These general conditions (hereinafter referred to as the “General Conditions”) govern the terms and conditions of the provision of the Sophia service (hereinafter the “Service”) to the Customer described at the web address https://sophia.restheart.com.

0. INTRODUCTION

VERSION

These General Conditions are version 1.0, last updated on May 14, 2026.

DEFINITIONS

The term “Supplier” refers to “SoftInstigate Srl Società Benefit” with registered office at via del Beato Cesidio 49, 67100, L’Aquila, Italy.

The term “Sophia” refers to the software-as-a-service AI conversational knowledge base platform developed and operated by the Supplier, accessible at https://sophia.restheart.com.

The term “Service” refers to the managed Sophia platform that allows the Customer to ingest content into a private knowledge base, configure conversational agents, and interact with such agents through chat and programmatic interfaces (REST API, MCP — Model Context Protocol). The Service is provided in multi-tenant mode: each Customer accesses an isolated tenant.

The term “Tenant” refers to the logical partition of the Service assigned to the Customer, encompassing all Customer-owned data (users, agents, knowledge base content, chat conversations, API tokens, configurations).

The term “Customer” refers to the legal entity that subscribes to the Service. The Customer designates one or more Tenant Administrators authorized to manage the Tenant.

The term “User” refers to a natural person who accesses the Service through credentials issued by a Tenant Administrator or by the Supplier (admin role). Users may access the Service exclusively via invitation; no self-registration is available.

The term “AI Provider” refers to Amazon Web Services, Inc. (“AWS”), through its Amazon Bedrock service, which Sophia uses exclusively to perform language model inference and embedding generation. All AI model invocations — including invocations of third-party foundation models made available through Bedrock — are governed by the AWS Service Terms and the AWS Data Processing Addendum applicable to Amazon Bedrock.

The term “Service Tier” refers to the specific configuration and resource allocation level of the Service, each with different features, limitations, and pricing, as agreed in the Customer’s commercial proposal.

Payments for the Service are processed by the means agreed with the Customer at the time of subscription activation (e.g. wire transfer).

CONTRACTUAL DOCUMENTS AND EFFECTIVENESS

The overall contractual framework for the provision of the Service granted to the Customer is contained in these General Conditions and the terms specific to the selected Service Tier or commercial proposal. The General Conditions and Service Tier specifications (or commercial proposal) together constitute the “Agreement”.

Acceptance of these General Conditions occurs:

Any different or additional terms or conditions proposed by the Customer or referred to by the Customer in their own documents shall not be effective against the Supplier unless expressly accepted in writing by the latter.

1. SCOPE OF APPLICATION OF THE GENERAL CONDITIONS

1.1. The General Conditions apply to the provision of the Service by the Supplier to the Customer, as defined in these General Conditions.

1.2. All Intellectual Property Rights related to Sophia and its developments are and remain the exclusive property of the Supplier. The Customer retains ownership of the content it ingests into the knowledge base (the “Customer Content”) and of the conversations conducted by its Users.

1.3. The Customer acknowledges that different Service Tiers have different terms, limitations, and support levels as specified for each Service Tier.

2. THE SERVICE

2.1. Under the Contract, the Supplier undertakes to provide the Service directly or through third parties (including the AI Provider) to the Customer, who accepts it, subject to the timely payment of subscription fees.

2.2. The Service enables the Customer to:

2.3. The Service is provided in multi-tenant mode. The Supplier guarantees logical isolation between Tenants through dedicated access control mechanisms. No Customer Content is shared across Tenants without explicit configuration.

2.4. The Service relies on the AI Provider (Amazon Web Services Bedrock) for language model inference and embedding generation. The Customer acknowledges that:

2.5. AI-generated content disclaimer. The Customer acknowledges and accepts that responses generated by AI agents:

The Supplier provides the Service “as a tool”; the Customer remains responsible for verifying the accuracy of generated content before relying on it.

2.6. Support is provided upon the Customer’s request, with response times and availability levels specified for each Service Tier and at the web address https://restheart.com/support/.

