VISIONAI TERMS OF SERVICE
AND DATA PROCESSING AGREEMENT (ART. 28 GDPR)
SECTION A - TERMS OF SERVICE (AGB)
1. General
1.1 These Terms of Service ("Terms") govern the use of the cloud-based software-as-a-service product "VisionAI Service" and all related consulting, workshops, onboarding, and other services provided by VisionAI GmbH / Vision Ventures UG ("VisionAI").
1.2 VisionAI provides the Services exclusively to entrepreneurs within the meaning of § 14 BGB. Any conflicting or deviating general terms of the Customer are rejected and shall not apply unless VisionAI expressly agrees to them in text form.
1.3 To use the VisionAI Service, the Customer creates an organization registration and a workspace account for each user. VisionAI processes the user's name, business email address, and the desired workspace name (e.g., organization or shop name).
1.4 The Customer must ensure that registration information is complete and correct and remains up to date throughout the contract term.
2. Definitions
2.1 "SKU" (Stock Keeping Unit) means each parent product and each variant.
2.2 VisionAI reserves the right, at its sole discretion, to determine the SKU counting methodology for billing, quota calculation, and usage determination, including (without limitation) counting all SKUs as standalone units irrespective of similarity or aggregation logic.
2.3 For a SKU, up to three product images are included. For each additional set of up to three images, VisionAI may count the same product as an additional SKU.
2.4 VisionAI's determination of SKU counting, image counting, and related calculations is binding unless manifestly incorrect.
2.5 "Fix Credits" are usage-based units included in a defined monthly quota under the selected subscription plan.
2.6 "Flex Credits" are additional credits that may be automatically provided once the Fix Credit quota is exhausted.
2.7 "Billing Month" means the period from the first to the last calendar day of a month.
2.8 "Cap" means a Customer-defined monthly spending cap for Flex Credits for the respective Billing Month, if set.
3. Provision of Services, Availability, and Support
3.1 VisionAI aims to provide high availability according to economically and technically reasonable standards. However, VisionAI does not guarantee uninterrupted or error-free availability and does not provide an uptime percentage commitment.
3.2 Planned maintenance, unforeseen disruptions, and force majeure do not constitute defective availability. Maintenance will, where possible, be announced and performed outside typical business hours (Monday-Friday 08:00-17:00 CET/CEST).
3.3 VisionAI aims to provide high service quality and process requests promptly under economically and technically reasonable standards.
3.4 If the Customer requests prioritized processing of bug reports or feature requests, this requires a separate agreement and remuneration.
3.5 Remediation of reproducible software defects is included in the subscription fee.
4. Service Characteristics, AI Nature, and No Performance Guarantee
4.1 The Services are algorithmic and AI-based systems. Outputs may be probabilistic, dynamically generated, and subject to continuous optimization.
4.2 VisionAI does not guarantee any specific ranking, placement, traffic level, conversion rate, revenue outcome, or business result.
4.3 Ranking logic, weighting, indexing behavior, and model parameters are proprietary and non-transparent. VisionAI has no obligation to disclose algorithmic logic or maintain historical ranking behavior.
4.4 AI-generated outputs may contain inaccuracies. The Customer remains responsible for all commercial decisions and actions taken based on outputs.
5. Product Data, Technical Prerequisites, and Integration
5.1 The Customer must provide VisionAI with all product data required to perform the Services in market-standard quality and in a timely manner. The Customer is solely responsible for incomplete, incorrect, or low-quality data.
5.2 The Customer must, at its own expense, ensure all technical prerequisites for operating the VisionAI Service (including compatible systems, sufficient capacity, API access, permissions/scopes, feeds) are met. Delays or limitations due to missing prerequisites are the Customer's responsibility and do not affect the payment obligation.
5.3 Data transfer occurs as follows unless otherwise agreed:
(a) Shopify / Shopware: via VisionAI plugin.
(b) Other systems: via API access, data feed, or other suitable infrastructure provided by the Customer.
5.4 If the Customer culpably delays provision of data, credentials, approvals, or cooperation, all performance and delivery timelines of VisionAI are extended by the duration of the delay plus a reasonable ramp-up period of at least ten (10) business days.
