Terms of Service

1. Definitions

• "Service" means the ToneFlag platform, including all software, APIs, dashboards, and related documentation made available by Zenith SAS.
• "Client" means the legal entity that enters into an Order Form with Zenith SAS for access to the Service.
• "User" means any individual who accesses or uses the Service on behalf of the Client.
• "Authorised Users" means individuals expressly permitted by the Client to access and use the Service under the Client's account.
• "Data" means all information, content, and materials submitted to or processed by the Service on behalf of the Client.
• "Confidential Information" means any non-public information disclosed by one party to the other in connection with these Terms, whether oral, written, or in electronic form.
• "DPA" means the Data Processing Agreement entered into between the Client and Zenith SAS, forming part of these Terms.
• "Order Form" means the document or online process through which the Client subscribes to the Service, specifying scope, fees, and term.

2. Service Description

ToneFlag is an AI-powered platform designed to help organisations monitor and assess workplace communication tone in the context of compliance obligations arising under the Worker Protection Act 2023 and guidance issued by the Equality and Human Rights Commission (EHRC). The Service provides automated tone analysis, risk scoring, and reporting tools to support proactive compliance management.

3. Account and Access

3.1 Client Responsibility

The Client is responsible for all activity conducted through its account, including the actions of its Authorised Users. The Client must ensure that account credentials are kept secure and not shared with unauthorised third parties.

3.2 Administrative Controls

The Client shall designate one or more administrators who will manage access permissions, configure Service settings, and serve as the primary point of contact for account-related matters.

3.3 Access Restrictions

Access to the Service is limited to the number of Authorised Users specified in the Order Form. The Client must not permit access beyond the agreed scope without prior written agreement from Zenith SAS.

4. Acceptable Use

4.1 Permitted Use

The Service may be used solely for the purpose of monitoring workplace communication tone to support compliance with the Worker Protection Act 2023 and related obligations, in accordance with these Terms and applicable law.

4.2 Prohibited Uses

The Client and its Users must not use the Service to:

• Identify, target, or retaliate against whistleblowers or individuals raising protected disclosures.
• Monitor, suppress, or interfere with lawful trade union activity or collective bargaining.
• Discriminate against individuals on the basis of any protected characteristic under the Equality Act 2010 or equivalent legislation.
• Process personal data in violation of the UK GDPR, the Data Protection Act 2018, or any applicable data protection law.
• Pursue any unlawful purpose or facilitate any activity that contravenes applicable law.
• Conduct monitoring that falls outside the scope described in the Client's privacy notices and data protection impact assessments.
• Engage in covert surveillance of employees without a lawful basis and appropriate safeguards.

4.3 Breach

Any breach of this Acceptable Use policy may result in immediate suspension or termination of access to the Service, without prejudice to any other rights or remedies available to Zenith SAS.

5. Client Obligations

5.1 Legal Basis

The Client is responsible for ensuring that its use of the Service has a valid legal basis under applicable data protection law. In particular, the Client shall:

1. Conduct a Data Protection Impact Assessment (DPIA) prior to deploying the Service, and review it periodically.
2. Provide appropriate notification to employees and affected individuals about the use of the Service.
3. Ensure that monitoring is proportionate to the legitimate aim pursued and does not exceed what is necessary.
4. Consult with employee representatives or works councils where required by law or good practice.

5.2 Organisational Data

The Client is solely responsible for the accuracy, quality, and legality of the Data submitted to the Service. Zenith SAS shall not be liable for any errors, omissions, or issues arising from inaccurate or unlawful Data provided by the Client.

5.3 Cooperation

The Client shall cooperate with Zenith SAS as reasonably necessary to enable the provision of the Service, including providing timely access to information, systems, and personnel.

6. Our Obligations

6.1 Service Availability

Zenith SAS shall use commercially reasonable efforts to maintain Service availability of at least 99.5% measured on a monthly basis, excluding scheduled maintenance windows communicated in advance.

6.2 Data Security

Zenith SAS shall implement appropriate technical and organisational measures in accordance with Article 32 of the UK GDPR to ensure a level of security appropriate to the risk of processing.

6.3 Breach Notification

In the event of a personal data breach, Zenith SAS shall notify the Client without undue delay and in any event within 72 hours of becoming aware of the breach, providing sufficient information to enable the Client to meet its own notification obligations.

6.4 Support

Zenith SAS shall provide technical support in accordance with the support terms specified in the Order Form, including response times and availability hours.

