General Terms & Conditions of Service
These general terms of service (the “T&C”) apply to all Account Holders, irrespective of pricing tier, and set the universal legal and technical baseline for the CarbonCloud platform.
1Parties and scope
1.1These T&C together with any Role Addendum (e.g. a freemium contributor addendum, a paid-tier subscription agreement addendum or a principal addendum), or other referred addenda, form a single legally binding contract (together the “Agreement”).
1.2Parties to the Agreement shall be (i) CarbonCloud AB, Swedish reg.no 559091-0716 (“CarbonCloud”), and (ii) the legal entity creating or being assigned an account on the Platform (the “Account Holder”).
1.3The Account Holder shall agree to these T&C when creating an account on the Platform or when otherwise agreeing to the use of the Services.
1.4Because the Platform is tag-based, the Account Holder may simultaneously be subject to one or more Role Addendum(s) for the same Dataset, which apply in parallel unless an addendum expressly overrides another.
2Definitions
| “Account Holder” | The entity that creates or is assigned an account as defined in section 1.2. |
| “Active Date” | The date on which a Paid-Tier Subscription becomes active under a Paid-Tier Addendum. |
| “Activity Data” | Primary data uploaded by the Account Holder or the Account Holder’s invitees (process, transport, energy etc.). |
| “Background IP” | Any intellectual property, data, software, models or know-how owned or controlled by CarbonCloud prior to the Effective Date or independently developed without reference to the Account Holder’s Confidential Information, including the Platform, Services, emission-factor and master datasets, and all underlying calculation models. Background IP expressly excludes Activity Data uploaded by the Account Holder and Results generated therefrom. |
| “Billing Cycle” | The agreed invoicing frequency for a Paid-Tier Subscription (e.g. monthly, annually). |
| “CCF” | A corporate carbon footprint, considering both direct and indirect greenhouse gas emissions caused by a company’s activities within a business year. |
| “Confidential Information” | Any non-public information disclosed by one party to the other that is either (a) marked or identified as confidential, or (b) would reasonably be understood as confidential given the nature of the information and circumstances of disclosure. |
| “Contributor” | An Account Holder who provides Activity Data upon Invitation by a Principal outside of a Paid-Tier Subscription. |
| “Contributor Addendum” | A Role Addendum entered into between a Contributor and CarbonCloud governing the submission, processing, and rights associated with Activity Data contributed to a Principal via the Platform. |
| “Dataset” | A logically grouped collection of Activity Data and/or Results relating to a specific product, organisation or purchased good, identified within the Platform by a unique internal ID and applicable metadata tags. |
| “Data Processor Addendum” | The data processor agreement (DPA) containing data protection terms agreed between the Parties when CarbonCloud acts as processor on behalf of the Account Holder. |
| “Export Window” | Has the meaning set out in section 13.1. |
| “Factual Client List” | A simple, non-promotional list published by CarbonCloud identifying customers by legal name without using trademarks, logos, testimonials or qualitative statements. |
| “GDPR” | The EU General Data Protection Regulation (EU) 2016/679. |
| “Invitation” | A downstream request that an upstream organisation share a PCF-calculation or contribute Activity Data. |
| “Non-Tagged Activity Data” | Activity Data not associated with any metadata tag that limits use or pricing. In the Platform such data appears under the default “standard” tag. |
| “Order Form” | Any written order, proposal, or mutually agreed document describing the scope, pricing, and duration of a Paid-Tier Subscription, signed or accepted by the Account Holder. |
| “Paid-Tier Addendum” | A Role Addendum governing Paid-Tier Subscriptions. |
| “Paid-Tier Subscription” | A fee-bearing subscription to the Services. |
| “PCF” | Product carbon footprint — the total greenhouse gas emissions associated with a product throughout its life cycle. |
| “Platform” | The cloud-hosted technical environment operated by CarbonCloud, including servers, databases, APIs, user interface, and related infrastructure through which the Services are delivered. |
| “Policies” | CarbonCloud’s policies and guidance documents applicable from time to time, e.g. privacy policies, data sharing protocols. |
| “Pre-Paid Dataset” | A Dataset identified by a valid Pre-Paid Dataset Tag applied by a Principal, for which the Principal has pre-financed the Contributor’s baseline access to the Services. |
| “Pre-Paid Dataset Tag” | The metadata flag applied by a Principal that designates a Dataset as prepaid and within the scope of free access. |
| “Principal” | An Account Holder that (i) initiates one or more Pre-Paid Dataset Tags, (ii) finances access to the Services for upstream Contributors invited under those tags, and (iii) receives the associated Results. |
| “Principal Addendum” | A Customer-Specific Addendum between CarbonCloud and a Principal which sets the conditions for Pre-Paid Dataset Tags. |
| “Product Plan” | A description of Services, features, limitations, usage caps, and tiered configurations offered by CarbonCloud as part of its standard product catalogue and pricing schedule, or as specified in a corresponding Order Form. |
| “Results” | Any calculated output (PCF/CCF values, dashboards, reports) produced by the Services. |
| “Role Addendum” | A modular contract applying to an Account Holder based on its chosen usage tier or role in the Platform. Each Account Holder may be bound by multiple Role Addendums in parallel. |
| “Service Credits” | Monetary value credits applied by CarbonCloud due to breaches of service levels agreed in a Paid-Tier Addendum or other pre-agreed commitments. |
| “Services” | CarbonCloud’s hosted software platform, APIs, UI and documentation. |
| “Sub-Processor” | A third-party processor engaged by CarbonCloud. |
3Contract hierarchy
3.1Order of precedence:
- FirstThe applicable Role Addendum
- SecondThese T&C
- ThirdAny referenced Policies
Notwithstanding the above, the Data Processor Addendum shall at all times prevail over the T&C, any Role Addendum, and any Policies to the extent a conflict relates to the processing of Personal Data under applicable data protection laws.
