Last updated: July 3, 2026
Terms of Service
These Terms of Service (the "Terms") govern access to and use of the SymbiozAI service, published by SymbiozAI, a simplified joint-stock company with a sole shareholder (société par actions simplifiée unipersonnelle, SASU), SIREN 103 609 244, with its registered office in Lyon (69003), France.
0. Definitions
- Publisher / "we": SymbiozAI SASU.
- Customer / "you": the legal entity subscribing to the Service, acting in a professional capacity for the purposes of its commercial, industrial, craft, or professional activity (and not as a consumer or as a non-professional within the meaning of the French Consumer Code).
- Service: the SymbiozAI platform — an AI-native CRM (agentic "Revenue Brain", MCP by design) that ingests commercial exchanges (email, LinkedIn, WhatsApp), assists with qualification and follow-up, and proposes outbound messages subject to human validation.
- Customer Data: all data that the Customer imports or has processed through the Service, including the personal data of its own contacts (prospects, customers, counterparties).
- Connected third-party accounts: messaging and network accounts that the Customer links to the Service (Google/Gmail, Google Calendar, LinkedIn, WhatsApp).
- DPA: the Data Processing Agreement, an integral part hereof.
- Contractual Documents: these Terms, the DPA, the Privacy Policy, and the order form / subscription.
1. Purpose and acceptance
These Terms govern access to and use of the Service. They are accepted upon registration (checkbox or electronic signature) and, together with the other Contractual Documents, form the entire agreement between the parties. Acceptance is binding on any person acting on behalf of the Customer.
1.1 Order of precedence and language. In the event of a conflict, the order of priority is: (1) the order form / subscription, (2) the DPA, (3) these Terms, (4) the Privacy Policy. The governing contractual language is French; any translation is provided for information purposes only.
1.2 Amendment of the Contractual Documents. SymbiozAI may amend the Terms and the DPA upon 30 days' prior notice given by email or within the Service. In the event of a material adverse change, the Customer may terminate without penalty before the effective date. Prior versions are archived and dated.
2. Beta Program
The Service is provided in a beta phase, for the purpose of evaluation under real-world conditions. It is provided "as is", may evolve, be suspended or withdrawn, and does not come with a firm availability guarantee (see §10).
Certain features are rolled out gradually. In particular, the activation of automated processing operations relating to third-party data is conditional upon the satisfaction of compliance prerequisites, and no connection of the Customer's communication accounts (Gmail, Google Calendar, LinkedIn, WhatsApp) is enabled by default. Features that rely on these prerequisites are made available as and when they are opened, of which SymbiozAI informs the Customer.
Any provision of the Contractual Documents relating to a feature not yet opened is to be understood, during the beta phase, as a best-efforts undertaking implemented upon the opening of the corresponding feature, and not as an immediately available capability.
3. Roles under the GDPR
3.1 The Customer is the data controller of the Customer Data. SymbiozAI acts as a data processor (Art. 28 GDPR), on behalf of and on the instructions of the Customer, under the conditions of the DPA.
3.2 By default, SymbiozAI acts as a data processor for ingestion, storage, the CRM, and the attribution of messages by artificial intelligence. For data enrichment through third-party providers (Apollo, Hunter, BrightData, INSEE/Pappers) and for certain artificial-intelligence processing operations (see §6), the qualification may amount to a controller-to-controller relationship or joint controllership, whereby SymbiozAI then determines all or part of the means and purposes. Where applicable, an arrangement setting out the allocation of responsibilities under Art. 26 GDPR is established (transparency, information of data subjects, exercise of rights).
3.3 Information by the Customer of its own contacts. The Customer warrants that it has a legal basis (B2B legitimate interest, contract, or consent as the case may be) to import and have processed the data of its contacts, and undertakes to inform the data subjects in accordance with Arts. 13 and 14 GDPR (purposes, categories of data, transmission to SymbiozAI and its processors, processing by artificial intelligence). SymbiozAI makes available the necessary information (Privacy Policy, list of subprocessors) to enable the Customer to fulfil this obligation.
4. Customer Data — ownership and lawfulness
4.1 Customer Data remains the property of the Customer. SymbiozAI acquires no rights therein beyond what is necessary to provide the Service.
4.2 The Customer warrants the lawfulness of the data imported and the absence of any infringement of third-party rights. It refrains from importing sensitive data (Art. 9 GDPR) outside the intended framework and acknowledges that the Service is not designed for this type of data.
