Terms of Service for exsite.app

Part I: Strategic Legal Overview for eXsite Labs Ltd

1.1 Introduction: A Bespoke Legal Framework for a UK Generative AI Platform

This report provides a comprehensive legal framework for the operation of the generative AI platform, exsite.app, owned and operated by eXsite Labs Ltd. The objective is to create a robust, compliant, and commercially sound Terms of Service (ToS) agreement tailored specifically for the legal and regulatory environment of England and Wales.

Operating a technology platform, particularly one involving novel technologies like generative AI, requires a clear and enforceable contractual basis with its users. A failure to align these terms with local law can expose a business to significant risks, including regulatory enforcement actions, substantial fines, consumer-led litigation, and damaging intellectual property disputes. For a UK-based company like eXsite Labs Ltd, compliance is not a discretionary "checkbox" exercise but a strategic imperative. The ToS document that follows in Part II is designed to serve as a legal fortress, protecting the company's assets, managing its liabilities, and fostering a trusted relationship with its user base, all within the strict confines of UK law.

1.2 The Core Pillars of UK Legal Compliance

The ToS for exsite.app is built upon several key pillars of UK law. These statutes and regulations form the bedrock of the agreement, ensuring it is both enforceable and fair to consumers.

• Consumer Protection: The framework is built around the Consumer Rights Act 2015 (CRA 2015). The CRA 2015 establishes a set of non-excludable statutory rights for consumers acquiring "digital content." This includes implied terms that the service must be of satisfactory quality, fit for purpose, and as described. Crucially, the Act provides a clear, tiered system of remedies—repair, replacement, and price reduction—that must be accurately reflected in the ToS.
• Data Privacy: The ToS is designed for compliance with the stringent regime of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA 2018). This legal framework, enforced by the UK's Information Commissioner's Office (ICO), mandates a high standard of transparency, user control, and corporate accountability for the processing of personal data. It requires a clearly articulated lawful basis for all processing activities and grants individuals a suite of enforceable rights over their data.
• Intellectual Property: The foundation for intellectual property (IP) and related rights is the Copyright, Designs and Patents Act 1988 (CDPA 1988). This Act governs copyright ownership and, critically for a platform dealing with user-generated content, establishes a unique framework for "Moral Rights." These personal rights, including the right to be identified as the author and the right to object to derogatory treatment of a work, must be explicitly and correctly addressed in the ToS, typically through a formal waiver.
• Commercial Framework: All commercial and legal conventions have been aligned with UK practice. This includes referencing the Bank of England's official Bank Rate for calculating interest on late payments, establishing a dispute resolution pathway that prioritises mediation through a recognised UK body like the Centre for Effective Dispute Resolution (CEDR), and confirming the exclusive jurisdiction of the Courts of England and Wales.

1.3 Table: Key UK Legislation and Regulatory Bodies for exsite.app

The following table provides a clear, at-a-glance summary of the key UK laws and institutions relevant to the operation of exsite.app.

Part II: Draft Terms of Service for exsite.app

Welcome to exsite.app! We provide a cloud-based platform (the Platform) where you can create images, videos, and other content by leveraging our generative AI, train your own AI models, and access a range of other creative tools.

In these Terms, when we say you or your, we mean both you as an individual and any entity you are authorised to represent (such as your employer). When we say we, us, or our, we mean eXsite Labs Ltd, a company registered in England and Wales with Company Number 16578042, whose registered office is at 76 Tiverton Road, TW3 4JD, United Kingdom.

These Terms of Service (the Terms) form our legally binding contract with you. They set out our obligations as a service provider and your obligations as a customer. You cannot use our Services unless you agree to these Terms.

Some capitalised words in these Terms have defined meanings. You can find a list of these defined words and their meanings at the end of these Terms.

For questions about these Terms, or to get in touch with us, please email: legal@exsite.app

These Terms were last updated on 25 November 2024.

