Preamble
These Terms of Service constitute a legally binding agreement between SECURITY 53 QUANTUM S.R.L. and the Client. By signing a Service Agreement, by ticking the acceptance box, or by otherwise confirming acceptance (including by e-mail) or by using the Services, the Client confirms that it has read, understood and agreed to be bound by these Terms, including the clauses expressly accepted under Section 25. If the Client does not agree, it must not contract or use the Services.
Effective date of this version: 16.06.2026.
1. Identification of the Provider
These Terms of Service (the “Terms”) govern the provision of services by SECURITY 53 QUANTUM S.R.L., a limited liability company (societate cu răspundere limitată) organized and functioning under the laws of Romania, in particular Law no. 31/1990 on companies, republished, with the following identification data: registered office in Sat Șelimbăr, Comuna Șelimbăr, Str. Petre Alexandrescu nr. 1A, Sibiu County, Romania; registered with the Trade Register kept by the Tribunal of Sibiu (Oficiul Registrului Comerțului de pe lângă Tribunalul Sibiu) under no. J2026037546009; sole registration code (CUI) 54863868, assigned on 09.06.2026; European Unique Identifier (EUID) ROONRC.J2026037546009; e-mail: office@security53.com; website: security53.com (the “Provider”, “Security53”, “we”, “us”).
The Provider's main activity is custom software development – client-oriented software (CAEN 6210), together with secondary activities including IT consultancy and computing management (CAEN 6220), other IT service activities (CAEN 6290), business and management consultancy (CAEN 7020), graphic design and visual communication (CAEN 7412), advertising agency activities (CAEN 7311), and market research and public opinion polling (CAEN 7320), as recorded in its constitutive act and the Trade Register. The Services described in these Terms fall within this registered object of activity.
The Provider is legally represented by its sole shareholder and administrator, who holds full powers of administration and representation in accordance with the Provider's constitutive act and Law no. 31/1990.
These Terms are published on the Website and apply to all Services offered by the Provider, together with any individual service agreement, statement of work, proposal, or order form concluded with a client (each, a “Service Agreement”). In case of conflict or inconsistency, the documents shall prevail in the following order: (1) the signed Service Agreement and its annexes; (2) the data processing agreement (DPA); (3) these Terms; (4) the content of the Website.
2. Definitions
“Client” means any legal entity, authorized natural person (persoană fizică autorizată – PFA), individual enterprise, sole proprietorship, or other professional acting within the scope of its business activity, which contracts the Services.
“Services” means the AI automation services provided by Security53, including without limitation: analysis, design, configuration, deployment, hosting, operation, monitoring, maintenance and support of automation workflows, AI assistants and chatbots, AI-driven communication systems, AI-generated content systems, integrations with third-party platforms, and related consulting services.
“Deliverables” means the workflows, automations, configurations, prompts, system instructions, integrations, documentation and other outputs created or configured by the Provider for the Client under a Service Agreement.
“Third-Party Services” means services operated by third parties and used in delivering the Services, including without limitation cloud and hosting providers, AI model providers, messaging and communication platforms, e-mail and calendar providers, database providers, and any other external platform integrated into the Services.
“Client Data” means all data, content, information, credentials, accounts, and materials made available by or on behalf of the Client to the Provider, or processed through the Services at the Client's instruction, including personal data of the Client's representatives, employees, customers and contacts.
“Confidential Information” means any non-public information disclosed by one party to the other in connection with the contract, regardless of form or medium, that is designated as confidential or that should reasonably be understood as confidential given its nature and the circumstances of disclosure.
“Force Majeure” has the meaning given by Art. 1351 of the Romanian Civil Code; “the Civil Code” means Law no. 287/2009 on the Romanian Civil Code, republished, as amended.
3. Professional (B2B) Clients Only
The Services are addressed exclusively to professionals within the meaning of Art. 3 para. (2) of the Civil Code, acting for purposes related to their trade, business, craft or profession. The Services are not offered to consumers within the meaning of OG 21/1992 and OUG 34/2014, and no contract shall be deemed concluded with a consumer.
