Terms of Service
Effective date: 11 January 2026
Company: Olbiatech Limited (“Olbiatech”, “we”, “us”, “our”)
Address: 17 Green Lanes, London N16 9BS, United Kingdom
Website: https://olbiatech.com
Contact: [email protected]
These Terms of Service (“Terms”) govern your business’s access to and use of Olbiatech’s AI automation services, including voice agents, AI text agents, AI lead generation, website forms, chat widgets, and WhatsApp automations (the “Services”). By using the Services or signing an Order (defined below), you agree to these Terms.
1) Business use only; eligibility; authority
The Services are offered for business use (B2B) only. Consumers must not use the Services.
You must be 18+.
You confirm you have authority to bind your business to these Terms and that you are acting in the course of business (not as a consumer).
2) Definitions
“Order” means a proposal, statement of work (“SOW”), order form, subscription plan details, invoice, or similar document referencing these Terms that describes scope, deliverables, pricing, and/or term.
“Client Content” means the data, prompts, files, materials, and information you or your end users provide or make available through the Services.
“Outputs” means results generated through the Services based on Client Content (e.g., responses, summaries, structured data).
“Third-Party Services” means third-party platforms or providers used with or within the Services (including, as applicable, GoHighLevel, OpenAI, Grok, and Twilio).
“DPA” means Olbiatech’s Data Processing Addendum (Data Processing Agreement) incorporated by reference under Section 15.
3) Order of precedence
If there is a conflict:
The Order controls only for scope, deliverables, pricing, plan designation (including whether you are on an SMB Plan), and commercial term details.
These Terms control for all other matters.
Any third-party terms apply to your use of the relevant Third-Party Service.
4) Services; changes; dependencies
We provide the Services on a subscription basis, project/agency basis, or both, as stated in your Order.
The Services may rely on Third-Party Services. We are not responsible for outages, policy enforcement, pricing changes, or failures of Third-Party Services.
We may update or modify the Services over time. If a change materially reduces paid core functionality, your remedy is to cancel in accordance with Section 9.
5) Contracting requirements (B2B gating)
To create an account, place an Order, or subscribe, you must provide:
Company legal name, and either company registration number or VAT number (if applicable); and
Confirmation that you are purchasing and using the Services in the course of business.
We may refuse service, suspend, or terminate if we reasonably believe you are attempting to use the Services as a consumer or have provided false business details.
6) Your responsibilities (including compliance representations)
You agree that you:
Will provide accurate information and keep it up to date.
Will protect account credentials and any access keys.
Are responsible for all activity under your account.
You represent and warrant that:
4. You have all rights, permissions, and lawful basis to provide Client Content to us and to instruct us to process it.
5. You have obtained all required consents and notices for any communications initiated through the Services (including voice calling, WhatsApp, SMS, and email), and you will honor opt-outs and suppression lists.
6. You will comply with all applicable laws and regulations (including marketing/telecoms rules) and all platform policies (including WhatsApp and carrier requirements) relevant to your use.
7) Acceptable use and prohibited activities
You must not (and must not allow others to):
Use the Services for unlawful, harmful, abusive, deceptive, or discriminatory activities.
Send spam or run abusive outreach.
Infringe privacy, publicity, or intellectual property rights.
Upload malware, attempt unauthorized access, or interfere with the Services.
Attempt to bypass restrictions, rate limits, security measures, or access controls.
Reverse engineer, decompile, or attempt to extract underlying systems, prompts, or code except where prohibited by law.
We may suspend Services if we reasonably believe your use creates legal, compliance, security, platform-enforcement, or reputational risk.
8) AI outputs; human oversight
AI outputs can be inaccurate, incomplete, or misleading. You are responsible for reviewing and validating Outputs before relying on them.
The Services do not provide legal, medical, financial, or other regulated professional advice.
Outputs may not be unique and may be similar to outputs generated for other users.
9) Intellectual property
Olbiatech IP: We own our pre-existing and independently developed technology, templates, agent frameworks, workflows, methods, and documentation (“Olbiatech IP”). We grant you a limited, non-exclusive, non-transferable license to use the Services and Olbiatech IP only during the term and only for your internal business use.
Client Content: You retain ownership of Client Content. You grant us a limited license to use Client Content solely to provide, support, and operate the Services for you.
Outputs: As between you and Olbiatech, you own Outputs generated for you through the Services, subject to Third-Party Services’ terms and applicable law.
10) Fees, billing, cancellation, and term
10.1 Fees and billing
Fees are set out in your Order and may include monthly/annual subscription fees and/or project fees.
Setup fees: Where applicable, setup fees may apply (example: £500) and are charged as stated in the Order. Setup fees are non-refundable once work begins.
Taxes (including VAT) are your responsibility unless stated otherwise.
10.2 Monthly subscriptions
For monthly subscriptions:
You may cancel at any time, and cancellation takes effect at the end of the then-current billing period.
You remain responsible for fees due through the end of that billing period.
We do not provide refunds for partial months.
10.3 Annual subscriptions
For annual subscriptions:
You may cancel at any time, and cancellation takes effect at the end of the then-current annual term (i.e., the Services continue through the paid annual period unless otherwise stated in the Order).
