Terms of Service
Multi-jurisdictional B2B SaaS terms (AU default; EU + UK + US carve-outs preserved). By signing up or entering a paid engagement, you accept these Terms.
01Plain English summary (read this first)
- Who you are: an authorised representative of a business that uses Xlooop for AI-assisted work delivery + audit-grade evidence
- What you pay: per the tier you select (Discovery · Pilot · Production POC · Annual licence) — see Pricing
- What we promise: to operate the service to a reasonable professional standard, with the level of care typical for B2B SaaS
- What we don't promise: that AI outputs are always accurate; you remain responsible for your work + your customers
- Liability cap: fees paid in the prior 12 months (standard B2B SaaS pattern)
- IP: you own your data + your customer record; we own the platform + improvements derived at platform level
- Termination: either side can terminate per the notice provisions; you can export your data
- Jurisdiction: New South Wales, Australia as the default governing law + forum, with regional consumer-protection rights preserved
- Multi-region: EU + UK + US customers retain statutory consumer protections (these can't be excluded by contract)
02Order of precedence
If terms conflict, this is the order (highest first):
- Mandatory statutory consumer protections in your region (cannot be excluded by contract)
- Your Order Form (the signed engagement document)
- Any Addendum explicitly signed by both parties (DPA · SLA Addendum · Region-Specific Addendum)
- These Terms of Service
- The Privacy Policy
- The Acceptable Use Policy
- The Sub-Processor List
03Definitions
- "Xlooop", "we", "us", "our" — ADEVI PTY LTD (trading as Xlooop), ABN 80 627 916 698, ACN 627 916 698, Australian-headquartered.
- "Customer", "you", "your" — the legal entity that signs an Order Form OR signs up for a Xlooop workspace.
- "Authorised User" — an individual you authorise to access your workspace.
- "Service" — the Xlooop platform: workspace · canvas · documents · audit ledger · 6-role panel · customer-facing record surface · AI agent team · all associated features.
- "Customer Data" — any data you (or your Authorised Users) input to the Service, OR that flows in through your connected tools, OR that the Service produces about your engagements.
- "Customer Record" — the audit-grade, reviewer-signed evidence artefact the Service produces for your customers.
- "AI Agent Team" — the 6-role panel + the deeper agent fleet at /ai-team.
- "Sub-Processor" — third-party service we use to deliver the Service.
- "DPA" — Data Processing Agreement, separate addendum incorporating EU SCCs + UK IDTA + APP 8 schedules where applicable.
04The Service
3.1 What we provide
We provide the Service as described at xlooop.com + in your Order Form.
3.2 Authorised Users
You're responsible for your Authorised Users' use of the Service.
3.3 Service tiers
Equivalents in EUR / GBP / USD at the FX rate at invoice date, plus applicable VAT / GST / sales tax per your region.
3.4 Service levels
Production POC + Annual licence tiers have separate SLA Addendum. Discovery + Pilot tiers operate on commercially reasonable best-efforts basis.
3.5 Support
Per your tier. All tiers include support via hello@xlooop.com (2 AU business days target). Higher tiers include dedicated Chief-of-Staff support.
05Your obligations
4.1 Authority + consent
- You have authority to bind your entity to these Terms
- You have obtained all necessary consents from your customers + your customers' customers
- Your use of the Service complies with all applicable law in your jurisdiction
4.2 Acceptable use
You + your Authorised Users will: comply with the Acceptable Use Policy; not attempt to circumvent the 6-role authority gates; not use the Service for unlawful purposes; not upload data outside the scope of consent; not introduce malware; not reverse-engineer (except as law expressly permits); not use the Service to compete with Xlooop; not violate export controls or sanctions.
4.3 Customer Data accuracy
You're responsible for the accuracy + lawfulness of Customer Data.
4.4 AI output review
AI outputs are inputs to your review, not substitutes for your professional judgement.
06Intellectual property
5.1 You own your Customer Data
You retain all right, title, and interest in: Customer Data you upload or that your connected tools provide; Customer Records the Service produces for your customers; your trade marks, brand, and confidential business information.
5.2 We own the Platform
We retain all right, title, and interest in: the Service (software · models · design · architecture); aggregated, de-identified usage data (we may use this to improve the Service; we do not re-identify or sell); our brand · marks · confidential information; improvements to the Service we author.
5.3 Licence we grant you
Non-exclusive, non-transferable, revocable licence to access + use the Service for your internal business purposes during the term.
5.4 Licence you grant us
Non-exclusive, royalty-free, worldwide licence to process Customer Data only as needed to provide the Service; generate aggregated, de-identified data for Service improvement (no re-identification, no sale); display Customer Data + Customer Records back to you + your Authorised Users.
