D
DASTUTE

Terms of Service

Comprehensive legal framework governing our enterprise software development, blockchain infrastructure, AI solutions, and dedicated development team services.

Effective Date

February 15, 2026

Governing Law

England & Wales

Version

2.0

1. Acceptance of Terms

By accessing our website at www.dastute.co.uk, engaging our Dedicated Development Teams, licensing our Enterprise Software Products (ERP, CRM, HRMS, WMS), or utilizing our Blockchain, AI/ML, Cybersecurity, or Cloud Services (collectively, "Services"), you ("Client," "you," or "your") enter into a legally binding agreement with DASTUTE TECHNOLOGIES LIMITED ("DASTUTE," "we," "us," or "our"), a company registered in England and Wales.

If you are accepting these Terms on behalf of a corporation, government agency, or other legal entity, you represent that you have full authority to bind such entity to these Terms. If you do not agree to these Terms, you must not access or use our Services.

Regulatory Compliance Scope: These Terms incorporate our obligations under UK GDPR, Data Protection Act 2018, HIPAA (US healthcare), CCPA/CPRA (California), NIST Cybersecurity Framework, and ISO 27001:2022 standards.

2. Definitions

  • "Deliverables" means software source code, documentation, smart contracts, AI models, audit reports, or other tangible outputs specified in a Statement of Work (SOW).
  • "Dedicated Team" means software development personnel allocated exclusively to your projects under a monthly retainer model.
  • "DASTUTE IP" means our pre-existing proprietary frameworks, methodologies, and product modules.
  • "Foreground IP" means custom code or content developed specifically for you under an SOW.
  • "Blockchain Data" means information recorded on distributed ledgers, which may be technically immutable.
  • "Confidential Information" means non-public technical, financial, or business data disclosed during engagement.

3. Scope of Services

3.1 Dedicated Development Teams (DDT)

We provide full-time equivalent (FTE) development resources including:

  • Technical Specializations: Blockchain (Solidity, Rust), AI/ML (Python, TensorFlow, LangChain), Full-Stack (React, Node.js, Java), Mobile (Swift, Kotlin, Flutter), Cloud (AWS, Azure, Kubernetes), Cybersecurity (VAPT, SOC)
  • Engagement Model: Monthly billing based on 160 hours/FTE standard. Resources work under your direction with DASTUTE project management oversight.
  • Cost Efficiency Guarantee: Minimum 25% reduction in total cost of ownership compared to equivalent UK/EU in-house hiring, inclusive of recruitment, infrastructure, and benefits savings.

3.2 Project-Based Development

Fixed-scope engagements delivered via Agile/Scrum methodologies (2-week sprints). Acceptance criteria defined per SOW, with milestone-based payments.

3.3 Product Licensing

Subscription or perpetual licenses to DASTUTE ERP, CRM, HRMS, WMS, or Custom AI Agent platforms. Cloud-hosted products carry a 99.9% uptime SLA backed by AWS/Azure infrastructure.

3.4 Blockchain & Web3 Services

Critical Notice: Public blockchain deployments create permanent, immutable records. While we implement privacy-by-design (storing only hashed identifiers on-chain), we cannot guarantee deletion of data once confirmed on public networks. You acknowledge this technical limitation regarding GDPR Article 17 "Right to Erasure."

  • Smart contract development, auditing, and deployment on Ethereum, Solana, Polygon, or Hyperledger Fabric
  • DeFi protocols, NFT marketplaces, tokenization infrastructure
  • Private/permissioned blockchain solutions for GDPR compliance

3.5 Artificial Intelligence & Machine Learning

  • LLM integration (OpenAI, Anthropic, local models) and AI Agent development using LangChain, CrewAI, RAG architectures
  • Predictive analytics, computer vision, natural language processing
  • Restriction: We do not develop AI systems intended to make fully automated decisions producing legal or similarly significant effects without human oversight (GDPR Article 22 compliance)

3.6 Cybersecurity Services (VAPT)

Authorized penetration testing, source code auditing (SAST/DAST), and SOC-as-a-Service. All security testing requires executed Rules of Engagement documentation and complies with ISO 27001 and NIST SP 800-115 methodologies.

4. Client Obligations & Responsibilities

4.1 Data Legality & Compliance

You represent and warrant that:

  • You have obtained all necessary consents, authorizations, and legal bases to process any personal data you provide to us (GDPR Article 5, CCPA Section 1798.100)
  • For HIPAA-regulated projects, you will execute a Business Associate Agreement (BAA) prior to any Protected Health Information (PHI) being shared
  • You will not provide us with data that infringes third-party IP rights or violates export control regulations

4.2 Cooperation & Access

You must:

  • Designate a single point of contact (Product Owner) with decision-making authority
  • Provide secure development environment access within 5 business days of contract execution
  • Provide timely feedback on deliverables (maximum 5 business days review period for Agile sprints)

Delay Penalties: Project delays caused by your non-cooperation may incur standby charges of 50% of the daily rate for reserved resources held inactive.

4.3 Legal Use Restrictions

You agree not to use our Deliverables for:

  • Unlawful surveillance, discrimination, or violation of privacy rights
  • Generation of deceptive synthetic media ("deepfakes") without clear disclosure
  • Token offerings or NFT sales that violate securities laws without appropriate legal counsel
  • Any activity that would cause us to violate ISO 27001, GDPR, or NIST security controls

5. Intellectual Property Rights & Ownership

5.1 Custom Development (Foreground IP)

Upon full payment, you receive full ownership of custom source code, documentation, and designs developed specifically for you under an SOW ("Foreground IP"). This includes custom smart contracts, fine-tuned AI model weights, mobile applications, web platforms, and APIs.

We retain a non-exclusive, perpetual, royalty-free license to use general knowledge, skills, and methodologies gained during the engagement, provided we do not disclose your Confidential Information or reuse your specific proprietary business logic.

5.2 DASTUTE Background IP

We retain ownership of our pre-existing DASTUTE ERP, CRM, HRMS, WMS modules, AI agent frameworks, security libraries, and development tools ("Background IP"). You receive a perpetual, non-exclusive license to use these components solely in conjunction with your Deliverables. You may not reverse engineer, sell, or sublicense these Background IP components separately.

5.3 Third-Party & Open Source

Deliverables may incorporate third-party open-source software (OSS) subject to licenses such as MIT, Apache 2.0, or GPL. We will identify all OSS components and their license terms in our documentation. You are responsible for complying with OSS license obligations.

6. Data Protection, Security & Privacy

6.1 GDPR & UK Data Protection

When we process personal data on your behalf, we act as a Data Processor under GDPR Article 28, and you act as the Data Controller.

Our Commitments:

  • Standard Contractual Clauses (SCCs) with UK Addendum for international data transfers
  • ISO 27001:2022 certification and NIST Cybersecurity Framework controls
  • Encryption: AES-256 at rest, TLS 1.3 in transit
  • Data Processing Agreement (DPA) detailing subprocessor lists, audit rights, and breach notification (72-hour notification per GDPR Article 33)

6.2 HIPAA Compliance (US Healthcare)

For healthcare engagements involving PHI:

  • We execute a Business Associate Agreement (BAA) before accessing any PHI
  • Administrative, Physical, and Technical Safeguards per 45 CFR §164.312
  • Notify you of any unsecured PHI breach within 24 hours of discovery
  • Upon termination, return or destroy all PHI per 45 CFR §164.504(d)(2)

6.3 Security Measures (ISO 27001 / NIST Aligned)

  • Access Control: Multi-factor authentication (MFA) mandatory; principle of least privilege; quarterly access reviews
  • Code Security: Secrets management via HashiCorp Vault; automated vulnerability scanning; no hardcoded credentials
  • Incident Response: 24/7 SOC monitoring; containment within 4 hours of detection
  • Backup & Recovery: Encrypted backups with quarterly restoration testing (RTO: 4 hours; RPO: 1 hour)

7. Fees, Payment & Taxes

ModelPayment Terms
Dedicated TeamsMonthly advance payment (FTE count × monthly rate)
Project-BasedMilestone payments (30% kickoff, 40% midpoint, 30% acceptance)
Time & MaterialsMonthly arrears based on approved timesheets
ExpensesPre-approved costs + 10% admin fee

Payment Terms: Net 15 days from invoice date. Late payments incur interest at 8% above Bank of England base rate (Late Payment of Commercial Debts Act 1998). We may suspend Services after 30 days overdue and terminate after 45 days.

Taxes: UK VAT (20%) applied to UK clients. EU B2B clients subject to reverse charge mechanism. You are responsible for any local withholding taxes; we must receive the full invoiced amount.

8. Warranties & Disclaimers

Our Warranties:

  • Services performed with reasonable care and skill (Supply of Services Act 1982)
  • Deliverables materially conform to SOW specifications for 90 days post-acceptance
  • Deliverables free from known malware and material defects at delivery
  • Compliance with ISO 27001, applicable data protection laws, and expressly agreed technical standards

Important Disclaimers:

  • No Performance Guarantee: We do not warrant that software will achieve specific business outcomes, ROI, or uninterrupted operation (except where specific SLAs are contracted)
  • Blockchain Risks: Not liable for blockchain forks, 51% attacks, smart contract zero-day exploits, or cryptocurrency volatility
  • AI Limitations: We do not warrant 100% accuracy for AI/ML outputs. Human-in-the-loop review required for critical decisions
  • Third-Party Services: Not liable for outages of cloud providers beyond their SLA credits

9. Limitation of Liability

Cap on Liability: Our total aggregate liability shall not exceed the greater of: (a) £1,000,000 GBP, or (b) total fees paid by you in the 12 months preceding the claim.

Excluded Damages: Neither party liable for indirect, incidental, special, consequential, or punitive damages, including lost profits, lost revenue, lost data, or business interruption.

Exceptions: Limitations do not apply to:

  • Death or personal injury caused by negligence
  • Fraud or fraudulent misrepresentation
  • Breaches of confidentiality or IP indemnification obligations
  • GDPR or HIPAA fines resulting from our gross negligence or willful misconduct
  • Your payment obligations

10. Indemnification

By DASTUTE:

We will defend you against third-party claims that Deliverables infringe UK or EU intellectual property rights, provided you notify us within 10 days and allow us to control the defense.

By You:

You will indemnify us against claims arising from:

  • Your misuse of Deliverables (including illegal blockchain activities or HIPAA violations)
  • Data you provide that infringes third-party rights
  • Violations of CCPA, GDPR, or other privacy laws resulting from your instructions

11. Term, Termination & Exit

Term: Initial term of 12 months for Dedicated Teams; project duration for fixed-scope work. Automatic 12-month renewal unless 90 days' written notice is given.

Termination for Convenience: Either party may terminate Dedicated Team agreements with 90 days' notice.

Termination for Cause: Immediate termination allowed for material breach (uncured within 30 days), insolvency, or GDPR/HIPAA violations.

Post-Termination:

  • Data Return/Destruction: Within 30 days, we return or securely destroy your data using NIST 800-88 Rev. 1 standards
  • HIPAA Specific: PHI returned or destroyed per 45 CFR 164.504(d)(2)
  • Transition Assistance: 30 days of reasonable cooperation for knowledge transfer (billed at standard rates)
  • Survival: IP, confidentiality, liability limitations, and indemnification provisions survive termination

12. Dispute Resolution & Governing Law

Governing Law: These Terms are governed by the laws of England and Wales, excluding conflicts of law principles.

Jurisdiction: The courts of England and Wales shall have exclusive jurisdiction over any disputes.

Dispute Resolution Process:

  1. Negotiation: Senior executives meet in good faith within 10 business days of dispute notice
  2. Mediation: If unresolved, mediation under LCIA Mediation Rules in London
  3. Arbitration: If mediation fails, binding arbitration under LCIA Rules (London seat; English language)

13. General Provisions

  • Force Majeure: Neither party liable for failures due to acts of God, war, terrorism, pandemic, or blockchain network consensus failures
  • Assignment: We may assign to affiliates or successors with notice. You may not assign without our written consent
  • Entire Agreement: These Terms, together with any SOW, DPA, and BAA, constitute the entire agreement
  • Severability: If any provision is invalid, the remainder continues in force
  • Amendments: We may update these Terms with 30 days' notice via email or website banner

14. Contact Information

Legal & Compliance Department

Entity: DASTUTE TECHNOLOGIES LIMITED

Registered Office: 128 City Road, London, EC1V 2NX, United Kingdom

Registered in: England & Wales

Contact: Available on the Contact page

© 2026 DASTUTE TECHNOLOGIES LIMITED. All Rights Reserved.

ISO 27001:2022 Certified | GDPR Compliant | HIPAA Ready