7. Data Processing

7.1 Roles

For the purposes of applicable data protection law, the Client is the data controller and Zenith SAS is the data processor in respect of personal data processed through the Service.

7.2 Data Processing Agreement

The parties shall enter into a DPA that forms an integral part of these Terms. The DPA sets out the subject matter, duration, nature, and purpose of processing, the types of personal data, and the categories of data subjects.

7.3 Sub-processors

Zenith SAS may engage sub-processors to assist in the provision of the Service, subject to the terms set out in the DPA. A current list of sub-processors is available upon request and the Client will be notified of any changes.

7.4 International Transfers

Where personal data is transferred outside the United Kingdom or the European Economic Area, Zenith SAS shall ensure that appropriate safeguards are in place in accordance with applicable data protection law, including Standard Contractual Clauses or equivalent mechanisms.

8. AI and Automated Analysis

8.1 Nature of Analysis

The Service uses artificial intelligence and natural language processing to analyse communication tone. The outputs are probabilistic assessments intended to assist human decision-making, not to replace it.

8.2 No Legal Conclusions

The Service does not provide legal advice and its outputs do not constitute legal conclusions. The Client is responsible for interpreting results in the context of its specific circumstances and obtaining independent legal advice where appropriate.

8.3 Human Oversight

In accordance with Article 22 of the UK GDPR, the Client shall ensure that no solely automated decision with legal or similarly significant effects is made on the basis of Service outputs without meaningful human review and intervention.

8.4 No Guarantee

Zenith SAS does not guarantee that the Service will detect all instances of problematic tone or that its outputs will be free from error. The Service is a supplementary tool and does not replace comprehensive compliance programmes.

9. Intellectual Property

9.1 ToneFlag IP

All intellectual property rights in the Service, including software, algorithms, models, documentation, and branding, are and shall remain the exclusive property of Zenith SAS. These Terms do not grant the Client any rights in such intellectual property except the limited right to use the Service as set out herein.

9.2 Client Data

The Client retains all rights in its Data. The Client grants Zenith SAS a limited, non-exclusive licence to process the Data solely for the purpose of providing the Service.

9.3 Aggregated Data

Zenith SAS may generate anonymised and aggregated data derived from the use of the Service. Such data shall not identify the Client or any individual and may be used by Zenith SAS for research, product improvement, and benchmarking purposes.

10. Fees and Payment

10.1 Subscription Fees

The Client shall pay the subscription fees specified in the Order Form. All fees are quoted and payable in British Pounds Sterling (GBP) unless otherwise agreed in writing.

10.2 Invoicing

Zenith SAS shall invoice the Client in accordance with the billing schedule set out in the Order Form. Invoices are payable within 30 days of the invoice date unless otherwise specified.

10.3 Late Payment

If any invoice remains unpaid after the due date, Zenith SAS reserves the right to charge interest on the overdue amount at a rate of 4% per annum above the Bank of England base rate, calculated on a daily basis from the due date until payment is received.

10.4 Price Changes

Zenith SAS may adjust subscription fees upon renewal by providing the Client with at least 60 days' written notice prior to the start of the next renewal term.

11. Term and Termination

11.1 Term

The initial subscription term is 12 months from the date specified in the Order Form. The subscription shall automatically renew for successive 12-month periods unless either party provides at least 90 days' written notice of non-renewal prior to the end of the then-current term.

11.2 Termination for Cause

Either party may terminate these Terms immediately upon written notice if the other party commits a material breach and fails to remedy such breach within 30 days of receiving written notice specifying the breach.

11.3 Data Export

Upon termination or expiry, the Client may request an export of its Data in a standard machine-readable format. Zenith SAS shall make such Data available for download for a period of 30 days following the effective date of termination.

11.4 Data Deletion

Following the expiry of the 30-day data export period, Zenith SAS shall delete or anonymise all Client Data in accordance with the DPA and applicable data protection law, unless retention is required by law.

11.5 Survival

Provisions of these Terms that by their nature should survive termination shall continue in full force and effect, including Sections on Limitation of Liability, Indemnification, Confidentiality, Intellectual Property, and Governing Law.

12. Limitation of Liability

12.1 Liability Cap

Subject to Section 12.3, the total aggregate liability of either party under or in connection with these Terms shall not exceed the total fees paid or payable by the Client in the 12-month period immediately preceding the event giving rise to the claim.

