Customer Agreement

General

The website Trale.ai and its associated service (the Service) are owned by the company Supercompany AS, organization number 933878805.

By using the Service, the terms defined in this Customer Agreement (the Agreement) are also accepted.

The Agreement is entered into when the Customer accepts the Agreement upon first login and remains valid as long as the Service is used.

Parties to the Agreement

This Agreement (with appendices) is entered into between

• Supercompany AS (owner of Trale.ai), org. no. 933878805, and

• The purchaser of the Service (the Customer).

The person using the Service is referred to as the User. If the User is not the same legal entity as the Customer, the Customer is responsible for ensuring that the User uses the Service in accordance with this Agreement.

Contact Information

Contact information for Trale: contact@trale.ai
For technical support, use the following: support@trale.ai
The Customer's contact information is the registered email address and optionally the phone number.

The Service

The Service is designed to simplify CRM tasks and automate updates after meetings, freeing up valuable time for sales professionals. The purpose of the Service is to enhance the efficiency of the sales process by transcribing, summarizing, and automatically updating CRM systems with meeting notes. The Service utilizes advanced natural language processing models.

To access the Service, the Customer must register and create one or more associated users. The Customer is responsible for ensuring that all information is accurate and complete and that the User utilizes their own user account.

Supercompany AS (Trale) reserves the right to implement necessary measures to prevent misuse.

Pricing and Payment Terms

The Service is billed quarterly. Unless otherwise agreed, invoices are issued on the registration date.

The price for the Service is NOK 990 per month per user unless otherwise agreed.

Failure to pay gives Supercompany the right to terminate the Customer's access to the Service if payment has not been made within 30 days of the due date, following written notice of this.

Supercompany reserves the right to adjust prices. Price changes beyond the Norwegian Consumer Price Index (CPI) will be notified at least one month before the change takes effect.

All prices are stated excluding VAT and in Norwegian kroner.

This Agreement also applies if a free trial period is agreed upon. All prices are listed excluding VAT.

Error Resolution and Uptime

Supercompany will strive to maximize uptime and resolve errors as soon as possible. Supercompany will assess the need to notify the Customer of errors based on their scope and severity.

Changes

The Service is under continuous development, and Supercompany reserves the right to make changes to the Service at any time. If it becomes necessary to make the Service temporarily unavailable, Supercompany will endeavor to notify the Customer in advance.

Changes to the Agreement will be notified in writing (email) with 30 days' notice. Continued use of the Service constitutes acceptance of the changes.

Usage Rights and Intellectual Property

The Customer is granted a non-exclusive right to use the Service. Content generated by the Service (e.g., transcribed customer meetings and proposed CRM updates) belongs to the Customer. Other content within the Service, including but not limited to logos, design, source code, and images/videos, belongs to Supercompany and may not be copied, reproduced, or altered without prior written consent from Supercompany.

Customer Responsibilities

The Customer is responsible for ensuring that the Service is used in compliance with Norwegian law and regulations.

The Customer is responsible for the necessary technical equipment to use the Service, such as a PC, sufficient internet connection, and microphone.

The Customer is responsible for verifying the results produced by the Service.

Liability Limitation

Supercompany is not responsible for any loss or damage, direct or indirect, resulting from the use of the Service or due to errors or downtime of the Service.

The total compensation that the Customer can claim is limited to the total subscription fees paid in the last six months.

Personal Data

Supercompany processes personal data about the Customer and the User in accordance with its Privacy Policy.

The attached Data Processing Agreement regulates how Supercompany processes other personal data on behalf of the Customer, where the Customer acts as the Data Controller.

Subcontractors

Parts of the Service are delivered by third-party providers, and the Service must be used in compliance with the terms set by these providers. This is further detailed in the attached Data Processing Agreement.

Miscellaneous

Supercompany may transfer this Agreement, for example, in the event of an acquisition, without the Customer's consent. However, such a transfer must not significantly alter the content of the Agreement.

This Agreement is governed by Norwegian law. The parties agree that any disputes arising out of the agreement shall be settled by the Oslo City Court, as the exclusive legal venue. The United Nations Convention on Contracts for the International Sale of Goods does not apply.

Data Processing Agreement

Introduction

This appendix (the Data Processing Agreement) defines the rights and obligations of the Data Controller and the Data Processor when the Data Processor processes personal data on behalf of the Data Controller to deliver the Service.

These terms are designed to ensure compliance with Article 28, paragraph 3, of Regulation (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (the General Data Protection Regulation, GDPR).

The Data Processing Agreement includes three annexes:

• Details of the processing of personal data

• Security measures

• Sub-processors

Parties to the Agreement

The Customer is the Data Controller and thus responsible for the processing of personal data and for ensuring sufficient protection of personal data.

Supercompany is the Data Processor and processes personal data on behalf of the Data Controller.

Purpose

The purpose of processing all data, including personal data, is to provide a service that simplifies reporting for the Data Controller. This is further described in Annex A.