5.5 If required cooperation is not provided, performance timelines shift accordingly; additional costs may be invoiced pursuant to clause 8.8.
5.6 Tracking, Cookie Implementation, Consent
(a) The Customer must implement and keep active the VisionAI tracking integration as instructed by VisionAI (e.g., cookie/pixel/script tag or similar) ("Tracking Integration"), including on all relevant shop pages required for measuring search, interaction, and conversion performance.
(b) The Customer is solely responsible for ensuring a valid legal basis (including, where required, consent under ePrivacy/TTDSG/GDPR) and for providing all required information in its cookie banner and privacy notice.
(c) If the Tracking Integration is missing, incomplete, blocked, or incorrectly configured, reporting and certain service features may be limited; this does not reduce the Customer's payment obligations.
6. Usage Control, Credits, Reporting
6.1 Pricing and Invoicing
(a) Fix Credits are invoiced monthly in advance at the unit price agreed in the main contract/plan.
(b) Flex Credits are invoiced at month-end in arrears based on actual usage. Flex Credits do not roll over.
6.2 Soft Cap, Alerts, Flex Credits, Customer Cap
(a) Alerts are issued at 80% and 100% consumption of the monthly Fix Credit quota (dashboard and email).
(b) Upon reaching 100% of Fix Credits, the Service continues and Flex Credits are booked automatically based on actual usage.
(c) The Customer may define a monthly Cap. If a Cap is set, Flex Credits are booked automatically up to the Cap amount for the respective Billing Month.
(d) If no Cap is set, Flex Credits are billed pay-as-you-go (PAYG) based on actual monthly usage without an upper limit.
(e) When the Cap is reached, VisionAI may suspend or technically limit the Service (in whole or in part) until the start of the next Billing Month, unless the Customer increases the Cap.
(f) The Customer may set, change, or remove the Cap in text form and/or via the VisionAI dashboard settings. Changes apply only prospectively to further usage within the current Billing Month; retroactive limitation is excluded.
6.3 Dashboard and Monthly Reports
VisionAI provides a dashboard and monthly reports (e.g., PDF/CSV). Objections must be raised within four (4) weeks after provision; otherwise the report is deemed accepted.
6.4 No Rollover
Unused Fix Credits expire at the end of the Billing Month. No rollover applies.
6.5 Quota Changes
The Customer may increase its Fix Credit quota at any time in text form. Reduction during a minimum term is excluded.
7. Payments, Payment Methods, Default
7.1 Payment Methods
Payment is made via the payment system provided by the shop platform (Shopify, Shopware, etc.) and/or by credit card and/or SEPA direct debit, unless otherwise agreed in writing.
7.2 Due Dates and Taxes
Fix fees are due monthly in advance. Flex fees are due within fourteen (14) days after invoice. All prices are net plus statutory VAT.
7.3 Escalation in Case of Repeated Default
If the Customer is in default twice within twelve (12) months, VisionAI may automatically switch invoicing from the third open claim onward to quarterly prepayment. VisionAI will inform the Customer no later than with the next invoice.
7.4 Default Consequences
In case of default, statutory default interest under § 288 BGB applies plus a reminder fee of EUR 15 per reminder. VisionAI may suspend Services, require advance payment, and after a further reminder terminate extraordinarily with a 14-day notice period.
7.5 Annual Inflation Adjustment (Increases Only)
On 1 January each year, the net fee increases automatically by the percentage increase of the German Consumer Price Index (base year 2020 = 100) for November of the previous year compared to November of the year before. If the change is zero or negative, no adjustment applies.
7.6 Cost-Based Price Adjustments
VisionAI may adjust fees for Fix Credits, Flex Credits, and other contractual services if VisionAI's cost base materially changes due to market developments, procurement, licenses, energy, personnel costs, or comparable external circumstances.
7.7 Notice and Objection
VisionAI will notify price adjustments at least four (4) weeks before they take effect in text form. If the Customer objects, VisionAI may terminate the contract ordinarily. The Customer has no special termination right due to price adjustments.
7.8 Integration Delay Billing
(a) The Customer must actively advance integration. If required cooperation is missing for more than eight (8) weeks after the contractually intended start date, VisionAI may invoice the entire period (including any test phase) to offset provisioning costs and AI model training efforts.
(b) The remuneration for the agreed term (including test phase) may be split into four equal partial invoices. For each additional full month of delay after the eight-week period, VisionAI may issue an additional partial invoice of the same amount.
7.9 Foreign Currency Fees
If payments occur in a currency other than EUR, any conversion fees or charges by banks, payment providers, or platforms (including Shopify) are borne exclusively by the Customer.
7.10 Onboarding and Contract Start
The first contract month is an onboarding month. Payment obligations begin with contract start and apply in full for the onboarding month regardless of onboarding progress.
7.11 Display and Communication of Credit Unit Prices
Credit unit prices and current credit consumption may be displayed in the VisionAI backend/dashboard. Price adjustments are governed exclusively by clauses 7.5-7.7. A dashboard display alone does not constitute a valid price adjustment notice.
8. Intellectual Property, Open Source, Data Rights
8.1 The Customer receives a non-exclusive, non-transferable right to use the VisionAI Service for the contract term.
8.2 VisionAI may use open-source software (OSS). Rights and obligations for OSS are governed by the relevant OSS licenses, available in the "Third-Party-Notices" repository in the backend.
8.3 All models, algorithms, embeddings, evaluations, and improvements developed by VisionAI remain VisionAI's property.
8.4 Use of Data for Improvement; No AI Training on Identifiable Personal Data
(a) VisionAI may use (i) non-personal product data and (ii) aggregated, anonymized, or otherwise non-identifiable metrics (including metrics derived from processing that may technically involve personal data) to train, test, improve, and develop its systems, including after contract termination.
(b) VisionAI does not use identifiable personal data to train AI models.
(c) Where personal data is technically processed (e.g., via platform scopes or Tracking Integration), VisionAI processes such personal data only to provide, evaluate, secure, and improve the Services, applying data minimization and aggregation/pseudonymisation where technically feasible.
8.5 Deletion, Return, and Retention After Termination
(a) Personal data processed under the Data Processing Agreement is deleted/returned in accordance with Section B (in particular clause 32) and, as a rule, within thirty (30) days after contract termination, unless statutory retention obligations apply.
(b) Backup copies are deleted/overwritten within regular backup deletion cycles; where technically unavoidable, residual backup persistence may last up to sixty (60) days after termination.
(c) Non-personal product data and non-identifiable aggregated/anonymized metrics may be retained for system improvement in accordance with clause 8.4 and Section B clause 32.3, unless contractually restricted.
9. Acceptable Use
9.1 Prohibited uses include (without limitation): infringement of third-party rights, unlawful or discriminatory content, spam, manipulation, overload or disruption of systems, and criminal data offenses.
9.2 Violations entitle VisionAI to suspend access, delete affected content, and/or terminate extraordinarily.
9.3 VisionAI may suspend access of a Customer or individual users in whole or in part if there are concrete indications of misuse, system endangerment, or violations of these Terms. Suspension is lifted once the suspicion is resolved.
10. Third-Party Dependencies
10.1 VisionAI is not responsible for outages, limitations, policy changes, access scope restrictions, API changes, or performance issues caused by third-party platforms or infrastructure providers (including but not limited to Shopify, Shopware, and AWS).
10.2 Such events and required service adjustments do not constitute breach.
10.3 Subprocessors (Service Providers) - Notification and Objection
VisionAI may engage service providers (including subprocessors within the meaning of the DPA) to provide the Services. VisionAI will notify the Customer in text form within a reasonable period before adding or replacing a subprocessor. The Customer may object within fourteen (14) days for legitimate data protection reasons. If the parties cannot agree on a reasonable solution, VisionAI may terminate the affected Services with reasonable notice.
11. Confidentiality
11.1 All confidential information must be kept confidential during the contract term and for three (3) years after termination.
12. Warranty and Liability
12.1 VisionAI is liable without limitation for intent and gross negligence.
12.2 To the maximum extent permitted by law, VisionAI's total aggregate liability arising out of or in connection with the Services is limited to the lower of:
(a) the total fees paid by the Customer in the preceding twelve (12) months, or
(b) EUR 10,000.
12.3 VisionAI is not liable for indirect or consequential damages, lost profits, lost revenue, business interruption, reputational damage, loss of data, ranking fluctuations, AI output inaccuracies, or third-party platform failures.
12.4 Liability limitations do not apply to injury to life, body or health, mandatory statutory liability, or where liability cannot be limited by law.
12.5 The Customer is responsible for misuse or unlawful use by its users and is liable for such conduct.
13. Termination, Notices, Offboarding
13.1 Ordinary notice periods result from the main contract/plan.
13.2 VisionAI may terminate extraordinarily with a 14-day notice period if the Customer repeatedly defaults on payment.
13.3 Partial termination of individual products/services is permitted; any discounts may be adjusted accordingly.
13.4 Form and Address for Termination
(a) Terminations must be made in text form (§ 126b BGB) and must be sent exclusively to cancelations@visionai.co.
(b) Termination becomes effective upon receipt at cancelations@visionai.co. Other addresses do not constitute receipt.
(c) A termination sent to another address is only effective if VisionAI expressly confirms the termination as such.
(d) If cancelations@visionai.co is demonstrably technically unreachable (no delivery and no automatic receipt confirmation within one (1) business day), termination may be sent to invoice@visionai.co and becomes effective upon receipt there.
(e) For subscription packages that technically allow cancellation via the Customer's shop system or VisionAI backend, such cancellation is deemed a text-form termination and becomes effective upon the system confirmation displayed to the Customer.
13.5 Offboarding Call
(a) Within ten (10) business days after receipt of termination, the Customer participates in an offboarding call (video/phone, approx. 45 minutes). VisionAI offers at least three reasonable time slots.
(b) If the Customer does not participate or cancels twice at short notice, VisionAI may perform offboarding without the call. Additional effort is invoiced at EUR 260/hour or a flat fee of EUR 1,600 (Customer may prove lower effort).
(c) Special services (e.g., specific exports/migration scripts) require separate commissioning.
13.6 Data export (common formats such as CSV/JSON) and deletion occur independently of the offboarding call according to the agreed timelines under Section B.
13.7 Clauses 13.5-13.6 apply for sixty (60) days after contract end.
13.8 Processing or replying to messages sent to other addresses does not constitute acceptance of termination; explicit confirmation under 13.4(c) is required.
14. Continued Use After Termination
14.1 Upon effectiveness of termination, the Customer's right to use the Services ends. The Customer must immediately delete, uninstall, and/or deactivate all service components and stored access credentials.
14.2 If the Customer continues to use the Services after termination or fails to fully uninstall/deactivate, this constitutes unauthorized continued use. For each started calendar month of unauthorized use, the Customer owes:
(a) the last agreed monthly fee ("continued use fee"), plus
(b) a contractual penalty of 50% of the continued use fee, at least EUR 50 per started calendar month.
14.3 The contractual penalty is credited against further damages. VisionAI's right to claim additional damages remains unaffected.
14.4 The Customer may prove that no damage or significantly lower damage occurred.
15. Marketing Reference Right
15.1 The Customer permits VisionAI to use the Customer's name and logo as a reference unless the Customer objects in writing.
16. Assignment / Transfer of Contract
16.1 VisionAI may transfer this contract to an affiliated company (§§ 15 ff. AktG). VisionAI will inform the Customer at least two (2) months in advance.
16.2 VisionAI may also transfer this contract as part of a corporate transaction (restructuring, financing, asset deal, merger, or sale of business) to a legal successor. The Customer's consent is not required.
17. Changes to Terms and Linked Policies
17.1 VisionAI may change these Terms or linked documents if such change is reasonable for the Customer.
17.2 VisionAI informs the Customer by email at least four (4) weeks before the change becomes effective.
17.3 If the Customer objects within two (2) weeks, the old terms continue to apply; VisionAI may then terminate with four (4) weeks' notice.
17.4 If the Customer does not object, the changes are deemed approved.
18. Dispute Resolution and Mediation
18.1 Before initiating court proceedings, the parties will first conduct mediation under the DIS Mediation Rules.
18.2 If no joint mediation appointment is scheduled within sixty (60) days after receipt of the mediation request or the mediation fails, either party may initiate court proceedings.
