

Customer Data means data you or your users submit to the Service, such as customer identifiers, order history, events, and any content you upload.

Output Data means the insights, scores, flags, and reports generated by the Service from Customer Data.

Usage Data means data about configuration, performance, and usage of the Service, excluding Customer Data and Output Data.

Capitalised terms not defined in this section have the meanings given in the DPA in Schedule A.

2. Services and scope

2.1 Access. Subject to timely payment of Fees, Yolodex grants you a non‑exclusive, non‑transferable right to access and use the Service for your internal business purposes during the Term.

2.2 Plan limits. Plan features and limits are shown on the pricing page and at checkout. We may update plan limits and features on 30 days’ email notice and the change will apply from your next renewal.

2.3 Beta features. We may label some features as Beta or Preview. They are provided for evaluation, may change, and may be withdrawn without liability.

3. Accounts and access

3.1 Eligibility. The Service is for business use by persons 18 or older.

3.2 Your responsibilities. Keep account credentials confidential, maintain accurate account and billing information, and comply with these Terms and the AUP.

3.3 Third‑party services. If you enable integrations with third‑party services, their terms govern those services. We are not responsible for third‑party services.

4. Fees, taxes and renewals

4.1 Fees. Fees are shown at checkout or on an order form. Unless stated otherwise, fees are charged in advance by card through Stripe and are non‑refundable except as required by law or where a service credit applies.

4.2 Renewal and cancellation. Plans renew automatically for successive billing periods. You can cancel in the dashboard at least 3 days before the end of the current period to avoid renewal.

4.3 Changes to fees. We may change fees on 30 days’ notice. New fees take effect at your next renewal.

4.4 Taxes and late payment. Fees are exclusive of taxes. You are responsible for applicable taxes. Overdue amounts may accrue interest at the lesser of 1.5% per month or the maximum allowed by law, plus reasonable collection costs.

5. Acceptable use

You will not, and will not allow others to: (a) reverse engineer, decompile, disassemble, or attempt to derive the source code of the Service except to the extent permitted by law; (b) use the Service to build or train a competing product; (c) exceed fair‑use limits or circumvent technical controls or rate limits; (d) access third‑party services in breach of their terms; (e) upload unlawful, infringing, or harmful content; (f) process special‑category data or data about minors without lawful basis and our prior written consent; (g) send spam or unlawful communications; (h) attempt to re‑identify de‑identified data; (i) use the Service for decisions involving credit, employment, housing, insurance, or other high‑risk uses without appropriate notice and consent; (j) publish benchmarks of the Service without our written consent.

6. Ownership, licences and feedback

6.1 Customer Data. You retain all rights in Customer Data.

6.2 Output Data. Yolodex owns Output Data and all intellectual property rights in it. Subject to these Terms, we grant you a perpetual, worldwide, non‑exclusive licence to use Output Data for your internal business purposes.

6.3 Yolodex IP and Usage Data. We own the Service, Documentation, and Usage Data. We grant you a limited right to use the Documentation to support your use of the Service.

6.4 Improving the Service. You grant Yolodex a non‑exclusive, worldwide, royalty‑free licence to use de‑identified and aggregated information derived from Customer Data to operate, secure, and improve the Service and to develop new features.

6.5 Feedback. If you provide feedback, you grant us a perpetual, royalty‑free licence to use it without restriction.

7. Confidentiality

Each party will keep the other’s Confidential Information confidential and use it only to perform under these Terms. The obligations continue for 3 years after termination. Confidentiality obligations for trade secrets continue as long as the information remains a trade secret.

8. Security and incident response

We maintain industry standard security measures including encryption in transit and at rest, role‑based access control, MFA for administrative access, network segmentation, vulnerability management, and daily encrypted backups. We will notify you without undue delay and in any event within 72 hours after becoming aware of a personal data breach affecting Customer Data. Additional security commitments are set out in the DPA.

9. Support and availability

9.1 Support. Email support is available on business days at support@yolodex.ai. We target a first response within 1 business day.

9.2 Availability. We aim for 99.5% monthly uptime. This is a service commitment, not a warranty or SLA, and no service credits apply. Scheduled maintenance, force majeure, issues caused by Customer systems or the internet, and outages of third‑party services outside our control are excluded. We will give at least 48 hours’ notice for planned maintenance where practicable.

