Terms of Service

Section 1 Scope and Provider

(1) These Terms of Service (hereinafter “Terms”) apply to all agreements between

KI-Shield UG (limited liability)
Managing Director: Johanna Bringezu
Ritterstraße 2
99718 Greußen, Germany
Email: info@ki-shield.de
Court of Registration: Local Court (Amtsgericht) Jena
Commercial Register Number: HRB 524511
EUID: DEY1206.HRB524511
VAT ID: DE358414171

(hereinafter “Provider”) and the customer (hereinafter “Customer”) regarding the use of the service “KI-Shield” (accessible at https://ki-shield.eu).

(2) These Terms shall apply exclusively. Any deviating, conflicting, or supplementary terms and conditions of the Customer shall only become part of the agreement if the Provider has expressly consented to their applicability in writing.

(3) A consumer within the meaning of these Terms is any natural person who enters into a legal transaction for purposes that are predominantly neither attributable to their commercial nor their independent professional activity (Section 13 German Civil Code (BGB)). An entrepreneur is any natural or legal person or a partnership with legal capacity that, when entering into a legal transaction, acts in exercise of their commercial or independent professional activity (Section 14 BGB).

(4) Free plan: Use of the free plan requires the Customer to have completed their 16th year of age and — in the case of minors — the consent of a legal guardian to the data processing (Art. 8 GDPR). Paid plans (Starter/Pro/Business/Enterprise): These are reserved exclusively for persons with unlimited legal capacity (i.e. having completed their 18th year of age) or for entrepreneurs within the meaning of Section 14 BGB. By registering, the Customer confirms compliance with these requirements.

Section 2 Description of Services

(1) KI-Shield is a compliance proxy for AI services that serves as an additional technical safeguard within the meaning of Art. 25 and Art. 32 GDPR (Software-as-a-Service). The service detects personally identifiable information (PII) in user inputs, replaces it with pseudonyms, and forwards only the pseudonymized text to external AI providers.

(2) The scope of services depends on the plan selected by the Customer. The current prices and features are available in the pricing overview at https://ki-shield.eu/pricing. As of this version of the Terms (status: 10 April 2026), the following plans apply:

• Free (EUR 0): 100 requests per month, Mistral included, 2 AI providers, 7-day message retention.
• Starter (EUR 49/month net, plus VAT): 5,000 requests/month, REST API (1 key), all features, 24h email support.
• Pro (EUR 149/month net, plus VAT): 20,000 requests/month, REST API (3 keys), all features, 24h email support.
• Business (EUR 499/month net, plus VAT): 75,000 requests/month, REST API (10 keys), all features, 24h email support.
• Enterprise (EUR 1,499/month net, plus VAT): 250,000 requests/month, REST API (50 keys), BYOK (any provider), custom model selection, personal support, SLA 99.9%. The Enterprise plan is exclusively directed at entrepreneurs within the meaning of Section 14 BGB. For the Enterprise plan, individually agreed Enterprise contract terms shall additionally apply. In case of conflict, the Enterprise contract terms shall prevail over these Terms.

(3) PII detection operates on a best-effort basis. The Provider employs state-of-the-art technologies (Presidio, spaCy, proprietary regex recognizers with 43 detectors across 42 categories) but cannot guarantee complete detection of all personal data in every context. The Customer remains responsible for verifying compliance with their own data protection obligations. The best-effort clause does not limit the statutory warranty for the core functionality of the service (pseudonymization and forwarding).

(4) Response length limit: Each request is subject to a plan-dependent maximum response length (output tokens) and a plan-dependent maximum input length (input tokens). If the AI response reaches the output limit, it will be truncated at that point. The Customer may request additional content via a follow-up message (e.g. “please continue”); each follow-up message counts as a separate request against the monthly quota. Inputs exceeding the input limit will be automatically truncated or rejected. Current values are available on the pricing page at https://ki-shield.eu/pricing. These token limits serve the economic operation of the service and do not constitute defects within the meaning of Section 15 of these Terms.

(5) Model assignment per plan: Each plan has a designated default AI model (Free: Mistral Small; Starter, Pro, Business and Enterprise: Mistral Large 3). Within the plan, Customers may select alternative available models where the plan permits. The Provider reserves the right to change the default model with 4 weeks’ notice for technical or economic reasons. Such a change shall not result in a material reduction of response quality.

Section 3 Formation of Contract and Registration

(1) The presentation of the service on the website does not constitute a binding offer but an invitation to submit an offer (invitatio ad offerendum).

