General Terms of Use of Services

Company name of the Service Provider: Flowyer LegalTech LLC
Headquarters of the Service Provider: Alíz utca 6, Building A, Wing B, Floor 1, Door 6, 1117 Budapest, Hungary
Tax number: 25556584-2-43
Company registration number: 13-09-181128
Contact: support@flowyer.eu

Client: The legal entity specified on the order form, acting on its own behalf or on behalf of an organisation without legal personality, which uses the services available at www.flowyer.eu.

Service provider: Flowyer LegalTech LLC, Alíz utca 6, Building A, Wing B, Floor 1, Door 6, 1117 Budapest, Hungary

Software: The legal practice administrative management system operated by the Service Provider, accessible at www.flowyer.eu.

Agreement: The confirmation prepared by the Service Provider and sent exclusively electronically to the Client based on the order. General Terms of Use of Services and the Privacy Policy electronically accepted by the Client are parts of the Agreement.

Period: The 6-month or 1-year duration undertaken by the Client in the order.

Google LLC ensures a minimum availability of 99.95% (https://cloud.google.com/appengine/sla) for the Software. Data is stored in two copies in Frankfurt, with daily backups maintained in Belgium for one year. Unlike data storage, uploaded files are managed using a version control system, also operated in Frankfurt. Deleted or accidentally overwritten files can be restored up to 90 days retrospectively.
Although no downtime has occurred since the launch of the Software, the Service Provider's liability does not extend to interruptions or data loss caused by the following:
• Circumstances beyond the Service Provider's control (force majeure), including but not limited to any government action, war, rebellion, sabotage, armed conflict, embargo, fire, flood, airstrikes, or other disturbances, unavailability, disruption, or delay of telecommunications or third-party services, virus or hacker attacks, third-party software failures (e-commerce software, payment gateways, chat systems, statistics), or the unavailability of raw materials, services, power, and equipment.
• Disruptions to the international internet infrastructure, e.g., issues with the DNS (Domain Name Services) system.
• System failures or downtime beyond the Service Provider's supervision and control.
• Email or webmail delivery failures.
• DNS service interruptions for extension purposes.
• Unexpected system failures despite the Service Provider's full completion of its maintenance and monitoring tasks.
The Service Provider assumes no liability for damages resulting from the use of the Software.

Requests, feedback, and bug reports related to the Software must be submitted electronically via email to support@flowyer.eu. The customer service team will respond within three business days at the latest and initiate processing of the report.

Telephone support is available for urgent issues only, on weekdays from 9 a.m. to 6 p.m., at +36 70 583 7315.

Expert work required for bug investigation is free of charge, provided the issue is proven to be a software failure or caused by a fault attributable to the Service Provider.

The Software is compatible with any computer running at least Windows 7 and equipped with the latest version of Mozilla Firefox or Google Chrome browsers (with cookies and JavaScript enabled by default). Although the Software may work on other browsers, full functionality is only guaranteed on these two browsers. For optimal display, a resolution of at least 1280 pixels wide is recommended. While the Software is browser-based and requires no installation, the Service Provider may, in the future and in response to client needs, develop optional installable add-ons for convenience. These add-ons will be made available to Clients free of charge.

All information on the Service Provider's website (product descriptions, informational text, images, graphics) as well as the site's graphical and technical structure and functionality, are the exclusive property of the Service Provider as copyright holder. These are fully protected by copyright law under Act LXXVI of 1999. Use, processing, copying, distribution, or storage of this material without the explicit written consent of the copyright holder constitutes a violation of copyright law and may result in legal consequences. Information on the Service Provider's website may be freely downloaded, displayed, and printed for personal use. For commercial use, please request an official offer or statement from the Service Provider.

The Parties are subject to criminal liability for classified information they become aware of before and during the performance of the Agreement. Neither party is entitled to disclose or share other confidential information, except for essential elements of the Agreement, such as the identity of the Parties, the subject of the Agreement, the compensation amount, or any provisions whose disclosure is required by law.

Information related to the Agreement and its performance, or information about the Parties, especially regarding their operation or organisation, that comes to their knowledge or possession, or is otherwise learned and not publicly accessible, including facts, data, plans, documents, procedures (hereinafter: data), are considered business secrets. The disclosure of such information could harm the Parties’ official, business, or other interests.

The obligation of confidentiality for classified information binds both Parties even after the contract expires or terminates for any reason, for the duration of the classification. For other secrets or confidential information arising from the Agreement or during its performance, the Parties must act in accordance with the laws in effect at the time of entering into the agreement.

The Client is responsible for all actions performed under their username and for keeping the password protecting it secure. The Service Provider bears no liability in this regard.