By contracting the Services, the Client represents and warrants that: (i) it acts as a professional and not as a consumer; (ii) the person accepting these Terms or signing a Service Agreement is duly authorized to represent and bind the Client; (iii) it is validly incorporated or registered and not subject to insolvency, dissolution or liquidation proceedings at the date of contracting; and (iv) all information provided to the Provider is accurate, complete and up to date.
Consumer protection legislation, including the right of withdrawal provided by OUG 34/2014, does not apply to the contractual relationship between the parties. If, notwithstanding the foregoing, a person qualifying as a consumer contracts the Services in breach of this Section, the Provider may declare the contract void at the Client's fault and retain amounts corresponding to Services already performed.
4. Conclusion of the Contract; Electronic Acceptance and Signature
The presentation of the Services on the Website constitutes an invitation to negotiate (invitație la negociere) and not a binding offer within the meaning of Art. 1188 of the Civil Code. Prices, features and availability presented on the Website are indicative and may be modified at any time before contract conclusion.
A contract is concluded only upon: (i) signature of a Service Agreement by both parties (including by qualified or advanced electronic signature in accordance with Regulation (EU) 910/2014 – eIDAS and Law no. 214/2024 on the use of electronic signatures, time stamps and trust services); or (ii) the Provider's express written confirmation (including by e-mail) of the Client's order and, where applicable, payment of the setup fee – whichever occurs first.
Electronic acceptance and signature. Where acceptance of these Terms or signature of a Service Agreement occurs electronically – including by ticking an acceptance checkbox, by simple, advanced or qualified electronic signature, or by confirmation by e-mail – such acceptance has full legal effect in accordance with Law no. 365/2002 on electronic commerce, Law no. 214/2024 and the Civil Code. Pursuant to Law no. 214/2024, the parties expressly agree to recognize between themselves advanced and simple electronic signatures, as well as acceptance by checkbox or e-mail confirmation, as having the same legal effect as a handwritten signature for the purposes of the contractual relationship, and each party waives any objection to the validity, enforceability or evidential value of the contract based solely on its electronic form or on the type of electronic signature used.
The Provider may refuse to enter into a contract at its sole discretion, without justification, particularly where the intended use of the Services raises legal, security, ethical, or compliance concerns, or where the Client appears on, or is controlled by a person appearing on, any applicable sanctions list.
5. Scope of Services; Onboarding; Client Access
The specific scope, features, configurations and assumptions of the Services are defined in the applicable Service Agreement. Anything not expressly included is out of scope and may be subject to a separate written quotation and additional fees. Estimates of timelines are indicative only and do not constitute binding deadlines unless expressly designated as binding in the Service Agreement.
The infrastructure used to deliver the Services (servers, automation platforms, databases, AI provider accounts and related tooling) is hosted on and administered through accounts controlled by the Provider. The Client acknowledges that this architecture is an essential feature of the service model and that the Client does not acquire any right of access to, or administration of, the Provider's infrastructure, except as expressly agreed.
During onboarding, the Client grants the Provider access to the Client's relevant third-party accounts (e.g., via OAuth authorization or equivalent delegated access) strictly for the purpose of configuring and delivering the Services. The Provider shall use such access only to the extent necessary for the Services and in accordance with the principle of least privilege.
The Client may revoke such access at any time. The Client acknowledges that revocation, modification of credentials, changes to the Client's third-party account settings, or suspension of the Client's third-party accounts may render part or all of the Services inoperable. Such impairment shall not constitute a breach by the Provider, shall not give rise to any liability of the Provider, and shall not reduce or suspend the fees due for the current billing period and any applicable notice period.
The Client shall appoint a contact person authorized to provide instructions, approvals and feedback. The Provider is entitled to rely on instructions received from the Client's designated contact or from e-mail addresses and communication channels previously used by the Client, without further verification, unless the Provider has actual knowledge of their lack of authority.
6. Fees and Payment
The Services are provided in exchange for: (i) a one-time setup fee, payable in full before commencement of implementation, covering analysis, design, configuration and deployment; and (ii) a recurring monthly subscription fee, payable in advance for each billing period, covering hosting, operation, monitoring, maintenance and the agreed support. Additional services requested by the Client outside the agreed scope shall be charged separately on the basis of a written quotation accepted by the Client.
