Terms and Conditions (en)

PREAMBLE

This contract governs access to the SAMRoute software service, published by Oriskami SAS, for professional use. It distinguishes two Client categories based on subscription and billing:– ENTERPRISE Clients: direct engagement (quote/purchase order), no tacit renewal, terminable at any time with ninety (90) days’ notice.– non-ENTERPRISE Clients: simplified sign-up, monthly billing by automatic debit (Stripe), open-ended term, tacit monthly renewal, terminable at any time.ENTERPRISE status is stated in the quote/purchase order; otherwise the Client is non-ENTERPRISE. A status change may be requested at any time. A dedicated contact may be specified in the quote.Unless stated otherwise, these Terms apply to both categories; differences are set out in the relevant clauses.At contract end, the Provider provides export of Client Data (excluding Collateral) in a structured format (CSV, JSON, or equivalent), free of charge except for exceptional volume or specific technical constraints.The Provider may amend these Terms if the Service or regulations evolve. Any new version is notified; for non-ENTERPRISE Clients, it is deemed accepted at each renewal.

PURPOSE

This contract sets out the Terms under which the Provider grants the Client non-exclusive, non-transferable, and non-assignable access to a SaaS software Service (SAMRoute), for the duration and according to the conditions defined in the Subscription.

The Service

The Service provides access to software for risk analysis and modeling related to transport infrastructure. It relies on automated processing, including AI (notably generative), to enrich context, produce outputs, and support decision-making.The Service is for professional use only; it is not offered to consumers.Where AI is used, processing is performed for the Client’s benefit. Client Data is not used to train shared or public models; any AI subprocessor, where applicable, is contractually governed and limited to what is necessary.Upon reasonable request, the Provider may specify the AI subprocessors used, the purpose, and the relevant data categories, subject to confidentiality and security.

Infrastructures

The Service relies on two distinct technical infrastructures:– A high-availability cloud infrastructure, hosted by a third-party provider with enhanced guarantees (redundancy, security, monitoring), progressively deployed as specified in the offer.– A development infrastructure, used during configuration, prototyping, or customization. No continuous availability is guaranteed; occasional interruptions may occur (maintenance, connectivity, local constraints).

Location

Client Data is hosted exclusively within the European Union. Production is hosted with OVHcloud in France; development and testing are run at the Provider’s premises (Ille-et-Vilaine). Any exception requires prior written agreement.

Responsibility Limits

The Service is provided as-is, with no guarantee of outcome or sector-specific compliance. It is an analysis support tool; interpretation, use, and decisions remain the Client’s responsibility. The Provider is not liable for decisions made based on the results, nor for any non-compliance with laws, standards, or frameworks applicable to the Client.

ACCESS RIGHTS

This section sets out the conditions under which the Client may access the Service, based on the granted rights, permitted uses, and access methods, including API interfaces.

License of Use

For the term of the contract and subject to payment of amounts due, the Provider grants the Client a right to access and use the Service.This right is non-exclusive, non-assignable, and non-transferable. It allows the Client and its Users to access the Service remotely under these Terms.The Provider may offer enhanced access levels or customization in the quote.

Free Access

The Provider may grant free, temporary, or limited access (evaluation, testing, demo, pilot, beta). It is provided as-is, with no warranty, continuity, or support, unless expressly stated.Such access is not a purchase commitment and grants no additional rights beyond the stated period.Unless stated otherwise, it is disabled at the end of the period unless a paid subscription is entered into beforehand.

Authorized Use

Use of the Service is limited to the Client’s internal professional needs, within the Organizations linked to its Subscription, by its authorized Users. The Client is responsible for invitations, permissions, and access within its Organizations.A third party may access it only if expressly authorized by the Client (e.g., a subcontractor), solely for the Client’s needs and under equivalent confidentiality obligations. Any resale, sublicensing, or operation for a third party’s benefit is prohibited.

Access control

The diagram below illustrates roles between the Client, its Organizations, and Users.undefined

API Access

Access to the Service may include APIs. The Provider may govern their use (quotas, time windows, throttling) to keep volumes reasonable.In case of abuse or repeated overuse, the Provider may suspend API access, propose an upgrade, or apply an additional charge under the offer.Specific limits or availability commitments may be set out in an SLA/addendum.

Usage Limits

Unless stated otherwise, the Service includes default technical limits to preserve stability and performance.By default, per Client: up to 1 GB of imported files (S3) and 10,000 API calls per month. In case of overage or abuse, the Provider may notify, propose an upgrade, or limit access.