3.2Service levels, warranties, indemnities and liability caps reside exclusively in the applicable Role Addendum.
4IP rights and licences
4.1The Account Holder grants CarbonCloud a worldwide, royalty-free licence to process Activity Data to operate the Services, generate Results and create aggregated analytics during the term of the Agreement (subject to section 13.5).
4.2Except for the licence in section 4.1, all rights to the Account Holder’s Activity Data remain with the Account Holder and CarbonCloud will not share such Activity Data with third parties.
4.3Background IP remains the exclusive property of CarbonCloud or its licensors. All Results produced by the Services shall vest in CarbonCloud upon creation, subject to the limited licences expressly granted to the Account Holder and/or an affiliated Principal under the Agreement or a Role Addendum.
4.4During the term of the Agreement, CarbonCloud grants the Account Holder a non-exclusive right to access the Services and use Results generated from the Account Holder’s Activity Data in accordance with the Agreement.
4.5Suggestions the Account Holder provides may be used by CarbonCloud without obligation.
5Account administration & security
5.1The Account Holder undertakes to maintain accurate registration details and appoint at least one admin user.
5.2Login credentials are personal, and the Account Holder undertakes to keep them confidential and promptly notify CarbonCloud of any unauthorised use.
5.3Except where caused by CarbonCloud’s breach of the Agreement or wilful misconduct, the Account Holder is responsible for all activities conducted through the Account Holder’s account.
5.4The Account Holder is responsible for securing the network, hardware and software required to access the Services.
5.5Upon written request (max once per calendar quarter) CarbonCloud will make available audit logs evidencing access to the Account Holder’s Activity Data for the preceding ninety (90) days.
6Acceptable use
6.1The Account Holder undertakes not to:
areverse-engineer, de-compile, disassemble or attempt to derive source code from the Services;
bintroduce viruses or other malicious code to the Services;
cuse the Services to violate any law or regulation;
dinfringe or misappropriate third-party rights;
eresell, sublicense or otherwise provide third parties with access to the Services, except as expressly permitted under a Role Addendum;
fuse automated scripts to extract data at a volume that interferes with system performance.
6.2CarbonCloud reserves the right to monitor usage for compliance and may suspend access in accordance with these T&C if it reasonably suspects a breach of this section 6.
7Fees & payment framework
7.1Whether fees apply, and their amount, Billing Cycle and taxes, are defined in the applicable Role Addendum.
7.2Contributors operating solely within a Pre-Paid Dataset Tag incur no charges for that scope.
7.3Unless otherwise agreed in an Order Form, invoices are payable twenty (20) days from invoice date.
7.4Late payments accrue statutory interest and recovery costs in accordance with Swedish legislation as applicable at any time.
7.5Fees are non-refundable except as expressly stated in an Order Form or applicable Role Addendum.
7.6Fees are exclusive of VAT and similar taxes, which the Account Holder shall pay in addition where applicable.
8Confidentiality
8.1Each party shall keep Confidential Information strictly confidential and shall use it solely for performing its obligations under the Agreement.
8.2Each party shall protect Confidential Information with at least the same degree of care it uses to protect its own confidential information, and in no event less than reasonable care.