Fees are set out in the Service Agreement and may be denominated in EUR or RON, as agreed. Where fees are denominated in EUR and invoiced in RON, conversion shall be made at the National Bank of Romania (BNR) exchange rate valid on the invoice issuance date, unless otherwise agreed in writing.
All fees are exclusive of VAT and any other applicable taxes, duties or withholdings, which shall be added or borne as required by law. Where the Client is established outside Romania, any withholding taxes shall be grossed up so that the Provider receives the full invoiced amount net of such withholdings.
Invoices are issued electronically and transmitted through the national RO e-Factura system in accordance with applicable Romanian legislation (including OUG 120/2021 and OUG 89/2025) within the legal deadline. The PDF representation of an invoice is provided for convenience only; the legally relevant invoice is the one validated in the RO e-Factura system. Invoices are payable by bank transfer within the term stated on the invoice or, in the absence of such term, within 5 (five) calendar days of issuance. Payment is deemed made on the date of crediting the Provider's account.
The setup fee is non-refundable once implementation work has commenced. Monthly subscription fees paid or due for the current billing period are non-refundable, including in case of termination by the Client during that period or non-use of the Services by the Client.
In case of late payment, the Provider is entitled, without any prior notice of default (the Client being in default de drept pursuant to Art. 1523 of the Civil Code and Law no. 72/2013), to: (i) penalty interest at the rate provided by OG 13/2011 and Law no. 72/2013 for commercial transactions; (ii) the fixed minimum recovery cost of the RON equivalent of EUR 40 per invoice pursuant to Art. 10 of Law no. 72/2013; and (iii) recovery of any additional reasonable recovery costs exceeding that amount. The Provider may suspend the Services if any invoice remains unpaid 10 (ten) calendar days after its due date, upon prior written notice, and fees continue to accrue during such suspension.
The Provider may revise the monthly subscription fee with at least 30 (thirty) days' prior written notice, with effect from the next billing period following expiry of the notice. If the Client does not accept the revised fee, the Client may terminate the subscription with effect from the date the revised fee would apply, by written notice given before that date. Continued use of the Services after the effective date constitutes acceptance of the revised fee.
The Client is not entitled to withhold payment or to set off any claims against the Provider's invoices, except for claims that are undisputed or established by a final and irrevocable court decision.
7. Term; Cancellation; Termination
The subscription is concluded for an indefinite term, unless a minimum term is stated in the Service Agreement. Either party may terminate the subscription by unilateral notice (denunțare unilaterală, Art. 1276–1277 of the Civil Code), in writing (including e-mail), with at least 30 (thirty) days' prior notice. Termination takes effect at the end of the notice period; the Services shall be provided and fees remain due for the entire notice period.
Either party may terminate the contract with immediate effect, by written notice, without prior court intervention and without any other formality (pact comisoriu of the highest degree, pursuant to Art. 1553 of the Civil Code), in case of a material breach by the other party which is not remedied within 15 (fifteen) calendar days of written notice describing the breach. The following constitute material breach by the Client, without limitation: non-payment of any invoice, breach of the acceptable use rules in Section 9, breach of confidentiality, and any use of the Services exposing the Provider to legal liability.
The Provider may further terminate the contract with immediate effect and without indemnity if: (i) the Client becomes subject to insolvency, bankruptcy, dissolution or liquidation proceedings, to the extent permitted by Law no. 85/2014; (ii) the Client is listed on, or becomes controlled by a person listed on, any applicable sanctions list; or (iii) continued performance would cause the Provider to breach applicable law or the terms of a Third-Party Service.
Upon termination for any reason: (i) the Provider shall cease providing the Services at the effective date; (ii) all amounts due become immediately payable; (iii) the Client's access through the Provider's infrastructure shall be deactivated; (iv) licenses granted to the Client under Section 12 cease, except as expressly stated otherwise; and (v) upon written request made within 30 (thirty) days of termination, the Provider shall make available one export of Client Data held in the Provider's systems, in a commonly used machine-readable format, subject to payment of all outstanding amounts. After this period, the Provider may irreversibly delete Client Data from its systems, subject to legal retention obligations and the DPA.
Sections that by their nature are intended to survive termination (including confidentiality, intellectual property, limitation of liability, indemnification, non-solicitation, governing law and jurisdiction) shall survive.
8. Client Obligations and Warranties
The Client shall: (i) provide accurate, complete and lawful information, data, materials and access required for the performance of the Services, in a timely manner; (ii) ensure that it holds all rights, licenses, consents and legal bases necessary for the Provider's processing of Client Data through the Services, including with respect to the Client's own customers, contacts and employees; (iii) use the Services exclusively for its internal business purposes and in compliance with applicable law, including data protection, e-privacy, anti-spam, marketing, consumer protection, competition and sectoral legislation applicable to the Client's industry; (iv) comply with the applicable terms and policies of the Third-Party Services used in connection with its account; (v) keep its credentials and devices secure and notify the Provider without undue delay of any suspected compromise or security incident; and (vi) cooperate in good faith, including by providing feedback and approvals within reasonable timeframes.
The Client acknowledges that delays or failures by the Client in fulfilling its cooperation obligations may proportionally delay the Provider's performance, without liability for the Provider, and that the Provider may invoice the agreed fees notwithstanding such Client-caused delays.
The Client is solely responsible for: (i) the business, legal and operational decisions it makes based on the Services or their outputs; (ii) the content of communications sent to its own customers and third parties through the Services; (iii) the configuration choices it requests or approves; and (iv) verifying that its use of the Services complies with rules applicable to its specific industry (e.g., financial services, healthcare, legal services).
9. Acceptable Use
The Client shall not, and shall not permit any third party to, use the Services to: (i) violate any applicable law or regulation; (ii) send unsolicited commercial communications in breach of applicable anti-spam rules (including Law no. 506/2004 and the GDPR); (iii) transmit, store or distribute unlawful, defamatory, fraudulent, deceptive, harassing, discriminatory, or infringing content; (iv) develop, distribute or operate malware, or conduct unauthorized scanning, penetration or interference with the systems of third parties; (v) infringe intellectual property rights, trade secrets, or privacy rights of any person; (vi) impersonate any person or entity, or misrepresent the automated nature of communications where disclosure is required by law; (vii) attempt to extract, reverse engineer, copy or replicate the Provider's workflows, prompts, system architecture or know-how, except as permitted by mandatory law; (viii) resell, sublicense, or make the Services available to third parties as a service bureau, without the Provider's prior written consent; or (ix) circumvent technical or contractual usage limits, including the usage volumes of underlying AI providers.
The Provider may, but is not obligated to, monitor compliance with this Section at an aggregate or technical level. In case of actual or reasonably suspected breach, the Provider may suspend the affected Services with immediate effect, notify the Client, and require remediation before reinstatement. Repeated or serious breaches constitute material breach for the purposes of Section 7.
10. Third-Party Services; Dependencies; Subcontractors
The Services depend on Third-Party Services that are outside the Provider's control. The Provider does not control and does not guarantee the continuous availability, performance, accuracy, pricing, terms, or continued existence of any Third-Party Service. Changes, restrictions, rate limits, pricing changes, policy changes, outages, or discontinuation of Third-Party Services may affect or interrupt the Services in whole or in part.
In such cases, the Provider shall use commercially reasonable efforts to mitigate the impact, including, where feasible, by proposing alternative tools, models or architectures (which may entail additional fees if they require material re-implementation). The Provider shall not be liable for the acts, omissions, errors, outputs, or unavailability of Third-Party Services, nor for damages caused thereby, this being an assumed allocation of risk between professionals pursuant to Art. 1355 para. (3) of the Civil Code.
Where the Client's use of the Services involves Third-Party Services (e.g., business messaging platforms, e-mail providers), the Client must comply with their applicable terms and policies and shall be solely responsible for fees charged directly to the Client by such third parties (e.g., per-conversation messaging fees, API usage charged to Client-owned accounts), unless otherwise agreed in writing.
The Provider may use subcontractors and sub-processors in the performance of the Services, remaining liable for their performance as for its own. Sub-processors of personal data shall be governed by the DPA.
11. Artificial Intelligence – Specific Terms and Disclaimer
The Services incorporate artificial intelligence models and probabilistic systems. The Client acknowledges and accepts that: (i) AI-generated outputs are non-deterministic and may be inaccurate, incomplete, outdated, biased, or contextually inappropriate, despite configuration, testing and safeguards implemented by the Provider; (ii) identical inputs may produce different outputs; (iii) AI outputs do not constitute legal, tax, financial, accounting, medical, or other regulated professional advice, and must not be relied upon as such; (iv) where the configuration permits human review, the Client must review AI outputs before relying on them for significant decisions or external communications; and (v) the Provider does not warrant or guarantee any specific business result, revenue increase, cost saving, lead volume, conversion rate, response accuracy rate, or other performance outcome, unless expressly agreed in writing in a Service Agreement.
The parties shall each comply with the obligations applicable to them under Regulation (EU) 2024/1689 (the AI Act), in accordance with their respective roles and the applicable implementation timeline. To the extent the Client deploys AI systems within its business through the Services, the Client acts as deployer and remains responsible for its own obligations, including transparency obligations towards its own customers (such as informing natural persons that they are interacting with an AI system where required), human oversight within its organization, and lawful use of AI outputs. The Provider shall reasonably cooperate by providing available technical information about the configured systems.
The Client shall not use, and shall not request the Provider to configure, the Services for practices prohibited under Art. 5 of the AI Act, nor for high-risk AI use cases under Annex III of the AI Act without prior written analysis and agreement between the parties on the allocation of the resulting compliance obligations.
Outputs generated through AI models may be subject to the terms of the underlying AI model providers, including restrictions on certain uses. The Provider gives no warranty as to the intellectual property status of AI-generated outputs; the protectability and ownership of AI-generated content may be limited under applicable law, and the Client uses such outputs at its own risk in this respect.
12. Intellectual Property
All intellectual property rights over the Provider's pre-existing and independently developed materials – including know-how, methodologies, frameworks, templates, generic workflow architectures, automation patterns, prompt engineering techniques, system instructions, internal tooling, and documentation – remain the exclusive property of the Provider (“Provider Background IP”). Nothing in these Terms transfers any Provider Background IP to the Client.
Subject to full and timely payment of all fees due, the Provider grants the Client a non-exclusive, non-transferable, non-sublicensable license to use the Deliverables solely for the Client's internal business purposes, for the duration of the contract. The Deliverables, including workflow configurations hosted on the Provider's infrastructure, are not assigned to the Client and remain on the Provider's systems, unless an assignment or handover is expressly agreed in writing for an additional fee.
The Provider remains free to develop, use and provide to other clients similar or identical services, workflows, architectures, and know-how, including improvements and learnings of a generic nature derived from the performance of the Services, provided that no Confidential Information or Client Data of the Client is disclosed.
Client Data and the Client's pre-existing materials remain the property of the Client. The Client grants the Provider a non-exclusive, worldwide, royalty-free license to host, process, transmit, display and use Client Data and such materials strictly to the extent necessary for the performance of the Services and for the duration of the contract.
Unless the Client objects in writing, the Provider may identify the Client by name and logo as a client of the Provider, in its portfolio, Website and commercial materials, without disclosing Confidential Information. Any case study or detailed reference requires the Client's prior written approval.
The trademarks, trade names, logos, and the content of the Website are protected by intellectual property law; any reproduction, distribution or use without the Provider's prior written consent is prohibited.
13. Confidentiality
Each party shall: (i) keep Confidential Information of the other party strictly confidential; (ii) use it solely for the performance of the contract; (iii) protect it with at least the same degree of care used for its own confidential information, and no less than reasonable care; and (iv) limit disclosure to its employees, professional advisors and subcontractors who need to know it and are bound by confidentiality obligations at least as protective.
Confidential Information does not include information that: (i) is or becomes publicly available without breach of these Terms; (ii) was lawfully known to the receiving party before disclosure; (iii) is lawfully received from a third party without confidentiality restriction; or (iv) is independently developed without use of the disclosing party's Confidential Information.
Disclosure is permitted where required by law, regulation, or a competent court or authority, provided the receiving party (where legally permitted) gives prompt notice to the disclosing party and discloses only the minimum required.
This confidentiality obligation applies during the contract and for 3 (three) years after its termination; for trade secrets within the meaning of OUG 25/2019, protection applies for as long as the information remains a trade secret. A separate non-disclosure agreement signed by the parties prevails over this clause.
14. Personal Data Protection (GDPR)
Each party shall comply with Regulation (EU) 2016/679 (GDPR), Law no. 190/2018, Law no. 506/2004 and other applicable data protection legislation.
Where the Provider processes personal data on behalf of the Client in the course of the Services (e.g., contact data, communications, calendar and e-mail content of the Client's customers and staff processed through the configured automations), the Provider acts as processor (persoană împuternicită) and the Client as controller (operator). The parties shall conclude a data processing agreement (DPA) in accordance with Art. 28 GDPR, which forms an integral part of the contractual framework; in case of conflict regarding personal data processing, the DPA prevails.
The Client, as controller, warrants that: (i) it has established a valid legal basis for all personal data processed through the Services; (ii) it has provided all required information to data subjects (Art. 13–14 GDPR); and (iii) its instructions to the Provider comply with applicable law. The Client shall indemnify the Provider for damages and fines resulting from unlawful instructions or from the Client's failure to comply with its controller obligations.
The Provider processes personal data of the Client's representatives and contact persons as an independent controller for purposes of contracting, service administration, invoicing, communication, and legal compliance, as described in the Privacy Policy published on the Website.
The Provider implements appropriate technical and organizational security measures pursuant to Art. 32 GDPR, proportionate to the risk, including access controls, encryption in transit, network restrictions, and server hardening. No security measure is absolute; the Provider does not warrant that security incidents are impossible, but shall notify the Client of personal data breaches affecting Client Data in accordance with the DPA and applicable law.
15. Warranties; Service Levels; Maintenance
The Services are provided with professional diligence as a best-efforts obligation (obligație de mijloace) in accordance with good industry practice, and not as an obligation of result (obligație de rezultat), unless a specific measurable result is expressly designated as guaranteed in a Service Agreement.
Except as expressly set out in these Terms or a Service Agreement, the Services and Deliverables are provided “as is” and “as available”, and the Provider disclaims, to the maximum extent permitted by law, all other warranties, express or implied, including warranties of merchantability, fitness for a particular purpose, accuracy of outputs, and uninterrupted or error-free operation.
No specific uptime percentage, response time, or service level is guaranteed unless expressly agreed in a Service Agreement. The Provider shall use commercially reasonable efforts to maintain the availability of the Services and to remedy malfunctions attributable to the Provider's configuration within a reasonable time after notification.
The Provider may perform scheduled maintenance, updates, migrations and security patches, which may cause temporary unavailability; where reasonably possible, these will be performed outside the Client's normal business hours and with prior notice for material planned interruptions. Emergency security interventions may be performed without prior notice.
The Client shall notify the Provider of any defect or malfunction without undue delay, with sufficient detail to allow reproduction and diagnosis. The Provider's sole obligation for defects attributable to it is, at its option, to repair or re-perform the affected Services; this remedy does not limit the Client's statutory rights that cannot be excluded between professionals.
16. Limitation of Liability
To the maximum extent permitted by Romanian law, the Provider's total aggregate liability towards the Client, arising out of or in connection with the contract and the Services, regardless of the legal basis (contractual, delictual/tort, restitution or otherwise) and regardless of the number of claims, shall not exceed the total fees actually paid by the Client to the Provider in the 3 (three) months preceding the event giving rise to liability.
To the maximum extent permitted by law, the Provider shall not be liable for: (i) indirect or consequential damages; (ii) loss of profit, loss of revenue, loss of anticipated savings, loss of business, loss of clientele, or loss of opportunity; (iii) loss, corruption or inaccuracy of data, except where caused by the Provider's breach of its obligations under the DPA; (iv) reputational damage; (v) damages caused by Third-Party Services, by Client Data, by the Client's instructions or configurations approved by the Client, or by the Client's breach of these Terms; or (vi) damages resulting from the Client's reliance on AI outputs contrary to Section 11.
Nothing in these Terms excludes or limits liability for: (i) damage caused intentionally (dol) or by gross negligence (culpă gravă), pursuant to Art. 1355 para. (1) of the Civil Code; (ii) damage caused to the life, health or physical integrity of a person, pursuant to Art. 1355 para. (2) of the Civil Code; or (iii) any other liability which cannot be excluded or limited under mandatory Romanian law. The limitations in this Section reflect an agreed allocation of risk between professionals, taken into account in setting the level of the fees.