(2) The Customer submits a binding offer to enter into a service agreement by completing the registration process (email registration or Google login) and accepting these Terms. The agreement is concluded upon activation of the Customer account.

(3) For paid plans (Starter, Pro, Business, Enterprise), the agreement for paid use is additionally concluded upon completion of the payment process through the payment service provider Stripe.

(4) The Customer is obligated to provide truthful and complete information during registration and to keep this information up to date.

(5) Only one user account may be created per natural or legal person.

(6) The contract text is saved after the conclusion of the agreement. The Customer may access the Terms applicable at the time of contract conclusion at any time at https://ki-shield.eu/terms. The contract data (selected plan, time of contract conclusion) can be viewed in the account management area (Section 312i(1) sentence 1 no. 4 BGB).

(7) The technical steps leading to the conclusion of the agreement follow from paragraphs 2 and 3 of this section (Section 312i(1) sentence 1 no. 1 BGB). The Provider makes available appropriate, effective, and accessible technical means for identifying and correcting input errors before placing an order. The contract language is German and English.

(8) Order button labelling (Section 312j(3) BGB): For paid plans, the order button is labelled “Order with Obligation to Pay” (German: „Zahlungspflichtig bestellen“) or with an equivalent unambiguous wording. Before clicking the order button, the Customer is presented — clearly and prominently — with the essential contractual features (plan, monthly gross price including VAT, contract term, automatic renewal).

Section 4 Prices and Payment

(1) The current prices are available in the pricing overview at https://ki-shield.eu/pricing. All prices are net prices, plus the applicable value-added tax (currently 19% in Germany). VAT is calculated and displayed automatically at checkout by Stripe Tax based on the customer's location. For EU B2B customers with a valid VAT ID, the reverse-charge mechanism applies (0% VAT).

(2) Billing occurs monthly in advance. The first billing period begins upon completion of the payment process. The subscription automatically renews for an additional month unless terminated before the end of the current billing period (Section 5).

(3) Payment is processed through the payment service provider Stripe Payments Europe, Ltd. (1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland). The Stripe Terms of Service additionally apply. Accepted payment methods: credit card (Visa, Mastercard, AMEX), SEPA direct debit, Apple Pay, and Google Pay (subject to availability through Stripe). During payment processing, the name, email address, and payment details (credit card data, IBAN) are transmitted directly to Stripe and processed there. The Provider does not store any credit card or bank data. Further details are governed by the Stripe Privacy Policy.

(4) In the event of payment default, the Provider is entitled to suspend access to paid features until payment is received. The right to claim outstanding amounts remains unaffected. In the event of a failed SEPA direct debit (chargeback), the Customer shall bear the resulting bank fees, provided the Customer is responsible for the chargeback.

(5) The Provider reserves the right to change prices for future billing periods with a notice period of at least 4 weeks before the next billing period. In this case, the Customer has a special right of termination effective at the time the price increase takes effect. If no termination is made, the new price shall be deemed accepted. The Provider shall expressly inform the Customer of the special right of termination and the deadline in the price change notification.

Section 5 Contract Term and Termination

(1) The service agreement for the Free plan is concluded for an indefinite period and may be terminated by either party at any time without stating reasons.

(2) Paid plans (Starter, Pro, Business, Enterprise) have no minimum contract term and may be terminated on a monthly basis. The subscription automatically renews for an additional month unless terminated before the end of the current billing period. Termination takes effect at the end of the current, already paid billing period. Until then, all features of the booked plan remain available.

(3) Termination may be effected via:

• The cancellation button in the account management area at https://ki-shield.eu/account (pursuant to Section 312k BGB)
• The Stripe customer portal (via “Manage Subscription”)
• By email to info@ki-shield.de

(4) The right to extraordinary termination for cause remains unaffected. Cause for the Provider exists in particular if the Customer violates Section 8 (Customer Obligations).

(5) After termination of a paid plan, the account is automatically downgraded to the Free plan. Stored data (chat history, settings) is retained unless the Customer deletes their account. Features not included in the Free plan (e.g., real-time streaming, audit log export, compliance reports) are deactivated upon the effective date of termination. Previously exported data remains with the Customer.

Section 6 Data Deletion After Contract End and Data Export

(1) Upon complete account deletion, all personal data of the Customer will be deleted within 30 days, unless statutory retention obligations apply.