5.5 Feedback
If you give us feedback, we may use it without payment or attribution.
5.6 We will NOT train AI on your data
Contractual + technical commitment with our AI providers.
07Mutual IP indemnity
6.1 We indemnify you
We will defend you against claims that your authorised use of the Service infringes a third-party patent, registered trade mark, copyright, or trade secret in your jurisdiction. Exclusions: modifications without our consent · use outside Order Form scope · combinations with non-Xlooop products causing the infringement.
6.2 You indemnify us
You will defend us against claims arising from your breach of these Terms or the AUP; Customer Data you upload (IP · defamation · privacy · confidence); your customers' use of Customer Records you provide them.
6.3 Indemnification mechanics
Each party will: notify the other promptly; permit the other to control defence and settlement (no admission without consent); cooperate at the indemnifying party's reasonable expense.
08Data + Privacy
7.1 Privacy Policy
Multi-jurisdictional Privacy Policy governs personal information handling per AU APPs · EU GDPR · UK GDPR · CCPA/CPRA + comparable US state laws.
7.2 Data Processing Agreement (DPA)
The DPA is a separate addendum incorporated by reference. It includes EU SCCs (2021) Module 2 / 3, UK IDTA, APP 8 schedule, Article 28 GDPR + comparable obligations. By signing up + connecting tools, you accept the DPA.
7.3 Data Sovereignty
See Data Sovereignty for multi-region residency options (AU default · EU · UK · US).
09Pricing + payment
8.1 Fees
As specified in your Order Form. AUD is the contracting currency unless otherwise agreed. EU customers — VAT applied per Member State + EUR equivalent at FX at invoice date. UK customers — VAT applied + GBP equivalent. US customers — sales tax per applicable state nexus rules + USD equivalent. AU customers — GST applied + AUD.
8.2 Invoicing
Per your Order Form. Payment terms: 30 days from invoice date unless otherwise stated.
8.3 Late payment
Late payment may incur interest at the Reserve Bank of Australia cash rate + 3% per annum (or the equivalent statutory rate in your jurisdiction where higher).
8.4 Disputed amounts
Notify within 30 days of invoice date; we resolve in good faith; undisputed portions remain payable.
8.5 Price changes
≥60 days notice for renewal-term changes. Terminate without penalty at end of current term if you disagree.
10Term + termination
9.1 Term
Per your Order Form. Month-to-month from acceptance if not specified.
9.2 Termination for convenience
9.3 Termination for cause
Either party may terminate immediately for material breach uncured within 30 days of written notice (7 days for uncurable / harmful breaches), or for insolvency / administration / winding up / cessation.
9.4 Effect of termination
Your access ends · we retain Customer Data per Privacy Policy §9 · you may export Customer Data + Customer Records within 90 days · we refund prepaid unearned fees if you terminate for our uncured material breach · Survival: §5 IP · §6 Indemnity · §10 Confidentiality · §12 Liability · §21 General.
9.5 Sterile teardown (operator commitment)
scan_customer_safe_bundle.py runs on your export bundle before transmission to prevent cross-customer leakage.
11Confidentiality
Standard mutual confidentiality. Each party will: use Confidential Information only to perform under these Terms; protect with reasonable care; disclose only to need-to-know representatives bound to equivalent confidentiality; return or destroy on termination (subject to legal retention).
12Warranties + disclaimers
11.1 Mutual warranties
Each party warrants authority + applicable-law compliance.
11.2 Service warranties
- Provided with reasonable care + skill expected of a professional B2B SaaS
- In accordance with Order Form + site description at signup
- Free from known malware
11.3 Disclaimer (subject to regional carve-outs)
To the maximum extent permitted by applicable law, the Service is provided "as is". We disclaim implied warranties (merchantability · fitness for purpose · non-infringement) except consumer guarantees that apply and cannot be excluded under your regional law.
11.4 Specifically, we do NOT warrant
- That AI outputs are accurate, complete, or fit for any particular customer decision — you remain responsible
- That the Service will be uninterrupted (high-availability target; SLA Addendum applies where in effect)
- That the Service will satisfy specific regulatory requirements that apply to your business
11.5 Mandatory regional consumer protections
Nothing in these Terms excludes, restricts, or modifies any consumer guarantee, statutory right, or other protection that cannot be excluded under applicable law in your jurisdiction. Australia — Australian Consumer Law (Schedule 2, Competition and Consumer Act 2010 (Cth)). EU — Consumer Rights Directive + Member State law. UK — Consumer Rights Act 2015 + DMCC Act 2024. US — state UDAP statutes + FTC Act §5.
11.6 B2B nature
Xlooop is designed as a B2B service. We contract with legal entities, not individual consumers. To the extent any user is deemed a consumer under applicable law, §11.5 applies.