Responsibilities and Rights of the Data Controller

The Data Controller confirms that:

• There is sufficient legal basis for processing personal data.

• The Data Controller has the right and responsibility for the legality of transferring personal data to the Data Processor.

• The Data Controller is responsible for the accuracy, integrity, content, reliability, and legality of the personal data being processed.

• The Data Controller has informed the data subjects in accordance with applicable legal requirements.

• The Data Controller will ensure that personal data is processed in accordance with GDPR, respond to inquiries from data subjects, and implement sufficient technical and organizational measures to safeguard personal data in accordance with Article 32 of the GDPR.

• The Data Controller is obligated to report data breaches to the Data Protection Authority and, if necessary, to the data subjects without undue delay in accordance with applicable law.

• The Data Controller shall not register or store personal data beyond what is necessary for the defined purpose.

Responsibilities and Rights of the Data Processor

• The Data Processor does not own the personal data but processes it on behalf of the Data Controller as regulated in this Data Processing Agreement.

• The Data Processor shall secure personal data both technically and organizationally in accordance with Article 32 of the GDPR. This includes performing a risk and vulnerability analysis that serves as the basis for organizational routines and technical measures.

• The Data Processor confirms that all persons authorized to process personal data have committed to maintaining confidentiality.

• The Data Processor shall, upon request, assist the Data Controller in fulfilling its obligations under the data protection regulations, including GDPR Chapter III and Articles 32-36. The Data Processor shall also assist the Data Controller by providing documentation necessary to demonstrate compliance with GDPR Article 28, including during audits by supervisory authorities. All such assistance from the Data Processor to the Data Controller shall be subject to written request and billed based on actual time spent.

• The Data Processor shall notify the Data Controller without undue delay if personal data has been compromised or if there is a suspicion of such a breach.

• The Data Processor shall promptly inform the Data Controller if it believes that an instruction from the Data Controller is in violation of GDPR or other data protection regulations.

Security

The Data Processor's security measures are described in Annex B. The Data Processor may make ongoing changes to its security measures without prior notification, provided such changes do not diminish the effectiveness of the measures outlined in Annex B.

Sub-Processors

By entering into this Customer Agreement, the Data Controller grants the Data Processor general authorization to engage other data processors (sub-processors). Annex C lists the sub-processors utilized by the Data Processor to deliver the Service. The Data Processor has entered into its own data processing agreements with these sub-processors to ensure compliance with GDPR Article 28.

If the Data Processor changes or introduces new sub-processors, the Data Controller will be notified 30 days prior to the change. If the Data Controller wishes, the Customer Agreement may be terminated with 30 days' notice.

Audits and Inspections

The Data Processor shall make available to the Data Controller the information necessary to demonstrate compliance with GDPR Article 28 and this Agreement. Furthermore, the Data Processor shall allow and contribute to audits, including inspections, conducted by the Data Controller or another auditor authorized by the Data Controller. The Data Processor must be notified within a reasonable time before an audit or inspection is carried out.

Termination

Upon termination of the Agreement, the Data Processor shall delete all personal data.

Appendix A: Details of the Processing of Personal Data

A.1. Purpose

The purpose of the Data Processor’s processing of personal data on behalf of the Data Controller is:
To simplify and streamline the summarization of a conversation (customer meeting) between a salesperson and their customer. The conversation is summarized and made available in text form so the salesperson can easily verify, make corrections if necessary, and transfer relevant information to the CRM system.

A.2. Nature of Processing

The conversation between salesperson(s) and customer(s) is recorded. The audio recording is processed by AI algorithms to transform it into text, summarized, and categorized appropriately. The conversation may contain personal data.

A.3. Types of Personal Data Processed

Information provided during the conversation, such as names, health data, evaluations, advice, and recommendations.

A.4. Categories of Data Subjects

All individuals participating in the recorded conversation. Typically, this includes salesperson(s) and customer(s), and possibly accompanying persons.

A.5. Duration of Processing

Processing of personal data ceases once the purpose has been fulfilled. After the meeting, information intended for use must be transferred to the CRM system or similar. Audio recordings and generated data are deleted immediately after a session is completed.

Appendix B: Security Measures

Access Control

• Access to the Service requires a registered User and login.

Data Security

• Data is secured to ensure confidentiality, integrity, and availability.

• Audio recordings and processed data are encrypted during transmission.

• Audio recordings and produced data, such as transcriptions and summaries, are not stored but deleted immediately after the session ends.

• Data from one meeting is handled separately from data from other meetings.

• Automatic logging is implemented to document the execution of various steps in the Service.

Routines

• Established routines to safeguard information security.

• Daily security scans of the Service are performed to identify and mitigate potential vulnerabilities.

Cybersecurity

• Measures are implemented to protect against digital attacks.

Appendix C: Sub-processors

Approved Sub-processors

By entering into this Customer Agreement and the attached Data Processing Agreement, the Data Controller approves the use of the following sub-processors: