TERMS OF SERVICE
for the ESGdesk™ Platform
Version: v2.3 | Effective date: April 30, 2026
This document is provided in English as the official and legally binding version of the ESGdesk™ policies and agreements.
1. DEFINITIONS AND INTERPRETATION
For the purposes of these Terms of Service (hereinafter referred to as the "Terms"), the following terms shall have the meanings set out below. Words in the singular shall include the plural and vice versa, unless the context clearly indicates otherwise.
1.1 "Service" means the ESGdesk™ software-as-a-service (SaaS) platform operated by the Provider and made available via the domain https://www.esgdesk.ai, including all associated subdomains, user interfaces, dashboards, application logic, functionalities, updates, and related technical components, whether accessed via web browser or other supported means.
1.2 "Provider" means Vivopack sp. z o.o., a company duly incorporated and existing under the laws of the Republic of Poland, with its registered seat in Poland, entered into the National Court Register (KRS) under number 0000908021, holding NIP 5252867586 and REGON 389279414, acting as the legal entity responsible for the operation, maintenance, and provision of the Service.
1.3 "User" means any natural person who is authorized by the Customer to access and use the Service on the Customer's behalf, regardless of the scope of permissions granted to such person.
1.4 "Customer" means a legal entity or an entrepreneur acting in the course of its commercial or professional activity that enters into a subscription-based contractual relationship with the Provider for the use of the Service.
1.5 "Administrator" or "Admin" means a User designated by the Customer who is granted extended administrative rights within the Service, including the ability to manage Users, permissions, and reporting settings.
1.6 "Contributor" means a User designated by the Customer who is granted limited rights within the Service, primarily restricted to entering, editing, and viewing ESG Data for assigned locations and Reporting Years.
1.7 "Reporting Year" means a calendar year selected within the Service that serves as the operational and contextual framework for ESG data entry, review, aggregation, and report generation.
1.8 "ESG Data" means non-financial information entered or managed within the Service, including but not limited to data relating to environmental impact, energy usage, water consumption, waste management, employment, occupational health and safety, and related governance metrics.
1.9 "Content" means all data, information, text, notes, explanations, and other materials uploaded, entered, stored, or generated by or on behalf of the Customer within the Service.
1.10 "AI-Assisted Data Import" means a supportive technical functionality utilizing algorithmic processing and third-party artificial intelligence models to facilitate the extraction of preliminary information from documents provided by the Customer.
1.11 "Auditor" means a User designated by the Customer and granted strictly time-limited, read-only access to the Service for the purposes of independent review, verification, or assessment of ESG Data and related reports. An Auditor may not enter, edit, or delete ESG Data, manage Users, modify settings, or access billing information. Auditor access is granted for a fixed period of either 90 days or 180 days, as selected by the Customer's Admin, and expires automatically upon the end of the designated period.
2. SCOPE OF APPLICATION
2.1 These Terms govern all access to, use of, and interaction with the Service by Customers and Users and define the contractual relationship between the Customer and the Provider.
2.2 These Terms apply exclusively to business customers (B2B). Consumers within the meaning of Directive 2011/83/EU or corresponding national consumer protection laws are expressly excluded from using the Service.
2.3 Any general terms and conditions, procurement conditions, or similar documents of the Customer shall not apply, even if the Provider does not expressly object to them, unless the Provider has explicitly agreed to their application in writing.
3. SUBJECT MATTER OF THE SERVICE
3.1 The Service is a software-based tool intended to support Customers in the structured collection, internal organization, and management of ESG-related data, as well as in the generation of ESG reports in PDF and CSV format for internal use, stakeholder reporting, and audit support.
3.2 The Service does not constitute legal, regulatory, financial, auditing, or consulting advice, does not assess or certify regulatory compliance, and does not guarantee conformity with CSRD, ESRS, or any other national or international legal or reporting frameworks.
3.3 Mandatory Disclaimer.
ESGdesk is a software tool supporting structured ESG data collection and internal reporting. It does not provide legal or regulatory advice and does not guarantee compliance with CSRD, ESRS, or any other regulatory requirements.
3.4 Feature Updates and Changes. The Provider reserves the right to modify, update, improve, replace, suspend, or discontinue specific features, workflows, screens, or technical components of the Service from time to time, including as a result of security requirements, legal or platform constraints, performance optimization, or product development, provided that such changes do not materially reduce the core functionality of the Service as a structured ESG data collection tool and internal PDF reporting tool for the active subscription term.
3.5 Nature of AI Functionalities. The Customer acknowledges that AI-Assisted Data Import is an auxiliary feature based on third-party technologies (including but not limited to Google Cloud Platform infrastructure). Due to the probabilistic nature of AI, the Provider does not guarantee that the automated extraction will be error-free, and any such functionality is provided as an aid to, and not a replacement for, manual data verification.
4. ACCOUNT REGISTRATION AND ACCESS
4.1 Use of the Service requires the prior creation of a Customer account, which serves as a technical prerequisite for selecting a subscription plan and accessing the Service.
4.2 Account registration may only be completed by a person who is duly authorized to represent the Customer and to enter into binding contractual obligations on its behalf.
4.3 The Admin designated by the Customer is responsible for inviting Users, assigning roles and locations, managing Reporting Years, and controlling the opening and closing of Reporting Years within the Service.
4.4 The Customer bears full responsibility for all actions, omissions, and activities performed by its Users within the Service, regardless of their role or permission level.
4.5 Contract Formation at Plan Selection. The creation of an account is a technical pre-registration step and does not, by itself, grant the Customer the right to use the Service. The contractual relationship between the Customer and the Provider is concluded at the moment the Customer selects a subscription plan, including a free trial plan, and explicitly confirms acceptance of these Terms of Service and the applicable Privacy Policy through the mandatory confirmation mechanism provided within the Service; only after this step may the Customer and its Users access and use the functional components of the Service.
4.6 Transactional Email Communications. By registering an account and accepting these Terms of Service, the Customer and its Users consent to receive transactional and administrative emails necessary for the provision of the Service, including account confirmations, password resets, security notifications, billing updates, and service announcements. These communications are essential to the Service and cannot be opted out of while the subscription remains active.
5. ROLES AND PERMISSIONS
5.1 Admins are authorized to manage Users and locations, control the status of Reporting Years, and export ESG reports in PDF format, subject to an active subscription.
5.2 Contributors are authorized to enter and edit ESG Data solely for the locations assigned to them and shall have read-only access to data relating to closed Reporting Years.
5.3 Auditors are granted strictly read-only access to the Service for the duration of their designated access period (either 90 days or 180 days, as selected by the Admin). Upon being granted access, an Auditor automatically receives read-only visibility to all locations within the Customer's account. Auditors may view ESG Data, access report previews, and generate PDF and CSV exports. Auditors may view evidence file metadata (including filename, upload date, and SHA-256 integrity hash) but may not download evidence files. Auditors may not enter, edit, or delete any ESG Data; may not invite, modify, or remove Users; may not access or modify billing information or subscription settings; and may not change any account or system configuration. Auditor access expires automatically at the end of the designated access period and is subject to a session activity log maintained within the Service. The Customer remains fully responsible for all actions performed by Auditors invited by the Customer, including any use, disclosure, or distribution of ESG Data or exported reports by such Auditors.
5.4 The Provider shall not be responsible for the Customer's internal allocation of roles, permissions, or any misuse of access rights by Users.
6. REPORTING YEAR LOGIC
6.1 The Reporting Year constitutes a temporary working context within the Service and does not represent a permanent or immutable company setting.
6.2 The selected Reporting Year determines which data is visible, editable, and included in report previews and exports.
6.3 Once a Reporting Year is closed by an Admin, all associated data becomes read-only and may only be modified if the Reporting Year is subsequently reopened by an Admin.
7. SUBSCRIPTION MODEL, TRIAL AND LIMITS
7.1 The Service is provided exclusively on a subscription basis, available as monthly or yearly plans, divided into the following tiers:
7.1.1 Free Trial: A fourteen (14) day period limited to 3 AI-Assisted Data Imports, 2 locations, and 2 users, intended solely for technical evaluation.
7.1.2 STANDARD Tier: Limited to 30 AI-Assisted Data Imports per month, 5 locations, and 5 users.
7.1.3 PRO Tier: Subject to unlimited AI-Assisted Data Imports, unlimited locations, and unlimited users, governed by the Provider's Fair Usage Policy. The PRO tier additionally includes access to the Auditor access functionality, enabling the Customer to invite external Auditors with time-limited, read-only access as described in Section 1.11 and Section 5.3 of these Terms.
7.2 Upon expiration of the free trial or reaching the import limits, access to specific functionalities is suspended unless a paid subscription is activated.
7.3 The Service does not offer one-time report purchases.
8. PRICES AND PAYMENTS
8.1 All prices displayed on the Service website are exclusive of applicable value-added tax (VAT), unless explicitly stated otherwise.
8.2 Payments are processed via Stripe Payments Europe Ltd., Dublin, Ireland, acting as an independent payment service provider.