2.7. SERVICE TIERS

The Service is available in multiple tiers, each with specific features, limitations, support levels, and pricing as agreed in the Customer’s commercial proposal. Service Tier specifications may be updated and modified by the Supplier from time to time with reasonable notice.

2.8. The services covered by this contract include the following activities:

Knowledge base ingestion: processing of Customer-uploaded documents, including text extraction, segmentation, embedding generation, and storage in the Customer’s Tenant.

Agent runtime: retrieval-augmented generation (RAG) against the Customer’s knowledge base, invocation of the AI Provider for LLM inference, and delivery of responses through the Service interfaces.

User and access management: invitation-based user provisioning, role-based access control, API token management, all scoped to the Customer’s Tenant.

Support: technical support provided by the Supplier upon Customer request through designated communication channels, in accordance with the timing and methods specified for each Service Tier and at the web address https://restheart.com/support/. The support aims to provide information to the Customer for the proper and efficient use of the Service, resolve operational issues, and intervene to correct possible malfunctions or errors based on reports received and deemed valid by the Supplier through reproducible tests. The following activities are not included, by way of example but not limited to: requests from the Customer regarding User training, or consultancy for organizing the Customer’s content curation procedures.

3. CUSTOMER’S OBLIGATIONS

3.1. By entering into the Contract, the Customer undertakes to:

3.2. The Customer is solely responsible for the content of the knowledge base and for any output generated by AI agents on the basis of such content. The Supplier acts as a data processor and does not validate, curate, or moderate Customer Content.

4. ACCESS CREDENTIALS

4.1. Access to the Service is granted exclusively through credentials issued by a Tenant Administrator or by the Supplier (admin role). No self-registration is available. The first access of each invited User requires acceptance of these Terms and the Privacy Policy and the setting of a personal password.

4.2. The Customer expressly acknowledges that credentials must comply with the reference standards for credential management.

4.3. The Supplier does not have access to User passwords (stored in hashed form only). The Supplier may issue password reset tokens via email upon explicit User request.

4.4. The Customer is aware that third-party knowledge of the Access Credentials would allow unauthorized use and unauthorized access to data stored in the Tenant. In any case, the Customer will be solely responsible for any authorized or unauthorized use of the Service through the Access Credentials issued under its Tenant.

4.5. The Customer is responsible for safeguarding and ensuring that each User keeps, manages, and periodically updates the Access Credentials with the utmost confidentiality and diligence. They undertake not to transfer the credentials or allow their use by unauthorized third parties.

4.6. API Tokens. The Service allows the issuance of long-lived API tokens for programmatic access. The Customer acknowledges that API tokens inherit the permissions of the issuing User and must be treated with the same confidentiality as passwords.

4.7. The Supplier and/or its eventual Partners cannot be held responsible for any direct or indirect damage that may result to the Customer, each User, or third parties due to the Customer and/or each User’s failure to comply with the provisions of this article.

5. SERVICE EVOLUTION

5.1. The Customer acknowledges and accepts that, where deemed appropriate at the Supplier’s sole discretion, the evolution of the service may: (i) result in the modification or elimination of certain Service features; (ii) involve replacements or migrations (even partial) of the Service to cloud providers or AI services different from those on which the infrastructure was based at the time of Service initiation; or (iii) involve changes to available Service Tiers or capabilities.

5.2. The Customer releases the Supplier from any liability related to any damages arising from potential evolutions of the Service, unless such damages result from willful misconduct or gross negligence on the part of the Supplier.

5.3. The Supplier may modify Service Tier features, pricing, or availability with reasonable notice provided to Customers.

5.4. The Supplier reserves the right to substitute the AI Provider used by the Service at any time, provided that the substitute Provider offers comparable or better data protection guarantees.

6. PAYMENT OBLIGATIONS

6.1. The Customer undertakes to pay subscription fees for the provision of the Service as specified in the commercial proposal or Service Tier subscription.

6.2. All considerations are understood as exclusive of VAT and any other legal charges.

6.3. Payment terms (including method, frequency, and invoicing) are specified in the commercial proposal applicable to the Customer.

6.4. For paid Service Tiers, the Customer expressly acknowledges and accepts that subscription fees are subject to periodic updates, with reasonable notice provided to the Customer.

