Xpolicy GmbH | Effective: January 19, 2026
Welcome to Xpolicy. Please read these terms carefully. By using the software, you confirm that you will comply with these rules.
Personalization: User access is personal and may only be used by the registered individual. Sharing access credentials (login/password, tokens, API keys) with third parties — including within the same organization — is prohibited.
Duty of Care: You are obligated to keep your password confidential. If you suspect that your access has been misused, you must notify Xpolicy or your administrator immediately.
Attribution of Actions: All actions performed through a user account are attributed to the client in whose workspace the user is operating.
Purpose: The software may only be used for conducting, preparing, supporting, or following up on audit, review, assessment, or compliance-related activities within the assigned workspace.
Prohibited Use: The following is specifically prohibited:
Software Protection: The software, including its architecture, logic, models, prompts, and evaluation mechanisms, is the intellectual property of Xpolicy GmbH. Copying, decompiling, or modifying the software logic (reverse engineering) is prohibited. It is expressly forbidden to use prompt reverse engineering, prompt injection, or similar techniques to extract or manipulate internal instructions (system prompts), algorithms, or logic of the AI-powered functions.
Accuracy: The software is designed for data entry by the user. The user (or their supervising client) is responsible for the accuracy and completeness of the entered data as well as the legal admissibility of uploaded content. Xpolicy does not perform any content review of submitted materials.
Third-Party Rights: You warrant that you hold the necessary rights for all uploaded documents and that no third-party rights (e.g., data protection or copyright) are infringed.
AI-powered analyses, suggestions, notes, maturity assessments, or formulations serve solely as support. They do not replace professional review, do not constitute a binding assessment, and do not establish any legal or normative statement. Responsibility for decisions, assessments, and audit findings always rests with qualified individuals.
The data protection role of Xpolicy (in particular data processing pursuant to Art. 28 GDPR) arises exclusively from the contract concluded between Xpolicy and the client. This EULA does not establish a separate data processing relationship with the user and does not replace a data processing agreement.
Logging: To enable team collaboration, the system logs which user uploaded or edited which documents.
Infrastructure: Data processing takes place on servers in Europe (Microsoft Azure). For details on data processing, please refer to the provided privacy policy.
Xpolicy or your administrator may suspend your access at any time if there is a reasonable suspicion of a violation of this EULA or if the underlying contractual relationship with the client ends.
Should any provision of this EULA be or become invalid, the validity of the remaining provisions shall remain unaffected.