English العربية Español
Request Demo
Request Demo

Subscription Terms and Conditions

Last updated: 3 January 2026

The legal terms and conditions governing your subscription to WeSoar services.

PLEASE READ THE FOLLOWING TERMS AND CONDITIONS CAREFULLY BEFORE ORDERING ANY SERVICES FROM THIS WEBSITE

This Agreement is a legal agreement between you (Customer or you) and WESOAR LIMITED a company incorporated in England and Wales under number 11932816 whose registered office is at Office One, 1 Coldbath Square, Farringdon, London, EC1R 5HL (Supplier, us or we) governing our provision of the Services. The Services are subject to these terms and conditions and by placing an Order you are deemed to have agreed to and accepted these terms and conditions.

1. Definitions and Interpretation

In this Agreement:

  • Acceptable Use Policy means the terms and conditions to be adhered to by all users accessing the Cloud Services as set out at Schedule 1;
  • Adverse Events means any unauthorised or unlawful processing, unauthorised or accidental access or disclosure, loss of, damage to or destruction of Customer Data;
  • AI Systems means artificial intelligence and machine learning technologies utilised by the Supplier to provide workforce analytics, skills matching, and talent recommendations;
  • Business Day means a day other than a Saturday, Sunday or bank or public holiday in England;
  • Cloud Services means the Supplier's services described in the online purchase process at wesoar.ai;
  • Commencement Date means the date of the Supplier's written acceptance of the Order;
  • Confidential Information means any information relating to the business, affairs, operations, processes, budgets, pricing policies, product information, strategies, developments, trade secrets, know-how, personnel, customers and/or suppliers of the disclosing party;
  • Customer Data means all information, data and content provided by the Customer or by an End User to the Supplier;
  • Data Subject means an identified or identifiable natural person whose Personal Data is processed;
  • End Users means any person authorised to use the Services by the Customer;
  • Fees means the fees as set out in the Order;
  • Intellectual Property Rights means copyright, patents, rights in inventions, trade marks, design rights, database rights, domain names, rights in computer software and all similar rights;
  • LLM means large language model, a type of artificial intelligence system;
  • On-Premises Deployment means deployment of the Services within the Customer's own data centre infrastructure;
  • Order means the Customer's order for the Services via the online purchase process at wesoar.ai;
  • Personal Data means any information relating to an identified or identifiable natural person as defined under applicable Data Protection Laws;
  • Personal Data Breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data;
  • Processing means any operation performed on Personal Data, including collection, recording, organisation, storage, adaptation, retrieval, consultation, use, disclosure, or erasure;
  • Service Hours means 24 hours a day, seven days a week;
  • Services means the Cloud Services together with the performance of all other obligations of the Supplier under this Agreement;
  • Sub-processor means any third party engaged by the Supplier to process Personal Data on behalf of the Customer;
  • System means the systems owned, controlled, operated and/or used by the Supplier to supply the Services;
  • Term means the effective term of this Agreement as set out in clause 3.1;
  • VAT means United Kingdom value added tax.

2. Application of this Agreement

2.1 This Agreement constitutes the entire agreement between the Supplier and the Customer and supersedes any previously issued terms and conditions of purchase or supply.

2.2 No terms or conditions endorsed on, delivered with, or contained in the Customer's purchase conditions, order, confirmation of order, specification or other document shall form part of this Agreement except to the extent that the Supplier otherwise agrees in writing.

2.3 No variation of this Agreement or to an Order shall be binding unless expressly agreed in writing and executed by a duly authorised signatory on behalf of each of the Supplier and the Customer respectively.

3. Commencement and Term

3.1 This Agreement shall commence on the Commencement Date and, unless terminated earlier in accordance with clause 15 or otherwise in accordance with the provisions of this Agreement, continue unless or until terminated by either:

  • the Customer giving not less than three month's written notice; or
  • the Supplier giving not less than three month's written notice.

4. Provision of the Services

4.1 With effect from the Commencement Date, the Supplier shall provide and make the Services available during the Service Hours in accordance with the provisions of this Agreement and all Applicable Laws.

4.2 The Customer shall have the right to use the Services in accordance with the terms and conditions of this Agreement.

4.3 The Supplier shall use reasonable endeavours to give the Customer at least seven Business Days prior written notice of any scheduled maintenance to the Services.

