Terms of Service (B2B)

1. Parties and details

Services are provided by Individual Entrepreneur Alexey Sharapov (Primary State Registration Number 325774600322644, Tax ID 773001860255) — the “Provider”.

The legal entity or individual entrepreneur creating an account and/or paying for the Service is the “Customer”. The person accepting these Terms on behalf of the Customer represents that they have authority to bind the Customer.

2. Acceptance of the Terms

By accessing or using the Service, creating an account, paying for a plan, or embedding the widget, you confirm that you have read, understood, and agree to these Terms.

If you do not agree, you must not use the Service. These Terms apply to the Customer and its authorized users (employees/contractors).

3. Definitions

“Service” means the riserlabs.io platform and related components (widget, dashboard, API) for creating and embedding AI assistants; “Widget” means an embeddable component for the Customer’s website/app; “Authorized Users” means the Customer’s staff/contractors; “End Users” means visitors of the Customer’s website/app; “Customer Content” means data/materials provided by the Customer or available via connected URLs/documents; “Requests” means messages and other data sent to AI models to generate outputs.

4. Service description

The Service enables the Customer to quickly create an AI assistant, embed it on a website/app (via widget or API), configure basic scenarios, and connect data sources (e.g., public URLs or documents) to help the assistant answer questions.

The Service may include scanning/indexing of connected sources, chat history storage, analytics/admin features, and encryption in transit and at rest (within the implemented functionality).

We may modify the Service, add or remove features, and deploy updates. Material changes may be communicated via the interface or website.

5. Accounts and Customer responsibilities

The Customer is responsible for all activities of its Authorized Users and for configurations (including prompts, scenarios, data sources, limits, keys, and settings).

The Customer must keep credentials confidential and promptly notify us of suspected compromise.

The Customer represents that it has all necessary rights and lawful basis to connect sources and process information via the Service.

6. Widget embedding and API usage

The Customer may embed the widget on its properties and use the API within the selected plan limits.

The Customer is responsible for providing End Users with appropriate notices (including that outputs are AI-generated) and obtaining required consents under applicable law.

The Customer must not mislead End Users about the assistant’s identity/capabilities and must not use the Service for covert data collection.

7. Customer Content and data sources

The Customer retains rights to its Customer Content. The Customer grants the Provider a limited, non-exclusive license to process Customer Content solely to provide and improve the Service (including scanning, indexing, storage, and sending relevant parts to AI models upon request).

The Customer represents that Customer Content does not infringe third-party rights and does not include data that is prohibited or requires special compliance unless such compliance is expressly agreed in writing.

The Customer decides which sources to connect. The Customer is responsible for the accuracy and freshness of content in those sources.

We may enforce technical limits on volume/formats/scan frequency/retention based on the plan.

8. Customer End Users

The Service is intended for B2B use: the contract is between the Provider and the Customer. End Users interact with the widget on the Customer’s properties and are not a party to these Terms.

The Customer is responsible for lawful processing of End User personal data on its side, including collection, transfer to the Service, and honoring End User rights/notices.

9. Acceptable use

The Customer must not use the Service for unlawful activities, infringement, malware, circumvention, spam, or abuse.

The Customer must comply with the applicable usage policies of AI model providers. We may suspend or restrict access to prevent harm if violations are detected.

The Customer must not process highly regulated data (e.g., HIPAA/PHI) unless explicitly agreed in writing.

10. Third-party models and subprocessors

To generate outputs, the Service may send Requests and/or relevant parts of Customer Content to third-party AI model providers (e.g., OpenAI, Anthropic, etc.) and infrastructure vendors (hosting, monitoring, etc.).

Third parties may process data under their own terms. We use contractual and technical measures to protect data, but we do not control third-party internal processes.

Providers and model versions may change for technical reasons. If the Customer requires provider restrictions, such restrictions must be configured via available options or agreed separately.

11. AI outputs and limitations

AI-generated outputs may be incorrect, incomplete, outdated, or include copyrighted material. The Customer must independently review critical outputs before using them in business processes.

The Service is not legal/medical/financial or other professional advice. The Customer must not represent the assistant as a substitute for a qualified professional without appropriate disclaimers and controls.

The Customer is responsible for how AI outputs are used on its side (including publication, messaging, and business decisions).

12. Security

We implement reasonable technical and organizational security measures, including encryption in transit and security controls for data access (within the implemented architecture).

The Customer must implement basic security measures on its side (access control, key protection, role management, and website/app security where the widget is embedded).

Chat history and related data may be stored encrypted at rest (e.g., in a database/Strapi). Decryption keys/secrets are stored separately from the data and are used by the application to provide the Service functionality (within the implemented architecture).

