Data Processing Agreement & AI Addendum

This Data Processing Agreement and Artificial Intelligence Addendum is between GoPresent Ltd and the customer using the services. It expressly states that the Terms and Conditions govern commercial, billing, refund, and service delivery matters, while the DPA prevails on data protection, privacy, and model training matters.

The DPA defines AI Services, Output, Hallucinations, Third-Party AI Providers, Personal Data, Submitted Materials, Free Tier, Paid Services (including Raise Ready and Scout Portal Premium), Model Training, and Anonymised Data.

For Free-tier services (founder free review and scout free access), accepting the service and the model training consent during registration constitutes consent for GoPresent to use submitted materials for model training, derivative analysis, anonymised benchmarking, and product development. This consent is a condition of the free service and may be withdrawn at any time by contacting privacy@gopresent.ai; however, anonymised data already incorporated into model weights cannot be retroactively removed.

For paid Raise Ready and paid Scout Portal Premium services, the default position is opt-out. Submitted materials are processed solely to provide the paid service unless the customer explicitly opts in through the account dashboard. Historical submitted materials are not retrospectively included unless the customer confirms that separately in writing.

For Consulting Services, submitted materials are strictly confidential and are not used for model training unless the customer provides explicit written consent in the applicable statement of work.

Free-tier model training relies on consent under Article 6(1)(a). Paid users who opt in rely on consent and legitimate interests. Paid users who do not opt in, and consulting clients, are processed on the basis of contract performance and not for model training.

Where GoPresent provides AI services to the customer, the customer is controller and GoPresent is processor for that personal data. Where GoPresent uses submitted materials for free-tier or opted-in paid model training, GoPresent acts as an independent controller for that training activity.

GoPresent agrees to treat submitted materials as confidential, implement technical and organisational security measures, and not disclose materials except to authorised sub-processors, where required by law, to professional advisors under confidentiality duties, or with prior written consent.

Where GoPresent is processor, it processes only on documented instructions, binds authorised persons to confidentiality, implements security measures, appoints sub-processors on equivalent protections, assists with data subject rights, and makes information available for reasonable audits.

The DPA states that GoPresent will notify the customer without undue delay and in any event within 72 hours of becoming aware of a personal data breach affecting submitted materials, in accordance with UK GDPR Article 33.

The DPA acknowledges that third-party AI providers may process submitted materials in the United States and other jurisdictions outside the UK, with transfers handled using UK GDPR Chapter V safeguards such as the UK Addendum to SCCs or adequacy decisions.

AI-service processing retains submitted materials only as long as necessary to deliver the service, typically 30 days after completion unless otherwise agreed. Paid services not opted in, and consulting services, are deleted within 30 days of completion and are not used for model training.

Anonymised data derived from free-tier and opted-in paid services may be retained indefinitely for model training. Deletion requests are honoured within 30 days, subject to legal retention, ongoing dispute resolution, and anonymised data already incorporated into models.

GoPresent retains ownership of the platform, AI services, methodologies, models, aggregated anonymised data, and improvements developed using submitted materials for model training. Customers retain ownership of their original submitted materials.

Customers own output generated specifically for them, subject to GoPresent's rights, third-party AI provider terms, and the obligation to review and verify output before use.

The DPA states that AI output is probabilistic, may contain hallucinations, and is provided as-is and as-available without warranty. Customers are responsible for validating output and may not use the services for high-risk activities, unlawful purposes, or prohibited automated decisions.

Liability is capped by tier: Free-tier users at GBP 100, Raise Ready users at 100% of the fees paid for their purchase, Scout Portal Premium users at 100% of fees paid in the prior 12 months, and Consulting Services at 100% of fees paid under the relevant SOW. The DPA also excludes indirect and consequential loss, subject to legal carve-outs and a GBP 50,000 confidentiality-related unauthorised disclosure cap per incident.

Commercial termination rights are governed by the Terms, while the DPA governs the data and IP consequences of termination. Model training rights for free-tier and opted-in paid services survive termination, and anonymised data already incorporated into models cannot be removed retroactively.

Annex A identifies authorised sub-processors, including Google, Anthropic, Microsoft, OpenAI, Adobe, Perplexity, AWS, and Stripe. Annex B sets out security measures including TLS 1.3+, AES-256 at rest, RBAC, MFA, authenticated API endpoints, rate limiting, logical data separation, pseudonymisation, staff training, incident response, and annual internal security reviews.