5. Connection of third-party accounts and ingestion
5.1 Connection. The Service allows the Customer to connect its own messaging and network accounts in order to ingest its commercial exchanges. The connection of Gmail and Google Calendar is carried out through Google's official OAuth authorization (see §7). Any connection of a third-party account and any exchange of data through that connection are carried out solely at the initiative of, under the direction of, and under the responsibility of the Customer, who remains fully responsible for them.
5.2 LinkedIn and WhatsApp integrations. The connection of LinkedIn and WhatsApp is carried out through a third-party integration provider (Unipile). These integrations may rely on access methods that are not based on the official partner interfaces of the platforms concerned; their continuity is not guaranteed. The Customer connects these accounts solely at its own initiative and under its own responsibility, and acknowledges that SymbiozAI cannot be held liable for measures taken by such third-party platforms with respect to the connected accounts. This exclusion does not cover SymbiozAI's gross negligence or willful misconduct (Art. 1231-3 of the French Civil Code).
5.3 Triggering of ingestion. The Customer acknowledges that the ingestion of exchanges begins as soon as an account is effectively connected. The Customer undertakes to connect an account only after acceptance hereof and within the scope of its subscription, and warrants that it is authorized to have the exchanges of the accounts it connects ingested.
5.4 Disconnection. The Customer may disconnect a third-party account at any time; disconnection stops future ingestion from that channel.
6. Artificial intelligence
6.1 Transparency. The Service uses language models provided by Anthropic (Claude) to analyze exchanges, attribute messages to commercial opportunities, and draft proposed messages. These processing operations are described in the Privacy Policy and the DPA.
6.2 Human oversight. Every outbound message is proposed, never sent automatically: it is subject to validation, modification, or rejection by a human operator of the Customer. The Customer remains the author of and responsible for the messages it validates and sends.
6.3 No training on Customer Data. SymbiozAI does not train any model on Customer Data and does not authorize the artificial-intelligence provider to do so. The data transmitted to the artificial-intelligence provider is not intended for the training of its models. SymbiozAI minimizes the data sent (excerpt capped at 200 characters).
6.4 Accuracy of outputs. Artificial-intelligence outputs may contain inaccuracies and are not guaranteed to be accurate. Consequently: (a) the Customer reviews and validates the facts of each message before sending (§6.2); (b) the Customer refrains from sending unverified statements; (c) SymbiozAI implements truthfulness safeguards (control of unsourced statements), without guaranteeing accuracy.
7. Use of Google APIs (Gmail / Calendar)
When the Customer connects its account, SymbiozAI accesses its Gmail inbox and calendar at the Customer's request. In this respect: (a) the scopes requested are limited to what is strictly necessary for the feature; (b) the use of Google data complies with the Google API Services User Data Policy, including the Limited Use requirements (no transfer or use outside the provision of the Service, no advertising, no unauthorized human access, no training of generic models); (c) the Google consent screen informs the Customer of the accesses; (d) the Customer may revoke access at any time (disconnection and revocation on the Google account side); (e) SymbiozAI does not train any generic model on data obtained through the Google APIs and does not authorize any third party to do so.
8. AI Act framework (EU Regulation 2024/1689)
Given the available features (assistance with B2B commercial drafting and prioritization), the system is qualified as falling outside the high-risk categories of Annex III of the AI Act. This qualification is subject to review in light of the evolution of the features.
- Roles: SymbiozAI is the provider of the AI system; the Customer is its deployer.
- Measures in place: systematic human oversight of outputs (§6.2), traceability (logs), transparency (§6.1).
- Transparency (Art. 50): the transparency obligation of Art. 50 (informing a person that they are interacting with an AI; marking of certain generated content) applies as from August 2, 2026. As outputs are validated by a human before sending, SymbiozAI integrates compliance with Art. 50 before that date to the extent that the scope requires it.
- AI literacy (Art. 4): SymbiozAI ensures a sufficient level of AI literacy among its operators; the Customer, as deployer, undertakes to ensure a sufficient level of AI literacy among its own users of the Service.
9. Acceptable use and prospecting
9.1 Lawful use. The Customer undertakes to use the Service lawfully; it is solely responsible for the content and the cadence of the messages it validates and sends through the Service.
9.2 Prospecting rules. The Customer complies, for each channel, with the applicable regulations:
| Channel | Applicable rules (summary) |
|---|---|
| B2B prospecting: information of data subjects and a simple, free means of objection with each mailing (LCEN / ePrivacy, CNIL guidelines). Maintenance of and compliance with an opt-out list. | |
| Solicitation via a professional account: compliance with LinkedIn's terms of use, no mass solicitation, objection respected. | |
| Messaging channel: basis of an existing relationship or opt-in recommended, immediate objection respected, heightened sensitivity (personal channel). |
The Customer retains proof of the information provided and of the legal basis and honors objection and unsubscribe requests without delay. SymbiozAI makes available the objection mechanisms for each channel.