19. Final Provisions
19.1 In case of contradictions, the main contract takes precedence over these Terms.
19.2 Amendments or Supplements
Amendments or supplements to the main contract require text form (§ 126b BGB), unless mandatory law requires a stricter form. Plan-/quota adjustments under clause 6 and changes to these Terms under clause 17 remain unaffected.
19.3 German law applies. Exclusive place of jurisdiction is Bielefeld, Germany.
19.4 The current version of these Terms and linked policies is available at www.visionai.co/agb.
19.5 In case of language inconsistencies, the English version prevails.
SECTION B - DATA PROCESSING AGREEMENT (PURSUANT TO ART. 28 GDPR)
20. Parties and Roles
20.1 The respective Customer is the "Controller".
20.2 VisionAI is the "Processor".
21. Subject Matter and Scope
21.1 VisionAI provides IT services in the field of e-commerce search technology, product ranking, performance optimization, analytics, and automation systems.
21.2 This DPA governs processing of personal data within the meaning of Art. 4(1) GDPR to the extent such processing occurs in connection with the Services.
21.3 This DPA applies to all Customers of VisionAI, regardless of the e-commerce platform used.
21.4 Core Functionality vs. Analytics/Improvement
Personal data is generally not required for the core ranking/search functionality. However, personal data processing may become relevant depending on the Controller's platform configuration, granted access scopes, and Tracking Integration, in particular for evaluation, measurement, troubleshooting, security, and improvement of the Services.
21.5 The duration of this DPA corresponds to the duration of the underlying service agreement.
22. Nature of Processing, Data Subjects, and Data Categories
22.1 Primary Processing (All Customers; typically non-personal data)
The Services primarily require processing of non-personal data, including:
(a) product data (titles, descriptions, images, variants, categories),
(b) pricing and inventory data,
(c) aggregated revenue and performance metrics,
(d) search and interaction data without personal reference.
22.2 Potential Personal Data in Platform Integrations (especially Shopify)
22.2.1 Where the Controller integrates VisionAI into platforms that provide API-based access to data (e.g., Shopify), technical access to personal data may be possible depending on permissions/scopes granted by the Controller during installation ("Access Scopes").
22.2.2 Depending on the approved scopes, the following categories of personal data may be technically accessible:
If "read orders" (or similar) scopes are granted:
- order number, cart contents, payment status, shipping/billing address, customer name, email address.
If "read customers" (or similar) scopes are granted:
- customer ID, first/last name, email address, telephone number, address details.
22.2.3 Shopify may distinguish "Protected Customer Data" which is accessible only if explicitly approved by the Controller.
22.2.4 The Controller independently determines which API scopes are granted and remains responsible for the lawful basis under GDPR.
22.2.5 Where the Tracking Integration and/or platform configuration enables it, online identifiers and event data may be processed, such as cookie IDs, device/session identifiers, timestamped interaction events, and related logs, to the extent this constitutes personal data under GDPR.
22.3 Data subjects may include (depending on integration scopes): the Controller's customers/end-users and the Controller's employees/users.
23. Purpose Limitation and Use Restrictions
23.1 Personal data (where technically accessible) is processed solely for proper provision of the contracted Services.
23.2 Processing serves exclusively:
(a) operation and optimization of the search and ranking engine,
(b) sorting and prioritization of products based on revenue and performance metrics,
(c) automated boosting of high-performing products,
(d) calculation of aggregated business performance indicators,
(e) generation of transparency and ROI reports within the dashboard,
(f) system integrity, monitoring, and error diagnostics,
(g) evaluation, measurement, and continuous improvement of the Services (e.g., effectiveness of ranking/search, feature performance, and quality assurance), using aggregation/pseudonymisation where technically feasible.
(h) used in anonymized and aggregated form for market analyses, benchmarking, and reporting, including reports shared with third parties, provided that no natural person or customer can be identified, directly or indirectly.
23.3 No individual analysis or profiling of natural persons is performed.
23.4 Personal data will not be:
(a) used for marketing,
(b) sold or disclosed for independent commercial exploitation,
(c) used for customer profiling,
(d) used for training AI models involving identifiable personal data.