Monitoring

The Client ensures its Users comply with these Terms and promptly notifies the Provider of any non-compliant or suspicious use.

CONTRACT LIFECYCLE

This section covers the contract cycle: effective date, duration, renewal, suspension, and end.

Process

The diagram below illustrates the contract cycle.undefined

Start Date

The contract takes effect on the start date stated in the purchase order; failing that, on the Client’s signature date (“Effective Date”).

Duration

Duration depends on Client category: ENTERPRISE (annual or multi-year term per the offer); non-ENTERPRISE (open-ended, monthly billing).

Renewal

ENTERPRISE Clients: no tacit renewal. At expiry, the Provider may propose a new offer; without explicit acceptance, the contract ends.Contract end terminates Service access on the effective date, without prejudice to the right to export Client Data under the “Export” section.

Suspension

If a confirmed or suspected risk threatens the Service’s security, stability, or integrity (e.g., intrusion, abnormal overload, API abuse), or in case of persistent non-payment, the Provider may suspend access without prior notice. The Client will be informed as soon as possible. Suspension does not affect amounts due.

Termination by the Client

ENTERPRISE Client: may terminate at any time in writing (email or registered letter). It takes effect ninety (90) calendar days after receipt. The Provider acknowledges receipt and may propose a discussion, with no obligation of result.non-ENTERPRISE Client: open-ended contract with monthly renewal. Termination at any time via the interface or in writing. To take effect at the end of the current period, notice at least fifteen (15) days before the due date; no partial refund for a started period.

Early Termination

In case of a significant breach (technical, financial, or operational, including persistent non-payment), the other Party gives written notice and fifteen (15) calendar days to cure. Failing cure, it may terminate in writing. Any compensation requires direct, proven harm within contractual limits.For a serious or irremediable breach (e.g., IP infringement, fraudulent use), termination may be immediate without prior notice.The contract may be terminated by operation of law in case of business cessation, insolvency proceedings, or Force Majeure lasting more than thirty (30) days, with prompt notice.

End of Contract

On the effective date, Service access ends with no extension. Client Data export is governed by the “Export” section.Client Data (including imported files) is retained only during the export window, with no interactive access.Afterwards, unless required by law or retention is accepted in writing, it is deleted from active environments and may remain in backups until retention periods expire, with no guarantee of recovery.

Change of Control

If the Provider undergoes a change of control (merger, acquisition, asset transfer, change of majority shareholder), the contract remains in force under the same Terms unless stated otherwise. The Client will be informed within a reasonable timeframe. If this creates a proven risk of non-compliance, conflict of interest, or material loss of safeguards, the Client may terminate under these Terms.

PRICING

This section sets the financial terms for access to the Service. The Client pays the amounts due under the applicable purchase order or commercial offer.

Changes

Prices may change at the start of each new Subscription period (costs, inflation, repositioning).ENTERPRISE Clients: any change requires a new offer or purchase order and applies only after explicit acceptance.non-ENTERPRISE Clients: any change is notified at least thirty (30) days in advance; the Client may refuse by terminating before that date, without fees.

Taxes

Unless stated otherwise, prices are in euros excluding taxes; VAT and any applicable taxes are added on invoicing.Client established in another EU Member State with a valid intra-community VAT number: invoicing without VAT (reverse charge, Article 283-2 of the French Tax Code). The Client declares and pays VAT in its country.

PAYMENT

This section sets payment terms: accepted methods, deadlines, provisional access, and consequences of late or failed payment.

Methods

ENTERPRISE Clients: payment by bank transfer, upon invoice, within the deadlines set out in the contract or purchase order.non-ENTERPRISE Clients: SEPA direct debit via Stripe; other methods may be offered (card, PayPal) with possible fees. The Client authorizes debits and keeps details up to date.No early-payment discount unless expressly stated.

Term

Unless otherwise stated in the validated purchase order or commercial offer, payments are due within thirty (30) calendar days from the invoice date. For ENTERPRISE Clients, up to sixty (60) days may apply if expressly stated. Any period over thirty (30) days not agreed in writing is not enforceable against the Provider.

Temporary Access

Full activation of the Service may be subject to receipt of the initial payment. While pending, temporary limited access may be granted (read, browse, analyze), excluding import features (e.g., S3/Drive).

Late Payment

Any late payment automatically incurs, without prior notice, interest at the legal rate and the fixed recovery fee (Article L441-10 of the French Commercial Code), payable without reminder.