8.3 The Provider does not collect, process, or store payment card details.
8.4 In the event of failed, reversed, or overdue payments, the Provider reserves the right to suspend access to paid functionalities, including AI-Assisted Data Import and PDF/CSV export.
9. DATA RETENTION AND DELETION
9.1 ESG Data is retained for a period of five (5) full Reporting Years, calculated from the Customer's first active Reporting Year onward.
9.2 Data exceeding the applicable retention period is automatically and irreversibly deleted, unless a longer retention period is expressly agreed in writing.
9.3 The Customer expressly acknowledges and accepts this data retention and deletion policy.
10. CUSTOMER RESPONSIBILITIES AND DATA VERIFICATION
10.1 The Customer represents and warrants that all Content uploaded to the Service is accurate, lawful, and does not infringe the rights of third parties.
10.2 Mandatory Audit of AI Imports. The Customer acknowledges that AI-Assisted Data Import results are inherently preliminary. The Customer is strictly and solely responsible for the final verification and manual approval of any data imported through AI functionalities. Any data saved or used in reports shall be deemed as verified and approved by the Customer as their own data entry.
10.3 The Customer remains solely responsible for the correctness, interpretation, and regulatory use of ESG Data and any reports generated using the Service.
10.4 The Customer remains fully responsible for all actions performed by Auditors invited by the Customer, including any use, disclosure, or distribution of ESG Data or exported reports by such Auditors. See also Section 5.3.
10.5 Acceptable Use; No Misuse. The Customer shall ensure that the Service is used in a lawful and secure manner and shall not, and shall not permit any User or third party to: (i) attempt to access, view, extract, or infer data belonging to other customers; (ii) bypass, disable, or interfere with authentication, authorization, rate limits, security controls, or technical restrictions; (iii) reverse engineer, decompile, or attempt to derive source code or underlying ideas from the Service except to the extent expressly permitted by mandatory law; (iv) use the Service to transmit malicious code, perform scraping, or conduct automated extraction beyond normal use; or (v) use the Service in any manner that violates applicable law or infringes third-party rights.
11. AVAILABILITY AND MAINTENANCE
11.1 The Provider endeavors to ensure high availability of the Service but does not guarantee uninterrupted or error-free operation.
11.2 Scheduled maintenance may be carried out with prior notice where reasonably feasible.
11.3 Force Majeure. Neither party shall be liable for any failure or delay in performance to the extent caused by events beyond its reasonable control, including but not limited to outages or disruptions of telecommunications networks or cloud infrastructure, acts of government, war, terrorism, civil unrest, strikes or labor disputes, natural disasters, fires, floods, or other force majeure events, provided that the affected party uses reasonable efforts to mitigate the impact of such event.
11.4 Technical Dependencies. The Customer acknowledges that the Service's AI-Assisted Data Import features are dependent on external infrastructure providers, including Google Cloud Platform. The Provider shall not be held responsible for the unavailability of these features or for any discrepancies in data extraction resulting from technical failures, updates, or changes in the policies of such third-party infrastructure providers.
11.5 Service Level Commitment. The Provider targets a Service availability of 99.5% per calendar month, measured as the ratio of actual uptime to total time in the month, excluding scheduled maintenance windows. If availability falls below 99.5% in a given month, the Customer may request a pro-rata service credit equal to the proportion of downtime exceeding the threshold, applied to the next billing cycle. Service credits constitute the Customer's sole and exclusive remedy for unavailability.
11.6 Scheduled Maintenance. The Provider shall use commercially reasonable efforts to notify Customers at least forty-eight (48) hours in advance of any scheduled maintenance that is expected to materially affect the availability of the Service.
11.7 Security Suspension. The Provider reserves the right to suspend access to the Service without prior notice if the Provider reasonably determines that the Customer's use poses an imminent security risk to the Service or other customers. The Provider shall notify the Customer of any such suspension as soon as reasonably practicable and shall restore access promptly once the security concern has been resolved.
12. INTELLECTUAL PROPERTY
12.1 All intellectual property rights in and to the Service remain exclusively with the Provider.
12.2 The Customer retains ownership of its ESG Data.
12.3 No intellectual property rights are transferred except as expressly stated herein.
13. CONFIDENTIALITY
13.1 Both parties undertake to treat all confidential information obtained in connection with the Service as strictly confidential.
13.2 This confidentiality obligation shall survive termination of the agreement.
14. DATA PROTECTION (GDPR)
14.1 The Provider processes personal data in accordance with the General Data Protection Regulation (GDPR).
14.2 A separate Privacy Policy governs data protection matters.
14.3 The Data Processing Agreement (DPA) forms an integral part of these Terms and shall apply to all processing of personal data carried out by the Provider on behalf of the Customer in connection with the Service.