OUR DISCLOSURES

Please read these Terms carefully before you accept. We draw your particular attention to the following clauses:

• Our Privacy Policy (available on our website), which sets out how we handle your personal data in compliance with UK data protection laws.
• Clause 1.3 (Variations), which sets out how we may amend these Terms.
• Clause 4 (Subscriptions), which sets out important information about your Subscription, including cancellation rights and automatic renewal.
• Clause 7 (Disclaimers regarding AI Generated Content), which sets out important disclaimers and things you must be aware of when using our Platform and Services.
• Clause 11 (Your Statutory Rights), which summarises your key rights as a consumer under UK law.
• Clause 12 (Limitation of Liability), which sets out important exclusions and limitations to our liability under these Terms.

We may receive a benefit (which may include a referral fee or a commission) should you visit certain third-party websites through a link on our Platform, or for featuring certain goods or services on our Platform.

These Terms do not intend to limit your statutory rights and remedies at law, including any of your rights under the Consumer Rights Act 2015.

1. Engagement and Term

1.1. These Terms apply from the moment you sign up for an Account until the date on which your Account is terminated in accordance with these Terms. We grant you a right to use our Services for this period only.

1.2. If you are under the age of 18, you must have obtained the consent of your parent or legal guardian, or be under the supervision of a responsible adult, to use our Platform and agree to these Terms.

1.3. Variations: We may amend these Terms at any time by providing written notice to you (for example, by email or a notification on the Platform). By clicking “I accept” or continuing to use our Platform after the notice is given, or 30 days after notification (whichever date is earlier), you agree to the amended Terms. If you do not agree to the amendment, you may close your Account and cancel your Subscription with effect from the date of the change in these Terms by providing written notice to us. If you cancel your Subscription under this clause:

• (a) you will no longer be able to access our Services (including our Platform) on and from the date of cancellation; and
• (b) if you have paid Subscription Fees upfront for a fixed period, you will be issued a pro-rata refund for the portion of the Subscription Period remaining.

Legal Counsel's Note: This variations clause is structured to be fair and transparent, which is a key requirement under the Consumer Rights Act 2015. Providing a clear notice period and a no-penalty exit route (with a pro-rata refund) for users who do not accept the changes makes the clause more likely to be considered fair and enforceable by a UK court.

2. Our Services

2.1. We provide the following services to you (collectively, our Services):

• (a) access to our Platform and its features; and
• (b) access to our troubleshooting support (Support Services).

2.2. If you require Support Services, you may request these by contacting us through the designated channels on our Platform.

2.3. We will not be responsible for any other services unless expressly set out in these Terms or on our Platform.

2.4. Additional Services: If you require additional services beyond the scope of your Subscription (e.g., enterprise-level support or custom model training), we may, in our sole discretion, agree to provide such services, which will be scoped and priced under a separate written agreement.

2.5. Third-Party Products or Services: Where you engage third parties to operate alongside our Services (for example, any third-party software you integrate with our Platform), you acknowledge that those third parties are independent of us. You are responsible for, and we will not be liable for, the goods or services they provide, unless we expressly agree otherwise in a separate written agreement.

3. Account

3.1. You must sign up for an Account to access and use our Services and Platform.

3.2. Under certain subscription plans (e.g., a Teams Plan), you may be permitted to invite other individuals as Authorised Users to access and use the Services under your Account. Each Authorised User will require their own login credentials linked to your Account. You are responsible for ensuring that your Authorised Users comply with these Terms, and a breach by an Authorised User will be treated as a breach by you. You can manage your Authorised Users and their access permissions through your Account settings. Any limitations on the number of Authorised Users will be set out in your Subscription details.

3.3. While you have an Account with us, you agree to (and to ensure your Authorised Users agree to):

• (a) provide and maintain information that is true, accurate, current, and complete;
• (b) keep your username and password secure and confidential and protect them from misuse; and
• (c) notify us immediately if you become aware of, or have reason to suspect, any unauthorised access to your Account or any associated logins.

3.4. We reserve the right to close and permanently delete your Account if it has been inactive for an extended period (e.g., 12 months or more). You acknowledge and agree that this will result in the loss of any Content you have generated or stored on the Platform. We will provide you with prior notice via the email address registered to your Account before taking this action.

4. Subscriptions

4.1. Once you have created your Account, you may choose a Subscription plan. The Subscriptions we offer, including their specific features, limitations, Subscription Fees, and Subscription Periods, will be set out on our Platform.

4.2. During the Subscription Period, you will be billed for the Subscription Fees on a recurring basis as set out on our Platform (the Billing Cycle).