10. Warranties and disclaimers

The Service is provided “as is”. We do not warrant that the Service will be uninterrupted or error free, or that Output Data is complete or accurate. To the maximum extent permitted by law, all implied warranties are disclaimed.

11. Indemnities

11.1 By Customer. You will indemnify and defend Yolodex from claims arising from Customer Data or your use of the Service in breach of these Terms or applicable law.

11.2 By Yolodex. We will indemnify and defend you against claims that the Service, when used as permitted, infringes a third party’s intellectual property rights. We may procure the right to continue using the Service, modify the Service, or terminate the affected Service and issue a pro‑rated refund. This section does not apply to claims arising from combinations with items not provided by Yolodex or from your modifications.

12. Liability

12.1 Cap. Each party’s aggregate liability in any 12‑month period is limited to the fees paid or payable by you to Yolodex for the Service in that period.

12.2 Exclusions. The cap does not apply to liability for death or personal injury caused by negligence, fraud, wilful misconduct, or amounts payable under Section 11. Neither party is liable for indirect, incidental, special, consequential, punitive, or exemplary damages, or loss of profits, revenue, goodwill, or data, even if advised of the possibility.

13. Term, termination and data export

13.1 Term. These Terms begin when you accept them and continue until terminated.

13.2 Termination for breach. Either party may terminate for material breach if the breach is not cured within 14 days after written notice.

13.3 Suspension. We may suspend access immediately if we reasonably believe there is a security risk, unlawful activity, or material breach. We will lift a suspension promptly when the issue is resolved.

13.4 Data export and deletion. On request during the Term and for 30 days after termination, we will make Customer Data and Output Data available for export in a commonly used format. We will delete Customer Data within 30 days after termination and provide written confirmation. Backup copies are overwritten within a further 30 days unless law requires retention.

14. Changes to these Terms

We may modify these Terms or the DPA by posting a revised version and emailing notice at least 30 days before the change takes effect. Continued use after the effective date constitutes acceptance.

15. Publicity

Unless you opt out by emailing support@yolodex.ai, we may use your name and logo in customer lists and marketing materials. You can opt out at any time and we will cease new uses within a reasonable period.

16. Notices

Legal notices must be sent by email to support@yolodex.ai and to the email on your account. Notices are deemed given when sent.

17. Assignment, force majeure and other terms

You may not assign these Terms without our consent, except to an affiliate or in connection with a merger, acquisition, or sale of substantially all assets, with notice. We may assign to an affiliate or in connection with a corporate transaction. Neither party is liable for delays or failures due to events beyond reasonable control. If any part of these Terms is unenforceable, the rest remains in effect. These Terms, together with any order form and the DPA, are the entire agreement between us for the Service. The following order of precedence applies in case of conflict: (1) an order form or master agreement, (2) the DPA, (3) these Terms, (4) policies referenced in these Terms.

18. Governing law and venue

These Terms are governed by the laws of England and Wales. The courts of England and Wales sitting in London have exclusive jurisdiction.

Schedule A. Data Processing Addendum (GDPR/UK GDPR and CCPA)

This DPA forms part of the Agreement and applies when Yolodex processes Personal Data as a Processor on behalf of Customer.

B1. Roles and processing

B1.1 Roles. Customer is the Controller and Yolodex is the Processor with respect to Customer Personal Data. Yolodex is the Controller for account, billing, and Service improvement data.

B1.2 Instructions. Yolodex will process Personal Data only on documented instructions from Customer, including as set out in this DPA and the Agreement, unless required by law.

B1.3 Confidentiality. Yolodex ensures personnel who process Personal Data are bound by confidentiality obligations.

B2. Security and breach notification

B2.1 Security. Yolodex will implement the technical and organisational measures in Annex II and maintain a written information security program.

B2.2 Breach. Yolodex will notify Customer without undue delay and in any event within 72 hours after becoming aware of a Personal Data Breach affecting Customer Personal Data and will provide information to assist Customer in meeting its obligations.