8.3Each party may disclose Confidential Information:
ato its legal counsel, auditors, insurers, investment bankers and other professional advisers under a duty of confidentiality no less protective than this section 8;
bto the extent required to comply with applicable securities-exchange, listing-authority or other mandatory disclosure rules; and
cin connection with a bona-fide due-diligence review related to a merger, acquisition or financing of that party, provided that the recipient is bound by written confidentiality terms at least as protective as this section 8, and provided further that any such disclosure shall exclude Account Holder Activity Data and any Personal Data processed by CarbonCloud on behalf of the Account Holder, except where such data is presented in aggregated or anonymised form that cannot reasonably be attributed to the Account Holder or to any identified or identifiable natural person.
8.4If either party is compelled by law, regulation or court order to disclose Confidential Information, it shall—where legally permitted—give the other party prompt written notice and reasonable assistance to seek protective treatment.
8.5Upon written request or termination, each party shall promptly return or securely destroy the other’s Confidential Information, save that (i) system back-ups and audit trails may be retained for up to twelve (12) months, and (ii) copies required by law or professional standards may be retained for the mandated period and remain subject to this section 8.
9Processing of personal data
9.1Each party shall comply with GDPR and all other data-protection laws applicable to its processing of Personal Data under the Agreement.
9.2For Personal Data each party processes for its own purposes, the parties act as independent controllers within the meaning of Article 4(7) GDPR.
9.3If and to the extent that CarbonCloud processes Personal Data on behalf of the Account Holder, CarbonCloud acts as data processor and the Account Holder as data controller, within the meaning of Article 4 GDPR. Such processing shall be governed by the Data Processor Addendum, which is hereby incorporated into the Agreement by reference.
9.4Each party shall notify the other without undue delay and, where feasible, within seventy-two (72) hours after becoming aware of a Personal Data Breach affecting data processed under the Agreement.
9.5CarbonCloud may engage Sub-Processors in accordance with the Data Processor Addendum or, for controller-to-controller scenarios, will ensure such Sub-Processors are bound by written data-protection obligations no less protective than this section 9.
9.6Where Personal Data is transferred outside the EEA, the transferring party shall ensure the transfer is legitimised by the EU Standard Contractual Clauses or another lawful mechanism under Chapter V GDPR.
9.7This section 9 survives any termination or expiry of the Agreement for as long as either party processes Personal Data originating under the Agreement.
10Security measures
10.1CarbonCloud maintains an information-security programme aligned with ISO 27001 and incorporates regular risk assessments, policies, staff training and incident response procedures.
10.2Measures include but are not limited to: encryption in transit and at rest, role-based access control, multi-factor authentication for administrative access, and continuous vulnerability management.
10.3CarbonCloud operates a documented incident-response plan and will provide the Account Holder with timely information regarding any confirmed security incident impacting the Services.
11Suspension
11.1CarbonCloud may temporarily suspend or throttle the Account Holder’s access to the Services if:
aCarbonCloud is required to do so by law, court order, or regulator directive;
bthe Account Holder’s use of the Services poses an imminent security risk, could subject CarbonCloud to liability, or violates section 6;
cthe Account Holder’s payment of undisputed fees is more than ten (10) days overdue after written reminder; or
dthe Account Holder fails to remediate a material breach within the cure period specified in a written notice from CarbonCloud.
11.2Wherever reasonably practicable, CarbonCloud will limit a suspension to the specific Dataset(s), API keys or user accounts involved and ensure that unaffected portions of the Services remain available.
11.3CarbonCloud will provide prior written notice of a suspension stating (i) the reason, (ii) the scope, and (iii) the conditions for reinstatement, unless immediate action is required to mitigate an imminent risk.
11.4During suspension, (i) the Account Holder remains liable for all applicable fees, and (ii) all licences and obligations that are by their nature intended to continue remain in force.
11.5CarbonCloud will lift the suspension promptly after the underlying cause is resolved. After-hours reactivation requests may incur a reasonable service fee.
11.6Unless prohibited by law or security concerns, the Account Holder may, upon written request during suspension, receive a read-only export of its Non-Tagged Activity Data and Activity Data with a Pre-Paid Dataset Tag, subject to the export restrictions in the relevant Role Addendum.
11.7If the Account Holder disputes a suspension, the parties will escalate to senior management within two (2) business days and use reasonable efforts to resolve the dispute promptly in good faith.
12Term & termination
12.1The Agreement becomes effective on the earlier of (i) the date the Account Holder accepts the T&C, or (ii) execution of a Role Addendum. The Agreement remains in effect until expired or terminated in accordance with the Agreement or a Role Addendum.
12.2Either party may terminate the Agreement or an individual Role Addendum for material breach with thirty (30) days’ written notice describing the breach if it remains uncured at the end of that period.
12.3A party may terminate the Agreement immediately upon written notice if the other party (i) is declared bankrupt, (ii) enters composition or liquidation, (iii) ceases substantially all business, or (iv) becomes insolvent under applicable law.
