Loading...
OpenCost B.V.
Prompturement
Version 2.0 — Effective April 5, 2026
In these Terms & Conditions, the following capitalised terms shall have the meanings set forth below:
EU AI Act Article 50 · NIST AI RMF
Prompturement is a business-to-business (B2B) and business-to-consumer (B2C) Software-as-a-Service platform that augments procurement professionals with AI-generated analysis, recommendations, and content. The Platform operates as a decision-support tool; it does not autonomously execute procurement decisions, sign contracts, commit expenditure, or take any legally binding action on behalf of the Customer.
All AI-generated Outputs are clearly labelled as AI-generated. The Platform uses Google Gemini large language models accessed via API. No proprietary model is trained, fine-tuned, or hosted by the Provider.
The Provider maintains an internal AI governance framework aligned with the NIST AI Risk Management Framework (AI RMF 1.0) covering: (a) risk identification and assessment, (b) model selection and evaluation, (c) monitoring of output quality, (d) incident response, and (e) periodic review of AI-related policies.
EU AI Act Annex III
The Platform is intended exclusively for procurement workflow assistance, including but not limited to: contract review and summarisation, negotiation preparation, supplier research, RFQ analysis, slide generation, prompt engineering, and procurement news aggregation.
The Platform is not designed for, and shall not be used as, a high-risk AI system within the meaning of Annex III of the EU AI Act. Specifically, the Platform does not:
Customers shall not use the Platform in any manner that would cause it to fall within the scope of Annex III or any other high-risk classification under the EU AI Act.
The Provider guarantees that Customer Inputs and Outputs are never used to train, fine-tune, or otherwise improve any AI model, whether proprietary or third-party. Customer data is transmitted to the AI Model provider (Google Gemini API) solely for the purpose of generating real-time Outputs and is subject to the AI Model provider's API data usage policies, which as of the effective date of these Terms exclude API inputs from model training.
The Provider shall monitor the AI Model provider's data usage policies and shall notify Customers within thirty (30) days of any material change that would affect this guarantee.
All Outputs are generated by probabilistic AI models and may contain inaccuracies, omissions, hallucinations, or biases. The Customer acknowledges and agrees that:
| Module | Specific Disclaimer |
|---|---|
| Contract Intelligence | AI-generated contract summaries and clause analyses are not a substitute for legal review. The Platform does not provide legal advice. Always have contracts reviewed by qualified legal counsel before execution. |
| Negotiation Roleplay | Simulated negotiation scenarios are for training and preparation purposes only. AI-generated counterparty responses do not predict actual counterparty behaviour. Negotiation outcomes in the real world may differ materially. |
| Supplier Discovery | Supplier information is aggregated from public sources and AI inference. The Provider does not verify supplier credentials, certifications, financial standing, or compliance status. Independent due diligence is required. |
| RFQ Analyzer | RFQ analysis and scoring are indicative only. Outputs do not constitute a recommendation to award or reject any bid. Procurement decisions must comply with applicable procurement regulations and organisational policies. |
| Slide Deck Builder | Generated presentation content is a starting point for human refinement. Data points, statistics, and claims included in generated slides must be independently verified before use in formal presentations. |
| Prompt Builder | Optimised prompts are suggestions based on AI analysis. The effectiveness of any prompt depends on the target model, context, and use case. The Provider does not guarantee that optimised prompts will produce desired results in third-party AI systems. |
| News Feed | News summaries and insights are AI-generated from publicly available sources. The Provider does not guarantee the timeliness, accuracy, or completeness of news content. Always verify information from primary sources before acting upon it. |
The Customer shall not, and shall ensure that its authorised users do not, use the Platform to:
The Provider reserves the right to suspend or terminate access for any Customer who violates this Acceptable Use Policy, without prejudice to any other remedies available under these Terms or at law.