Non-Payment

Consequences of non-payment are set out in the “Early Termination” section.

CLIENT’S COMMITMENTS

This section sets out the Client’s commitments, including compliance with the agreement and applicable laws, Client Data management, access confidentiality, and cooperation in the event of an Incident.

Contract

The Client uses the Service in accordance with these Terms and applicable laws. The Client ensures access is limited to its Users for its internal professional needs.

Client Data

The Client is responsible for Client Data it transmits, stores, or processes via the Service (accuracy, legality, quality, relevance) and warrants it does not infringe third-party rights or applicable rules, including personal data, intellectual property, or public safety.The Provider performs no prior review of Client Data. The Client alone is responsible for verification and lawfulness.

Credentials

The Client keeps its credentials confidential and ensures their secure use. Any access using these credentials is presumed to be made by the Client, unless proven otherwise.

Cooperation

The Client reasonably cooperates with the Provider, especially in case of malfunction, fraudulent use, or suspected security issue, by providing useful information within a timeframe compatible with Service operations.

Breach

A breach may justify suspension of access or termination under these Terms. Suspension does not release the Client from paying amounts due.

PROVIDER’S COMMITMENTS

This section sets out the Provider’s commitments to deliver the Service, liability limits, and the terms for any SLA. It also reminds that the Service is a decision-support tool with no performance guarantee.

Best-Effort

The Provider delivers the Service diligently under a best-effort obligation.

Guarantee

The Provider does not guarantee correction of all errors or uninterrupted, defect-free operation, especially where the Service relies on shared infrastructure, ongoing changes, or third parties (connectivity, hosting, security).

Compliance

The Service is delivered as described in the validated commercial offer. The Client checks that features fit its needs.

Monitoring

The Provider monitors the Service and may collect usage data to ensure continuity, improve the Service, and detect abnormal usage, with anonymization or pseudonymization where applicable.

Logging

The Provider logs certain access and actions (logins, API calls, import or change operations). Logs are retained for a limited period and used for monitoring, security, abuse detection, and diagnostics.

Support

The Provider offers basic support on Business Days via the stated channels (account or documentation). It covers access, setup, and standard use, excluding customization. Responses are within a reasonable time, with no guaranteed times unless agreed. No default SLA. Enhanced support may be offered to ENTERPRISE Clients (dedicated channels, extended hours, named contact, guaranteed response times).

Liabilities

The Provider’s total liability, regardless of cause, is limited to the total amount (excluding tax) effectively paid by the Client in the twelve (12) months preceding the triggering event.The Provider is not liable for indirect, consequential, or non-material damages, even if foreseeable, including any loss of revenue, profit, data, business, reputation, or opportunity.The Service is a decision-support tool and does not replace the Client’s professional judgment or legal/regulatory obligations. The Provider is not liable for decisions made based on the results produced.The Provider is not liable for improper use of the Service, the Client’s breach of obligations, unverified decisions, or outages due to Force Majeure, failures, or third parties beyond its reasonable control.

Continuity

The Provider implements regular backups and technical monitoring to reduce data-loss risk. In case of a critical Incident, it will endeavor to restore the Service within a reasonable timeframe from the latest backups, with no guaranteed recovery time or point unless specifically agreed.

Evolution

The Provider may evolve the Service (modify, add, remove features) as part of its development, notably to improve quality, security, or relevance.The Provider will not remove an actively used major feature without at least thirty (30) days’ notice. If removal is planned, impact information and, where applicable, a fallback or alternative may be provided, especially for ENTERPRISE Clients.

AVAILABILITY

undefinedThis section covers Service availability, planned interruptions, and cases of suspension or limitation.undefined

Availability posture

Unless an SLA is expressly attached to or referenced in the purchase order, the Service is provided as-is under a best-effort obligation, with no availability, RTO, or RPO guarantee.Any availability commitment, where applicable, covers only the production cloud environment. Development, test, configuration, or prototyping environments are excluded and may be interrupted.Consequences of unavailability or degradation are governed by the liability limitations, notably in the “Liabilities” section.

Service Levels (SLA)

No SLA applies by default. Any SLA must be agreed in writing and attached to or referenced in the offer or purchase order.At the Client’s request, the Provider may propose a separate SLA stating the metrics and, where applicable, contractual credits exclusive of any other claim.

Scope of Commitments

Any availability commitment (contract or SLA) covers only the production cloud environment.