(2) The following retention periods apply even after account deletion:

• Billing data: 10 years (Section 147 German Fiscal Code (AO), Section 257 German Commercial Code (HGB))
• Audit logs: 12 months from creation (compliance evidence pursuant to the EU AI Act). Audit logs do not contain plaintext data.
• Blockchain anchors: Cryptographic hashes anchored on the Polygon blockchain are technically immutable and cannot be deleted. These do not contain personal data.

(3) Before account deletion, the Customer has the option to export their data (chat history, audit logs, settings) via the account management area. After account deletion, data export is no longer possible.

(4) Pseudonym mappings are automatically deleted after expiration of the configured period (default: 24 hours), regardless of any account deletion.

Section 7 Right of Withdrawal for Consumers

(1) Consumers generally have a statutory right of withdrawal for distance contracts pursuant to Sections 355 et seq. BGB.

Section 8 Customer Obligations

(1) The Customer undertakes to:

(1a) Expressly prohibited content:

• Child sexual abuse material (CSAM) and youth-pornographic content (Sections 184b, 184c German Criminal Code (StGB)) — absolutely prohibited; immediate report to the Federal Criminal Police Office (BKA);
• Phishing texts, fake-login generators, malware code (Section 263a StGB);
• Incitement to hatred and terrorist content within the meaning of Regulation (EU) 2021/784 (TerrCO);
• Instructions to commit criminal offences (Sections 91, 130a StGB);
• Doxing, violations of personality rights, stalking;
• Trademark or copyright infringements; misleading AI-generated content without labelling (Art. 50 AI Act).

(1b) The Customer further undertakes to:

• use the service only in compliance with applicable laws, in particular the GDPR, the German Federal Data Protection Act (BDSG), and the AI Act (Regulation (EU) 2024/1689);
• keep their access credentials (API keys, passwords) confidential and protect them from access by third parties;
• not use the service for unlawful, offensive, discriminatory, or otherwise prohibited content;
• not use the service for automated mass generation of content that violates the terms of service of the respective AI providers;
• not take any measures that excessively burden the Provider’s infrastructure or attempt to circumvent the security mechanisms (PII detection, rate limiting);
• not resell, sublicense, or offer the service to third parties as part of white-label solutions without the Provider’s prior written consent.

(2) In the event of violations of these obligations, the Provider is entitled to temporarily suspend the Customer’s access or to terminate the agreement for cause. Before any suspension, the Provider will hear the Customer, stating the specific reasons and the breached clause, and grant a reasonable period of at least 14 days for comment or remedy (Federal Court of Justice (BGH) ruling III ZR 179/20 – “Facebook”). The Customer has the right to lodge a complaint against the decision with the Provider (see Section 23, Complaints Procedure). Immediate suspension without prior hearing is permissible only where necessary to avert imminent danger.

Section 9 Free Plan and Quota Rules

(1) The Free plan includes a quota of 100 requests per month. A request is a single user request that is forwarded to an AI provider.

(2) Upon exhaustion of the monthly quota, access to AI features is suspended until the start of the next billing period. No automatic upgrade to a paid plan occurs.

(3) The user is informed of their current quota usage and remaining requests in the user interface.

(4) The Provider reserves the right to adjust the Free plan quota with a notice period of 4 weeks. The quota published on the pricing page at the time of use shall apply.

Section 10 BYOK — Bring Your Own Key

(1) The service allows the Customer to store their own API keys for external AI providers (“BYOK”). In this case, the Customer uses the infrastructure of the respective AI provider at their own expense and under their terms of service.

(2) API keys stored by the Customer are encrypted (AES-256). The Provider assumes no liability for costs incurred through the use of customer-owned API keys with the respective AI providers.

(3) The Customer is solely responsible for compliance with the terms of service of the respective AI providers.

Section 11 API Terms of Use

(1) The Provider makes a PII Redaction REST API available for all paid plans (Starter, Pro, Business, Enterprise). Access is via API keys generated in the customer dashboard.

(2) The API is subject to rate limiting of 300 requests per minute (standard). Higher limits may be individually agreed upon for Enterprise customers.

(3) The API availability is subject to the SLA provisions in accordance with Section 14 of these Terms.

(4) The Customer may not use the API for white-label solutions or resale to third parties without the Provider’s prior written consent.

(5) The Provider is not liable for damages arising from outages or latency of the API where these are attributable to circumstances beyond the Provider’s control (in particular outages of external AI providers). This exclusion does not apply in cases of intent or gross negligence, nor to breaches of cardinal obligations (see Section 17).