The Software includes the following independent artificial intelligence (AI) based functions:

A) Document Anonymizer

Description of the service
The Document Anonymizer is a proprietary function developed by the Service Provider that recognises and anonymizes personal and sensitive data in legal documents. The service operates through a combination of rule-based pattern recognition and a pre-trained language model. The language model runs exclusively in inference mode and does not learn from or modify itself based on the Client's data.

Data processing and storage
a) The Document Anonymizer runs exclusively on servers located within the European Union. No data transfer outside the European Union takes place during the anonymization process.
b) Uploaded documents are automatically and permanently deleted upon completion of processing. The Service Provider does not archive, save or store the documents.
c) The Service Provider declares that it does not use the uploaded documents or their contents for the training or development of AI models.

Limitations of the service
a) Based on our measurements, the Document Anonymizer is capable of recognising personal and sensitive data with near 100% efficiency. However, the Service Provider does not guarantee the completeness of anonymization in all cases, particularly for:
• data in unusual formats or layouts,
• text embedded as images (OCR limitations),
• documents with incorrect character encoding or corruption.
b) The Client is obliged to review the anonymized document before use and to verify that the anonymization has been carried out to an extent appropriate for the intended purpose.
c) The Service Provider excludes liability for any damage arising from the Client's use of the anonymized document without prior verification.

Continuous development and feedback system
a) The Service Provider continuously develops the recognition capabilities of the Document Anonymizer. The Hungarian language is constantly evolving – new first names become registrable, new expressions and formats emerge – therefore periodic fine-tuning of the system is necessary to maintain high recognition accuracy.
b) The Service Provider provides a feedback function on the anonymizer interface through which the Client may report:
• unrecognised personal data (false negative),
• incorrectly identified elements that do not actually constitute personal data (false positive).
c) Submitted feedback is placed in a queue which is reviewed by the Service Provider's AI experts. Where justified, the Service Provider fine-tunes the anonymizer system based on the feedback.
d) Data processing related to the feedback function: Feedback submitted by the Client is used exclusively for the purpose of improving the service. The Service Provider uses the specific text excerpts contained in the feedback only in anonymized or generalized form for system development, and does not store or directly use the Client's original documents for training purposes.

B) AI Assistant (ChatGPT Integration)

Description of the service
The AI Assistant is a service based on the GPT language model developed and operated by OpenAI, which the Service Provider makes available through API integration. The service generates text-based responses based on the text instructions (prompts) provided by the Client.

The Client's own OpenAI account
a) To use the AI Assistant function, the Client must have their own OpenAI account and API key, which they register in the Flowyer system.
b) The Client uses OpenAI's services directly, in their own name and at their own responsibility. Flowyer solely provides a technical interface for accessing the OpenAI API.
c) The legal relationship between the Client and OpenAI is governed by OpenAI's terms of service and privacy policy. The Client is obliged to review and accept these terms when creating their OpenAI account.
d) The Service Provider does not qualify as a sub-processor in relation to OpenAI and is not responsible for OpenAI's data processing practices.

Data transfer and data processing
a) When using the AI Assistant, the prompts provided by the Client are transferred to the servers of OpenAI LLC (USA) for the purpose of generating responses, through the Client's own API key.
b) As of 1 March 2023, OpenAI officially does not use data sent through the API for the training of AI models.
c) OpenAI applies a Zero Data Retention setting, ensuring that OpenAI does not store prompts and responses beyond the generation process.
d) The submitted prompts and generated responses are not permanently stored in the Flowyer system. However, prompt templates (quick buttons) created by the Client are stored in the Flowyer system to provide a convenience feature.

Limitations of the service and limitation of liability
a) The Client acknowledges that the AI Assistant operates on a probabilistic model, and:
• may contain inaccuracies or erroneous information,
• may generate statements that differ from reality (so-called "hallucination"),
• may not be able to recognise context or intent in all cases.
b) The Service Provider does not provide any warranty or guarantee regarding the accuracy, completeness, timeliness or fitness for a particular purpose of the content generated by the AI Assistant.
c) The content generated by the AI Assistant (Output) serves solely as a starting point and auxiliary tool. The Output does not replace qualified legal advice or professional legal judgment.
d) The Client is obliged to professionally review and verify all content generated by the AI Assistant before use.
e) The Client assumes full responsibility for the use of the Output and for decisions made based on it.
f) The Service Provider excludes liability for any damage arising from the Client's use of AI Assistant-generated content without prior verification.

C) Common Provisions

Protection of attorney-client privilege
a) The Client warrants that they have obtained the necessary express, prior consent from their client for the processing of data qualifying as attorney-client privilege in the Software, pursuant to Section 10(4)(c) of Act LXXVIII of 2017 on the Practice of Law (Üttv.).
b) The Service Provider undertakes to treat confidentially any information qualifying as attorney-client privilege that comes to its knowledge.

Intellectual property rights
a) The Client retains all intellectual property rights with respect to the content uploaded by the Client.
b) The Service Provider waives all potential rights to content generated by the AI services in favour of the Client.

EU AI Act compliance
a) The Client acknowledges that when using the AI services, they are interacting with an artificial intelligence system.
b) The Service Provider continuously monitors the requirements of Regulation (EU) 2024/1689 of the European Union on Artificial Intelligence (AI Act) and undertakes to ensure compliance with the applicable legislation.

The following provisions shall apply to the Document Handover Share function.

1. Purpose of the function

The Document Handover Share is an additional function of the Software that enables the Customer, or an attorney, law firm or other authorised user acting on behalf of the Customer, to make certain documents or document folders relating to a matter available to external persons in a restricted, logged and read-only manner.

The purpose of the function is to enable the secure handover, viewing and downloading of documents by persons who do not have a user account in the Software. The use of this function shall not constitute the granting of full access to the Software and shall not confer on the Recipient any right to upload, modify, delete, edit or otherwise dispose of any document or data.

2. Definitions

For the purposes of this section:
Issuing Attorney means the Customer, or the attorney, law firm or authorised user acting in the name and on behalf of the Customer, who or which makes a document, document folder or a defined set of documents relating to a matter available through the Document Handover Share function.
Recipient means the natural person, or the natural person acting on behalf of an organisation, to whom the Issuing Attorney grants access through the Document Handover Share function.
Share means the access created by the Issuing Attorney, identified by a unique identifier, limited in time or unlimited in duration, and granting read-only access.
Share Link means the unique, non-guessable URL connected to the Share, which in itself does not grant access, but may be used together with the verification process linked to the Recipient’s e-mail address.
Verification Code means the one-time, time-limited identification code sent to the e-mail address provided by the Recipient, which is required in order to open the Share.

3. Subject matter and scope of the Share

The Issuing Attorney may share a specific file or an entire document folder through the Share. Where a document folder is shared, the Share shall, unless otherwise determined by the Issuing Attorney, also include the subfolders contained therein and their full contents.

The Recipient shall in each case have access to the current version of the relevant file as valid in the Software from time to time. If the Issuing Attorney uploads a new version of a file in the Software, the Recipient shall see the current version upon the next opening of the Share.

The Share shall extend only to the files, folders and contents specified therein. On the basis of the Share, the Recipient shall not acquire access to any other data of the matter, other matter-related items, internal interfaces of the Software, other data of the Customer or any administrative functions of the Software.

4. Responsibility of the Issuing Attorney

The Issuing Attorney shall be responsible for ensuring that the Share is created, the Recipient is selected, the Recipient’s e-mail address is provided, and the scope of the shared documents is determined on the basis of an appropriate legal ground, authorisation and professional assessment.

The Issuing Attorney shall be responsible in particular for ensuring that the Share does not infringe the rules applicable to attorney-client privilege, the protection of personal data, trade secrets, classified information, or any other confidentiality, procedural or contractual obligations applicable to the given matter.

The Service Provider shall provide the technical operation of the Share, but shall not examine or review which document is made available by the Issuing Attorney, to which Recipient, for what purpose and for what duration.

5. Access by the Recipient and obligation to accept the terms

The Recipient may access the Share through the Share Link contained in the invitation e-mail. After opening the Share Link, the Recipient shall provide the e-mail address to which the Verification Code is to be sent. Access shall be conditional upon the successful entry of the Verification Code.

The Share Link and the Verification Code together serve to identify the Recipient and restrict access. Knowledge of the Share Link alone shall not create any right of access.

Before first accessing the shared documents, the Recipient shall be required to review and expressly accept the Service Provider’s then-current terms of use and privacy notice. Such acceptance shall be recorded in relation to the specific Share and the given Recipient. In the absence of such acceptance, the Recipient shall not be entitled to view or download the shared documents.

6. Confidentiality and security obligations of the Recipient

The Recipient shall treat the Share Link, the Verification Code, and the documents and information accessed through the Share as confidential. The Recipient shall refrain from disclosing, forwarding, publishing, transferring or otherwise making available the Share Link, the Verification Code or the browser session used for access to any unauthorised third party.

The Recipient acknowledges that the documents accessible through the Share may contain attorney-client privileged information, personal data, trade secrets, procedural information or other confidential information. The Recipient may use the shared documents solely for the purpose for which they were made available to them and shall comply with all confidentiality and data protection obligations applicable to the given matter, legal relationship or proceeding.