No pro-rata refunds apply.
Fees remain due for the annual term, including any unpaid amounts.
10.4 Late payment
If payment is overdue, we may suspend access until all outstanding amounts are paid.
11) Refund policy
No refunds are provided, including for unused subscription time, setup fees, or partially delivered work.
Discretionary exception: We may issue a refund or credit case-by-case at our sole discretion. This does not create any ongoing obligation.
12) Suspension and termination
12.1 Suspension (strong compliance controls)
We may suspend or restrict access immediately (with or without notice where appropriate) if we reasonably believe:
you have breached these Terms;
your use violates law or platform policies (including WhatsApp/carrier rules);
your account is associated with spam, fraud, harassment, infringement, or other abusive activity;
suspension is necessary for security, incident response, or to prevent harm; or
payment is overdue.
12.2 Termination by either party
Either you or Olbiatech may terminate the Services at any time by written notice.
Termination for convenience does not affect fees already paid or fees due for the committed subscription term (monthly through the end of the current billing period; annual through the end of the current annual term), unless the Order expressly states otherwise.
12.3 Effect of termination
Upon termination:
your right to access the Services ends; and
you must stop using the Services and any Olbiatech IP except where continued use is expressly permitted by an Order (if applicable).
13) Data retention after termination
After termination or cancellation, we may retain your data for 30 days to support reactivation if you return. After that period, we may delete or anonymize it, subject to legal obligations and reasonable backup practices.
14) Support
Support is available via email and WhatsApp. We handle urgent issues as quickly as reasonably possible, but we do not guarantee response times unless agreed in writing.
15) Data protection (DPA incorporated automatically)
Where we process personal data on your behalf (as a processor), the DPA is incorporated by reference and applies automatically to that processing. In the event of conflict between these Terms and the DPA on data protection matters, the DPA controls.
16) Sanctions and export compliance
You must not use the Services in violation of applicable sanctions, export controls, or trade laws. We may suspend or terminate Services immediately if we reasonably believe your use involves restricted or sanctioned persons, jurisdictions, or prohibited end uses.
17) Disclaimers
The Services are provided “as is” and “as available.”
To the maximum extent permitted by law, we disclaim all warranties, express or implied, including merchantability, fitness for a particular purpose, and non-infringement. We do not warrant uninterrupted availability or error-free Outputs.
18) Limitation of liability
Nothing in these Terms limits liability that cannot be limited by law (including fraud and fraudulent misrepresentation, or death/personal injury caused by negligence).
Subject to the above:
We will not be liable for indirect, consequential, special, incidental, or punitive damages, or for loss of profits, revenue, business, goodwill, or anticipated savings.
Our total aggregate liability arising out of or relating to the Services is capped as follows:
SMB Plans: where your Order designates your plan as an “SMB Plan”, liability is capped at the fees you paid to Olbiatech in the 3 months immediately preceding the event giving rise to the claim.
All other plans: liability is capped at the fees you paid to Olbiatech in the 12 months immediately preceding the event giving rise to the claim.
Override: the Order may state a different cap, in which case the Order controls.
19) Notices (email sufficient)
Legal notices under these Terms may be sent by email:
To [email protected] for notices to Olbiatech; and
To the email address associated with your account or Order for notices to you.
Notices are deemed received when they enter the recipient’s email system (or when the sender receives delivery confirmation), unless the sender receives an automated “undeliverable” (or equivalent delivery failure) message.
20) Entire agreement
These Terms and any Order constitute the entire agreement between you and Olbiatech regarding the Services and supersede all prior or contemporaneous statements, proposals, or communications. You agree you have not relied on any statement not expressly set out in these Terms or an Order.
21) Governing law and courts
These Terms and any dispute or claim arising from them are governed by the laws of England and Wales. The courts of England and Wales have exclusive jurisdiction, except where mandatory law requires otherwise.
22) Changes to these Terms
We may update these Terms from time to time by posting an updated version on our website and updating the effective date. If you continue using the Services after the effective date, you agree to the updated Terms.
Data Processing Addendum (DPA) — Olbiatech Limited (UK)
Effective date: 11 January 2026
Processor: Olbiatech Limited, 17 Green Lanes, London N16 9BS, United Kingdom (“Olbiatech”, “Processor”)
Controller: The business customer identified in the Order (“Customer”, “Controller”)
Services: AI automation services (voice agents, AI text agents, lead gen forms, chat widgets, WhatsApp automations)
This DPA forms part of the agreement between Controller and Processor (the “Agreement”). It applies where Olbiatech processes Personal Data on behalf of the Controller in providing the Services.
This DPA is intended to meet the requirements of Article 28 UK GDPR and related UK data protection law. Information Commissioner's Office+2Information Commissioner's Office+2
1) Definitions
Terms used in this DPA have the meanings given in the UK GDPR, including Personal Data, Processing, Controller, Processor, and Personal Data Breach.
2) Scope and roles
Controller determines the purposes and means of Processing of Personal Data in connection with its use of the Services.