4.4 The Supplier shall be entitled to improve or update the Services without the Customer's prior consent and shall use reasonable endeavours to give the Customer at least seven Business Days prior written notice of any improvement or update to the Services.

5. Training and Operations Manual

5.1 At the Customer's request, the Supplier shall provide a facility to resolve questions that the Customer may have from time to time regarding the operation and use of the Services.

5.2 The Supplier shall maintain and make available to the Customer a digital operations manual providing a description of the operating processes and systems related to the Services.

6. Use of the Services

6.1 The Supplier grants the Customer and the Customer's End Users access to the Services throughout the Term of this Agreement.

6.2 The Customer shall use the Services in accordance with the Acceptable Use Policy and shall ensure that its End Users are aware of and comply with the terms of the Acceptable Use Policy when using the Services.

6.3 The Customer retains the right to use the Services to access and retrieve all or any part of the Customer Data at any time during the Term.

7. Misuse of the Services

7.1 Where the Supplier has evidence that an End User has breached the Acceptable Use Policy in a manner which is illegal, the Supplier shall have the right to suspend the End User's access to the Cloud Services and remove any Customer Data causing the breach from the Cloud Services.

7.2 The Supplier reserves the right to monitor all comments and to remove any comments which can be considered inappropriate, offensive or causes breach of these Terms and Conditions.

8. Fees and Payment

8.1 The Customer shall pay the Fees as set out in the Order in accordance with the payment terms specified therein.

8.2 All Fees are exclusive of VAT and any other applicable taxes, which shall be payable by the Customer at the rate and in the manner prescribed by law.

8.3 If the Customer fails to make any payment due under this Agreement by the due date, the Supplier may charge interest on the overdue amount at the rate of 4% per annum above the Bank of England base rate.

8.4 The Supplier reserves the right to review and adjust Fees annually upon not less than 30 days' written notice to the Customer.

9. Intellectual Property Rights

9.1 The Supplier hereby grants the Customer a non-exclusive, sublicensable, worldwide, royalty free licence for the Term to access and use the System and the Services.

9.2 The Customer hereby grants to the Supplier a non-exclusive, revocable, worldwide, royalty free, non-transferable and non-sublicensable licence to use the Customer Data solely and to the extent necessary to provide the Services.

9.3 Except as expressly agreed in this clause 9, no Intellectual Property Rights of either party are transferred or licensed as a result of this Agreement.

10. Customer Data

10.1 The Supplier shall use reasonable endeavours to deal with all enquiries from the Customer relating to the processing of Customer Data within a reasonable period of time.

10.2 The Customer Data shall be and remain the property of the Customer and the Supplier shall not delete or remove any proprietary notices or other notices contained within or relating to the Customer Data.

10.3 Subject to clause 10.5, the Supplier shall not, without the prior written consent of the Customer, disclose or copy the Customer Data other than as strictly necessary for the performance of the Services.

10.4 Customer Data shall not be used for training third-party AI models unless expressly authorised in writing by the Customer.

10.5 The Supplier may use anonymised and aggregated data derived from Customer Data for the purposes of improving the Services, provided that such data cannot be used to identify any individual Data Subject or the Customer.

11. Warranties

11.1 The Supplier warrants that the Services will be provided with reasonable care and skill and in accordance with generally accepted industry standards.

11.2 The Supplier warrants that the Services will materially conform to the description provided in the Order and any applicable documentation.

11.3 The Customer warrants that it has the necessary rights and consents to provide Customer Data to the Supplier and to authorise the Supplier to process such data as contemplated by this Agreement.

12. Indemnification

12.1 The Customer shall indemnify the Supplier against all claims, damages, losses and expenses arising from any breach by the Customer of its obligations under this Agreement or any claim that the Customer Data infringes the rights of any third party.

12.2 The Supplier shall indemnify the Customer against all claims, damages, losses and expenses arising from any claim that the Services infringe the Intellectual Property Rights of any third party, provided that such indemnity shall not apply where the infringement arises from the Customer's use of the Services in combination with other products or services not provided by the Supplier.

13. Confidentiality

13.1 Each party agrees to keep confidential, both during the Term and thereafter, all Confidential Information of the other and not disclose the other party's Confidential Information to any other person without the owner's prior written consent.