4.3. You may upgrade or downgrade your Subscription at any time through your Account. Upgrades will take effect immediately, and you will be charged on a pro-rata basis for the remainder of the current Billing Cycle. Downgrades will take effect from the beginning of the next Billing Cycle.

4.4. You will be billed for Subscription Fees at the beginning of each Billing Cycle. Our accepted payment methods will be set out on our Platform. If you use a third-party payment processor, you may need to accept their terms and conditions.

4.5. You must not pay, or attempt to pay, any Subscription Fees by fraudulent or unlawful means. If you make a payment by debit or credit card, you warrant that you are the authorised cardholder.

4.6. Cancellation: Your Subscription will continue for the Subscription Period and, at the end of each Subscription Period, it will automatically renew for a further period of the same duration, provided you have paid all outstanding Subscription Fees. If you wish to cancel your Subscription and prevent it from auto-renewing, you must do so through your Account settings before the end of your current Subscription Period. Your cancellation will take effect at the end of the current Subscription Period, and you will be required to pay all Subscription Fees due up to that date.

4.7. Late Payments: If any Subscription Fees are not paid on time, we may, without prejudice to any other rights or remedies:

• (a) suspend your and your Authorised Users' access to the Services (including the Platform); and
• (b) charge interest on any overdue amounts at a rate of 2% per annum above the Bank of England's official Bank Rate from time to time. Interest shall accrue on a daily basis from the due date until the date of actual payment, whether before or after judgment.

4.8. Taxes: You are responsible for paying any taxes associated with your use of our Services, including Value Added Tax (VAT), where applicable. Prices shown on our Platform will indicate whether they are inclusive or exclusive of VAT.

Legal Counsel's Note: The late payment interest clause has been amended to reference the Bank of England's official Bank Rate, the correct UK benchmark. This ensures the clause is commercially and legally relevant in the UK. The clause on automatic renewal is highlighted in the disclosures section as it's a term that consumer protection law requires to be brought to the user's attention.

5. Platform Licence and Acceptable Use

5.1. While you have an active Account and are in compliance with these Terms, we grant you and your Authorised Users a limited, non-exclusive, non-transferable, non-sublicensable, and revocable right to use our Platform. This right is subject to any conditions or limitations associated with your Subscription.

5.2. You must not (and you must ensure that your Authorised Users do not):

• (a) access or use our Platform in any way that is improper, illegal, or in breach of any applicable laws, or that infringes any person’s rights (including intellectual property rights and privacy rights);
• (b) interfere with or disrupt the supply of our Platform or any other person’s access to or use of it;
• (c) introduce any viruses, Trojans, worms, or other malicious software code into our Platform;
• (d) use any unauthorised or modified version of our Platform, including for the purpose of building a similar or competitive product or service, or for obtaining unauthorised access to our Platform;
• (e) attempt to access any data or log into any server or account that you are not expressly authorised to access;
• (f) use our Platform in any way that involves service bureau use, outsourcing, renting, reselling, sublicensing, or time-sharing;
• (g) attempt to circumvent any user authentication or security measures of our networks or any third party; or
• (h) access or use our Platform to create, transmit, publish, or communicate material that is defamatory, offensive, abusive, indecent, menacing, harassing, or otherwise unlawful. This includes, but is not limited to, generating content that:
  • i. is fraudulent, obscene, or harmful;
  • ii. constitutes unauthorised advertising, spam, or solicitation;
  • iii. impersonates any real person in a misleading or defamatory way;
  • iv. depicts sexual abuse, sexual violence, explicit pornography, or non-consensual sexual acts;
  • v. depicts child nudity, child pornography, or any form of child exploitation;
  • vi. depicts acts of animal cruelty or torture;
  • vii. depicts explicit gore or extreme violence;
  • viii. promotes or incites hatred, violence, or discrimination based on race, ethnicity, religion, gender, sexual orientation, disability, or any other protected characteristic under the Equality Act 2010;
  • ix. endangers or threatens the safety or well-being of any individual or group; or
  • x. is otherwise, in our sole but reasonable discretion, deemed unsuitable, obscene, offensive, or contrary to our community standards.