The Customer shall not use the Platform in connection with any activity that would violate applicable anti-corruption and anti-bribery laws, including but not limited to the Dutch Criminal Code (Wetboek van Strafrecht), the UK Bribery Act 2010, and the US Foreign Corrupt Practices Act. The Customer warrants that no Output generated by the Platform will be used to facilitate, conceal, or further any corrupt practice, bribery, kickback, or improper inducement in connection with procurement activities.
These Terms & Conditions ("Terms") govern all use of the Prompturement platform and related services provided by OpenCost B.V. ("Provider"). By creating an account, accessing the Platform, or making a purchase, the Customer accepts these Terms in their entirety.
These Terms apply to both business customers (B2B) and consumers (B2C). Where specific provisions apply only to one category, this is explicitly indicated. Consumer-specific provisions are set forth in Section 12 of this Part.
The Customer must be at least eighteen (18) years of age to create an account or use the Platform. By registering, the Customer confirms that they meet this age requirement.
The Provider expressly rejects any general terms and conditions of the Customer. Deviations from these Terms are valid only if agreed in writing by an authorised representative of the Provider.
The Platform operates on a credit-based consumption model. Subscription plans and their included credit allocations are published on the Platform's pricing page and may be updated from time to time.
All intellectual property rights in and to the Platform, including but not limited to software, user interface design, documentation, trademarks, and trade secrets, are and remain the exclusive property of the Provider or its licensors. Nothing in these Terms grants the Customer any right, title, or interest in the Platform beyond the limited right of use granted herein.
Subject to the Provider's underlying intellectual property rights in the Platform, the Customer owns all rights in and to the Outputs generated through the Customer's use of the Platform, to the extent such Outputs are capable of being owned under applicable law. The Provider hereby assigns to the Customer any rights it may hold in the Outputs, to the maximum extent permitted by law.
The Customer retains all rights in and to Customer Inputs. By submitting Customer Inputs to the Platform, the Customer grants the Provider a limited, non-exclusive, worldwide, royalty-free licence to process such Inputs solely for the purpose of providing the Platform services and generating Outputs. This licence terminates upon deletion of the relevant Customer Inputs or termination of the Customer's account.
The Customer represents and warrants that:
Each party agrees to maintain the confidentiality of the other party's Confidential Information and to not disclose such information to any third party without the prior written consent of the disclosing party, except as required by law or as necessary to perform obligations under these Terms.
Confidential Information does not include information that: (a) is or becomes publicly available through no fault of the receiving party; (b) was known to the receiving party prior to disclosure; (c) is independently developed by the receiving party without reference to the disclosing party's Confidential Information; or (d) is lawfully received from a third party without restriction on disclosure.
The Customer shall not disclose the results of any performance benchmarking, comparative testing, or competitive analysis of the Platform to any third party without the prior written consent of the Provider. This restriction does not limit the Customer's right to use the Platform for its internal evaluation purposes.
The Provider warrants that the Platform will be provided with reasonable skill and care in accordance with generally accepted industry standards. The Platform is provided "as is" and "as available" to the maximum extent permitted by applicable law.
The Provider reserves the right to modify, update, or discontinue any feature or Module of the Platform at any time. Material changes that adversely affect existing functionality will be communicated to Customers with at least thirty (30) days' prior notice.
The Provider targets a Service Level Objective (SLO) of 99.5% monthly uptime, measured as the percentage of minutes in a calendar month during which the Platform's core functionality is available. Scheduled maintenance windows (announced at least 24 hours in advance) are excluded from the uptime calculation. The SLO is a target, not a guarantee, and no service credits or remedies are provided for failure to meet the SLO unless otherwise agreed in a separate service level agreement.
The Provider shall indemnify, defend, and hold harmless the Customer from and against any third-party claims, damages, losses, and reasonable legal fees arising from: (a) the Provider's material breach of these Terms; (b) the Provider's gross negligence or wilful misconduct; or (c) any claim that the Platform (excluding Customer Inputs and Outputs) infringes upon the intellectual property rights of a third party, provided that the Customer promptly notifies the Provider of such claim and provides reasonable cooperation in the defence thereof.
The Customer shall indemnify, defend, and hold harmless the Provider from and against any third-party claims, damages, losses, and reasonable legal fees arising from: (a) the Customer's breach of these Terms, including the Acceptable Use Policy; (b) any Customer Inputs that infringe upon the rights of a third party; or (c) the Customer's use of Outputs in a manner that violates Applicable Law.
Exclusion of indirect damages: To the maximum extent permitted by applicable law, neither party shall be liable to the other for any indirect, incidental, consequential, special, or punitive damages, including but not limited to loss of profits, loss of business, loss of data, or loss of goodwill, arising out of or in connection with these Terms or the use of the Platform, regardless of the cause of action or theory of liability.
Aggregate cap: The Provider's total aggregate liability under or in connection with these Terms shall not exceed the total fees paid by the Customer to the Provider during the twelve (12) months immediately preceding the event giving rise to the liability claim.
Exceptions: The limitations set forth in this Section shall not apply to: (a) liability arising from gross negligence (grove schuld) or wilful misconduct (opzet); (b) the Provider's indemnification obligations under Section 7; (c) the Customer's breach of the Acceptable Use Policy; or (d) administrative fines imposed by a data protection supervisory authority in connection with a party's breach of the Data Processing Agreement (Part 3).
Force Majeure: Neither party shall be liable for any failure or delay in performance caused by circumstances beyond its reasonable control, including but not limited to natural disasters, acts of government, pandemics, cyberattacks, failures of third-party infrastructure providers, or disruptions to internet connectivity. The affected party shall notify the other party promptly and use reasonable efforts to mitigate the impact. If a force majeure event continues for more than sixty (60) days, either party may terminate these Terms upon written notice.
Suspension: The Provider may suspend the Customer's access to the Platform immediately and without prior notice if: (a) the Customer breaches the Acceptable Use Policy; (b) the Customer's use poses a security risk to the Platform or other customers; (c) the Customer's account is overdue for payment by more than fifteen (15) days; or (d) suspension is required by Applicable Law or a lawful order of a competent authority.
Termination: Either party may terminate these Terms: (a) for convenience, by providing thirty (30) days' written notice; or (b) for cause, if the other party commits a material breach that remains uncured for fifteen (15) days after written notice. Upon termination, the Customer's access to the Platform will be deactivated, and remaining subscription credits will be forfeited for B2B Customers. For consumers, a pro-rata refund of the unused portion of a prepaid subscription period may be requested in accordance with applicable consumer protection law and Section 12 of this Part. The Customer may request export of its data for thirty (30) days following termination.
The Customer represents and warrants that it is not located in, organised under the laws of, or a resident of any country or territory subject to comprehensive sanctions by the European Union, the United States, or the United Nations. The Customer shall not use the Platform in violation of any applicable export control laws, trade sanctions, or embargoes. The Customer shall not provide access to the Platform to any person or entity listed on any applicable restricted-party list, including but not limited to the EU Consolidated List of Sanctions, the US SDN List, or the US Entity List.
These Terms shall be governed by and construed in accordance with the laws of the Netherlands, without regard to its conflict-of-laws principles. Any dispute arising out of or in connection with these Terms that cannot be resolved amicably shall be submitted to the exclusive jurisdiction of the competent courts in Amsterdam, the Netherlands, subject to mandatory consumer jurisdiction rules where applicable.
The following provisions apply exclusively to Customers who qualify as consumers within the meaning of Article 6:230g of the Dutch Civil Code (i.e., natural persons acting outside the scope of a trade, business, craft, or profession):
Consumers have a statutory right of withdrawal of fourteen (14) days from the date of purchase. However, by clicking "Start using credits" or equivalent confirmation at the time of purchase, the consumer expressly consents to immediate performance of the service and acknowledges that the right of withdrawal is waived once credits are consumed or the service has been fully performed, in accordance with Article 6:230p(e) of the Dutch Civil Code.