13.2 For the purposes of this Agreement, the Confidential Information of the Customer shall be deemed to include all Customer Data which is acquired or collected by the Supplier in connection with this Agreement.

14. Limitation of Liability

14.1 The extent of the Supplier's liability under or in connection with this Agreement shall be as set out in this clause 14.

14.2 The Supplier's maximum liability for each claim or series of connected claims arising under or in connection with this Agreement shall be limited to 100% of the Fees paid or due and payable during the 12-month period prior to the first cause of action.

14.3 The Supplier shall not be liable to the Customer under this Agreement for any consequential, indirect or special losses.

14.4 Neither the Supplier's nor the Customer's liability under this Agreement shall be limited in respect of death or personal injury caused by negligence, fraud or fraudulent misrepresentation, any other losses which cannot be excluded or limited by law, and any losses caused by wilful misconduct.

15. Termination

15.1 Either party may terminate this Agreement at any time by giving notice in writing to the other if that other party commits a material breach of this Agreement and such breach is not remediable or is not remedied within 14 days of receiving written notice of such breach.

15.2 Following the expiry or termination of this Agreement for any reason, the Supplier shall comply with its obligations regarding the preservation, delivery up or destruction of the Customer Data, and the Customer and its End Users shall immediately cease to have access to the Services.

15.3 Upon termination, the Supplier shall, at the Customer's option, return or securely delete all Customer Data within 30 days of the termination date, unless retention is required by applicable law.

16. Data Protection

16.1 Each party shall comply with its respective obligations under Schedule 2.

16.2 This clause 16 and Schedule 2 shall survive termination or expiry of this Agreement for any reason.

17. Artificial Intelligence and Automated Processing

17.1 The Services utilise AI Systems to provide workforce analytics, skills matching, and talent recommendations. The Customer acknowledges that:

  • AI-generated recommendations are advisory in nature and do not constitute automated decision-making with legal or similarly significant effects without human review;
  • The Customer retains full control over employment decisions and shall ensure appropriate human oversight of AI-generated outputs;
  • The Supplier shall provide reasonable transparency regarding the factors considered by AI Systems upon written request from the Customer;
  • The Customer is responsible for ensuring that use of AI-generated outputs complies with applicable employment law and anti-discrimination requirements.

17.2 The Supplier commits to:

  • Implementing measures to identify and mitigate algorithmic bias in AI Systems;
  • Conducting periodic reviews of AI model outputs for fairness across protected characteristics;
  • Providing documentation regarding AI model validation methodology upon reasonable request.

17.3 Where the Services utilise LLMs or other third-party AI services:

  • The Supplier shall maintain an LLM-agnostic architecture enabling substitution of AI providers without service interruption;
  • Customer Data shall not be used for training third-party AI models unless expressly authorised in writing;
  • For On-Premises Deployments, the Customer may specify approved AI providers in accordance with organisational AI governance policies.

18. Deployment Options

18.1 The Services may be deployed in the following configurations as specified in the Order:

  • Cloud (Multi-Tenant): Standard SaaS deployment with logical data separation;
  • Private Cloud: Dedicated infrastructure in Supplier-managed data centres;
  • Sovereign Cloud: Deployment with certified sovereign cloud providers;
  • On-Premises: Deployment within Customer's own data centre infrastructure;
  • Air-Gapped: Isolated deployment with no external network connectivity.

18.2 Additional terms, fees, and responsibilities may apply to non-standard deployment models as specified in the Order.

19. Service Levels

19.1 The Supplier shall use commercially reasonable efforts to maintain Service availability of 99.5% measured monthly, excluding:

  • Scheduled maintenance windows (with at least 7 Business Days' notice);
  • Emergency security patches (with notice as soon as reasonably practicable);
  • Force majeure events as defined in clause 23.

19.2 For On-Premises Deployments, availability commitments shall be agreed separately in the Order based on Customer infrastructure capabilities.

20. Security and Incident Response

20.1 The Supplier maintains the following security certifications and standards:

  • ISO/IEC 27001 certification for information security management;
  • DESC (Dubai Electronic Security Center) certification for UAE government and enterprise deployments;
  • CSA STAR Level 1 registration for cloud security.