6. Availability, Disruption, and Downtime

6.1. While we strive to make our Services available to you at all times, we do not promise or guarantee 100% availability. Our Services may be disrupted, for example, during periods of scheduled or emergency maintenance.

6.2. Our Services may interact with or rely on products or services provided by third parties, such as cloud hosting providers. To the maximum extent permitted by law, we are not liable for disruptions or downtime caused or contributed to by these third parties.

6.3. We will endeavour to provide you with reasonable notice, where possible, of any planned disruptions to your access to our Services.

7. Disclaimer regarding Generative AI and Large Language Models

7.1. Our Platform utilises generative artificial intelligence technologies to produce text, images, and other outputs (Generated Content). You acknowledge that such technologies are probabilistic and may produce content that is inaccurate, biased, offensive, or that appears to be factually correct but is not. You are solely responsible for reviewing, evaluating, and verifying the accuracy, legality, and appropriateness of any Generated Content before relying on or using it for any purpose. You should not rely on the factual accuracy of Generated Content without independent verification.

7.2. Subject to your statutory rights as set out in Clause 11, the Generated Content is provided “as is”. We make no representations and give no warranties of any kind, whether express or implied, regarding the Generated Content, including but not limited to its accuracy, completeness, fitness for a particular purpose, or non-infringement of third-party rights. To the fullest extent permitted by law, we disclaim all liability for any errors or omissions in the Generated Content and for any damages or losses that may arise from your use of or reliance on it.

Legal Counsel's Note: This clause is critical for managing liability. It disclaims warranties of accuracy but is explicitly made "subject to your statutory rights" (Clause 11). This is a crucial modification for UK compliance. The Consumer Rights Act 2015 implies a term that the service must be provided with "reasonable care and skill". A blanket disclaimer attempting to override this statutory duty would likely be deemed unfair and unenforceable by a UK court. This drafting aims to preserve the disclaimer's power regarding the unpredictable nature of AI output while respecting the non-excludable legal duty to provide a functional service.

8. Intellectual Property: Inputs, Outputs, and Moral Rights

8.1. You may submit text, documents, images, videos, or other inputs to our Service (Inputs) and receive Generated Content as outputs (Outputs). Inputs and Outputs are collectively referred to as Content.

8.2. You are responsible for all Inputs you submit to our Services. By submitting Inputs, you represent and warrant that you have all necessary rights, licences, and permissions for us to use and process the Inputs to provide the Services and generate Outputs, and that your Inputs do not infringe the rights of any third party. You retain ownership of your Inputs.

8.3. Paid Subscribers: If you hold a paid Subscription (Paid Subscriber), then as between you and us, and subject to your compliance with these Terms, you shall own all Intellectual Property Rights in the Outputs you create using the Platform. To the extent that ownership of such Intellectual Property Rights does not automatically vest in you, we hereby assign all such rights to you.

8.4. Free Subscribers: If you are using a free Subscription tier (Free Subscriber), then as between you and us, we shall own all Intellectual Property Rights in any Outputs you create using the Platform. You hereby assign to us all such Intellectual Property Rights and agree to do all things necessary to perfect our title in such rights.

8.5. Some Subscription plans may allow you to designate your Content as either public or private. Where you designate Content as Public Content, you acknowledge it will be accessible to and usable by us and other users of the Platform. Where you designate Content as Private Content, it will only be accessible to you and your Authorised Users.

8.6. Licence for Private Content: You grant us a non-exclusive, irrevocable, royalty-free, worldwide, non-sublicensable licence to use, copy, and process any Private Content solely for the purpose of performing our obligations and exercising our rights under these Terms (i.e., to provide the Service to you). We will not use your Private Content for any other purpose, such as training our AI models, without your express prior consent.

8.7. Licence for Public Content: You grant us a non-exclusive, irrevocable, perpetual, royalty-free, worldwide, transferable, and sublicensable right and licence to use, reproduce, modify, adapt, publish, create derivative works from, publicly display, and distribute any Public Content for any purpose connected with providing, maintaining, promoting, and improving the Services. This includes, but is not limited to, using such Public Content to train our AI models and develop new products and features.