6.5. The Customer acknowledges that the Service is subject, by its very nature, to constant technological and regulatory evolution, including ongoing developments in AI model pricing by the AI Provider, requiring continuous and costly activities of updating, development, and, in some cases, replacement, necessary to ensure its functionality. Therefore, the Supplier will have the right to modify subscription fees with reasonable notice.

6.6. In case of non-payment, the Supplier reserves the right to (i) suspend the Service and inhibit access until payment is resolved and/or (ii) terminate the service provision in case of continued non-payment.

7. CONFIDENTIALITY

7.1. The Parties are strictly prohibited from communicating, disclosing, or in any way using, even through third parties, any information, data, and documentation learned and obtained during the execution of the Contract and classified as “confidential” by the other Party, except: (a) as expressly required for the execution of the Contract; (b) with the express written authorization of the other Party; (c) when the Parties are obliged to do so by law and/or by order of the administrative and/or judicial authority.

7.2. The Supplier classifies Customer Content (ingested documents, chat conversations) as confidential by default. The Supplier shall not access, view, or process Customer Content except as necessary for technical support requested by the Customer.

7.3. Except in the case where the information and/or documents constitute trade secrets pursuant to applicable law, the prohibition referred to in the previous paragraphs shall remain unconditionally in force even after the termination of the Contract, for any reason, for the subsequent period of 3 (three) years, except for information that becomes publicly available without the Parties’ involvement.

8. INTELLECTUAL PROPERTY

8.1. All intellectual property rights, including their economic exploitation rights, concerning Sophia, its source code, the Service infrastructure, documentation, evolutions, preparatory works, and derivative works, are and shall remain, in whole or in part, and worldwide, the exclusive property of the Supplier.

8.2. The Customer retains all intellectual property rights to the Customer Content uploaded to the knowledge base and to the chat conversations conducted by its Users. The Supplier acquires no rights in Customer Content beyond the limited license, granted by the Customer to the Supplier, to process such Content for the sole purpose of providing the Service.

8.3. AI-generated output. The Service generates responses through AI agents based on the Customer Content and the foundation models accessed via the AI Provider. The Customer is granted the rights to use such output for its business purposes, subject to applicable third-party rights. The Customer acknowledges that AI-generated output is not eligible for copyright protection under most legal systems, and that the Supplier makes no guarantee of originality or non-infringement of third-party rights in such output.

8.4. The Customer has the right to use Sophia exclusively in compliance with the terms and conditions of the non-exclusive, non-transferable, temporary, and limited license as specified for their selected Service Tier, granted by the Supplier.

9. SUPPLIER’S LIABILITY

9.1. SoftInstigate Srl Società Benefit assumes exclusively the obligations specified in the Contract for the selected Service Tier, guaranteeing that the Service will be provided with professional expertise and ordinary care in the relevant sector, and will comply with the functionalities and technical specifications indicated on the website https://sophia.restheart.com and for the selected Service Tier.

9.2. The Supplier shall not be obliged to intervene in case of malfunctions caused by the Customer’s failure to comply with the operational rules, improper use, atypical utilization of the Service beyond the scope of the selected Service Tier, or use of the Service for purposes outside its intended scope.

9.3. The Customer acknowledges and agrees that no software product is free from errors and acknowledges having been specifically advised to make a backup copy of important Customer Content. Backup services and availability vary by Service Tier.

9.4. AI output disclaimer. The Supplier expressly disclaims any liability for the accuracy, completeness, fitness for purpose, or non-infringement of AI-generated output. The Customer is solely responsible for reviewing such output before using it for any consequential decision.

9.5. Unless in cases of willful misconduct or gross negligence, the Supplier’s liability shall never exceed the amount of the subscription fees paid by the Customer under this Contract in the 6 (six) months preceding the date on which the event giving rise to the Supplier’s liability occurred.

9.6. Service level commitments, uptime guarantees, and support response times are as specified for each Service Tier. The Supplier’s obligations and remedies for service level failures are limited to those specified for each Service Tier.