10. Service level, support, and maintenance
- Availability: a target objective of 99.5% per month, excluding scheduled maintenance and events of force majeure (§16).
- Scheduled maintenance: notified in advance where possible, outside business hours where feasible.
- Support: by email, with a first-response objective within 1 business day.
- Beta versions: provided "as is", liable to evolve or be withdrawn.
11. Intellectual property
The Service, its technology, and its documentation remain the exclusive property of SymbiozAI. The Customer receives a non-exclusive and non-transferable right of use, for the duration of the subscription. Customer Data remains the property of the Customer (§4.1). The Customer's feedback and suggestions may be freely used by SymbiozAI to improve the Service.
12. Financial terms, duration, and termination
- Price and periodicity: defined in the order form. Monthly billing in advance.
- Duration and renewal: initial term set out in the order form; renewal by automatic (tacit) renewal, unless notice of termination is given 30 days before the expiry date.
- Payment default: after a formal notice that has remained without effect for 15 days, SymbiozAI may suspend access and then terminate; amounts due remain payable.
- Termination for breach: by either party, in the event of a material breach not remedied within 30 days after notification.
- Effect of termination: cessation of access and application of §14 (reversibility and deletion). No pro-rata refund for periods commenced, except in the event of termination due to a breach by SymbiozAI.
13. Confidentiality
Each party protects the other's confidential information (commercial, technical, and pricing information, trade secrets, roadmap, product feedback, support access), uses it only for the performance of the contract, and protects it with reasonable care. The usual exclusions apply (information that is public, independently developed, or required by law). This obligation survives for 3 years after the end of the contract. The confidentiality of Customer Data is further governed by the DPA.
14. Reversibility, deletion, and fate of Customer Data
14.1 Reversibility. SymbiozAI makes available the means to export Customer Data; the terms are specified upon subscription.
14.2 Deletion. At the end of the reversibility period, SymbiozAI deletes or anonymizes the Customer Data within 60 days following the end of the contract, unless there is a legal retention obligation.
14.3 Data subjects' rights. SymbiozAI makes available the means enabling the Customer to respond to requests from data subjects to exercise their rights (access, erasure, objection, rectification, restriction) and assists it to that end; the terms are specified upon subscription and detailed in the DPA.
15. Limitation of liability
15.1 To the extent permitted by applicable law, SymbiozAI's liability under the contract is capped at the greater of the following two amounts: (i) the amounts paid by the Customer over the last 12 months, or (ii) a fixed EUR 5,000 floor. Indirect damages are excluded.
15.2 Exclusions from the cap. The cap and the exclusions do not apply to damages resulting from gross negligence or willful misconduct, to bodily injury, to infringements of intellectual property rights, to a breach of security or confidentiality obligations, to a GDPR violation attributable to SymbiozAI, nor to cases where mandatory law prohibits it. No provision of this article may deprive SymbiozAI's essential obligation of its substance; any such provision would be deemed unwritten (Art. 1170 of the French Civil Code).
15.3 The consequences of the risks that the Customer assumes under §5.2 (third-party accounts) and §6.4 (artificial-intelligence outputs validated by the Customer) are expressly borne by the Customer.
16. Force majeure
Neither party is liable for a failure due to an event of force majeure (Art. 1218 of the French Civil Code) beyond its reasonable control (disaster, major failure of third-party infrastructure, decision of a third-party platform affecting an integration, etc.). The affected party informs the other and makes reasonable efforts to limit its effect.
17. Service-improvement data
By default, SymbiozAI does not use the content of Customer Data (message bodies, drafts, artificial-intelligence outputs) for purposes other than the provision of the Service. The following are permitted: (a) technical logs and usage metrics necessary for operation, security, and debugging; (b) aggregated and anonymized statistics that do not allow the re-identification of either a person or a Customer. Any use beyond this is excluded, unless agreed to by the Customer.
18. Governing law and jurisdiction
These Terms are governed by French law. Any dispute falls within the jurisdiction of the competent courts of Lyon, save for any mandatory provision to the contrary.
The full identification details of the site's publisher (name, form, capital, registered office, RCS, publication director, host, contact) are set out in a dedicated "Legal Notice" document, established in accordance with Art. 1-1 of Law No. 2004-575 (LCEN, as amended by Law No. 2024-449 known as "SREN").