Effective Date: 05 February 2026

These Terms of Service (“Terms”) govern access to and use of the Services (defined below) provided by UAB Such Much AI, a private limited liability company incorporated in Lithuania, company code 306405204, registered address Bukčių g. 6-38, Vilnius, LT-04127 Vilniaus m. sav., Lithuania, VAT number LT100017966319 (“Such Much AI”, “we”, “us”, “our”). Our Services may be marketed under the brands RFPX and/or Such Much AI.

By creating an Account, placing an order, signing an Order Form, or otherwise accessing or using the Services, you agree to these Terms. If you use the Services on behalf of an organization, you represent that you have authority to bind that organization, and “Customer” includes that organization.

1. Definitions
1.1 “Account” means a registered profile used to access the Services.
1.2 “Affiliate” means an entity that directly or indirectly controls, is controlled by, or is under common control with a party.
1.3 “Customer” means the legal entity (or other organization) that enters into these Terms and/or an Order Form; where relevant, it includes its authorized users.
1.4 “Customer Data” means any data, text, files, documents, prompts, and other content submitted to the Services by or on behalf of Customer, including any personal data contained therein.
1.5 “Output” means any content generated by the Services based on Customer Data and/or user instructions.
1.6 “Order Form” means an ordering document, procurement order, SOW, or other instrument referencing these Terms that specifies commercial terms (plan, credits, fees, term, etc.).
1.7 “Professional Services” means consulting and services described in an Order Form/SOW, including (without limitation) custom templates, integrations, training, procurement technology tools consulting, technical onboarding, and configuration.
1.8 “Services” means our cloud-based software services for AI-enabled document generation and related features, including web interfaces, dashboards, and documentation that we make available from time to time.
1.9 “Policies” means our then-current policies referenced by these Terms (including acceptable use, privacy, security summaries, and similar), made available in the Services or on our websites.
1.10 “DPA” means the data processing terms under GDPR Article 28 governing processing of personal data within Customer Data.

2. Intended Use; Customer Type; Consumer Rights
2.1 Intended for B2B/B2G. The Services are designed and offered primarily for business and government workflows (B2B/B2G). We do not actively verify your status as a business/government user.
2.2 Representation. By using the Services, you represent that you are acting in the course of trade, business, craft, profession, or public administration, and that you have authority to accept these Terms on behalf of your organization.
2.3 If you are a consumer. If you are a natural person acting outside your trade/business/profession, mandatory consumer protection laws may apply and certain provisions of these Terms may be unenforceable against you. Nothing in these Terms limits rights that cannot be limited by mandatory law.

3. Order of PrecedenceIf there is a conflict, the following order applies (highest to lowest):
(a) the applicable Order Form/SOW;
(b) the DPA (for data protection terms only);
(c) these Terms;
(d) Policies and documentation.

4. Accounts; Access; Acceptable Use
4.1 Accounts. Customer is responsible for all activities under its Accounts and for ensuring that its users comply with these Terms. Customer must keep credentials confidential and notify us promptly of suspected unauthorized access.
4.2 Permitted use. Subject to these Terms and payment of applicable fees, we grant Customer a limited, non-exclusive, non-transferable, revocable right to access and use the Services during the Term for Customer’s internal business purposes.
4.3 Restrictions. Customer will not (and will not allow any third party to):
(a) reverse engineer, decompile, or attempt to derive source code or underlying ideas, except to the extent permitted by mandatory law;
(b) bypass usage limits, security controls, or access restrictions;
(c) use the Services to develop or provide a competing product or service;
(d) scrape, crawl, or use automated means to access the Services except as expressly permitted by us;
(e) introduce malware, disrupt the Services, or probe our systems;
(f) use the Services in violation of law or third-party rights.4.4 Sensitive data restriction by default. Unless we agree in writing (e.g., enterprise addendum/DPA) and appropriate safeguards are in place, Customer must not submit:
(a) special categories of personal data (GDPR Article 9),
(b) criminal offence data (GDPR Article 10), or
(c) any data subject to heightened statutory secrecy obligations, where submission would breach applicable law.4.5 Prohibited content and prohibited use-cases. Customer must not use the Services to generate or distribute unlawful content, infringing content, malicious content, or deceptive synthetic media where legally required labeling is not applied, or for prohibited AI practices under applicable EU law.