The Client shall notify the Provider in writing of any claim within 30 (thirty) calendar days of becoming aware of the event giving rise to it, providing reasonable detail, and shall take reasonable measures to mitigate damages pursuant to Art. 1534 of the Civil Code. To the extent permitted by law, any claim of the Client arising out of the contract shall be time-barred if not brought before the competent court within 1 (one) year from the date the Client knew or should have known of the damage and the person liable, the parties hereby shortening the limitation period in accordance with Art. 2515 of the Civil Code.
17. Indemnification by the Client
The Client shall indemnify, defend and hold harmless the Provider, its shareholder, administrator, employees and subcontractors against any third-party claims, administrative fines, sanctions, damages, losses and reasonable costs (including reasonable legal fees) arising from: (i) the Client's breach of these Terms, the DPA, or applicable law; (ii) Client Data and any content transmitted, published or processed through the Services at the Client's instruction or on the Client's behalf; (iii) the Client's use of the Services in violation of the terms of Third-Party Services; (iv) unlawful processing instructions given by the Client as controller; or (v) the Client's failure to comply with its obligations as deployer of AI systems.
The Provider shall promptly notify the Client of any such claim and allow the Client to participate in the defense, without prejudice to the Provider's right to conduct its own defense at the Client's expense where the Client fails to act diligently.
18. Force Majeure and Fortuitous Event
Neither party shall be liable for failure or delay in performing its obligations (other than payment obligations already due) caused by Force Majeure or, to the extent provided by Art. 1351 of the Civil Code, by a fortuitous event (caz fortuit), including without limitation: natural disasters, fire, flood, epidemic, war, acts of terrorism, civil unrest, strikes (other than of the affected party's own personnel), governmental or regulatory measures, embargoes, failures of public electricity or telecommunications infrastructure, and large-scale outages or discontinuations of Third-Party Services or internet backbone infrastructure beyond the affected party's control.
The affected party shall notify the other party within 5 (five) days of the occurrence, providing reasonable evidence, shall use reasonable efforts to limit the effects, and shall resume performance as soon as the impediment ceases. Deadlines are extended by the duration of the impediment.
If the Force Majeure event persists for more than 30 (thirty) consecutive days, either party may terminate the contract by written notice, without liability for damages, with fees being due pro rata for Services performed up to the date of termination.
19. Hardship (Impreviziune)
If an exceptional change of circumstances – including substantial increases in the costs of Third-Party Services (such as AI model usage pricing or messaging platform fees) – renders the Provider's performance excessively onerous within the meaning of Art. 1271 of the Civil Code, the parties shall renegotiate the affected commercial terms in good faith. If no agreement is reached within 30 (thirty) days of the renegotiation request, either party may terminate the affected Services with 15 (fifteen) days' written notice, without liability for damages. The parties expressly agree that the Provider does not assume the risk of such exceptional changes of circumstances.
20. Suspension of the Services
The Provider may suspend the Services, in whole or in part, with immediate effect and with prior notice where reasonably feasible, if: (i) required by law, a court, or a competent authority; (ii) the Client's use poses a security risk to the Provider, other clients, or third parties; (iii) the Client breaches Section 9 (Acceptable Use) or the terms of a Third-Party Service; (iv) invoices remain unpaid as per Section 6; or (v) suspension is technically necessary to prevent imminent damage. The Provider shall limit the suspension to what is necessary and shall reinstate the Services promptly after the cause ceases. Fees continue to accrue during suspension caused by the Client or by the Client's breach.
21. Non-Solicitation
During the term of the contract and for 12 (twelve) months thereafter, the Client shall not, directly or indirectly, solicit for employment or engage as contractor any employee or regular collaborator of the Provider who was involved in the provision of the Services, without the Provider's prior written consent. In case of breach, the Client shall pay liquidated damages (clauză penală, Art. 1538 of the Civil Code) equal to 6 (six) monthly subscription fees applicable at the time of breach, without prejudice to the Provider's right to prove and recover higher damages.