8.8. Waiver of Moral Rights: To the fullest extent permissible by law, you irrevocably waive in favour of us, our assignees, and our licensees, all moral rights in your Inputs and any Public Content to which you are now or may at any time in the future be entitled under the Copyright, Designs and Patents Act 1988 or any similar legislation in any jurisdiction. You agree not to institute, support, maintain, or permit any action or claim to the effect that any treatment, exploitation, or use of such Inputs or Public Content infringes your moral rights.

Legal Counsel's Note: Clause 8.8 has been specifically drafted to comply with UK law. The CDPA 1988 provides for a waiver of moral rights, which must be done via a written instrument. The ToS, as a contract accepted by the user, serves this purpose. This explicit waiver is crucial. Without it, a user could later object to their Public Content being used to train an AI model or being modified by another user, claiming it constitutes "derogatory treatment" and infringes their "right of integrity". This clause protects both eXsite Labs and the platform's user community, enabling the free use and remixing of Public Content, which is a core feature of many generative AI platforms.

9. Ownership of Platform and Our Materials

9.1. We own all Intellectual Property Rights in our Services and Platform. This includes the look and feel, source code, functionality, our copyrighted works, trademarks, inventions, designs, and other intellectual property (Our Materials). You agree not to copy, modify, reverse engineer, decompile, or otherwise misuse our intellectual property without our express prior written permission. You must not alter or remove any copyright or other ownership notices on our Platform.

9.2. We grant you a non-exclusive, revocable, royalty-free, non-sublicensable, and non-transferable licence, for the duration of your Subscription, to use Our Materials solely for the purpose of accessing and using our Services as contemplated by these Terms.

9.3. We may use any feedback, comments, or suggestions that you provide to us in any manner we see fit, without any obligation to you.

9.4. We may create anonymised statistical data from your and other users' use of our Services. Once anonymised, this data cannot be linked back to you. We own this anonymised data and may use it for our own purposes, such as to improve our Services, identify trends, and for other commercial purposes.

10. Confidential Information and Personal Data

10.1. While using our Services, you may share confidential information with us, and you may become aware of our confidential information. Each party agrees not to use the other's confidential information for any purpose other than to perform its obligations under these Terms and agrees to take reasonable steps to protect it from unauthorised disclosure.

10.2. These confidentiality obligations do not apply to information that is publicly known, already in the receiving party's possession, independently developed, or required to be disclosed by law or a regulatory authority.

10.3. We collect, hold, disclose, and use any Personal Data you provide to us in accordance with our Privacy Policy and our obligations under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Our Privacy Policy is available on our website and forms part of these Terms.

10.4. You must only disclose Personal Data to us if you have a lawful basis to do so, such as having the individual’s valid consent where required.

Legal Counsel's Note: Clause 10.3 explicitly names the relevant UK data protection legislation. This is a key requirement for transparency under the UK GDPR and demonstrates a commitment to compliance. It directs the user to the separate, more detailed Privacy Policy, which is the correct place for comprehensive data processing information.

11. Your Statutory Rights

11.1. As a consumer based in the United Kingdom, you have certain legal rights under the Consumer Rights Act 2015 when you acquire digital content services like ours. These rights are not affected by these Terms.

11.2. The Services we provide, which constitute digital content, must be:

• (a) of satisfactory quality;
• (b) fit for any particular purpose that you made known to us before you agreed to these Terms; and
• (c) as described on our Platform.

11.3. If the Service does not meet these standards, you have a statutory right to a repair or replacement.

11.4. If a repair or replacement is not possible, or is not provided by us within a reasonable time and without significant inconvenience to you, you have a statutory right to a price reduction. This can be up to 100% of the price you paid.

11.5. Furthermore, if our Service, through our failure to use reasonable care and skill, causes damage to your device or to other digital content on your device, you may be entitled to have the damage repaired or to receive compensation.

11.6. Nothing in these Terms is intended to exclude or limit these statutory rights.

Legal Counsel's Note: This clause is essential for compliance with UK law. The Consumer Rights Act 2015 provides specific, non-excludable rights and remedies for digital content. By clearly and accurately summarising the core rights (satisfactory quality, fitness for purpose, as described) and the tiered remedies (repair/replacement, then price reduction), this clause demonstrates transparency, builds consumer trust, and ensures the ToS are not vulnerable to being challenged as unfair or misleading.