5. AI-Specific Terms; Outputs; Citations; Human Oversight
5.1 Nature of the system. The Services use probabilistic machine learning techniques to generate drafts and other Outputs. Outputs may be incomplete, inaccurate, or reflect biases present in inputs or system behavior.
5.2 Human responsibility. Customer is solely responsible for reviewing, validating, and approving Outputs before use, including ensuring compliance with procurement rules, administrative procedures, and any other applicable legal obligations. The Services do not provide legal advice.
5.3 Reference sources / citations. Where the Services provide reference sources/citations, those are generated automatically and may be incomplete, outdated, or incorrectly associated. Customer must verify citations independently before relying on them.
5.4 Transparency and labeling. If Customer uses Outputs as synthetic content in contexts requiring disclosure, watermarking, or labeling under applicable law, Customer is responsible for meeting those requirements.
5.5 No third-party foundation model APIs. We do not process Customer Data through third-party foundation model APIs. Models used by the Services run on our EEA-based cloud infrastructure, subject to Section 10 (Data Protection).

6. Professional Services
6.1 Scope. Professional Services (if any) are described in the applicable Order Form/SOW and may include (without limitation) custom templates, integrations, training, procurement technology tools consulting, technical onboarding, and configuration.
6.2 Deliverables and acceptance. Unless the Order Form/SOW states otherwise, deliverables are deemed accepted upon delivery. If the Order Form/SOW includes acceptance criteria, the parties will follow that process.
6.3 Dependencies. Customer will provide timely access, information, and cooperation reasonably required for Professional Services. Delays caused by Customer may impact timelines and fees.
6.4 Third-party systems. Integrations may depend on third-party systems and APIs. We are not responsible for third-party downtime, changes, or discontinuations that affect integrations, unless otherwise agreed in writing.

7. Plans, Credits, Fees, Billing, Taxes
7.1 Plans and credits. The Services may be offered under plans that include usage entitlements (including “credits”). Unless the Order Form states otherwise:
(a) credits reset each billing period and do not roll over; and
(b) one credit corresponds to one document generation (or equivalent unit described in the plan).
7.2 Billing and payment. Fees are billed in advance on the cadence stated in the Order Form (monthly or annual). Customer will pay all undisputed invoices by the due date. We may suspend access for overdue payments after reasonable notice.
7.3 Auto-renewal. Unless an Order Form states otherwise, subscriptions automatically renew for successive periods equal to the then-current term. Customer must cancel at least 20 days before renewal to prevent renewal.
7.4 Trials. We may offer free trials (including limited generations). Trials may be withdrawn or limited for abuse and are provided without warranties.
7.5 Taxes and VAT. Fees exclude taxes unless stated otherwise. Where VAT applies, Customer will pay VAT at the applicable rate unless a reverse-charge mechanism applies and Customer provides a valid VAT ID.
7.6 Refunds. Fees are non-refundable except where: (a) mandatory law requires a refund; or (b) the applicable Order Form expressly provides a refund.

8. Term; Suspension; Termination
8.1 Term. These Terms begin on the Effective Date or the date Customer first uses the Services (whichever is earlier) and continue until terminated in accordance with these Terms and all Order Forms have expired or been terminated (“Term”).
8.2 Suspension. We may suspend access if: (a) Customer materially breaches these Terms; (b) payment is overdue; (c) required by law/authority; or (d) necessary to address security risk or service integrity. Where commercially reasonable, we will provide notice and opportunity to cure.
8.3 Termination for cause. Either party may terminate an Order Form for material breach if not cured within 30 days after written notice (or sooner if not curable).
8.4 Effect of termination. Upon termination/expiry:
(a) Customer’s access ends and all licenses granted under these Terms cease;
(b) outstanding fees become immediately due;
(c) we will provide reasonable export access to Customer Data for 30 days after termination, subject to legal and technical constraints;
(d) we may delete Customer Data thereafter in accordance with the DPA and our retention practices.