13. Personal data and DPA

Personal data processing is described in the Privacy Policy. In B2B scenarios, the Customer is typically the controller and we act as a processor for End User data processed on the Customer’s behalf.

If required, the parties will enter into a Data Processing Agreement (DPA). The Customer may request a DPA via our contact email.

The Customer must not provide personal data beyond what is necessary and should configure the assistant to minimize data collection (privacy by design).

14. Fees and billing

Paid features are provided on a subscription and/or usage-based basis, according to the selected plan and the pricing shown at checkout or in the interface.

If limits apply (tokens/messages/scanning/projects/workspaces), exceeding limits may stop features or incur additional charges as defined by the plan.

Fees are generally non-refundable except where required by law or expressly agreed in writing.

The Customer is responsible for its taxes, fees, and reporting obligations unless applicable law or a separate agreement states otherwise.

The base billing currency is U.S. dollars (USD). Plan prices, limits and charges for subscription/overages are accounted for in USD unless expressly stated otherwise.

For Clients paying from the Russian Federation, the Service may accept payments in Russian rubles (RUB) and display prices in RUB. However, the Client’s internal balance/accounting is credited in the equivalent amount of USD.

RUB → USD conversion is performed using the official exchange rate of the Bank of Russia (CBR) on the date/time of payment authorization (confirmation), plus a 4% FX markup, unless stated otherwise at checkout or in the interface.

RUB amounts displayed in the interface are informational and may change due to exchange-rate fluctuations without separate notice. The USD balance/accounting is controlling.

After a top-up, regardless of later exchange-rate changes, the credited USD amount remains the same and subsequent subscription/usage charges are made in USD. Future top-ups/payments may require a different RUB amount due to exchange-rate changes.

If a refund is required by law or expressly agreed by the parties in writing, any conversion (if applicable) will be made using the CBR exchange rate on the refund date, taking into account the applicable FX markup and actual payment-provider fees.

15. Bring Your Own Key (BYOK)

If the plan allows BYOK, the Customer authorizes us to store and use the Customer’s keys solely to proxy requests to the selected provider.

The Customer is responsible for all third-party costs and terms associated with its keys. We are not responsible for the Customer’s provider billing.

The Customer must protect its keys and revoke them if compromise is suspected. We may suspend key usage in case of suspected abuse.

16. Intellectual property

The Service, code, interfaces, documentation, and Provider materials are owned by us or our licensors and are protected by law.

The Customer receives a limited, revocable, non-transferable right to use the Service within the selected plan. No other rights are granted unless expressly stated.

17. Confidentiality

Each party must keep the other party’s non-public information confidential and use it only to perform under these Terms.

Confidentiality does not apply to information that becomes public through no fault of the receiving party or is disclosed under a valid legal requirement.

18. Disclaimer of warranties

THE SERVICE IS PROVIDED “AS IS” AND “AS AVAILABLE”. We do not warrant uninterrupted or error-free operation or that the Service will meet the Customer’s requirements.

We do not warrant the accuracy of AI outputs and are not responsible for decisions made based on generated outputs.

19. Limitation of liability

To the maximum extent permitted by law, our aggregate liability under these Terms is limited to the fees paid by the Customer for the Service in the last 12 months or USD 100, whichever is greater.

We are not liable for indirect, incidental, special, consequential damages, lost profits, loss of data, or loss of goodwill, even if advised of the possibility.

20. Indemnification

The Customer will indemnify and hold the Provider harmless from third-party claims arising out of Customer Content, widget configuration, the Customer’s use of the Service, or the Customer’s violation of law or third-party rights.

The Provider may participate in the defense with its own counsel; the Customer must cooperate and provide required information.

21. Suspension and termination

We may suspend the Service (in whole or part) for violations, abuse, security risks, legal requirements, or to prevent harm.

The Customer may stop using the Service at any time by removing the widget/ending usage, subject to plan subscription periods and billing terms.

Sections that by their nature should survive (confidentiality, liability, IP, indemnification, etc.) will survive termination.

22. Governing law

These Terms are governed by the laws of the Russian Federation, without regard to conflict of laws rules, unless otherwise agreed in writing.

23. Dispute resolution

The parties will attempt to resolve disputes informally by sending a written notice to the contact emails.

If unresolved, disputes will be submitted to the Arbitrazh Court of the City of Moscow (Russia), unless mandatory law provides otherwise.

24. Changes to the Terms

We may update these Terms. The updated version will be published in the interface or on the website.

Continued use of the Service after the effective date of changes constitutes acceptance of the updated Terms.

25. Contact

Questions about these Terms: mail@riserlabs.io.