23.5 Training and Improvements
Algorithmic improvements and AI training are based exclusively on non-personal product data and/or aggregated, anonymized, non-identifiable metrics. Identifiable personal data is not used for AI model training.
23.6 Storage Limitation
Personal data is not persistently stored beyond what is technically necessary for service provision, evaluation, security, and improvement, and is minimized and aggregated/pseudonymised where technically feasible. Persistent storage may occur only to the extent required by the Controller's configuration or necessary for providing agreed service functions.
23.7 Controller Obligations for Tracking/Consent
Where the Controller implements the Tracking Integration, the Controller remains responsible for (i) obtaining any required consent, (ii) providing legally required information to data subjects, and (iii) ensuring a valid legal basis for the processing.
24. Instructions
24.1 VisionAI processes personal data solely on documented instructions from the Controller, unless required by Union or Member State law.
24.2 If VisionAI considers an instruction to infringe data protection law, VisionAI will inform the Controller without undue delay.
25. Confidentiality
25.1 VisionAI ensures that persons authorized to process personal data are bound by confidentiality obligations.
25.2 Confidentiality obligations continue beyond termination of employment or engagement.
26. Technical and Organisational Measures (Art. 32 GDPR)
26.1 VisionAI implements appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:
(a) TLS-encrypted data transmission,
(b) role-based access controls,
(c) restricted access to authorized personnel,
(d) logging of security-relevant access,
(e) hosting within the European Union,
(f) firewall and security monitoring systems,
(g) regular backups,
(h) pseudonymisation where technically feasible.
26.2 Measures are subject to continuous review and improvement.
27. Assistance Obligations
27.1 VisionAI reasonably assists the Controller with:
(a) data subject requests (access, rectification, erasure, restriction, portability),
(b) DPIAs,
(c) consultation with supervisory authorities,
(d) breach notification compliance.
27.2 Assistance exceeding the agreed service scope may be subject to reasonable compensation.
28. Personal Data Breaches
28.1 VisionAI notifies the Controller without undue delay after becoming aware of a confirmed personal data breach.
28.2 VisionAI provides information reasonably required to comply with Art. 33 and 34 GDPR.
29. Subprocessors
29.1 The Controller authorizes the following subprocessor:
Amazon Web Services EMEA SARL - hosting within the European Union.
29.2 Further subprocessors may be engaged with prior authorization by the Controller, unless a notification-and-objection process is agreed in the main Terms. Where such a process applies (see Section A clause 10.3), VisionAI will notify the Controller in text form and allow objection within at least fourteen (14) days for legitimate data protection reasons.
29.3 All subprocessors are bound by agreements in accordance with Art. 28(2)-(4) GDPR.
30. International Transfers
30.1 If personal data is transferred outside the EU/EEA, VisionAI applies appropriate safeguards, including (where applicable) Standard Contractual Clauses.
31. Audit and Inspection Rights
31.1 The Controller may verify compliance in an appropriate manner.
31.2 Verification may be satisfied through certifications, independent audit reports, and/or written documentation of TOMs.
31.3 On-site inspections require reasonable advance notice and must not disproportionately disrupt operations.
31.4 Audit costs are borne by the Controller unless material non-compliance is proven.
32. Deletion and Return of Data
32.1 Upon termination, personal data is deleted/returned within thirty (30) days unless statutory retention obligations apply.
32.2 Backup systems are subject to regular deletion/overwrite cycles. Where technically unavoidable, residual backup persistence may last up to sixty (60) days after termination.
32.3 Non-personal product data and anonymized/aggregated, non-identifiable metrics may be retained for system improvement, security, and benchmarking, including after termination, unless contractually restricted. Where such metrics are derived from processing that technically involves personal data, VisionAI will retain only non-identifiable forms and will not attempt re-identification.
33. Liability
33.1 Liability is governed by Art. 82 GDPR and the liability provisions in Section A; to the extent legally permissible, the liability limitations in Section A apply correspondingly.
34. Final Provisions
34.1 Amendments must be made in text form.
34.2 If any provision is invalid, the remainder remains effective.