(6) API usage logs (number of calls, endpoint used, timestamp) are retained for billing purposes for 90 days and automatically deleted thereafter.

Section 12 Data Protection and Data Processing

(1) The Provider processes personal data of the Customer in accordance with the privacy policy at https://ki-shield.eu/privacy.

(2) PII detection and pseudonymization is performed exclusively on servers in Germany (Hetzner Online GmbH). Personal data in plaintext does not leave the European legal area.

(3) Only pseudonymized data is transmitted to external AI providers. Pursuant to Recital 26 GDPR, pseudonymized data that cannot be re-identified without access to the mapping table does not constitute personal data for the recipient.

(4) Insofar as the Provider processes personal data on behalf of the Customer (processing on behalf of a Controller pursuant to Art. 28 GDPR), a Data Processing Agreement (DPA) is automatically provided to the Customer upon account creation. By first using the data processing features (in particular chat requests with PII detection), the Customer accepts the provided DPA. The DPA is available at any time at https://ki-shield.eu/dpa.

(5) The Provider acts exclusively as a Processor within the meaning of Art. 28 GDPR when processing personal data of the Customer. The Provider processes personal data only on documented instructions of the Controller (Customer) and not for its own purposes.

(6) The record of processing activities pursuant to Art. 30(2) GDPR is made available to the Customer upon request and can be viewed at https://ki-shield.eu/records-of-processing.

Section 13 Updates and Maintenance Obligations

(1) As a SaaS provider, the Provider delivers functional and security updates pursuant to Sections 327e, 327f BGB. Updates are performed server-side and made available to the Customer automatically without requiring any action by the Customer.

(2) The Provider ensures that the service maintains the agreed functionality throughout the contract term and conforms to the security standards customary at the time of provision.

(3) Security updates are provided without undue delay upon discovery of a vulnerability. Functional updates are carried out at the Provider’s reasonable discretion.

(4) The Provider will inform the Customer of material changes to functionality (e.g., removal or modification of features) with at least 4 weeks’ notice. The Provider will only remove or materially modify features if there is an objective reason for doing so (e.g., security reasons, legal requirements, discontinuation of technical prerequisites, cessation of an external service). In the event of material changes to services, the Customer has a special right of termination effective at the time the change takes effect.

Section 14 Availability and SLA

(1) The Provider makes the service available with a target availability of 99.5% annual average (for the Enterprise plan: 99.9%). Availability is measured as the percentage of minutes in a calendar month during which the service is reachable at https://ki-shield.eu/api/v1/health.

(2) The following are not considered outages:

• Planned maintenance announced by email with at least 48 hours’ notice;
• Outages or performance limitations of external AI providers;
• Force majeure events pursuant to Section 21 of these Terms;
• Outages caused by circumstances attributable to the Customer.

(3) If the committed availability falls below the threshold in a calendar month, the Customer is entitled to a pro rata credit on the monthly invoice:

• 99.0% – 99.4% availability: 10% credit
• 95.0% – 98.9% availability: 25% credit
• below 95.0% availability: 50% credit

(4) The credit is applied to the next billing period. Cash payment is excluded. The credit is limited to a maximum of 50% of the monthly plan price of the affected month. Unused credits expire after 3 months. The credit requires that the Customer reports the outage within 14 days after the end of the affected month, specifying the relevant time period.

Section 15 Warranty and Defect Rights

(1) The warranty for digital products is governed by Sections 327 et seq. BGB. The service is considered defective if it does not have the agreed quality or is not suitable for the use envisaged under the agreement (Section 327e BGB).

(2) The agreed quality is determined by the description of services (Section 2) and the documentation current at the time of conclusion of the agreement at https://ki-shield.eu.

(3) In the event of a defect, the Customer is first entitled to cure (remedy of the defect). The Provider will remedy the defect within a reasonable period. If cure has failed, is impossible, or is unreasonable, the Customer may terminate the agreement or reduce the consideration (Section 327m BGB).

(4) The reversal of the burden of proof pursuant to Section 327k(1) BGB applies: if a defect becomes apparent within one year of provision, it is presumed that the defect already existed at the time of provision.

(5) The best-effort clause for PII detection (Section 2(3)) means that the Provider does not owe a 100% detection rate. However, the core functionality (pseudonymization of detected PII and forwarding to AI providers) must function in accordance with the agreement. A defect exists if the detection rate is systematically and significantly below the state of the art.