Maintenance and Scheduled Interruptions

The Provider strives to provide continuous access (24/7), subject to maintenance, Force Majeure, or events beyond its reasonable control. Scheduled interventions (updates, patches, improvements) may occur; except in emergencies, they take place outside business hours with prior notice.

Suspension for Security Reasons

If a serious, confirmed, or reasonably suspected threat affects the Service’s security, integrity, or stability (e.g., intrusion, API abuse, overload), the Provider may suspend access without notice and will inform the Client as soon as possible of the reasons.

Exclusions of Liability

The Provider is not liable for interruptions or degradation caused by external factors (power, network, Client configuration) or Force Majeure.

DATA PROTECTION

This section governs Personal Data processing under the GDPR, defining roles, responsibilities, and security measures for use of the Service.

Roles (GDPR)

Unless stated otherwise, the Provider acts as a GDPR processor on behalf of the Client, who is the controller for Personal Data transmitted, collected, or generated via the Service.The Provider does not process Client Data without the Client’s written instruction or approval. The Client remains responsible for data-subject information duties and lawfulness.

Public Data

The Provider may index information from publicly accessible documents to enable Users to search and consult it.Such indexing may include the names and official roles of signatories acting in an official capacity, as stated in the document, solely for attribution and source traceability.This processing is based on the Provider’s legitimate interest, with no enrichment by private contact details, no advertising use, and no combination with Client Data for profiling.The Provider reviews correction or de-referencing requests in case of inaccuracy or excessive scope.

Client Data

The Client remains the owner of Data submitted or collected through the Service. The Provider uses it only to perform the contract, operate the Service, and display results (visualizations, reports). Any other reuse requires the Client’s prior written consent.The Client warrants that Personal Data processed through the Service is lawfully collected and that data subjects are informed as required by law.Client Data export terms are set out in the “Export” section.

Processing

The Provider implements technical and organizational measures appropriate to the risks, depending on the relevant environment.In the production cloud environment, Personal Data is encrypted at rest and protected by access control, traceability, and resilience measures. Access is limited to authorized staff and security events are monitored.In development, processing runs on separate infrastructure not intended for final use. Encryption at rest is not systematic; proportionate measures apply, with restricted access and appropriate monitoring.

Subprocessors

The Provider may use third-party services for hosting, storage, or payment processing (e.g., OVHcloud, Stripe). They act only to provide the Service and are bound by equivalent confidentiality and security obligations.The Provider may process usage data for security, monitoring, and improvement (logging, metrics). It may include technical identifiers and does not include content or Client Data as defined herein, unless expressly stated.Third-party audience analytics tools, if any (website or public pages), are separate from the Service and do not receive Client Data; their use is governed to avoid transfers outside the EU.No Client Data is transferred outside the EEA without GDPR-compliant safeguards (SCCs, adequacy decision, etc.).

Specific agreement (DPA)

A Data Processing Agreement (DPA) may be executed between the Parties. It specifies purposes, data categories, security measures, retention periods, and procedures for exercising rights.

Notification

In the event of a Personal Data breach, the Provider will notify the Client as soon as possible to enable compliance with applicable obligations.

Privacy Policy

A separate privacy policy is available at: www.samroute.com/privacy

INTELLECTUAL PROPERTY

This section sets out the intellectual property rights related to the Service, Documentation, and exchanged data, and distinguishes Provider and Client rights.

Provider Rights

The Provider retains all intellectual property rights in the Service, its components, interfaces and Documentation, and any evolutions, including those based on Client suggestions, unless otherwise agreed in writing.Technico-scientific Collateral remains the Provider’s exclusive property, even when derived from processing Client Data.If a development is commissioned or co-funded by the Client, a written agreement may define reuse, licensing, or co-ownership rights. Otherwise, no rights are transferred.

Client Rights

The Client has a non-exclusive, non-transferable right to use the Service for the duration of the Subscription, under these Terms. This right is limited to the Client’s internal professional use by its authorized Users.Unless agreed in writing by the Provider, the Client may not reproduce, modify, distribute, or make any part of the Service available to third parties (sale, sublicense, API), nor allow indirect access (extraction, reverse engineering).By exception, the Client may share “non-re-executable” excerpts of Collateral with trusted third parties, subject to attribution, integrity, and non-commercial use.The Client may retain and archive, for internal purposes, the reports and restitution materials made available during the Subscription. This does not grant any right in the Service nor in the methods, models, pipelines, schemas, or mechanisms enabling re-execution.Any unauthorized dissemination for commercial, institutional, or public purposes is a material breach and may result in suspension or termination, and any appropriate action.For clarity, the standard export covers Client Data only (uploaded files, data entered or annotated, provided metadata, exportable configuration parameters). It does not include Collateral (scores, indicators, aggregations, enrichments, rendered map views, models) unless specifically agreed.