9. Intellectual Property; Customer Data; Outputs; No Training
9.1 Our IP. We and our licensors retain all rights in the Services, including software, templates, workflows, UI, documentation, models, and improvements. No rights are granted except as expressly stated.
9.2 Customer Data. Customer retains all rights to Customer Data. Customer grants us a limited license to host, process, transmit, and display Customer Data solely to provide, secure, maintain, and support the Services and Professional Services, and to comply with law.
9.3 Outputs. As between the parties, Customer owns Outputs to the extent ownership is recognized under applicable law. To the extent any rights in Outputs vest in Such Much AI, we hereby assign those rights to Customer. Customer is responsible for ensuring its use of Outputs does not infringe third-party rights and complies with law.
9.4 No training without opt-in. We do not use Customer Data or Outputs to train models or improve models for other customers unless Customer explicitly opts in in writing (e.g., an Order Form addendum) specifying scope and safeguards.
9.5 Aggregated usage data. We may use aggregated and/or de-identified usage metrics to operate, secure, and improve the Services, provided such data does not identify Customer or disclose Customer Data.

10. Data Protection (GDPR) — Summary and DPA Incorporation
10.1 Roles. For personal data in Customer Data, Customer acts as Controller and Such Much AI acts as Processor, unless otherwise agreed in writing. For account administration, billing, and website administration data, Such Much AI acts as Controller as described in our Privacy Policy.
10.2 DPA. The parties agree to the DPA terms in Annex 1 to these Terms (Data Processing Terms). If a separate standalone DPA is later published and signed, it will supersede Annex 1 to the extent of any conflict.
10.3 EEA hosting by default. Customer Data is hosted by default in the EEA.
10.4 Subprocessors. We may engage subprocessors to support the Services (e.g., infrastructure, email delivery, payment processing, analytics, customer support). We will provide 30 days’ notice of material subprocessor changes and maintain a current list available upon request.
10.5 Security. We implement commercially reasonable technical and organizational measures designed to protect Customer Data.

11. ConfidentialityEach party will protect the other party’s Confidential Information using reasonable care and use it only to perform obligations or exercise rights under these Terms. Confidentiality obligations survive for five (5) years after termination; trade secrets remain protected as long as they qualify as trade secrets under applicable law.

12. Warranties; Disclaimers
12.1 Authority. Each party warrants it has authority to enter into these Terms.
12.2 Disclaimer. Except as expressly stated in an Order Form, the Services and Outputs are provided “as is” and “as available.” To the maximum extent permitted by mandatory law, we disclaim all implied warranties including merchantability, fitness for a particular purpose, and non-infringement.
12.3 No professional advice. Outputs are drafting assistance and do not constitute legal, tax, procurement, or other professional advice.

13. Indemnities
13.1 Such Much AI IP indemnity (B2B/B2G). We will defend Customer against third-party claims alleging that the unmodified Services (excluding Customer Data and Outputs) infringe a third party’s copyright, trademark, or EU/EEA patent right, and we will indemnify Customer for finally awarded damages and reasonable costs, provided Customer:
(a) promptly notifies us;
(b) allows us to control the defense and settlement; and
(c) cooperates reasonably.Exclusions. We have no obligation to the extent a claim arises from: (i) Customer Data or Outputs; (ii) combinations with non-Such Much AI products/services; (iii) Customer’s instructions, modifications, or use outside the scope of these Terms; or (iv) use of a non-current version where the claim would have been avoided by using the current version.Remedies. If infringement is alleged or we believe it likely, we may: (1) modify the Services to be non-infringing; (2) obtain a license; (3) replace the affected component; or (4) if none are commercially reasonable, terminate the affected Order Form and refund prepaid, unused fees for the terminated portion.
13.2 Customer indemnity. Customer will defend and indemnify Such Much AI against third-party claims arising from Customer Data, Customer’s unlawful use of the Services, or Customer’s breach of third-party rights, to the extent permitted by law and except to the extent caused by our breach.

14. Limitation of Liability
14.1 Non-excludable liability. Nothing limits liability that cannot be limited under mandatory law, including liability for death or personal injury caused by fault, fraud, or intentional misconduct.
14.2 Cap (B2B/B2G). To the maximum extent permitted by mandatory law, our aggregate liability arising out of or related to the Services will not exceed the fees paid by Customer under the applicable Order Form in the 12 months preceding the event giving rise to the claim.
14.3 Excluded damages. To the maximum extent permitted by mandatory law, neither party is liable for indirect or consequential damages (including lost profits, loss of goodwill, and business interruption).
14.4 Data protection. Data protection liabilities are addressed in the DPA/Annex 1 and are not limited where mandatory GDPR rules require otherwise.