22. Amendments to these Terms
The Provider may amend these Terms for the future, for justified reasons (including legislative changes, changes in Third-Party Services, security requirements, or evolution of the service model), by publishing the updated version on the Website and notifying active Clients by e-mail at least 30 (thirty) days before the changes take effect.
If the Client does not accept the amendments, the Client may terminate the subscription by written notice with effect from the date the amendments take effect, without penalty. Continued use of, or payment for, the Services after that date constitutes acceptance of the amended Terms. Amendments do not affect rights and obligations already accrued, nor fees for billing periods already invoiced.
The version of the Terms applicable to a dispute is the version in force at the date of the relevant event, which the Provider shall archive and make available upon request.
23. Communications and Notices
Official notices under the contract shall be made in writing and sent by e-mail to the addresses designated by the parties (for the Provider: contact@security53.com), by registered letter with acknowledgment of receipt, or by courier. E-mail notices are deemed received on the first business day following dispatch, absent a delivery failure notification. Notices of termination, material breach, or claims shall be doubled by registered letter or courier where the other party so requests.
The parties accept e-mail correspondence and electronic documents as valid evidence in legal proceedings, in accordance with Law no. 365/2002, Law no. 214/2024 and the Civil Procedure Code.
24. Miscellaneous
Assignment: the Client may not assign or transfer the contract or any rights or obligations under it without the Provider's prior written consent. The Provider may assign the contract within a corporate reorganization or to an affiliate, with notice to the Client.
Independent contractors: the parties are independent contractors. Nothing in these Terms creates an employment, agency, partnership, or joint venture relationship. Neither party may bind the other.
Severability: if any provision is held invalid or unenforceable, the remaining provisions remain in full force, and the invalid provision shall be replaced by a valid provision that most closely reflects the parties' economic intent (Art. 1255 of the Civil Code).
No waiver: failure or delay to enforce any provision does not constitute a waiver of that provision or of any other right.
Entire agreement: these Terms, together with the applicable Service Agreement, the DPA, and any annexes, constitute the entire agreement between the parties regarding the Services and supersede all prior negotiations, representations and understandings on the same subject matter. Standard terms, general conditions, or purchase conditions of the Client are expressly excluded and shall not apply, even if referenced in the Client's ordering documents (Art. 1202 of the Civil Code).
Language: these Terms may be made available in English and Romanian. In case of divergence between language versions, the Romanian version prevails for the interpretation of mandatory Romanian law concepts; otherwise, the version expressly agreed in the Service Agreement prevails.
Headings are for convenience only and do not affect interpretation.
25. Governing Law and Jurisdiction; Express Acceptance of Standard Clauses
These Terms and any contract concluded under them, including non-contractual obligations arising in connection with them, are governed by Romanian law, excluding its conflict-of-law rules and excluding the United Nations Convention on Contracts for the International Sale of Goods (CISG), to the extent it could apply.
The parties shall attempt to settle any dispute amicably within 30 (thirty) days of written notification of the dispute. Failing amicable settlement, any dispute arising out of or in connection with these Terms or the Services shall be submitted to the exclusive jurisdiction of the competent courts for the Provider's registered office in Sibiu County, Romania (alegere de competență, in accordance with Art. 126 of the Civil Procedure Code).
Pursuant to Art. 1203 of the Civil Code, the Client expressly declares that it has read, understood and accepts the following standard clauses, which are unusual clauses (clauze neuzuale) requiring express written acceptance: Section 6 (restriction of withholding and set-off rights; non-refundable fees; default de drept); Section 7 (unilateral termination and pact comisoriu); Section 10 (allocation of Third-Party Service risk and exclusion of liability for Third-Party Services); Section 16 (limitation and exclusion of liability and shortening of the limitation period to one year); Section 19 (assumption of hardship risk by the Client); Section 20 (suspension of the Services); Section 21 (non-solicitation and liquidated damages); Section 22 (unilateral amendment of the Terms); Section 24 (exclusion of the Client's standard terms); and this Section 25 (choice of governing law and exclusive jurisdiction). Acceptance of these Terms (including electronically, by checkbox, electronic signature or e-mail confirmation) constitutes the express acceptance required by Art. 1203 of the Civil Code in respect of these clauses.