The Recipient shall be liable for any damage, infringement or unauthorised access resulting from their failure to handle the Share Link, the Verification Code or the downloaded documents with due care.

7. Logging

The Recipient acknowledges that access and security events relating to the Share are logged by the Software. The purposes of logging are to ensure the verifiability of access, to prevent and investigate misuse, to operate the Share securely, and to support the establishment, exercise or defence of legal claims by the Issuing Attorney and the Customer.

Logging may cover, in particular, the following events: sending of a Verification Code, successful or unsuccessful code verification, locking of access, acceptance of the terms of use and privacy notice, opening of folder contents, downloading of a specific file, initiation of a ZIP download, expiry of the Share, and revocation of the Share.

A log entry may contain, in particular, the exact time of the event, the Recipient’s e-mail address, the type of event, the identifier and name of the affected file or folder, the IP address, browser user-agent data and the unique event identifier.

The Recipient acknowledges that the logged events may be made available to the Issuing Attorney through the relevant interface of the Software.

8. Access and download certificates

The Software may provide the Issuing Attorney with the possibility to download a summary export of log entries relating to the Share, or a separate certificate for individual events. Such certificate may contain the material details of the relevant event, including in particular the details of the Issuing Attorney or law office, the data required to identify the matter, the Recipient’s e-mail address, the name of the affected file or folder, the time of the event, the IP address, user-agent data, the event identifier, and a technical fingerprint generated from the event data.

The purpose of the certificate is to document the relevant access or download event retrospectively. The technical fingerprint serves to verify the integrity of the data appearing in the certificate. The certificate shall not constitute a public deed and shall not replace any service, notification or evidentiary rules applicable in the relevant proceeding; however, the Issuing Attorney or the Customer may use it in connection with the establishment, exercise or defence of legal claims.

9. Expiry, revocation and termination of access

The Share shall be available until the expiry date determined by the Issuing Attorney or, in the absence thereof, until the default period set in the system. The Issuing Attorney shall be entitled to revoke the Share at any time, modify its expiry date or reactivate the Share, where the functions of the Software allow this.

Upon expiry or revocation of the Share, the Recipient’s access right shall cease. On the basis of an expired or revoked Share, the Recipient shall not be entitled to view or download the shared documents. Revocation of the Share may also result in the termination of active access sessions.

Expiry or revocation of the Share shall not affect the retention of lawfully created log entries, access data and certificates, where such retention is necessary on the basis of the legitimate interests or legal obligations of the Customer, the Issuing Attorney or the Service Provider, or for the establishment, exercise or defence of legal claims.

10. Role of the Service Provider

In operating the Document Handover Share function, the Service Provider acts as a technical service provider in accordance with the Customer’s instructions. The Service Provider does not inspect, evaluate, modify or determine the content of the shared documents, nor does it determine which document or folder the Issuing Attorney makes available to which Recipient.

The Service Provider provides the technical measures required for the operation of the Share, including in particular the creation of the unique Share Link, the sending and verification of the Verification Code, the management of the access session, logging, the provision of download access and, where supported by the function, the technical preparation of ZIP downloads.

In respect of personal data affected by the Share, the Service Provider shall, unless otherwise provided, act as a processor on the basis of the instructions of the Customer as controller. The Service Provider may act as an independent controller only in respect of data processing that is necessary for the fulfilment of its own legal obligations, the enforcement of its information security interests, the maintenance of its service relationship, or the establishment, exercise or defence of its legal claims.

11. Limitation of liability

The Service Provider shall not be liable where the Issuing Attorney creates a Share for an incorrect or inappropriate Recipient, provides an incorrect e-mail address, shares an inappropriate document or folder, or creates the Share in breach of any statutory, professional, contractual or confidentiality obligation applicable to the given matter.

The Service Provider shall not be liable for circumstances falling within the Recipient’s sphere of control, including in particular the unauthorised use of the Recipient’s e-mail account, the forwarding of the Share Link or Verification Code by the Recipient, the inadequate security of the Recipient’s device or browser, or the further handling by the Recipient of documents downloaded by them.

Matters not regulated in this section shall be governed by the other provisions of the General Terms and Conditions, as applicable.

The Parties declare that all communications related to this Agreement will be made in writing. The fees displayed on the website and in the Agreement are exclusive of VAT. The Client accepts that the Service Provider may use its name and logo as a reference on its website. The contracting parties agree to resolve any disputes amicably through direct negotiations. If this fails, the parties submit to the exclusive jurisdiction of the court competent for the Service Provider’s registered office in all legal disputes.