(6) The statutory limitation period for defect claims is two years from provision (Section 327j(1) BGB). For ongoing provision (subscription model), the Customer may assert defect claims throughout the entire contract term.

Section 16 Intellectual Property and Usage Rights

(1) All rights to the KI-Shield software, including source code, algorithms, interface design, and documentation, remain with the Provider.

(2) The Customer receives a simple, non-transferable, non-sublicensable right to use the service for the duration of the contractual relationship within the scope of the selected plan.

(3) The content entered by the Customer and the AI responses generated therefrom remain the property of the Customer. The Provider does not acquire any rights therein. The Provider does not use customer content for training purposes.

(4) Reverse engineering, decompilation, or disassembly of the software is not permitted, except as expressly allowed by mandatory statutory provisions (Section 69e German Copyright Act (UrhG)).

Section 17 Liability and Limitation of Liability

(1) The Provider has unlimited liability for damages arising from injury to life, body, or health resulting from an intentional or negligent breach of duty by the Provider.

(2) The Provider has unlimited liability for damages resulting from willful misconduct or gross negligence by the Provider.

(3) In cases of slight negligence, the Provider is only liable for breach of material contractual obligations (cardinal obligations). Material contractual obligations are those whose fulfillment is essential for the proper performance of the agreement and on whose compliance the Customer may regularly rely. In this case, liability is limited to the foreseeable, contract-typical damage. For entrepreneurs (Section 14 BGB), liability for breach of cardinal obligations is further limited in amount to the total payments made by the Customer in the 12 months preceding the damaging event, but in no case less than EUR 500. This limitation of liability does not apply to consumers.

(4) PII detection operates on a best-effort basis — in cases of slight negligence. In cases of slight negligence, the Provider is not liable for individual personal data items not being detected, or being incorrectly pseudonymized, in particular contexts. Liability for intent and gross negligence, as well as for breach of material contractual obligations (cardinal obligations — PII detection itself, as the principal performance obligation, constitutes a cardinal obligation), remains unaffected (Section 309 no. 7 BGB). In the event of systematic detection failures, the Provider owes cure (Nacherfüllung). Notice for holders of professional secrecy obligations: Before entering sensitive client or patient data, we recommend additional caution (pre-screening, Zero-Knowledge mode). Use of the service does not relieve the Customer of their own data protection responsibilities; the Customer is expressly informed of this at the time of contract conclusion.

(5) The Provider is not liable for outages or malfunctions of external AI providers (OpenAI, Anthropic, Google, etc.). The availability and quality of AI responses are the responsibility of the respective provider.

(6) Liability under the German Product Liability Act (ProdHaftG) remains unaffected.

Section 18 Indemnification

(1) The Customer shall indemnify the Provider against all third-party claims based on unlawful use of the service by the Customer or a breach of these Terms. This includes reasonable costs of legal defense.

(2) The Customer is obligated to inform the Provider immediately, truthfully, and completely in the event of any such claim.

(3) This indemnification obligation applies only vis-à-vis entrepreneurs (Section 14 BGB). Vis-à-vis consumers, the statutory allocation of liability remains unaffected; the consumer is not subject to an indemnification obligation.

Section 19 Amendments to the Terms

(1) The Provider is entitled to amend these Terms with effect for the future, provided this is objectively justified (e.g., changes in legislation, changes in case law, changes in the scope of services, or to close regulatory gaps).

(2) Amendments will be announced to the Customer at least 6 weeks before they take effect by email and within the login area, stating the reason for the amendment and the specific change. A distinction is made between editorial and material amendments:

(a) Editorial and statutorily mandated amendments (e.g. new statutory obligations, correction of typographical errors, clarifying adjustments without economic impact): If the Customer does not object within 6 weeks, the amended Terms shall be deemed accepted. The Customer is separately informed of this consequence.

(b) Material amendments (in particular changes to principal performance obligations, prices, liability provisions, or contract term): These shall only become effective with the Customer’s express consent (opt-in confirmation upon next login). If the Customer does not give consent within 6 weeks, the Provider may terminate the agreement on ordinary notice with a notice period of 4 weeks to the end of the month; until that date, the previous terms continue to apply (Federal Court of Justice (BGH) ruling XI ZR 26/13; CJEU C-119/22).

(3) If the Customer objects in a timely manner, the agreement continues under the existing terms. In this case, the Provider has a special right of termination with a notice period of 4 weeks to the end of the month.