12. Limitation of Liability

12.1. To the maximum extent permitted by law, we will not be liable for, and you release us from liability for, any Liability caused or contributed to by, arising from or in connection with:

• (a) your computing environment (for example, your hardware, software, and internet connection); or
• (b) any use of our Services by a person other than you or your Authorised Users.

12.2. Subject to clause 12.3, and to the maximum extent permitted by law:

• (a) neither party is liable for any Consequential Loss;
• (b) a party’s liability for any Liability under these Terms will be reduced proportionately to the extent the relevant Liability was caused or contributed to by the acts or omissions of the other party, including any failure by the other party to mitigate its loss; and
• (c) our aggregate liability to you for any Liability arising from or in connection with these Terms will be limited to the greater of (i) the amount of any Subscription Fees paid by you to us in the 12 months immediately preceding the event giving rise to the claim, or (ii) £100 (one hundred pounds sterling).

12.3. Notwithstanding any other provision of these Terms, nothing limits any liability which cannot legally be limited, including but not limited to:

• (a) liability for death or personal injury caused by our negligence;
• (b) liability for fraud or fraudulent misrepresentation; and
• (c) liability for breach of your statutory rights as a consumer as summarised in Clause 11.

Legal Counsel's Note: The liability clause has been carefully adapted for English law. The financial cap is set in Pound Sterling. Most importantly, Clause 12.3 has been added. Under the Unfair Contract Terms Act 1977 and the Consumer Rights Act 2015, a business cannot exclude or limit its liability for certain matters, most notably for death or personal injury caused by its negligence. A failure to explicitly "carve out" these non-excludable liabilities could lead a court to deem the entire limitation of liability clause unreasonable and therefore unenforceable. This clause ensures that the financial cap in 12.2(c) remains robust and effective for those liabilities that can be legally limited.

13. Suspension and Termination

13.1. We may suspend your access to our Services if we reasonably believe you or your Authorised Users have breached these Terms, particularly the acceptable use provisions in Clause 5.2. We will notify you of the suspension and work with you in good faith to resolve the issue.

13.2. We may terminate these Terms and your Account with immediate effect by giving you written notice if:

• (a) you fail to pay your Subscription Fees on time;
• (b) you or your Authorised Users commit a material breach of these Terms and (if such breach is remediable) fail to remedy that breach within 14 days of being notified in writing to do so;
• (c) you or your Authorised Users commit a material breach of these Terms which is not remediable; or
• (d) you experience an insolvency event (such as bankruptcy, liquidation, or administration).

13.3. You may terminate these Terms if:

• (a) we commit a material breach of these Terms and (if remediable) fail to remedy that breach within 14 days of you notifying us; or
• (b) we commit a material breach of these Terms which is not remediable.

If you terminate under this clause and have paid Subscription Fees upfront, you will be issued a pro-rata refund for the portion of the Subscription Period remaining.

13.4. You may also terminate these Terms for convenience at any time by cancelling your Subscription through your Account as described in Clause 4.6. Termination will take effect at the end of the current Subscription Period.

13.5. Termination of these Terms will not affect any rights or liabilities that have accrued up to the date of termination.

14. General

14.1. Assignment: You may not assign or transfer your rights or obligations under these Terms without our prior written consent. We may assign or transfer our rights and obligations under these Terms to a third party, for example, as part of a sale of our business.

14.2. Disputes:

• (a) If a dispute arises out of or in connection with these Terms (Dispute), the parties agree to first enter into good faith negotiations to resolve it.
• (b) If the Dispute is not resolved within 30 days of negotiations commencing, the parties will attempt to settle it by mediation in accordance with the CEDR (Centre for Effective Dispute Resolution) Model Mediation Procedure. Unless otherwise agreed between the parties, the mediator will be nominated by CEDR.
• (c) This clause does not prevent a party from seeking urgent injunctive or other equitable relief from a court of competent jurisdiction.

14.3. Events Outside Our Control (Force Majeure): We will not be liable for any delay or failure to perform our obligations if such delay or failure is caused by an event or circumstance beyond our reasonable control.

