Terms of Service for the Use of Generative AI Systems by Open Hippo GmbH

Terms of Service for the Use of Generative AI Systems by Open Hippo GmbH

§ 1 General Provisions and Subject Matter of the Contract

(1) Open Hippo GmbH (hereinafter referred to as the "Provider") supports the customer in operating certain applications that use an AI system via a web-based platform or an interface (API). The AI system is a generative system capable of generating responses to customer inquiries in various forms. These responses can be generated as text, graphics, or videos. Due to the customer's known limited experience with generative AI, it is the customer's responsibility to adequately review the AI output before use.

(2) The subject of this contract is the paid provision of a generative AI system (hereinafter referred to as the "System") by the Provider for temporary use by the customer via a remote data connection and interface (API), in compliance with future technical specifications.

§ 2 Definitions

The terms used in these terms and conditions are defined as follows:

a. Prompt: An instruction that causes the system to perform a specific task or generate a specific response. The prompt is submitted to the system via the provided input field.

b. AI Model: A mathematical structure, represented particularly by algorithms and weighted parameters, trained through machine learning from data. It is designed to perform specific tasks such as image recognition, language processing, decision-making, or predictive analysis. Its use requires infrastructure consisting of hardware and software, including a user interface and other components.

c. AI System: A machine-based system whose foundation is an AI model and which is designed for varying degrees of autonomous operation. After deployment, it can be adaptable and derive from the inputs received how outputs such as predictions, content, recommendations, or decisions are created that can influence physical or virtual environments.

d. Output: The result of the system's processing of the prompt.

e. User: Any person authorized by the customer to use the system.

f. Bias: A deviation from the desired output of an AI model, characterized by certain results being over- or under-represented compared to the reference model of reality in an evaluative consideration.

g. AI Competence: The skills, knowledge, and understanding, considering their respective rights and obligations, to use the system competently within the scope of use promised by the provider and to be aware of the opportunities and risks of AI systems and possible damages they can cause.

§ 3 System Usage

(1) The system is guaranteed to have 99.9% availability, and any issues should be reported to support@openhippo.io. Further performance parameters for use are specified in the Service Level Appendix.

(2) Further technical details relevant to this contract, including the description of the system, will be provided separately if necessary.

(3) The system is provided by the provider at the handover point (interface of the provider's operated data network to other networks) for use. The system remains on the provider's server. The provider is not responsible for establishing and maintaining the data connection between the customer's IT system, especially the end devices, and the handover point operated by the provider.

(4) By accessing the system, the customer receives support only for the agreed applications. The scope of support is also described in the appendix. The provider does not assume any obligation to achieve a specific result.

(5) The provider may change the system at any time. Changes will be communicated to the customer. The customer has no claim to the use of a specific system.

(6) The customer may only access the system for the agreed applications within the scope of the intended operational use. The maximum permissible number of end devices that the customer can use simultaneously is also specified in the appendix.

(7) Any use of the system that deviates from the provisions of this contract is not permitted. In particular, the customer is not entitled to manipulate the system so that it performs tasks other than those provided for in this contract or the customer obtains information that is not required for the intended use of the system relevant here. The non-permitted measures include in particular:

a. Prompt Injection ("Input Manipulation"), where the prompt is designed so that the system generates unwanted or harmful outputs.

b. Evasion Attacks ("Bypass Attacks") as attacks on AI systems where an attempt is made to deceive or manipulate the system, for example by identifying patterns in the training data that lead the system to make incorrect decisions.

c. Reverse Engineering of the model, for example by the customer making extensive queries to collect information that allows them to create their own model that imitates the behavior of the system.

d. Abliteration, where the structure and functionality of the system are analyzed to identify vulnerabilities, to get the system to disclose confidential information or generate false answers through input patterns or combinations of words.

e. Membership Inference Attacks to reconstruct data points used for training.

(8) The provider reserves the right to check prompts and generated output through methods for abuse prevention or content filtering and to prevent processing in the event of a justified suspicion of abusive use.

(9) The customer is liable to the provider for damages caused by unauthorized use of the system. They ensure that all users comply with the requirements of this contract for the use of the system.

(10) Due to legal obligations, the provider may have to mark output with the note that it was created by an AI system. The customer may not alter or remove this note.