In compliance with the Dutch Act on Automatic Renewal of Subscriptions (Wet Van Dam), consumer subscriptions that automatically renew after the initial term may be cancelled by the consumer at any time with a notice period of no more than one (1) month. The Provider shall clearly communicate the renewal terms, cancellation procedure, and applicable notice period to the consumer prior to renewal. After the initial contract term, the subscription continues on a month-to-month basis and may be cancelled at any time.
For consumers, purchased top-up credits (not included in a subscription) remain valid for a minimum of six (6) months from the date of purchase, in compliance with applicable consumer protection rules regarding voucher and token validity. Subscription-included credits expire at the end of the applicable billing period.
In accordance with Regulation (EU) No 524/2013, consumers may submit complaints via the European Commission's Online Dispute Resolution platform at https://ec.europa.eu/consumers/odr. The Provider's contact email for consumer complaints is published on the Platform's contact page.
If any provision of these Terms is held to be invalid, illegal, or unenforceable by a court of competent jurisdiction, the remaining provisions shall continue in full force and effect. The invalid provision shall be replaced by a valid provision that most closely achieves the economic and legal purpose of the invalid provision.
These Terms, together with the Data Processing Agreement (Part 3), the Annexes, the Privacy Policy, and any order forms or separate agreements executed between the parties, constitute the entire agreement between the Provider and the Customer with respect to the subject matter hereof. These Terms supersede all prior and contemporaneous agreements, representations, and understandings, whether written or oral, relating to the Platform.
This Data Processing Agreement ("DPA") forms an integral part of the Terms & Conditions and governs the processing of Personal Data by the Provider on behalf of the Customer in connection with the Platform.
For the purposes of the GDPR, the Customer is the Controller and the Provider is the Processor with respect to Personal Data processed through the Platform. The Provider shall process Personal Data only on documented instructions from the Customer, as set forth in these Terms, unless required to do so by Applicable Law, in which case the Provider shall inform the Customer of that legal requirement before processing (unless prohibited by law from doing so).
The Customer's instructions are deemed to include: (a) processing necessary to provide the Platform services as described in these Terms and the Module descriptions in Annex I; and (b) processing initiated by authorised users through their use of the Platform.
The legal basis for processing is the performance of the contract between the Provider and the Customer (Article 6(1)(b) GDPR), and the Customer's legitimate interests in using AI-assisted procurement tools (Article 6(1)(f) GDPR), as applicable.
| Module | Categories of Personal Data | Data Subjects |
|---|---|---|
| Contract Intelligence | Names, contact details, job titles of contracting parties as contained in uploaded contracts | Employees, contractors, business contacts of Customer and counterparties |
| Negotiation Roleplay | Names and role descriptions entered by the Customer for scenario setup | Customer employees, fictitious personas |
| Supplier Discovery | Publicly available business contact information (names, email addresses, phone numbers, job titles) | Employees of potential suppliers |
| RFQ Analyzer | Names, contact details, and commercial terms as contained in uploaded RFQ documents | Employees and representatives of bidding parties |
| Slide Deck Builder | Names and titles of persons referenced in presentation content | Customer employees, stakeholders |
| Prompt Builder | Minimal — only if the Customer includes personal data in prompt text | As determined by Customer |
| News Feed | None (publicly available news content only) | N/A |
| Platform (general) | Account data: name, email, hashed password, subscription tier, usage logs, IP address | Customer users |
The Provider shall ensure that all persons authorised to process Personal Data have committed to confidentiality or are under an appropriate statutory obligation of confidentiality.
The Provider shall assist the Customer in fulfilling its obligations to respond to data subject requests (access, rectification, erasure, portability, restriction, objection) by providing appropriate technical and organisational measures, taking into account the nature of the processing. The Provider shall promptly notify the Customer if it receives a request from a data subject directly and shall not respond to such request without the Customer's prior authorisation, unless required by law.
