Terms of Use (EU)

1. Scope and Acceptance

These Terms govern access to and use of CLM Forge by authorized users of customer organizations. By using the service, you confirm you are authorized by your organization and accept these Terms and the Privacy Notice.

These Terms apply both to CLM Forge provided as a hosted service and, where expressly agreed in writing, to CLM Forge deployed as a local runtime or hybrid processing solution in a customer-controlled environment.

Additional terms for local runtime or hybrid deployments are set out in the Local Runtime Addendum.

Service provider: Jane Doe Communication AB (org. no. 556663-5321), Björkvägen 20C, 191 41 Sollentuna, Sweden.

Veeva, Veeva Vault, and Veeva CLM are trademarks of their respective owners. CLM Forge is an independent software service and is not affiliated with, sponsored by, or endorsed by Veeva.

2. Service Description and Medical Disclaimer

CLM Forge is a technical content conversion platform. It does not provide medical advice, diagnostic output, or clinical decision support.

Depending on the agreed deployment model, CLM Forge may be made available as (i) a hosted SaaS service, or (ii) a local runtime / hybrid deployment where source files and generated outputs are processed and stored on customer-controlled systems while authentication, licensing, and limited operational metadata may still be handled through CLM Forge online services.

3. Eligibility, Accounts, and Security

• Use only assigned credentials and keep them confidential.
• Do not share accounts or bypass access controls.
• Report suspected unauthorized access immediately to info@janedoe.se.

3a. Local Runtime / Hybrid Deployment

Where CLM Forge is provided as a local runtime or hybrid deployment, Jane Doe Communication ABgrants the customer a limited, non-exclusive, non-transferable, and non-sublicensable right to install and use the software only for the customer's internal business purposes and only in the agreed environment.

Unless otherwise agreed in writing, customers may not redistribute, resell, sublicense, make the software available to third parties, or use the local runtime as a bureau, hosted processing, or service provider offering for external parties.

In local runtime or hybrid deployments, the customer is solely responsible for the configuration, security, maintenance, and compliance of its local environment, including infrastructure, storage, access controls, and backup procedures.

Additional terms for such deployments are defined in the Local Runtime Addendum.

4. Strict Data Upload Rule (Default)

Users and customers must not upload identifiable personal data for conversion workflows unless explicitly approved in a separate written agreement and appropriate controls are enabled.

Examples include:

• names and personal contact details,
• social security or national ID numbers,
• patient identifiers,
• gender where identifying in context, and similar identifying fields.

CLM Forge is not intended for the processing of special categories of personal data under Article 9 GDPR (including health data or patient identifiers), unless explicitly agreed in writing with appropriate controls enabled.

We may reject, remove, or require deletion of prohibited content and suspend access until remediation is completed.

5. Acceptable Use

• Use the service only for lawful business purposes.
• Do not upload malware or harmful code.
• Do not reverse engineer or disrupt normal service operation.
• Do not use the service in breach of GDPR, confidentiality, or IP rules.

In local runtime or hybrid deployments, customers are additionally responsible for ensuring that their local environment, devices, storage locations, and internal access permissions are appropriate for the sensitivity of the content they process.

5a. Reverse Engineering and Proprietary Rights Protection

Except to the extent mandatory applicable law expressly permits (including limited software interoperability rights), customers and users must not:

• reverse engineer, decompile, disassemble, decode, or otherwise attempt to derive source code or non-public APIs;
• extract or infer non-public algorithms, models, workflows, prompts, or system architecture from the service;
• scrape, harvest, or systematically extract non-public service data, metadata, or usage patterns;
• copy, reproduce, publish, or create competing products based on non-public features, documentation, or know-how;
• disclose or use confidential information or trade secrets obtained through service access beyond authorized use;
• perform or publish comparative testing or benchmarks without prior written consent from Jane Doe Communication AB.

Breach of this section is a material breach and may result in immediate suspension or termination, without prejudice to other contractual or statutory remedies.