12.2 Exclusion of Consequential Loss

Neither party shall be liable for any indirect, incidental, special, consequential, or punitive damages, including loss of profits, loss of revenue, loss of data, or loss of business opportunity, whether foreseeable or not, regardless of the legal theory upon which the claim is based.

12.3 Carve-outs

Nothing in these Terms shall exclude or limit liability for:

• Death or personal injury caused by negligence.
• Fraud or fraudulent misrepresentation.
• Wilful misconduct or gross negligence.
• Liability arising from a data breach, which shall be subject to an enhanced cap of twice the amount specified in Section 12.1.

13. Indemnification

13.1 ToneFlag Indemnity

Zenith SAS shall indemnify and hold the Client harmless against any third-party claims alleging that the Service infringes any intellectual property right, provided the Client promptly notifies Zenith SAS and allows Zenith SAS to control the defence and settlement of such claim.

13.2 Client Indemnity

The Client shall indemnify and hold Zenith SAS harmless against any third-party claims arising from the Client's breach of the Acceptable Use policy, its obligations under these Terms, or its use of the Service in a manner not authorised by these Terms.

13.3 Indemnification Procedure

The indemnified party shall promptly notify the indemnifying party of any claim, provide reasonable cooperation, and allow the indemnifying party sole control of the defence and settlement. The indemnified party may participate at its own expense with counsel of its choosing.

14. Confidentiality

14.1 Mutual Obligations

Each party agrees to hold the other party's Confidential Information in strict confidence and not to disclose it to any third party except as necessary to perform its obligations under these Terms, and only to individuals who are bound by confidentiality obligations at least as protective as those set out herein.

14.2 Exceptions

Confidentiality obligations shall not apply to information that:

• Is or becomes publicly available through no fault of the receiving party.
• Was already known to the receiving party prior to disclosure.
• Is independently developed by the receiving party without reference to the disclosing party's Confidential Information.
• Is lawfully received from a third party without restriction on disclosure.
• Is required to be disclosed by law, regulation, or court order, provided the receiving party gives prompt notice where legally permitted.

14.3 Duration

The confidentiality obligations set out in this Section shall survive termination or expiry of these Terms for a period of 3 years.

15. Governing Law

15.1 Applicable Law

These Terms and any dispute or claim arising out of or in connection with them shall be governed by and construed in accordance with the laws of England and Wales.

15.2 Exclusive Jurisdiction

The courts of England and Wales shall have exclusive jurisdiction to settle any dispute or claim arising out of or in connection with these Terms.

15.3 Alternative Dispute Resolution

Before initiating legal proceedings, the parties agree to attempt in good faith to resolve any dispute through negotiation for a period of at least 30 days following written notice of the dispute.

16. Changes to These Terms

Zenith SAS reserves the right to modify these Terms at any time. For material changes, Zenith SAS shall provide at least 30 days' written notice to the Client. Continued use of the Service following the effective date of any changes constitutes acceptance of the updated Terms.

17. General Provisions

17.1 Entire Agreement

These Terms, together with the Order Form and DPA, constitute the entire agreement between the parties and supersede all prior or contemporaneous agreements, understandings, and representations relating to the subject matter hereof.

17.2 Severability

If any provision of these Terms is found to be invalid, illegal, or unenforceable, the remaining provisions shall continue in full force and effect. The invalid provision shall be modified to the minimum extent necessary to make it valid and enforceable.

17.3 Waiver

No failure or delay by either party in exercising any right or remedy under these Terms shall constitute a waiver of that right or remedy, nor shall any single or partial exercise preclude any further exercise of the same or any other right or remedy.

17.4 Assignment

Neither party may assign or transfer these Terms without the prior written consent of the other party, except that Zenith SAS may assign these Terms in connection with a merger, acquisition, or sale of all or substantially all of its assets.

17.5 Force Majeure

Neither party shall be liable for any failure or delay in performing its obligations under these Terms to the extent such failure or delay results from circumstances beyond its reasonable control, including acts of God, natural disasters, pandemics, war, terrorism, government actions, or failures of third-party infrastructure.

17.6 Third-Party Rights

A person who is not a party to these Terms has no right under the Contracts (Rights of Third Parties) Act 1999 to enforce any term of these Terms.

17.7 Notices

All notices under these Terms shall be in writing and sent to the addresses specified in the Order Form or to such other address as a party may designate by written notice. Notices shall be deemed received when delivered by hand, one business day after sending by recognised overnight courier, or upon confirmed receipt if sent by email.

18. Contact

For questions about these Terms of Service, please contact us: