Terms of Service — SupplyFi

These Terms of Service ("Terms") govern your access to and use of SupplyFi, a software-as-a-service platform operated by CounterCarbon Ltd ("CounterCarbon", "we", "us"), company number 17061500, registered in England and Wales.

By creating an account or using the Service, you agree to these Terms. If you are using the Service on behalf of a business, you confirm you have authority to bind that business to these Terms.

1. The Service

SupplyFi is a cloud-based Supplier Product Information Management (PIM) platform that enables businesses to collect, review, approve, and distribute structured product data from their suppliers. The Service is provided on a subscription basis.

2. Accounts and access

You must provide accurate information when creating your account.
You are responsible for maintaining the security of your login credentials.
You must notify us immediately at support@supplyfi.co.uk if you suspect unauthorised access to your account.
Each subscription is for a single organisation. You may not resell or sublicence access to the Service without our prior written consent.
You are responsible for all activity that occurs under your account, including actions taken by your invited users (admins and suppliers).

3. Subscription and payment

Subscriptions are billed annually in advance unless otherwise agreed in writing.
Prices are as published on our pricing page at the time of purchase and are in GBP, exclusive of VAT.
VAT will be added at the applicable UK rate where required.
Payment is processed by Stripe. By subscribing, you authorise us to charge your payment method on a recurring basis.
If payment fails, we will notify you and provide a 7-day grace period to update payment details before suspending access.
Subscriptions automatically renew unless cancelled at least 14 days before the renewal date.
We reserve the right to change pricing with 30 days' written notice. Price changes will not apply until your next renewal period.

4. SKU limits and fair use

Each subscription tier includes a maximum number of active SKUs (Stock Keeping Units) as described on our pricing page. If you exceed your plan's SKU limit, we will notify you and you will be required to upgrade your plan within 14 days or reduce your SKU count.

5. Billing, cancellation, and refunds

5.1 Billing cadence

Subscriptions are available on a monthly or annual basis. Annual subscriptions are priced at a discount (typically equivalent to two months free) in exchange for the customer's commitment to the full year. You may switch between cadences at your next renewal.

5.2 Cancellation

You may cancel your subscription at any time from your billing settings or by emailing us. Cancellation stops future automatic renewal; your access continues until the end of the period you have already paid for.

5.3 Refunds — monthly subscribers

If you cancel a monthly subscription, your access continues to the end of the current billing month and you are not charged the following month. We do not refund the current month on a pro-rata basis, because the whole point of monthly billing is that the commitment is only the month you're in.

5.4 Refunds — annual subscribers

Annual subscribers benefit from a 14-day money-back guarantee on their first paid invoice. If you cancel within 14 days of your first annual payment, we refund the full amount paid, less any third-party fees we have already incurred on your behalf (typically zero). No questions asked, no forms.

After 14 days, the annual commitment stands. We do not issue pro-rata refunds for the unused portion of an annual subscription, because the annual discount is contingent on that commitment — if you wanted monthly flexibility, you had the option to pick monthly billing at the higher monthly rate.

5.5 Exceptional circumstances

We are a small team, and we believe customers shouldn't feel trapped in a tool they genuinely cannot use. If your circumstances have changed materially (the product fundamentally doesn't fit your workflow, a key member of your team has left, your business has changed direction, or something has gone wrong on our side that we couldn't resolve), email us and we will work something out on a case-by-case basis. This is at our discretion and is not a contractual entitlement, but we'd rather lose a small amount of revenue than damage a working relationship with someone who might come back later.

5.6 Data after cancellation

Whatever your cancellation choice and whatever the refund treatment, the data-portability and archive options in section 6.1 of these Terms apply. You can take an export bundle with you, park your data with us free of charge for up to 7 years, or have it deleted immediately.

6. Data ownership, isolation, and portability

You retain full ownership of all data you upload or generate through the Service ("Customer Data").
You grant us a limited licence to process Customer Data solely to provide and improve the Service.
We will never sell, share, or use your Customer Data for any purpose other than providing the Service.

6.0 How your data is isolated from other customers

By default, your Customer Data lives in a shared, EU-resident Postgres database operated by us. Isolation between tenants is enforced at two layers:

Application-layer scoping. Every read and write made by our application code is filtered by your tenant ID, which is resolved server-side from your authenticated session — it is never trusted from the request.
Database-layer Row Level Security. Postgres has RLS policies on every tenant-scoped table that restrict each row to its owning tenant. Any non-superuser connection — support consoles, read replicas, the read-only audit role, partial-credentials leaks — is physically unable to read rows belonging to anyone else. Auditors can verify the policies are in place with SELECT * FROM pg_policies WHERE schemaname='public'.

You can verify your tenant's isolation status, run an on-demand isolation test, and download a signed attestation of your data footprint at any time from the Security & Isolation page inside your workspace.

If your industry requires stronger physical separation (your own database server, not just your own row scope), the Dedicated database + deployment add-on (£600/year) moves your workspace onto its own infrastructure.

6.1 What happens to your data when you cancel

When you cancel your subscription, you choose what happens to your Customer Data. We offer three options at no additional cost:

Take it with you. Request a full export at any time within 30 days of cancellation. We provide your Customer Data as a downloadable bundle: database records in CSV and JSON, uploaded files as a zip, approved-snapshot history as PDFs. Available for download for 30 days from the export request.
Park it with us for up to 7 years. If you cancel but expect to need the data later (regulatory audits, warranty obligations, customer disputes, future reactivation), we will hold a read-only archive at no charge for up to seven years from cancellation. You can request an export from the archive at any time during that period, or ask us to delete it sooner — whichever you prefer.
Delete it now. If you would rather we delete your Customer Data immediately on cancellation, just say so in writing. We will purge live systems within 30 days and confirm in writing once complete.

After the 7-year archive period (or any shorter window you choose), Customer Data is permanently and irreversibly deleted from our systems. We will email you at 90, 30, 7, and 1 day before automatic deletion so you have a final chance to export or extend.

While your data is in archived state, we do not access it, process it, or use it for any purpose. It exists only so that you can come back to it if you need to.

7. Acceptable use

You agree to use the Service in accordance with our Acceptable Use Policy. We reserve the right to suspend or terminate accounts that violate these policies.

8. Intellectual property

The Service, including its software, design, and documentation, is owned by CounterCarbon Ltd and protected by applicable intellectual property laws.
We grant you a limited, non-exclusive, non-transferable licence to use the Service during your subscription.
You may not copy, reverse engineer, decompile, or create derivative works of the Service.

9. Uptime and support

We target 99.9% monthly uptime for the Service, excluding scheduled maintenance.
Scheduled maintenance will be notified at least 24 hours in advance where possible.
Support is available by email at support@supplyfi.co.uk. We aim to respond within 1 business day.
Enterprise customers may be entitled to enhanced SLAs as set out in their separate agreement.

10. Limitation of liability

To the maximum extent permitted by law:

Our total liability to you in any 12-month period is limited to the fees you paid to us in that period.
We are not liable for indirect, incidental, special, or consequential losses, including loss of profits, data, or business opportunity.
Nothing in these Terms limits liability for death or personal injury caused by negligence, fraud, or any other liability that cannot be excluded by law.

11. Indemnity

You agree to indemnify and hold harmless CounterCarbon Ltd, its officers, directors, and employees from any claims, losses, or damages (including legal fees) arising from your use of the Service, your Customer Data, or your violation of these Terms.

11.5 AI Services

Where you have enabled the AI agent harness or any other AI-powered feature ("AI Services"), the following terms apply in addition to the rest of these Terms.

11.5.1 Third-party models

AI Services are powered by large language models supplied by third parties (e.g. Anthropic, OpenAI), routed either through our infrastructure or, where you have configured your own provider API key, through your chosen provider directly. We are not the developer of these models. We have no control over their accuracy, availability, behaviour, output, version changes, deprecation, or pricing. We may switch providers or models at any time, with or without notice, to maintain or improve the Service.

11.5.2 Token-based usage

AI Services consume "tokens" — units of computation determined by the upstream model provider, not by us. Token consumption per action depends on many factors, including but not limited to: the length and complexity of your prompts; the length and structure of the data you submit (including product records, audit logs, and field schemas); model version and configuration; retries triggered by model errors or timeouts; and behaviour of the model that is outside our control.

You acknowledge that token consumption can vary significantly between actions that look similar on the surface, and that any estimate we display is best-effort and not a guarantee. We will not be liable for token consumption that exceeds your expectation, including where credit is consumed faster than you anticipated.

11.5.3 Credit packs

Some AI Services tiers include a monthly token allowance, and additional credit packs may be purchased. Credits are denominated in tokens. Credits consumed are non-refundable. Unused credits expire on the terms stated at purchase. We may apply a hard stop on AI Services when your monthly allowance or credit balance reaches zero; we are not obliged to warn you in advance.

11.5.4 Bring-your-own-key (BYOK)

If you supply your own provider API key, all token costs are billed by your provider directly to you, and we have no insight into or responsibility for those charges. You are solely responsible for the security of your key, for monitoring your usage with your provider, and for any costs or charges your provider levies. We store your key encrypted at rest and use it only to make AI calls on your behalf inside the Service.

11.5.5 Acceptable use

Your use of AI Services must comply with (a) these Terms; (b) our Acceptable Use Policy; and (c) the usage policies of the underlying model provider, including Anthropic's Usage Policy (anthropic.com/legal/aup) and OpenAI's Usage Policies (openai.com/policies/usage-policies) as updated from time to time. You may not use AI Services to generate content that violates those policies. We may suspend or terminate your access to AI Services at any time, with or without notice, where we reasonably believe usage has breached or risks breaching these policies.

11.5.6 Output and data handling

AI-generated output is provided "as is" and may be inaccurate, incomplete, biased, or misleading. You are responsible for reviewing any AI output before relying on it for business decisions, customer-facing content, or regulatory compliance. We do not warrant the accuracy or fitness for purpose of any AI output.

Data you submit through AI Services (including prompts and the records they reference) is transmitted to the model provider for processing. We do not use customer prompts to train models, and we route requests in a way intended to prevent customer data from being retained by the provider where the provider's terms support that mode. We cannot guarantee the data-retention practices of any third-party provider.

11.5.7 No SLA on AI Services

AI Services are provided on a reasonable-efforts basis. We do not offer a service-level agreement on AI Services. Upstream model provider outages, rate limits, and behavioural changes are outside our control.

12. Termination

Either party may terminate these Terms with 30 days' written notice.
We may terminate or suspend your access immediately if you breach these Terms, fail to pay, or engage in conduct that harms the Service or other users.
On termination, your licence to use the Service ends immediately.

13. Governing law

These Terms are governed by the laws of England and Wales. Any disputes shall be subject to the exclusive jurisdiction of the courts of England and Wales.

14. Changes to these Terms

We may update these Terms from time to time. We will give you at least 30 days' notice of material changes by email. Continued use of the Service after the effective date constitutes acceptance of the updated Terms.

15. Contact

CounterCarbon Ltd
Company No. 17061500
Registered in England and Wales
Email: legal@supplyfi.co.uk