B3. Sub‑processors

B3.1 Authorisation. Customer authorises Yolodex to engage Sub‑processors listed in Annex III and others notified in advance.

B3.2 Objection. Customer may object within 10 days of notice to a new Sub‑processor. If the parties cannot agree on a mitigation in 30 days, Customer may terminate the affected Service and receive a pro‑rated refund.

B3.3 Flow‑down. Yolodex will enter written agreements with Sub‑processors imposing data protection obligations no less protective than those in this DPA.

B4. Assistance, audits, and impact assessments

B4.1 Data subject requests. Taking into account the nature of processing, Yolodex will assist Customer in responding to data subject requests within 10 business days.

B4.2 DPIAs and consultations. Yolodex will provide information to assist Customer with data protection impact assessments and consultations with supervisory authorities as required.

B4.3 Audits. On written request no more than once per 12 months, Yolodex will make available third‑party audit reports such as SOC 2 and pen‑test summaries. On‑site audits will occur only if required by law or a regulator, during business hours, on reasonable notice, and subject to confidentiality and security restrictions.

B5. Return and deletion

On termination or expiry, at Customer’s choice Yolodex will return or delete Personal Data. Yolodex will delete remaining copies within 30 days and issue written confirmation. Backup media are overwritten within a further 30 days unless law requires retention.

B6. International transfers

Transfers outside the EEA or UK will be protected by the EU Standard Contractual Clauses (Commission Decision 2021/914) and, for UK transfers, the UK IDTA or the UK Addendum to the EU SCCs, as applicable. Yolodex will complete onward transfer agreements with all Sub‑processors.

B7. CCPA/CPRA (service provider/contractor)

For Personal Information subject to the CCPA/CPRA, Yolodex acts as a service provider/contractor and will not sell or share Personal Information, or retain, use, or disclose it for any purpose other than providing the Service or as otherwise permitted by law or the Agreement.

Annex I‑A – List of parties

Controller: Customer (contact details as provided at signup).

Processor: Yolodex Ltd, 63 Clapton Square, London, E5 8HE, United Kingdom. Contact: support@yolodex.ai.

Annex I‑B – Description of processing

  • Subject matter and purpose: Processing Customer Data to generate VIP insights and related analytics.

  • Duration: For the term of the subscription plus 30 days for export and deletion.

  • Nature of processing: Collection, storage, analysis, enrichment, scoring, reporting, and customer notifications.

  • Categories of data: Customer identifiers (name, email, phone), order IDs, purchase metadata, enrichment scores, campaign and UTM data if provided.

  • Data subjects: End‑customers of the Controller (individual consumers). No children’s data expected.

  • Special categories: None expected. Controller will not upload such data without lawful basis and prior written notice to Yolodex.

Annex I‑C – Supervisory authority

If the Controller is established in the EU: Irish Data Protection Commission. If UK‑based: UK Information Commissioner’s Office.

Annex II – Technical and organisational measures

  • Encryption in transit (TLS 1.3) and at rest (AES‑256 or better)

  • Role‑based access control and least privilege

  • MFA for administrative access

  • Network segmentation and cloud firewalls

  • Vulnerability management and annual penetration testing

  • Secure software development lifecycle and code review

  • Daily encrypted backups retained for 30 days

  • Incident response plan with 24/7 on‑call coverage

  • Employee screening and confidentiality agreements

  • Vendor risk management and access reviews

Annex III – Authorised Sub‑processors

Sub‑processor

Purpose

Location

Transfer mechanism

Google Cloud Platform

Hosting and storage

Netherlands (europe‑west4)

SCC Module 3

Bright Data Ltd

Data enrichment

Israel

Adequacy decision

OpenAI, LLC

Language model API processing

USA

SCC Module 3

Stripe Payments Europe

Payment processing

Ireland and USA

SCC Module 3

Slack Technologies LLC

Notification delivery and support

USA

SCC Module 3

Customer will be notified at least 30 days before adding or replacing Sub‑processors.

Annex IV – International transfers

The EU Standard Contractual Clauses (2021/914) and, for UK transfers, the UK IDTA or UK Addendum are incorporated by reference. Yolodex will implement supplementary measures where appropriate.

© 2025 Yolodex Ltd. All rights reserved.