Terms of Service

2.1 License

Subject to the Agreement and timely payment, Renocount grants you a non-exclusive, non-transferable, revocable right to access and use the Services for your internal business purposes.

2.2 Accounts

You will provide accurate registration data, maintain security of credentials, and remain responsible for activities under your accounts.

2.3 Acceptable Use

You will not: (i) violate law; (ii) infringe IP, privacy, or publicity rights; (iii) bypass security, rate limits, or RLS policies; (iv) overload, disrupt, or scrape; (v) use the Services/Outputs to build or train a competing product or model; (vi) upload harmful code; or (vii) misuse communication channels (e.g., spam or unauthorized outreach).

2.4 Changes

We may improve or modify the Services. Non-material changes may occur without notice; material adverse changes will be notified at least 14 days in advance.

3.1 User Content

You retain ownership of User Content. You grant Renocount a non-exclusive, royalty-free, worldwide, sublicensable license to host, process, transmit, display, and modify User Content solely to provide, secure, support, and maintain the Services.

3.2 No Training by Default (Opt-In Only)

We do not use User Content or personal data for model training/fine-tuning unless you explicitly opt in in writing, and only as permitted by applicable law and our DPA. Models already trained cannot be "untrained".

3.3 Outputs (Self-Service Platform)

Unless otherwise agreed in writing, you own the Outputs you generate. You grant us a limited license to use Outputs internally for quality, security, abuse detection, and support. We will not publicly showcase Outputs in a way that identifies you without your prior consent.

3.4 Deliverables (Managed Services)

Upon full payment, you own Deliverables, excluding Renocount's software, models, tools, and methodologies. We retain a non-exclusive, royalty-free, perpetual license to use Deliverables internally for quality and security, and externally for marketing only with your prior written consent if you can be identified.

4.1 Scope & Fees

Scope, pricing, and term are set out on our website or in an order form/proposal.

4.2 Initial Minimum Term

Unless the order form states otherwise, subscriptions/retainers have a minimum initial commitment of six (6) months ("Initial Term").

4.3 Renewal

After the Initial Term, subscriptions renew monthly unless either party gives 30 days' notice to not renew.

4.4 Cancellation

You may cancel effective at the end of the current term. Early cancellation during the Initial Term does not relieve payment for the remainder of the Initial Term.

5.1 Export Anytime

You may download or request a copy of data you provided (User Content and associated metadata we store for you) at any time during the term.

5.2 On Termination

Upon termination/expiry, we will, on request, provide a 30-day export window. After that, we will delete or irreversibly anonymize Customer Data from active systems, subject to legal retention and standard backups.

5.3 What You Can Export

You can export a copy of Customer Data that you provided or connected through the Services, subject to applicable legal limits and third-party platform constraints.

6.1 GDPR

Where we process personal data on your behalf, you are the controller and we are the processor. The DPA forms part of this Agreement.

6.2 Data Residency and Secure Storage (Supabase, Fly.io)

EU data sovereignty: primary Customer Data is stored in Supabase infrastructure located in Stockholm (EU), and the backend application — including the web-chat widget service, the calls-assistant webhook/websocket bridge, and the email-draft workers — is hosted on Fly.io in an EU region.

Database security: data is protected with encryption at rest and in transit, role-based access controls, row-level security policies, and monitoring.

6.3 Web-Chat Widget

The widget runs in the visitor's browser and communicates with Renocount over HTTPS/WSS. Conversation transcripts and any attachments uploaded in chat are stored in Supabase under row-level security policies that isolate each Customer organization's data. The widget does not load third-party advertising or cross-site tracking scripts.

6.4 AI Calls Assistant (Twilio + OpenAI Realtime)

Inbound calls handled by Renocount are received via Twilio Voice. Depending on business-hours and routing rules configured in the order form, the call is either forwarded to a human number or bridged to the OpenAI Realtime API via Twilio Media Streams to be handled by the AI assistant. Real-time audio is streamed and not persistently stored by default; where call recording is explicitly enabled, recordings and transcripts are retained per the Service Description and the Privacy Policy.

6.5 Email-Draft Workflows (Microsoft Graph / Gmail)

Information retrieved from connected Outlook (Microsoft Graph) or Gmail mailboxes is accessed using OAuth 2.0 with the minimum scopes required to read inbound messages and create reply drafts. We do not store mailbox passwords; OAuth access and refresh tokens are stored encrypted and can be revoked by the Customer at any time. Drafts are created in the Customer's own mailbox for human review; Renocount does not send email on the Customer's behalf from the connected mailbox without explicit configuration. Transactional and notification email (e.g., lead notifications from the chat widget) are sent via Resend.

6.6 AI Sub-Processing and Model Training

We maintain Data Processing Agreements with our material sub-processors, including Supabase, Fly.io, OpenAI, Twilio, Resend, Microsoft, and Google. Customer Data is sent to OpenAI only to the extent necessary to generate responses, transcripts, and drafts for the web-chat, calls assistant, and email-draft workflows, and is not used to train OpenAI's public models (we rely on OpenAI's API data-handling and Zero Data Retention options where available). The current Sub-processor List is incorporated into this Agreement by reference.

6.7 In-Transit Encryption (HTTPS/TLS, WSS)

All data transfers — including the web-chat WebSocket, the Twilio Media Streams bridge, OpenAI API and Realtime traffic, Microsoft Graph and Gmail API calls, and Resend delivery — are protected in transit using modern HTTPS/TLS (or WSS) protocols.

6.8 International Transfers

Where a sub-processor (in particular OpenAI, Twilio, Resend, Microsoft, or Google) processes Customer Data outside the EU/EEA, we rely on appropriate safeguards under Chapter V GDPR, including the European Commission's Standard Contractual Clauses and, where applicable, the EU–US Data Privacy Framework.

6.9 Incidents

We will notify you without undue delay and in any event within 72 hours of becoming aware of a personal data breach affecting your data, including GDPR-required details. We will also notify the relevant supervisory authority within 72 hours where required by GDPR.

11.1 By Customer

You will indemnify and hold Renocount harmless from third-party claims arising from (i) your breach of the Agreement or law; (ii) your User Content; or (iii) misuse of the Services.

11.2 By Renocount

We will defend and indemnify you against third-party claims alleging that the Services (as provided by us) infringe EU or Finnish IP rights, provided you: (a) promptly notify us; (b) allow us sole control of the defense; and (c) cooperate reasonably. We may procure rights, modify, or terminate the affected portion with a pro-rata refund. Exclusions: your unauthorized modifications/combinations or misuse.