§ 4 AI Competence, Data Storage, Biases

(1) The customer takes the measures prescribed by Art. 4 AI Regulation to ensure, to the best of their ability, that users have an adequate level of AI competence. Their technical knowledge, experience, training, and the context in which the system is to be used must be considered.

(2) The customer must ensure that all users understand how the AI system works: It learns from a large amount of data, the training data, and learns which patterns, relationships, and statistical properties underlie the data. It creates new information from this. This new information is similar to the learned data but is regularly not identical to it. The system does not store training data but creates statistical models that capture the probability of words or phrases in certain contexts. When the system generates new information, it uses these models to make plausible statements based on the learned patterns.

(3) In this context, it should be noted that the data transmitted by the customer within the scope of using the system are not stored and kept separately. However, information transmitted to the system can enter the system in the manner characteristic of AI systems according to the description in paragraph 2 and modify it.

(4) When using the system, the customer also notes that the way AI systems work does not allow data, whether individual or aggregated, to be specifically removed from the system.

(5) It should also be noted that the system was trained based on a large amount of data intended to be representative for the desired purposes. However, depending on the data material used, the manner of training, and the configuration of the AI model underlying the system, the output may be biased. For AI systems like the one used in this contract, biases cannot be completely avoided for technical and evaluative reasons.

(6) In exceptional cases, an AI system may respond inadequately to a request ("hallucinate"), for example, because incorrect probabilities or weightings were used in the AI model.

(7) It is therefore in the customer's and users' own interest to check the information generated by AI systems for plausibility. This is particularly important to avoid damages from the violation of life, body, or health. The customer will take this into account and inform the users of the system accordingly.

§ 5 Training Material/Documentation

(1) The provider makes training material available to the customer for introduction to the use of the system. Details will be agreed separately if necessary.

(2) In addition to the training material, the customer also has access to a guide in text form.

(3) Upon request, the provider will make further consulting services available to the customer for a usual fee to ensure competence according to § 4.

§ 6 Intellectual Property Rights/Trade Secrets

(1) The customer ensures that they are entitled to use the content transmitted to the system, whether prompts, other texts, drawings, photographs, etc., for this purpose. The system does not check the permissibility of the use of the data transmitted by the customer.

(2) The provider does not guarantee that intellectual property rights can be established on the output. In principle, output does not enjoy legal, in particular copyright, protection. The output is not intended to be passed on to third parties not authorized to use the system.

(3) The provider points out to the customer that the concrete result of a request to the AI cannot be predicted with sufficient certainty. An unintentional infringement of the output on the rights of third parties cannot be sufficiently avoided as a result. The customer notes that liability for the removal or future omission of a legal violation can also be established without fault.

§ 7 Personal Data

(1) The use of the system can also be carried out without further ado by entering personal data. The provider makes the AI system available to the customer in such a way that third parties do not have access to personal data or personal data remains permanently in the provider's system.

(2) As a result of the manner of data processing by the provider's AI systems, the provider acts as a processor for the customer. The necessary data processing agreement is provided by the provider as supplementary conditions "LINK". These apply as agreed upon conclusion of the contract.

§ 8 Access Rights

The customer receives an access authorization for accessing the systems, which is managed via a username-password login procedure. Users are obliged to authenticate themselves with their personal login data, consisting of username and password. Upon first login, users have the opportunity to set their password themselves.

The login data must be treated as strictly confidential and may only be made available to authorized users. The access authorizations are subject to regular checks and adjustments to ensure that only authorized users have access to the systems.

Users must be instructed by the customer to use the access to the systems exclusively in accordance with the provisions of this contract. Any abusive use of the login data or the system can lead to legal consequences.

§ 9 Customer's Cooperation Obligations

(1) The customer undertakes to establish a data connection between the end devices intended for use by them and the data handover point defined by the provider. The provider is entitled to redefine the data handover point if this is necessary to enable the customer to use the services smoothly.

(2) The contractual use of the provider's services depends on the hardware and software used by the customer, including workstations, routers, data communication devices, etc., meeting the minimum technical requirements for using the currently offered system and the users authorized by the customer to use the system being familiar with the operation of the system. The configuration of their IT system, in particular the end devices, is the responsibility of the customer.

(3) The customer will carefully select, instruct, and monitor all users regarding the contractual use of the system. If the customer has doubts that a user is able to use the system in accordance with the contract, they must deny them the use. In particular, the customer will point out the terms of use to the users and oblige them to comply with these conditions.