14.4. Governing Law and Jurisdiction: These Terms and any dispute or claim arising out of or in connection with them or their subject matter or formation (including non-contractual disputes or claims) shall be governed by and construed in accordance with the law of England and Wales. Each party irrevocably agrees that the courts of England and Wales shall have exclusive jurisdiction to settle any dispute or claim arising out of or in connection with these Terms.

14.5. Notices: Any notice you send to us must be sent to legal@exsite.app. Any notice we send to you will be sent to the email address registered to your Account.

14.6. Survival: Clauses 7 (Disclaimers), 8 (Intellectual Property), 9 (Ownership), 10 (Confidentiality), 12 (Limitation of Liability), 14 (General), and 15 (Definitions), and any other clauses which by their nature should survive, will survive the termination or expiry of these Terms.

14.7. Third-Party Sites: Our Platform may contain links to websites operated by third parties. We do not control or endorse these sites and are not responsible for their content or practices.

Legal Counsel's Note: The dispute resolution and governing law clauses (14.2 and 14.4) are drafted to be UK-centric, establishing a clear, predictable, and cost-effective pathway that is standard in UK commercial agreements. The process mandates good faith negotiation first, followed by mediation via a reputable UK body (CEDR), before resorting to litigation. This is often preferred over the more adversarial and expensive route of arbitration for many types of disputes. The governing law and exclusive jurisdiction are firmly set in England and Wales, providing legal certainty for the UK-based company.

15. Definitions

15.1. In these Terms:

• Account means the user account you create to access our Services.
• Authorised User means a user you have invited to use the Platform through your Account under a relevant Subscription plan.
• Consequential Loss means any consequential, special, or indirect loss, including real or anticipated loss of profit, loss of benefit, loss of revenue, loss of business, loss of goodwill, loss of opportunity, loss of savings, loss of reputation, loss of use, and/or loss or corruption of data.
• Content means Inputs and Outputs, collectively.
• Intellectual Property Rights means any and all existing and future rights throughout the world conferred by statute, common law, or equity in relation to copyright, trademarks, designs, patents, circuit layouts, business and domain names, inventions, and other confidential information, and any other results of intellectual activity in the industrial, commercial, scientific, literary or artistic fields, whether or not registered or registrable.
• Inputs has the meaning given in clause 8.1.
• Liability means any expense, cost, liability, loss, damage, claim, notice, entitlement, investigation, demand, proceeding, or judgment, howsoever arising, whether direct or indirect.
• Outputs has the meaning given in clause 8.1.
• Personal Data has the meaning given to it in the UK GDPR.
• Platform means the exsite.app cloud-based platform.
• Services has the meaning given in clause 2.1.
• Subscription means a subscription plan to access certain features of the Platform.
• Subscription Fees means the fees payable for a Subscription.
• Subscription Period means the duration of your Subscription (e.g., monthly or annually).
• UK GDPR means the General Data Protection Regulation as it forms part of the law of England and Wales, Scotland, and Northern Ireland by virtue of section 3 of the European Union (Withdrawal) Act 2018.

Part III: UK GDPR Compliance Framework

3.1 The Six Principles and Lawful Bases for Processing

The Terms of Service are the user-facing part of a broader data protection strategy. All processing of personal data by eXsite Labs Ltd must comply with the UK GDPR and the Data Protection Act 2018. The foundation of this compliance rests on adhering to six core data protection principles. All personal data must be:

• Processed lawfully, fairly, and in a transparent manner.
• Collected for specified, explicit, and legitimate purposes (purpose limitation).
• Adequate, relevant, and limited to what is necessary (data minimisation).
• Accurate and, where necessary, kept up to date.
• Kept for no longer than is necessary (storage limitation).
• Processed in a manner that ensures appropriate security (integrity and confidentiality).

Crucially, every processing activity must have a valid "lawful basis" under Article 6 of the UK GDPR. For a platform like exsite.app, the primary lawful bases will be:

• Performance of a Contract: This applies to all data processing that is strictly necessary to provide the service the user has signed up for. This includes using an email address for account login and verification, and processing payment details to collect Subscription Fees.
• Consent: This must be used for any non-essential processing. For example, sending marketing communications or, critically, if the platform wishes to use a user's Private Content to train its AI models. Under UK GDPR, consent must be a clear affirmative action (e.g., an unticked checkbox), and it must be freely given, specific, informed, and unambiguous. Users must also be able to withdraw their consent at any time as easily as they gave it.
• Legitimate Interests: This can be a basis for processing where it is necessary for the company's legitimate interests (e.g., for security monitoring, service analytics, or platform improvement), provided these interests are not overridden by the rights and freedoms of the user. A Legitimate Interests Assessment (LIA) should be conducted and documented for each activity relying on this basis.