13Limitation of liability
12.1 Liability cap
To the maximum extent permitted by applicable law, each party's aggregate liability arising out of or in connection with these Terms is limited to the fees you paid (or were payable) in the 12 months immediately preceding the event giving rise to the liability.
12.2 Exclusions from liability
Neither party is liable for indirect, consequential, special, exemplary, punitive, or incidental damages — including lost profits, lost revenue, lost data, loss of business opportunity, lost goodwill — even if advised of the possibility.
12.3 Carve-outs (cap + exclusions do NOT apply to)
- Your obligation to pay fees
- Either party's indemnity obligations under §6
- Breaches of confidentiality (§10)
- Either party's wilful misconduct, gross negligence, or fraud
- Liability that cannot be limited under applicable law
- Material breach of Privacy Policy / DPA
14Compliance + statutory awareness
AU — Privacy and Other Legislation Amendment Act 2024 statutory tort (commenced 10 June 2025). EU — GDPR + EU AI Act (Regulation 2024/1689). UK — UK GDPR + DPA 2018 + DUAA 2025. US — CCPA/CPRA + state UDAP + FTC §5 + Colorado AI Act 2026. Cross-cutting — anti-bribery + sanctions compliance (§15); Modern Slavery Acts (AU 2018; UK 2015).
15Suspension
We may suspend (with reasonable notice where possible) for: material payment overdue (after written notice); security risk to Xlooop or other customers; required by law or regulator; AUP breach causing harm. We try to suspend affected use only — not your entire workspace — where technically possible.
16Export controls + sanctions
Both parties comply with applicable export-control + sanctions law: AU Customs Act 1901 + DEC; UK Export Control Order 2008 + UK sanctions regime; EU Dual-Use Regulation (EU 2021/821) + EU sanctions regime; US EAR + OFAC + ITAR. You represent + warrant that you are not on any applicable sanctions list (OFAC SDN · UN Consolidated · EU consolidated · UK consolidated · DFAT consolidated); you will not use the Service to support sanctioned activities; you will not export the Service in violation of applicable export controls.
17Anti-bribery + anti-corruption
Both parties comply with: Criminal Code Act 1995 (Cth) Part 7.6 (AU foreign bribery); Bribery Act 2010 (UK); Foreign Corrupt Practices Act (US FCPA); comparable laws in your jurisdiction. Neither party offers or accepts anything of value to improperly influence official action.
18Modern slavery
Compliance with applicable modern-slavery legislation: AU Modern Slavery Act 2018; UK Modern Slavery Act 2015. We expect the same of our sub-processors.
19Notices
To Xlooop:
- Email (preferred): legal@xlooop.com (opens with a structured legal-correspondence template)
- Post: ADEVI PTY LTD — registered AU office address provided on request to legal@xlooop.com; supplied in any contract, NDA, or regulator response.
To you: via the email address on your workspace + the workspace itself. Notices effective on actual receipt (email) or 3 business days after posting.
20Force majeure
Neither party is liable for failure or delay caused by events outside its reasonable control. Affected obligations suspended; both parties cooperate to mitigate.
21Changes to these Terms
Material changes — ≥30 days notice via email + in-workspace banner. Terminate without penalty if you disagree. Non-material changes — take effect immediately; logged in the change-log.
22General
- Default governing law: New South Wales, Australia
- Default forum: NSW courts have exclusive jurisdiction for B2B disputes
- Regional consumer-protection override: §11.5 + §22 + §23 apply where statutorily required
- Entire agreement: these Terms + Order Form + Privacy Policy + DPA + AUP + Sub-Processor List
- No waiver, severability, assignment, independent contractors, electronic signature — standard commercial provisions
23Dispute resolution
Tiered B2B process: (1) good-faith negotiation 30 days from notice; (2) mediation — mutually-acceptable Australian mediator; (3) court — NSW exclusive jurisdiction. EU consumers may bring proceedings per Brussels I Recast (1215/2012) Article 18. UK / US / AU consumer rights to bring proceedings in their jurisdiction preserved. Either party may seek interim equitable relief from any court of competent jurisdiction.
24Regional addenda
- EU customers — EU Standard Contractual Clauses (Module 2 / 3) incorporated via the DPA
- UK customers — UK IDTA incorporated via the DPA
- California customers — Notice at Collection per CCPA s 1798.100 + Service Provider obligations per CCPA s 1798.140 incorporated
- HIPAA customers (US) — Business Associate Agreement (BAA) available on request
25Contact
Legal: legal@xlooop.com. All other: see Contact.
Three doors. Same destination: a firm whose AI work is provable.
Pick the one that fits where you are today — none commit you to anything.
Or simply email hello@xlooop.com — one human reads every message.