Processor processes Personal Data only on behalf of and under the instructions of Controller, as set out in the Agreement, this DPA, and any documented instructions. GDPR+1
3) Details of processing
The subject matter, duration, nature and purpose of Processing, types of Personal Data, and categories of Data Subjects are described in Annex 1.
4) Documented instructions
Processor will process Personal Data only on documented instructions from Controller, including with regard to transfers of Personal Data. GDPR+1
If Processor believes an instruction infringes UK data protection law, Processor will inform Controller (unless prohibited by law).
5) Confidentiality
Processor will ensure that persons authorised to process Personal Data are bound by confidentiality obligations.
6) Security measures
Processor will implement and maintain appropriate technical and organisational measures to protect Personal Data, as described in Annex 2. Information Commissioner's Office+1
7) Sub-processors
Authorisation (general): Controller gives Processor general authorisation to appoint Sub-processors as necessary to provide the Services, subject to the requirements below. UK GDPR requires written contracts with sub-processors and equivalent protections. Information Commissioner's Office+1
Current Sub-processors: Processor’s Sub-processors are listed in Annex 3 (including purpose and location).
Changes and objection: Processor will provide notice of any intended addition or replacement of a Sub-processor by updating Annex 3 (or providing written notice). Controller may object on reasonable data protection grounds within 14 days of notice. If Controller objects and the parties cannot resolve it, Controller may terminate the affected Services without penalty for future periods (amounts already due remain due).
Processor will impose equivalent data protection obligations on Sub-processors via a written contract. Information Commissioner's Office+1
8) Assistance to Controller
Taking into account the nature of processing, Processor will assist Controller by appropriate technical and organisational measures to respond to:
Data subject requests (access, deletion, etc.). Information Commissioner's Office+1
Security obligations, DPIAs, and prior consultation where required. Information Commissioner's Office
Controller remains responsible for responding to the data subject within statutory timeframes.
9) Personal data breaches
Processor will notify Controller of a Personal Data Breach without undue delay after becoming aware of it. GDPR+1
Practical window: Processor will aim to notify Controller within 72 hours of awareness, where feasible. (This supports Controller’s potential 72-hour regulator reporting obligations.) Information Commissioner's Office+1
Processor will provide available information reasonably required for Controller to assess the breach and meet any reporting/notification duties.
10) International transfers (UK-first approach)
Default: Processor will process Personal Data in the United Kingdom.
If Processing involves transferring Personal Data outside the UK, Processor will ensure an appropriate transfer mechanism is in place (e.g., UK IDTA / UK Addendum, or an adequacy decision), and will provide transfer details on request.
11) Audit and information
Processor will make available to Controller information reasonably necessary to demonstrate compliance with this DPA and will allow for audits/inspections conducted by Controller or an independent auditor, subject to:
reasonable notice (at least 30 days, except urgent security incidents),
confidentiality, and
limits to prevent disruption and protect other customers.
12) Return and deletion
Upon termination of the Services, Processor will delete or return Personal Data, at Controller’s choice, unless retention is required by law.
Commercial retention: Processor may retain Customer data for 30 days after termination to support reactivation (per your Terms), then delete/anonymise, subject to backups and legal obligations.
13) Liability
Liability under this DPA follows the limitation of liability in the Agreement/Terms, unless the parties agree otherwise in an Order.
14) Order of precedence
If there is any conflict between this DPA and the Agreement regarding processing of Personal Data, this DPA controls for data protection matters.
Annex 1 — Processing Details
Subject matter: Processing of Personal Data in connection with providing AI automation services (voice agents, AI text agents, lead gen forms, chat widgets, WhatsApp automations).
Duration: For the term of the Services and any retention period stated in the Agreement (including post-termination retention).
Nature of processing: Collection, recording, organisation, structuring, storage, use, disclosure (to Sub-processors), retrieval, consultation, transmission, deletion.
Purpose: Providing and supporting the Services; maintaining security; troubleshooting and service operations.
Types of Personal Data (typical):
Identifiers and contact details (name, email, phone number, company, role)
Communications content (messages, prompts, transcripts)
Technical data (IP address, device/browser logs, timestamps)
Customer-provided datasets (as uploaded by Controller)
Categories of Data Subjects: Controller’s employees, contractors, prospects, customers, and other end users interacting with the Controller’s agents/forms.
Annex 2 — Technical and Organisational Measures (TOMs)
Processor maintains, at a minimum:
MFA for administrative access where supported
Encryption in transit (TLS) for service communications where supported
Access controls (least privilege; role-based access)
Logging/monitoring for security and reliability events
(Controller may request additional written security details in an Order for enterprise deals.)
Annex 3 — Sub-processor List (Initial)
You must keep this list accurate. Based on what you have already named, here is the starting set:
Twilio — communications/telephony/WhatsApp routing — Processing location: UK (as configured/required)
OpenAI — AI model/API processing — Processing location: UK (as configured/required)
GoHighLevel — CRM/marketing automation — Processing location: UK (as configured/required)
Grok — AI services — Processing location: UK (as configured/required)
Important: If any of these vendors actually process in the US/EU (common), you must update the location and rely on appropriate UK transfer safeguards. Do not publish a “UK-only” claim unless it is operationally true.