The Provider shall notify the Customer of any Personal Data breach without undue delay and in any event within seventy-two (72) hours of becoming aware of the breach. The notification shall include: (a) the nature of the breach, including the categories and approximate number of data subjects and records affected; (b) the likely consequences of the breach; (c) the measures taken or proposed to mitigate the breach; and (d) the name and contact details of the Provider's data protection contact.
Upon termination of the contractual relationship, the Provider shall, at the Customer's election, return or delete all Personal Data processed on behalf of the Customer within thirty (30) days, unless retention is required by Applicable Law. The Provider shall provide written confirmation of deletion upon request.
For all data protection inquiries, data subject requests, or concerns regarding the processing of Personal Data, the Customer may contact the Provider at privacy@prompturement.com. The Provider shall respond to data protection inquiries within fifteen (15) Business Days.
The Provider may engage Sub-Processors to assist in providing the Platform services, subject to the conditions set forth in this Section. The current list of Sub-Processors is set forth in Annex IV.
Prior notification: The Provider shall notify the Customer at least thirty (30) days in advance of any intended addition or replacement of a Sub-Processor, including the identity, location, and services to be provided by the new Sub-Processor.
Objection right: The Customer may object to a new or replacement Sub-Processor on reasonable data protection grounds within the thirty (30) day notice period. If the Customer objects and the Provider cannot reasonably accommodate the objection, either party may terminate the affected services without penalty.
International transfers: Where Personal Data is transferred to a Sub-Processor located outside the European Economic Area (EEA), the Provider shall ensure that appropriate transfer mechanisms are in place, including but not limited to: (a) an adequacy decision by the European Commission; (b) Standard Contractual Clauses (SCCs) as approved by the European Commission; or (c) the EU-US Data Privacy Framework, as applicable.
The Provider shall implement and maintain appropriate technical and organisational measures to ensure a level of security appropriate to the risk, as further described in Annex III. These measures shall be reviewed and updated periodically to reflect changes in technology, threat landscape, and regulatory requirements.
The Customer (or an independent auditor appointed by the Customer) may audit the Provider's compliance with this DPA no more than once per calendar year, upon thirty (30) days' prior written notice. Audits shall be conducted during normal business hours and shall not unreasonably interfere with the Provider's operations. The Customer shall bear the costs of the audit unless the audit reveals a material breach by the Provider, in which case the Provider shall bear the reasonable costs.
The Platform uses strictly necessary cookies for authentication and session management (encrypted session cookie via iron-session). The Platform does not use third-party tracking cookies, advertising pixels, or cross-site analytics tools. No personal data is shared with analytics or advertising platforms.
Server-side logging is used for security monitoring, error detection, and abuse prevention. Logs are retained in accordance with the retention periods specified in Annex II.
The following Modules are available on the Prompturement platform as of the effective date of these Terms:
An AI-powered prompt engineering studio that helps users craft, refine, and optimise prompts for use with large language models. The module provides iterative scoring, automated improvement suggestions, and version history for prompt development workflows.
An interactive AI-driven simulation tool that allows procurement professionals to practise negotiation scenarios with configurable counterparty personas. The module generates realistic counterparty responses and provides post-session analysis and feedback to improve negotiation skills.
A document analysis module that uses AI and OCR (via Azure Document Intelligence) to extract, summarise, and analyse key terms, clauses, obligations, and risks from uploaded contracts and legal documents. Supports workspace-based organisation with document versioning.
An AI-assisted research tool that helps procurement professionals identify, evaluate, and compare potential suppliers based on specified criteria such as industry, geography, capabilities, and certifications. Results are generated from AI inference and publicly available information.
A document processing module that ingests Request for Quotation (RFQ) documents, extracts key commercial and technical parameters, and provides AI-generated comparative analysis, scoring, and recommendations to support bid evaluation processes.