Protected elements

Protected elements include: Service technical data, pricing/financial terms, deployment strategies, analysis or modeling documents, internal legal guidance, source code, technical documentation, and non-public Client Data.These elements fall under the “Confidential Information” clause. Obligations apply during the contract and for five (5) years after it ends, unless the law requires otherwise.

Commercial reference

Unless the Client objects in writing, the Provider may mention the Client’s name, logo, and industry sector as a commercial reference (website, presentations, RFP responses). For ENTERPRISE Clients: (i) the Client may request removal of all or part of these items for future publications only, with no retroactive effect, and the Provider will comply within a reasonable timeframe; (ii) the Client may require prior approval for any new use of the logo. Unless option (ii) is requested, no prior-approval process applies.

Project and content communications

Any communication that quotes the Client, reproduces content, or links the Client to an identified project, site, territory, result, or operational use requires the Client’s prior written approval where the Client is identifiable. This does not restrict the commercial reference above, nor the release of generic, aggregated, or anonymized results.

CLIENT RIGHTS UPON EXIT

This section sets out the Client’s rights at contract end, including Client Data export, any related costs, and handling of residual data.

Export

For thirty (30) calendar days after contract end, the Client may request in writing export of its Client Data. Any request received within this period will be processed, without maintaining Service access, even if delivery occurs later.The export is provided in a machine-readable format (CSV, JSON, or equivalent) and covers only Client Data as defined herein. Collateral (reports, views, rendered summary exports) is excluded unless specifically agreed.During the Subscription, the Client archives the reports and restitution materials it needs. This is separate from Client Data export and does not require additional services.

Costs

Export is free unless exceptional volume or technical complexity applies (e.g., returning files from object storage). In that case, the Provider informs the Client and issues a quote; export is performed only after written acceptance.

Transition

The Parties may agree on a transition phase. If none is agreed, transition is limited to Client Data export under the “Export” section.Any additional assistance (migration, reformatting, reconciliation, field mapping, extended extraction, support) is a separate service subject to a quote and prior written acceptance (purchase order or addendum).The Provider has no obligation to (re)deliver Collateral beyond what was made available during the Subscription, nor to recreate results.

Residual Data

After deletion from active environments, Client Data may remain in automated backups, with no operational use, until the Provider’s standard retention cycle expires.

APPLICABLE LAW AND JURISDICTION

This section sets the applicable law and dispute resolution rules.This contract is governed by French law.

Amicable Resolution

In the event of a contract-related dispute, the Parties will seek an amicable resolution in good faith before any legal action.

Jurisdiction

Between professionals and subject to mandatory applicable rules (including EU rules), any dispute not resolved amicably falls under the courts materially competent within the jurisdiction of Rennes (France), unless otherwise stated in the purchase order.This jurisdiction clause is agreed between professionals within the meaning of Article 48 of the French Code of Civil Procedure. The Parties may agree otherwise in writing.

SERVICE LEVEL AGREEMENT (SLA)

This annex applies to ENTERPRISE Clients only if attached to or referenced in the purchase order. Otherwise, no SLA applies.The fields below must be completed. If not, they are deemed “undefined”.

Contractual Parameters

Client concerned:Validity period:Scope: production cloud environment only.

Provider Commitments

Availability:Support window:Response time:RTO (if applicable):RPO (if applicable):

Exclusions and Limitations

The SLA does not cover interruptions due to planned maintenance, Force Majeure, or external causes or causes attributable to the Client.No SLA is enforceable outside the scope or without express written acceptance.

CONFIDENTIALITY

This annex consolidates the confidentiality clauses contained in the Terms.If there is any discrepancy, the source clause prevails. This annex does not amend the contract.

Pre-signature Protection

Any Confidential Information shared before signature (demos, technical exchanges, documents) is treated as if shared after signature.

Duration and Exceptions

Unless stated otherwise, confidentiality applies during the contract and for five (5) years after it ends.It does not cover information that is (i) public, (ii) independently known, or (iii) lawfully received from a third party without restriction.

Extracted Clauses

DEFINITIONS

The definitions below set the meaning of the contract’s terms. They apply to all clauses unless stated otherwise.

The Parties and Their Roles

Contractual Scope

Data

General Terms of Application

Risks and Exceptions