Section 20 Force Majeure

(1) The Provider is released from its performance obligation insofar as and for as long as performance cannot be rendered due to force majeure. Force majeure includes, in particular, natural disasters, pandemics, governmental orders, failure of telecommunications networks or gateways of other operators, disruptions in the hosting infrastructure, and cyberattacks.

(2) The Provider will inform the Customer of force majeure events without undue delay.

Section 21 Final Provisions

(1) The laws of the Federal Republic of Germany shall apply, excluding the United Nations Convention on Contracts for the International Sale of Goods (CISG). For consumers, this choice of law applies only insofar as it does not deprive the consumer of the protection afforded by mandatory provisions of the law of the state of their habitual residence (Art. 6(2) Rome I Regulation).

(2) If the Customer is a merchant, a legal entity under public law, or a special fund under public law, the exclusive place of jurisdiction for all disputes arising from this agreement shall be the registered office of the Provider (Greußen, Germany). For consumers, the statutory places of jurisdiction apply.

(3) Severability clause: Should individual provisions of these Terms be or become wholly or partially invalid, the validity of the remaining provisions shall not be affected. The invalid provision shall be replaced by the corresponding statutory provision. Section 306(2) BGB remains unaffected; a validity-preserving reduction (geltungserhaltende Reduktion) to the detriment of consumers shall not take place.

(4) The Provider is neither obligated nor willing to participate in dispute resolution proceedings before a consumer arbitration board.

(5) Online dispute resolution platform: Until 20 July 2025, the European Commission provided a platform for online dispute resolution (ODR) at ec.europa.eu/consumers/odr. This platform was discontinued with effect from 20 July 2025 (Art. 14 ODR Regulation).

Section 22 Professional Secrecy (Physicians, Lawyers, Tax Advisors, etc.)

(1) KI-Shield UG and all its employees and vicarious agents are obligated to confidentiality as “cooperating persons” (mitwirkende Personen) within the meaning of Section 203(4) sentence 2 no. 1 German Criminal Code (StGB), insofar as, in the course of providing the service, they could obtain knowledge of third-party secrets.

(2) Criminally enforceable confidentiality declarations from all employees (commitment pursuant to Section 203(4) StGB) are on file and will be provided to holders of professional secrecy obligations in text form upon request.

(3) Holders of professional secrecy obligations are expressly advised that the input of client, patient, or comparable secrets requires prior verification of conformity with their professional confidentiality duties (in particular: careful selection, instruction, and supervision of the processor pursuant to Section 203(3) StGB). For particularly sensitive engagements, we recommend concluding a separate Non-Disclosure Agreement (NDA).

(4) The duty of confidentiality applies without time limit and continues to apply beyond the end of the contract.

Section 23 Complaints Procedure (DSA-compliant)

(1) Customers and third parties may lodge complaints against content or suspension decisions of the Provider within 6 months of the decision at beschwerde@ki-shield.de (Art. 20 Digital Services Act (DSA)).

(2) The complaint will be reviewed within 14 days by a qualified person who was not involved in the original decision; the review shall not be based exclusively on automated AI evaluation.

(3) Notice and action procedure (Art. 16 DSA): Reports of unlawful content (phishing, CSAM under Sections 184b/184c StGB, terrorist content under Regulation (EU) 2021/784, incitement to hatred under Section 130 StGB, trademark infringements) should be sent to abuse@ki-shield.de. Processing times: CSAM < 1 hour, phishing/malware < 4 hours, other unlawful content < 24 hours.

(4) Single Point of Contact for authorities pursuant to Art. 11 DSA: dsa@ki-shield.de. Languages: German, English.

Section 24 AI Responses as Third-Party Content (Section 8 DDG)

(1) Responses generated by external AI models (OpenAI, Anthropic, Mistral, etc.) constitute, from the Provider’s perspective, third-party information within the meaning of Section 8 of the German Digital Services Act implementation law (DDG). No substantive prior review by the Provider is performed.

(2) Upon obtaining knowledge of manifestly unlawful AI-generated content, the Provider will act without undue delay (suspension, deletion, notification of authorities). There is no general obligation to monitor (Section 7(2) DDG).

(3) Notice pursuant to Art. 50 AI Act: AI responses are labelled as AI-generated content. Users are informed that they are interacting with an AI system.

Section 25 Beta Features

(1) Features expressly designated as “Beta” are provided without any warranty. The availability and warranty provisions do not apply to Beta features. Liability remains limited to intent and gross negligence.

(2) Beta features may be modified or discontinued at any time without prior notice.