An AI-powered presentation generator that creates procurement-focused slide decks based on user-provided topics, data, and parameters. The module generates structured slide content including titles, bullet points, talking points, and data visualisation suggestions.
An AI-curated procurement news aggregation module that collects and presents relevant procurement industry news, market developments, and regulatory updates from publicly available RSS feeds published by third-party media outlets. Article content is sourced from the respective publishers via their public RSS feeds and remains the intellectual property of the respective publishers. The Platform displays article titles, publication dates, brief excerpts, and links to the original source. Content is refreshed daily.
The following retention periods apply to data processed through each Module:
| Data Category | Retention Period | Notes |
|---|---|---|
| Account data (name, email, role) | Duration of account + 30 days | Deleted within 30 days of account closure |
| Authentication logs (IP, session) | 90 days | For security and abuse prevention |
| Usage logs and credit history | 12 months | For billing, analytics, and dispute resolution |
| Contract Intelligence — uploaded documents | Duration of workspace retention | Customer may delete workspaces at any time |
| Contract Intelligence — AI analysis | Duration of workspace retention | Linked to source document lifecycle |
| Negotiation Roleplay — session transcripts | Duration of account | Customer may delete individual sessions |
| Supplier Discovery — search results | Duration of account | Customer may delete saved results |
| RFQ Analyzer — uploaded documents | Duration of account | Customer may delete uploaded documents |
| RFQ Analyzer — AI analysis | Duration of account | Linked to source document lifecycle |
| Slide Deck Builder — generated decks | Duration of account | Customer may delete individual decks |
| Prompt Builder — saved prompts | Duration of account | Customer may delete individual prompts |
| News Feed — user preferences | Duration of account | No personal data stored beyond preferences |
| Payment data (Stripe references) | 7 years | As required by Dutch fiscal retention laws |
| AI Model inputs/outputs (at Google) | Not retained by Google | Per Google Gemini API data usage policy |
The Provider implements and maintains the following technical and organisational measures to protect Personal Data processed through the Platform:
The following Sub-Processors are engaged by the Provider as of the effective date of these Terms. This register is maintained in accordance with Part 3, Section 4 and will be updated with at least thirty (30) days' prior notice to Customers.
| Sub-Processor | Service | Data Processed | Location | Transfer Mechanism |
|---|---|---|---|---|
| Microsoft Azure (App Service) | Application hosting | All platform data | EU West (Netherlands) | N/A (EEA) |
| Microsoft Azure (SQL Database) | Relational data storage | User accounts, usage logs, credits | EU West (Netherlands) | N/A (EEA) |
| Microsoft Azure (Cosmos DB) | Document storage | Workspaces, contracts, supplier profiles | EU West (Netherlands) | N/A (EEA) |
| Microsoft Azure (Document Intelligence) | PDF/document OCR | Uploaded contracts, RFQ documents | EU West (Netherlands) | N/A (EEA) |
| Google (Gemini API) | AI text and image generation | User prompts, document excerpts | USA / Global | EU-US Data Privacy Framework |
| Microsoft Azure (Communication Services) | Transactional email delivery | Recipient email address | EU (Netherlands) | N/A (EEA) |
| Stripe, Inc. | Payment processing | Name, email, payment method | USA | EU-US Data Privacy Framework |
Previous versions of these Terms are available upon request by contacting legal@prompturement.com. Material changes between versions require re-acceptance by all existing users.
By creating an account on the Prompturement platform, clicking "I agree" or any equivalent affirmative action, or by continuing to use the Platform after these Terms have been made available, the Customer acknowledges that it has read, understood, and agrees to be bound by these Terms & Conditions in their entirety, including the AI Acceptable Use & Compliance Policy (Part 1), the Terms of Service (Part 2), the Data Processing Agreement (Part 3), and all Annexes.
For business customers, the person accepting these Terms represents and warrants that they have the authority to bind the organisation to these Terms.
OpenCost B.V. — Prompturement — Version 2.0 — Effective April 5, 2026