20.2 In the event of a security incident affecting Customer Data, the Supplier shall:

  • Notify the Customer within twenty-four (24) hours of confirmed incident detection;
  • Provide regular updates on investigation progress at intervals of no more than twenty-four (24) hours until resolution;
  • Provide a written incident report within fourteen (14) days of incident resolution;
  • Implement reasonable remediation measures to prevent recurrence.

21. Entire Agreement

21.1 The parties agree that this Agreement constitutes the entire agreement between them and supersedes all previous agreements, understandings and arrangements between them, whether in writing or oral in respect of its subject matter.

22. Notices

22.1 Any notice required to be given under this Agreement shall be in writing and shall be delivered personally, sent by pre-paid first-class post, or sent by email to the address specified in the Order or such other address as the receiving party may notify in writing.

22.2 Notices shall be deemed received upon delivery if delivered personally, 48 hours after posting if sent by post, or upon transmission if sent by email during business hours.

23. Force Majeure

23.1 Neither party shall have any liability under or be deemed to be in breach of this Agreement for any delays or failures in performance of this Agreement which result from any event beyond the reasonable control of that party.

24. Assignment

24.1 The Customer shall not assign, transfer, or sub-contract any of its rights or obligations under this Agreement without the prior written consent of the Supplier.

24.2 The Supplier may assign or transfer this Agreement to any affiliate or in connection with a merger, acquisition, or sale of substantially all of its assets.

25. Waiver

25.1 No failure or delay by either party in exercising any right or remedy under this Agreement shall constitute a waiver of that right or remedy.

26. Severability

26.1 If any provision of this Agreement is found to be invalid or unenforceable, the remaining provisions shall continue in full force and effect.

27. Third Party Rights

27.1 This Agreement does not confer any rights on any person or party other than the parties to this Agreement.

28. Governing Law

28.1 This Agreement and any dispute or claim arising out of, or in connection with, it, its subject matter or formation shall be governed by, and construed in accordance with, the laws of England and Wales.

29. Jurisdiction

29.1 The parties irrevocably agree that the courts of England and Wales shall have exclusive jurisdiction to settle any dispute or claim arising out of, or in connection with, this Agreement, its subject matter or formation.

Schedule 1: Acceptable Use Policy

This Acceptable Use Policy sets forth acceptable practices while using WeSoar Limited SaaS Services or which involve access to the internet (the "Services"). By using the Services, You acknowledge that You have read, understood, and agree to abide by this policy.

General

This Policy is designed to assist in protecting the Services, our Networks and infrastructure and other Customers from improper and/or illegal activity using these services over the Internet.

Unauthorised Access/Interference

You may not attempt to gain unauthorised access to, or attempt to interfere with or compromise the normal functioning, operation, or security of any of Our networks, systems, computing facilities, equipment, data, or information.

Illegal Activity

You agree to use Our Services only for lawful purposes. Use of the Services for transmission, distribution, retrieval, or storage of any information, data, or other material in violation of any applicable law or regulation is prohibited.

Other Prohibited Activities

  • Intentionally transmitting files containing a computer virus.
  • Develop, support or use software, devices, scripts, robots, or any other means or processes to "web scrape" the Services or otherwise copy profiles and other data from the Services.
  • Copy, use, disclose or distribute any information obtained from the Services without the consent of WeSoar Limited.
  • Violate the intellectual property rights of others, including copyrights, patents, trademarks, trade secrets, or other proprietary rights.
  • Use bots or other automated methods to access the Services, add or download contacts, send or redirect messages.

Schedule 2: Data Protection

Data Processing Agreement

This Data Processing Agreement ("DPA" or "Agreement") is entered into between the Controller and the Processor and is incorporated into and governed by the terms of the Agreement.

The Processor has agreed to provide the Services to the Controller in accordance with the terms of the Agreement. In providing the Services, the Processor shall process Customer Data on behalf of the Controller. Customer Data may include Personal Data. The Processor will process and protect such Personal Data in accordance with the terms of this DPA.

Legal Basis for Processing

The Processor shall process Personal Data on behalf of the Controller pursuant to Article 6(1)(b) of UK GDPR (performance of contract) and Article 6(1)(f) (legitimate interests of providing workforce analytics services). Where Special Category Data is processed, such processing shall be carried out pursuant to Article 9(2)(b) (employment obligations) with appropriate safeguards.