6. Data Processing and Subprocessors

CLM Forge is designed for business use. For customer-provided workflow content (for example uploaded PPTX/PDF and generated outputs), your organization normally acts as the Data Controller and CLM Forge acts as a Data Processor under the applicable customer agreement and/or Data Processing Agreement (DPA). For CLM Forge's own administrative operations (such as account administration, service communications, and security/abuse prevention), we may act as a Data Controller as described in the Privacy Notice.

Where applicable, the processor obligations are set out in our Data Processing Agreement (DPA).

In local runtime / hybrid deployments, customer source files and generated outputs may remain stored on customer-controlled systems. In that model, the customer remains primarily responsible for local storage, access control, backup practices, and internal security of locally processed content, while CLM Forge online services may still process limited account, authentication, licensing, and operational metadata.

• Supabase (authentication, database, and optional storage fallback infrastructure).
• Cloudflare (R2 object storage for uploaded/generated files when configured).
• Transactional email providers for operational messages.
• Support and operational tooling providers under contract.
• Other contracted infrastructure providers required to run the service.

A current list of subprocessors (including purpose and location) is available upon request and may also be included in a Data Processing Agreement (DPA) where applicable.

6a. File Retention, Auto-Cleanup, and Deletion

Uploaded files and generated outputs are stored to process conversions and provide downloads. Files are automatically cleaned up after the applicable retention window unless they are pinned for extended retention or otherwise agreed in writing.

• Preview/intermediate files: approximately 21 days.
• Source files (PPTX, PDF, shared update zip): approximately 60 days.
• Final deliverables (CSV, slide zips, result packages): approximately 180 days.

Conversion run records may remain visible after associated files expire. If files expire, previews or downloads may become unavailable and re-upload or re-finalization may be required to regenerate them.

If you need longer retention, contact your account administrator or support before expiry to request extended retention (artifact pinning), where available. If a project is deleted, associated runs and stored files are deleted as part of the deletion workflow.

6b. AI and Automated Processing

CLM Forge may use automation to extract metadata and generate conversion outputs from uploaded files. We do not use customer-uploaded files or generated outputs to train public machine learning models, unless explicitly agreed in writing.

6c. Licensing, Validation, and Support for Local Deployments

Local runtime / hybrid deployments may require license validation, activation controls, version restrictions, or agreed support procedures. Unless otherwise agreed in writing, continued use of local deployments is subject to the applicable commercial license and support terms.

Customers are responsible for providing and maintaining a compatible local environment, including operating system, workstation or server resources, local storage, and internal network controls, unless these elements are expressly included in a signed services agreement.

7. Intellectual Property

CLM Forge software, platform materials, and documentation remain the property of Jane Doe Communication AB or its licensors. Customer retains rights in customer content and outputs, subject to rights needed to operate the service.

For local runtime / hybrid deployments, no ownership in the software is transferred. Only the limited usage rights expressly granted under these Terms and any applicable signed customer agreement are provided.

8. Suspension and Termination

We may suspend or terminate access for security reasons, legal requirements, non-payment under commercial terms, or material breaches of these Terms, including prohibited data uploads.

For local runtime / hybrid deployments, expiry, termination, or suspension of the applicable commercial license or support agreement may result in deactivation, non-renewal of license rights, or loss of access to updates, validation services, or support, subject to the signed customer agreement.

9. Disclaimers and Liability

The service is provided on an "as available" basis, except as otherwise agreed in signed customer agreements. CLM Forge is a technical conversion platform and does not provide medical advice, diagnostic output, or clinical decision support. Liability allocation and caps are governed by the applicable customer contract and mandatory law.

In local runtime / hybrid deployments, customer is responsible for the security, compliance, backup, configuration, and operational management of its own local environment, except to the extent otherwise expressly agreed in writing.

10. Governing Law and Updates

These Terms are governed by Swedish law, subject to mandatory legal protections. We may update these Terms from time to time. Material changes may require renewed acceptance before continued access.

10a. Cookies

CLM Forge uses only strictly necessary authentication/session cookies for core service operation and does not use marketing, profiling, or behavioral tracking cookies unless enabled separately in a future feature release.

For complete details, see our Cookie Notice.

11. Contact

General contact: info@janedoe.se

Legal contact: info@janedoe.se

Privacy contact: info@janedoe.se

Security contact: info@janedoe.se