14.4 Controller and Processor Roles. The Customer acts as the data controller, and the Provider acts as the data processor, in relation to personal data processed through the Service on behalf of the Customer.
14.5 Sub-processors. The Provider engages the following categories of sub-processors to deliver the Service: cloud infrastructure (Lovable AB, Sweden), payment processing (Stripe Payments Europe Ltd., Dublin, Ireland), AI services (Google Cloud Platform, Google Ireland Ltd., Dublin, Ireland), error monitoring and diagnostics (Sentry — Functional Software, Inc., USA / EU), and email delivery services. An up-to-date list of sub-processors is available upon request at info@esgdesk.ai.
15. LIABILITY
15.1 The Service is provided on an "as is" and "as available" basis.
15.2 Exclusion of Liability for AI and Indirect Errors. The Provider shall not be liable for incorrect ESG reporting, regulatory non-compliance, business decisions, or any direct or indirect damages resulting from the use of AI-Assisted Data Import or unverified ESG Data. The Customer's failure to manually audit AI-extracted information constitutes a waiver of any claims against the Provider regarding data accuracy.
15.3 To the maximum extent permitted by law, the Provider's liability is limited to cases of intentional misconduct or gross negligence.
15.4 No "Fit for Purpose" Warranty. The Provider does not warrant and makes no representation that the Service, any report preview, any PDF export, or any output generated through the Service will meet the Customer's specific legal, regulatory, audit, compliance, procurement, or business requirements, or that such outputs will be accepted by any regulator, auditor, counterparty, or other third party.
15.5 Liability Cap (Aggregate). To the maximum extent permitted by applicable law, the Provider's total aggregate liability arising out of or in connection with these Terms or the Service (whether in contract, tort, including negligence, or otherwise) shall be limited to the total subscription fees actually paid by the Customer to the Provider for the Service during the twelve (12) months immediately preceding the event giving rise to the claim. This limitation shall apply cumulatively to all claims and shall not be interpreted to create any liability where none would otherwise exist under these Terms or applicable law.
16. TERMINATION
16.1 The Customer may terminate its subscription in accordance with the selected billing cycle.
16.2 The Provider may terminate the agreement for cause, including material breach of these Terms.
16.3 Post-Termination Data Export. Upon termination or expiration of the subscription, the Customer shall have a period of thirty (30) calendar days to export its ESG Data in CSV format. After this period, all Customer data may be permanently deleted in accordance with the Provider's data retention policies.
17. MODIFICATIONS TO THE TERMS
17.1 The Provider reserves the right to amend these Terms.
17.2 Customers shall be notified of material changes in an appropriate manner.
18. GOVERNING LAW AND JURISDICTION
18.1 These Terms of Service and any contractual or non-contractual obligations, claims, or disputes arising out of or in connection with them shall be governed by and construed in accordance with the laws of the Republic of Poland.
18.2 Any disputes, claims, or legal proceedings arising out of or in connection with these Terms of Service, the Service, or the contractual relationship between the Customer and the Provider shall be subject to the exclusive jurisdiction of the courts of the Republic of Poland.
19. ALTERNATIVE DISPUTE RESOLUTION
The Provider is neither obliged nor willing to participate in alternative dispute resolution procedures.
20. FINAL PROVISIONS
20.1 If any provision of these Terms is held to be invalid or unenforceable, the remaining provisions shall remain in full force and effect.
20.2 These Terms constitute the entire agreement between the parties and supersede all prior agreements or understandings.
20.3 Language Prevails. This English version of the Terms of Service shall prevail and be controlling in the event of any discrepancy, conflict, or inconsistency between this English version and any translation, summary, or localized version made available for convenience.
20.4 Language of Agreement. The Customer acknowledges that these Terms are provided in English and agrees that English shall serve as the contractual language. Customers domiciled in Poland expressly waive any claims arising from the absence of a Polish-language version of these Terms, to the extent permitted by applicable law.
Document History
| Version | Date | Summary of Changes |
|---|---|---|
| v2.3 | 30.04.2026 | Removed "Limitless" auditor access option from §1.11 and §5.3 — auditor access is now strictly limited to either 90 or 180 days, harmonized with DPA v2.1 §11.4 and the platform UI. Updated §14.5 sub-processor reference from "Lovable Technologies GmbH, Berlin, Germany" to "Lovable AB, Sweden" reflecting the corporate entity rename. |
| v2.2 | 14.03.2026 | Initial published version. |