(4) The customer will report all conspicuous behaviors of the system to the provider. Conspicuous behaviors include, in particular, biases in the output as well as other false, misleading, or inappropriate statements by the system.

§ 10 Remuneration

(1) The customer shall pay the fees resulting from the provider's price list valid at the time of conclusion of the contract.

(2) The provider is entitled to adjust the fees to be paid under this contract at its reasonable discretion in line with the development of the costs that are decisive for the price calculation.

§ 11 Contract Term, Blocking

(1) The contract can be terminated at any time at the end of the month. The termination must be made no later than one day before the end of the current billing month. Customers are entitled to terminate the contractual relationship by discontinuing payment on the Stripe payment platform at the next possible month-end. No additional and separate termination on openhippo.ai is required. If the termination is made after the end of the month, the subscription ends at the end of the following month.

(2) The right to terminate for good cause remains unaffected.

(3) Any termination must be in text form.

(4) If the customer or a user violates the terms of use set out in this agreement or otherwise agreed, the provider may block access to the system entirely or partially as necessary until contractual use can be expected again.

§ 12 Liability for Defects

(1) The provider applies all reasonable care and expertise in providing the data and complies with all applicable laws in this regard. Notwithstanding the foregoing, warranties are provided by the provider without any further express or implied warranty of any kind, including but not limited to the warranty of fitness for a particular purpose (such as the contract purpose).

(2) The provider shall immediately inform the customer of any defects in the data of which it becomes aware and shall immediately take appropriate measures to ensure that the data made available to the customer comply with the provisions of this agreement. In particular, the provider shall inform the customer as soon as the provider becomes aware that the data made available to the customer deviate from the description in Appendix A. In such a case, the customer may (a) reject the data in whole or in part and/or (b) restrict the provider's access to the application and its use if and to the extent these measures are necessary to ensure the lawfulness of the data processing by the customer.

§ 13 Liability

(1) The provider is liable for intent and gross negligence.

(2) For slight negligence, the provider is only liable for damages resulting from the violation of life, body, or health. The provider is only liable for foreseeable damages, the occurrence of which must typically be expected.

(3) With the exception of liability under the Product Liability Act, any liability of the provider independent of fault due to the use of the system by the customer or third parties mediated by them is excluded.

(4) The customer is responsible for measures to ensure operational safety, in particular occupational safety, towards third parties, including employees. The system is not able to record the conditions of its use and address safety-related aspects, including those of occupational safety.

(5) If the provider is claimed for damages by users due to the consequences of an output of the system, the customer shall indemnify the provider from liability insofar as this liability is based on the fact that the customer did not use the system as intended or inadequately selected, instructed, or supervised the users in the use of the system.

§ 14 Amendment of the Contractual Terms

The provider is entitled to amend or supplement these contractual terms as follows. The provider will announce the amendments or supplements to the customer in text form no later than six weeks before they become effective. If the customer does not agree with the amendments or supplements to the contractual terms, they may object to the amendments with a notice period of one week at the time of the intended effectiveness of the amendments or supplements. The objection must be in text form. If the customer does not object, the amendments or supplements to the contractual terms shall be deemed approved by them. The provider will particularly point out the intended significance of their behavior to the customer with the notification of the amendments or supplements to the contractual terms.

§ 15 Final Provisions

(1) General terms and conditions of the parties otherwise do not apply to this contract. This also applies if such conditions are not expressly objected to.

(2) The assignment of claims is only permitted with the prior written consent of the other contractual party. The consent may not be unreasonably withheld. The regulation of § 354a HGB remains unaffected by this.

(3) The contractual parties may only offset claims that are pending in court or undisputed.

(4) All amendments, supplements, and terminations of contractual agreements require written form, as does the waiver of the written form requirement, insofar as this contract does not provide for text form.

(5) The parties undertake to maintain confidentiality regarding the content of this agreement and its implementation.

(6) If individual provisions of the party agreements are or become wholly or partially invalid, the validity of the remaining provisions shall not be affected thereby. The parties undertake in this case to replace the invalid provision with an effective provision that comes as close as possible to the economic purpose of the invalid provision. The same applies to any gaps in the agreements.

(7) The law of the Federal Republic of Germany applies. The place of jurisdiction is Augsburg.

Privacy Policy Legal Notice Terms of Service