12.4Upon the effective date of termination: the Account Holder shall cease all use of the Services; CarbonCloud shall cease processing Activity Data except to comply with statutory retention duties; any amounts owed become immediately due and payable; and the off-boarding procedures in these T&C apply.
12.5Sections that by their nature should survive termination — including IP & licences, confidentiality, data protection, and governing law — shall remain in force.
13Off-boarding & data export
13.1Within thirty (30) days of the effective date of termination or expiration of all applicable Role Addenda (the “Export Window”), the Account Holder may request one (1) machine-readable export of: (a) all Non-Tagged Activity Data uploaded by the Account Holder; and (b) all Results that the Order Form, Product Plan, or Role Addendum explicitly designates as exportable.
13.2The export will be delivered in commonly used open formats (e.g. CSV, JSON, XLSX) together with a data dictionary and, where technically feasible, a chain of custody hash.
13.3Datasets marked with a Pre-Paid Dataset Tag remain subject to the restrictions in the applicable Principal Addendum.
13.4Within sixty (60) days after the later of (i) expiry of the Export Window or (ii) completion of any transition services, CarbonCloud will delete or anonymise all Activity Data pertaining solely to the Account Holder, except that CarbonCloud may retain limited back-up copies for disaster recovery for up to twelve (12) additional months, and any copies required by law.
13.5Any licence granted to CarbonCloud under section 4.1 survives termination to the extent necessary to (i) comply with statutory retention duties, (ii) allow downstream Account Holders to continue lawfully using Results, and (iii) enable CarbonCloud to maintain aggregated and anonymised analytics.
14Changes to the agreement
14.1CarbonCloud may amend these T&C, a Role Addendum, or the Policies with at least ninety (90) days’ prior written notice (the “Change Notice Period”). Amendments take effect at the end of the Change Notice Period unless objected to in accordance with the Agreement.
14.2Any modification to (i) commercial terms in a Role Addendum, (ii) liability caps, or (iii) a Data Processor Addendum requires a written agreement signed by both parties (electronic signature acceptable).
14.3If the Account Holder reasonably believes an amendment materially diminishes its rights or materially increases its obligations, the Account Holder may object by written notice within thirty (30) days of receipt. If no agreement is reached, the Account Holder may terminate the affected Role Addendum or, if the amendment affects all Services, the entire Agreement, effective at the end of the Change Notice Period. Prepaid fees for the terminated portion will be refunded pro rata.
14.4CarbonCloud may, on shorter notice, implement changes required by law, court order or to address a material security vulnerability. Such urgent changes will be binding immediately.
14.5Operational or UI-level changes that do not materially alter contractual obligations may be implemented without notice.
15Miscellaneous
15.1Neither party may assign the Agreement without the other’s prior written consent, except that CarbonCloud may assign it without consent but with thirty (30) days’ written notice to an Affiliate, or in connection with a merger, acquisition or sale of substantially all of its assets.
15.2CarbonCloud may engage subcontractors; it remains fully responsible for their performance and compliance with the Agreement.
15.3Notices must be in writing and delivered by (i) email to the contact of record, (ii) courier, or (iii) registered post. Email is deemed received on the next business day after sending.
15.4Neither party is liable for failure to perform due to circumstances beyond its reasonable control (including natural disasters, war, terrorism, labour disputes, internet or utility failures, governmental actions, pandemics). If a force-majeure event continues for more than sixty (60) days, the non-affected party may terminate the Agreement on seven (7) days’ written notice.
15.5If any provision of the Agreement is held unenforceable, the remaining provisions will remain in full force and effect.
15.6The parties are independent contractors. Nothing in the Agreement creates a partnership, joint venture or agency.
15.7Neither party shall use the other’s name or logo in marketing materials without prior written consent, except CarbonCloud may list the Account Holder as a user of the Services in a Factual Client List.
15.8A party’s failure or delay in exercising any right or remedy does not constitute a waiver of that right or remedy. A waiver must be in writing and signed by an authorised representative.
16Governing law & dispute resolution
16.1The Agreement shall be governed by the substantive law of Sweden, excluding its conflict-of-law rules.
16.2Any dispute, controversy or claim arising out of or in connection with the Agreement, or the breach, termination or invalidity thereof, shall be finally settled by arbitration administered by the SCC Arbitration Institute (the “SCC”).
16.3The Rules for Expedited Arbitrations shall apply, unless the SCC in its discretion determines, taking into account the complexity of the case, the amount in dispute and other circumstances, that the Arbitration Rules shall apply. In the latter case, the SCC shall also decide whether the Arbitral Tribunal shall be composed of one or three arbitrators.
16.4The seat of arbitration shall be Gothenburg and the language to be used in the arbitral proceedings shall be English.