10. DURATION, TERMINATION AND DATA RETURN

10.1. The Contract has the duration agreed in the commercial proposal or implied by the selected Service Tier subscription period (monthly, annual, multi-year). Subscriptions automatically renew unless cancelled by the Customer in writing or through the self-service interface where available, with notice of 30 (thirty) days before the end of the current subscription period.

10.2. Upon termination of the Contract for any reason:

10.3. The Supplier may terminate the Contract with immediate effect in case of: (i) material breach by the Customer not remedied within 30 days of written notice; (ii) Customer insolvency or bankruptcy; (iii) use of the Service in violation of applicable law or these Terms; (iv) non-payment beyond 60 days from invoice due date.

10.4. REFUND POLICY: Subscription fees are generally not refundable either in full or for partially used subscription periods, except in case of termination for cause attributable to the Supplier.

11. DATA PROTECTION AND PRIVACY

11.1. The Parties acknowledge that the execution of this Contract involves the collection and processing of personal data in compliance with the EU General Data Protection Regulation (GDPR) 2016/679 and Italian Legislative Decree 196/2003 as amended.

11.2. The Customer is the data controller under GDPR with respect to the personal data of its Users and the personal data potentially contained in the Customer Content uploaded to the knowledge base. The Supplier acts as a data processor with respect to such data, pursuant to Article 28 GDPR.

11.3. The detailed terms of the data processing, including the categories of data, the purposes, the sub-processors (including the AI Provider), and the technical and organizational measures, are governed by the Privacy Policy available at https://restheart.com/legal/privacy-policy and, where required by the Customer’s specific use case, by a separate Data Processing Agreement (DPA) made available upon request.

11.4. The Supplier implements appropriate technical and organizational measures to ensure the security of personal data in accordance with Article 32 of the GDPR.

11.5. The Customer acknowledges that the Service relies on Amazon Web Services Bedrock as its sole AI sub-processor for language model inference and embedding generation. The transmission of Customer Content (or fragments) to AWS Bedrock is necessary for the provision of the Service. AWS Bedrock is bound by the AWS Data Processing Addendum, which prohibits the use of Customer Content for training foundation models.

11.6. Data retention and deletion policies vary by Service Tier in compliance with Italian and EU data protection laws.

12. APPLICABLE LAW AND JURISDICTION

12.1. This Contract is governed by and shall be interpreted in accordance with Italian law and applicable European Union regulations, including but not limited to the General Data Protection Regulation (EU) 2016/679 (GDPR).

12.2. Any dispute regarding the interpretation and/or execution of this Contract shall be subject to the jurisdiction of the Court of Pescara, in accordance with Italian civil procedure law.

12.3. These General Conditions comply with Italian consumer protection laws where applicable, EU consumer rights directives, and other applicable Italian and EU legislation.

13. FINAL PROVISIONS

13.1. This Contract replaces any previous agreements, whether oral or written, between the Parties regarding the execution of this Contract.

13.2. If one or more provisions of this Contract are held to be invalid or unenforceable by law or by a decision that binds the Parties, this shall not affect the validity and binding nature of the other provisions of this Contract.

13.3. The following General Conditions may be unilaterally modified and/or supplemented by the Supplier, with reasonable notice provided to Customers. Continued use of the Service after a material modification of these General Conditions constitutes acceptance, evidenced by the Customer’s renewed acceptance of the updated terms through the in-app re-acceptance flow.

13.4. The failure to exercise one or more of the rights provided for in the Contract shall not be deemed as a waiver of such rights.

13.5. CLAUSOLE VESSATORIE / UNFAIR TERMS. The clauses that under Italian law (art. 1341 c.c.) require separate signature for express acceptance are: 2.5 (AI-generated content disclaimer), 3.1 (Customer’s obligations — restriction on special categories of data), 5 (Service Evolution), 6 (Payment Obligations), 9 (Supplier’s Liability — including liability cap and AI output disclaimer), 10 (Duration, Termination and Data Return — including refund policy), 12 (Applicable Law and Jurisdiction — exclusive jurisdiction of Court of Pescara), 13.3 (Unilateral modification).

Need Help?

If you have questions about these terms or need clarification about Sophia, please contact us:

← Back to Terms Selection | Get Started with Sophia