3.2 Essential Documentation: The Privacy and Cookie Policies

The ToS is not a substitute for a comprehensive, standalone Privacy Policy. This document is a legal requirement under the UK GDPR and is the primary tool for achieving transparency. The Privacy Policy for exsite.app must be easily accessible and written in clear, plain language. It must detail:

• The identity and contact details of the data controller (eXsite Labs Ltd).
• The types of personal data collected (e.g., account details, payment information, IP addresses, user Inputs).
• The specific purposes for which each type of data is processed.
• The lawful basis relied upon for each processing purpose.
• Who the data is shared with (e.g., third-party service providers like payment processors or cloud hosting services).
• Details of any international transfers of data (i.e., outside the UK/EEA) and the safeguards in place (e.g., Adequacy Decisions, Standard Contractual Clauses).
• The data retention periods for different types of data.
• A clear explanation of the user's data subject rights and how to exercise them.

In addition, because the website will use cookies, a separate Cookie Policy and a compliant cookie consent banner are required. The banner must allow users to give clear, affirmative consent before any non-essential cookies (e.g., for analytics or advertising) are placed on their device.

3.3 Table: Implementing Data Subject Rights

The UK GDPR grants individuals a number of enforceable rights over their personal data. eXsite Labs Ltd must have procedures in place to facilitate these rights. The following table acts as a practical compliance checklist.

Part IV: Recommendations and Next Steps

4.1 Immediate Actions for Legal and Commercial Readiness

• Draft and Implement Essential Policies: The highest priority is to commission the drafting of a UK GDPR-compliant Privacy Policy and Cookie Policy. These are not optional and are fundamental to lawful operation in the UK. They must be in place and accessible on the website from day one.
• ICO Registration: eXsite Labs Ltd must register with the Information Commissioner's Office (ICO) as a data controller. Under the Data Protection Act 2018, most organisations that process personal data are required to pay an annual data protection fee to the ICO. Failure to do so can result in fines. Registration can be completed online via the ICO's website.
• Insurance Review: The company should consult with a specialist insurance broker to ensure it has adequate Professional Indemnity and Cyber Liability insurance. The policy should be reviewed to confirm that it specifically covers the unique risks associated with providing a generative AI service, including claims related to intellectual property infringement in Outputs, data breaches, and service errors.
• Implement a Subject Access Request (SAR) Procedure: An internal process must be established for handling data subject requests, particularly SARs, in a timely manner. The UK GDPR mandates a response time of one month. This procedure should identify who is responsible for receiving requests, how identity will be verified, where the relevant data is stored, and who will approve the final response.

4.2 Ongoing Compliance and Future-Proofing

• AI Regulation Monitoring: The legal and regulatory landscape for Artificial Intelligence is evolving at an unprecedented pace. The ICO is already issuing guidance on AI and data protection, and new legislation is anticipated both in the UK and globally. It is recommended that the ToS, Privacy Policy, and overall risk posture be formally reviewed at least bi-annually to adapt to new laws, regulatory guidance, and evolving case law.
• The Data (Use and Access) Act 2025: The ICO's own guidance notes that it is under review due to the Data (Use and Access) Act coming into law in June 2025. While the full impact of this Act is yet to be detailed, its existence signals that the UK's data regulation framework is dynamic. eXsite Labs Ltd must remain vigilant and be prepared to adapt its practices as new guidance is published.
• International Expansion Strategy: If eXsite Labs Ltd intends to offer its Services to individuals located within the European Union, it will fall under the jurisdiction of the EU GDPR. This would trigger additional compliance obligations, including the potential need to appoint an EU Representative and be prepared to engage with EU data protection authorities. This should be a key strategic consideration in any plans for international growth, as EU GDPR compliance will require further legal and operational adjustments.