Processor Obligations

The Processor may collect, process or use Personal Data only within the scope of this DPA. The Processor shall implement appropriate technical and organisational procedures to protect Personal Data, taking into account the costs of implementation and the nature, scope, context and purposes of processing as well as the risk for the rights and freedoms of natural persons.

Data Subject Rights

The Processor shall assist the Controller in responding to requests from Data Subjects exercising their rights under Chapter III of UK GDPR, including:

  • Right of access (Article 15)
  • Right to rectification (Article 16)
  • Right to erasure (Article 17)
  • Right to restriction of processing (Article 18)
  • Right to data portability (Article 20)
  • Right to object (Article 21)
  • Rights related to automated decision-making (Article 22)

The Processor shall respond to Controller requests for assistance within five (5) Business Days.

Personal Data Breach Notification

In the event of a Personal Data Breach, the Processor shall:

  • Notify the Controller without undue delay and in any event within twenty-four (24) hours of becoming aware of the breach;
  • Provide the Controller with sufficient information to enable the Controller to meet any obligations to report the breach to the Information Commissioner's Office within seventy-two (72) hours;
  • Co-operate with the Controller in investigating the breach and providing information to affected Data Subjects where required.

Sub-Processors

The Processor shall maintain a list of Sub-processors engaged to process Personal Data on behalf of the Controller. The current list of Sub-processors is available upon request. The Processor shall provide the Controller with at least thirty (30) days' prior written notice of any intended changes to Sub-processors, during which time the Controller may object to such changes on reasonable grounds.

International Transfers

The Processor shall not transfer Personal Data to a country outside the United Kingdom unless:

  • The transfer is to a country subject to a UK adequacy decision; or
  • The transfer is subject to the International Data Transfer Agreement (IDTA) or UK Addendum to the EU SCCs; or
  • The Controller has provided prior written consent and appropriate safeguards are in place.

Technical and Organisational Security Measures

The Processor implements appropriate technical and organisational measures including:

  • The pseudonymisation and encryption of Personal Data;
  • The ability to ensure the on-going confidentiality, integrity, availability and resilience of processing systems and services;
  • The ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident;
  • A process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.

Data is stored in triplicate in near real time. Transaction logs backups are taken every 5-10 minutes. Differential backups are taken every few hours, and full backups are taken weekly. The backup retention period is 35 days. All backups are encrypted.

Customer data is encrypted at rest using AES-256 bit encryption and data in transit is protected by Transport Layer Security ("TLS") 1.3.

Schedule 3: Regional Data Protection Requirements

Saudi Arabia - Personal Data Protection Law (PDPL)

Where the Customer is established in the Kingdom of Saudi Arabia or the Services involve processing Personal Data of individuals located in Saudi Arabia, the Processor shall:

  • Process Personal Data in accordance with the Personal Data Protection Law (Royal Decree M/19) and its implementing regulations;
  • Not transfer Personal Data outside Saudi Arabia except in accordance with Article 29 of the PDPL and any transfer regulations issued by the Saudi Data & Artificial Intelligence Authority (SDAIA);
  • Implement appropriate technical and organisational measures as required by SDAIA guidance;
  • Notify the Controller of any data breach within seventy-two (72) hours of discovery.

UAE - Federal Decree-Law No. 45 of 2021

Where the Customer is established in the United Arab Emirates or the Services involve processing Personal Data of individuals located in the UAE, the Processor shall:

  • Process Personal Data in accordance with Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data and its executive regulations;
  • Maintain a register of data processing activities as required by Article 9;
  • Comply with cross-border transfer requirements under Article 22.

DIFC Data Protection Law

Where the Customer is established in the Dubai International Financial Centre, the Processor shall process Personal Data in accordance with DIFC Data Protection Law No. 5 of 2020 and any guidance issued by the Commissioner of Data Protection.

Financial Sector Specific Requirements

Where the Customer is a regulated financial institution:

  • In Saudi Arabia: The Processor shall comply with applicable Saudi Central Bank (SAMA) outsourcing and cloud computing regulations;
  • In the UAE: The Processor shall comply with applicable Central Bank of the UAE (CBUAE) outsourcing regulations;
  • In Dubai: The Processor shall comply with DESC (Dubai Electronic Security Center) requirements for government and enterprise deployments.