15. Export Controls and SanctionsCustomer will comply with applicable sanctions and export control laws. We may suspend or terminate access where required to comply with law.

16. Force MajeureNeither party is liable for delay or failure due to events beyond its reasonable control, provided it mitigates and resumes performance as soon as practicable.

17. Changes to the TermsWe may update these Terms. For material changes, we will provide notice via email and/or in-Service and set an effective date at least 30 days after notice (unless a shorter period is required for security, legal compliance, or operational necessity). Continued use after the effective date constitutes acceptance.

18. Governing Law; Dispute Resolution
18.1 Governing law. These Terms are governed by the laws of the Republic of Lithuania, excluding conflict-of-law rules that would mandate another jurisdiction’s law.
18.2 Venue (B2B/B2G). For business/government Customers, disputes are subject to the exclusive jurisdiction of the courts of Vilnius, Lithuania.
18.3 Pre-litigation negotiations. The parties will first attempt good-faith negotiations for 30 days before filing a claim (except for urgent injunctive relief).
18.4 Consumers. If you are a consumer, mandatory consumer protection and jurisdiction rules apply.

19. Notices; Contact
19.1 Operational notices. We may send operational notices to the email address associated with your Account.
19.2 Formal legal notices to Such Much AI. Formal legal notices must be sent first by registered mail to:
UAB Such Much AI
Bukčių g. 6-38, Vilnius, LT-04127 Vilniaus m. sav., LithuaniaA copy may also be sent to info@suchmuchai.com, but email alone does not constitute formal notice.
19.3 Formal legal notices to Customer. Customer must provide a postal address for formal notices in the Order Form (or via Account settings). Formal notices to Customer will be sent by registered mail to that address.

20. Miscellaneous
20.1 Assignment. Customer may not assign these Terms without our prior written consent, except to an Affiliate or in connection with a merger or sale of substantially all assets, provided the assignee agrees to be bound. We may assign to an Affiliate or successor.
20.2 Severability. If a provision is invalid, it will be limited or removed to the minimum extent necessary; the remainder remains effective.
20.3 Entire agreement. These Terms, Order Forms/SOWs, Annex 1, and Policies constitute the entire agreement.
20.4 Language. English version prevails unless mandatory law requires otherwise.

Annex 1 — Data Processing Terms (GDPR Article 28)
‍
This Annex applies where Such Much AI processes personal data contained in Customer Data on behalf of Customer.
- Roles. Customer is Controller; Such Much AI is Processor.
- Subject matter and duration. Processing is to provide the Services and Professional Services during the Term and for the post-termination export period and deletion timeframe described in the Terms.
- Nature and purpose. Hosting, storage, organization, transmission, and generation of Outputs based on Customer instructions; security monitoring; support; and incident response.
- Types of personal data and data subjects. Determined by Customer; may include identifiers, contact details, employment/procurement-related data, and other personal data Customer submits (excluding special categories/criminal data unless expressly agreed in writing).
- Processor obligations. Such Much AI will: process only on documented instructions from Customer; ensure personnel confidentiality; implement commercially reasonable security measures; assist Customer with data subject requests and DPIAs where required and feasible; notify Customer without undue delay of a personal data breach affecting Customer Data; at Customer’s choice, delete or return Customer Data at end of Services (subject to legal retention); make available information reasonably necessary to demonstrate compliance and allow reasonable audits (subject to security and confidentiality constraints).
- Subprocessors. Customer provides general authorization for subprocessors. We will provide 30 days’ notice of material changes and allow Customer to object on reasonable grounds related to data protection; if we cannot accommodate a reasonable objection, Customer may terminate the affected Order Form.
- International transfers. Customer Data is hosted by default in the EEA. If transfers outside the EEA are required, we will implement appropriate safeguards (e.g., SCCs) and provide required information.
- Special categories and criminal data. Prohibited by default unless explicitly agreed in writing with appropriate safeguards.
- Deletion/return. Following termination, we will make Customer Data available for export for 30 days, then delete Customer Data within a reasonable period, unless retention is required by law.