LEGAL

Terms of Service

Last updated: 27 March 2026

These Terms of Service ("Terms") govern your access to and use of services provided by Sotavento Labs SLU. By accessing or using our services, you agree to be bound by these Terms.

1. PARTIES

These Terms are between Sotavento Labs SLU (CIF B26692848, Calle Valderribas 14, Planta Primera Puerta A, 28007 Madrid, Spain; "we", "us", "Sotavento Labs") and the individual or legal entity accessing or using the services ("you", "Client").

If you are accepting these Terms on behalf of a company or other legal entity, you represent that you have authority to bind that entity to these Terms.

2. SERVICES

Sotavento Labs provides technology consulting — architecture, infrastructure, and hands-on delivery support for engineering teams, typically on a project basis — as well as software products and platforms.

The specific scope, deliverables, and fees for each engagement are defined in a separate order form, statement of work, or agreement ("Order"). In the event of any conflict, the Order takes precedence over these Terms.

3. INTELLECTUAL PROPERTY

3.1 Our IP

Sotavento Labs and its licensors retain all intellectual property rights in the services (including all software, algorithms, interfaces, documentation, and underlying technology) and any deliverables created by us, unless otherwise expressly agreed in writing.

3.2 License grant

Subject to your compliance with these Terms and timely payment of applicable fees, we grant you a limited, non-exclusive, non-transferable, non-sublicensable right to access and use the services solely for your internal business purposes during the term of your engagement or subscription.

3.3 Your content and data

You retain ownership of all data, documents, and content you submit to our services ("Client Data"). You grant us a limited licence to process Client Data solely to provide and improve the services as described in these Terms and in accordance with our Privacy Policy.

3.4 Feedback

If you provide feedback, suggestions, or ideas about our services, you grant us a perpetual, irrevocable, royalty-free licence to use that feedback for any purpose without obligation to you.

4. ACCEPTABLE USE

You agree not to:

  • Use the services for any unlawful purpose or in violation of applicable regulations.
  • Attempt to reverse engineer, decompile, or derive source code from any part of the services.
  • Reproduce, resell, or sublicense the services without our prior written consent.
  • Introduce malware, viruses, or other harmful code.
  • Circumvent or interfere with any security, authentication, or access control mechanism.
  • Use the services to process data for which you do not have the necessary rights or consents.
  • Attempt to access systems, data, or accounts other than your own.

We reserve the right to suspend access immediately if we reasonably believe these rules are being violated.

5. FEES AND PAYMENT

Fees, payment structure, and schedules are set out in the applicable Order. Unless stated otherwise:

  • Consulting engagements are typically charged as a one-time project fee invoiced according to the milestones or schedule in the Order.
  • Platform or software access may be offered on a recurring or one-time basis as defined in the Order.
  • Invoices are payable within 30 days of the invoice date unless otherwise agreed.
  • Late payments accrue interest at the rate established by Spanish Law 3/2004 on combating late payment in commercial transactions.
  • Prices are stated exclusive of VAT or other applicable taxes, which will be added where required by law.

We reserve the right to suspend access to the services if any undisputed invoice remains unpaid for more than 15 days after the due date.

6. SERVICE AVAILABILITY

We aim to keep our services available at all times but do not guarantee uninterrupted or error-free access. We may carry out scheduled or emergency maintenance and will endeavour to provide advance notice where practical.

We are not liable for unavailability caused by factors outside our reasonable control, including third-party infrastructure failures, force majeure events, or actions taken by you or third parties.

7. LIMITATION OF LIABILITY

To the maximum extent permitted by applicable law:

  • Neither party shall be liable for any indirect, incidental, special, consequential, or punitive damages, including loss of profits, loss of data, loss of goodwill, or business interruption, regardless of the cause of action or the theory of liability, even if advised of the possibility of such damages.
  • Sotavento Labs' total aggregate liability to you for any claims arising out of or relating to these Terms or the services shall not exceed the total fees paid by you in the twelve (12) months immediately preceding the event giving rise to the claim.

Nothing in these Terms limits or excludes liability for death or personal injury caused by negligence, fraud or fraudulent misrepresentation, or any other liability that cannot be excluded under applicable Spanish law.

8. CONFIDENTIALITY

Each party agrees to keep the other's confidential information (including Client Data, pricing, technical specifications, and business information) strictly confidential and not to disclose it to third parties without prior written consent, except:

  • To employees or contractors who need it to perform obligations under these Terms and are bound by equivalent confidentiality obligations.
  • As required by applicable law or a court or regulatory authority of competent jurisdiction.

This obligation survives termination of the engagement for a period of three (3) years.

9. TERM AND TERMINATION

These Terms remain in force for the duration of your engagement or access to the services.

Either party may terminate immediately by written notice if the other party:

  • Commits a material breach of these Terms that is not remedied within 15 days of written notice; or
  • Becomes insolvent, enters administration, or is subject to winding-up proceedings.

We may also suspend or terminate access at any time with 30 days' written notice without cause.

Effect of termination: Upon termination, your licence to use the services ceases immediately. We will make Client Data available for export for 30 days following termination, after which it will be securely deleted in accordance with Section 10.7 of these Terms. Sections 3, 7, 8, 10, and 11 survive termination.

10. DATA PROCESSING AGREEMENT

This section constitutes the Data Processing Agreement ("DPA") between the parties for the purposes of Article 28 of the GDPR and applies where Sotavento Labs processes personal data on your behalf as a data processor.

10.1 Roles

You are the data controller in respect of any personal data contained in Client Data. Sotavento Labs is the data processor, acting only on your documented instructions.

10.2 Processing details

  • Subject matter: Provision of Sotavento Labs services.
  • Duration: For the term of the engagement, plus the post-termination retention period in Section 9.
  • Nature and purpose: Storage, retrieval, and processing of data submitted in connection with the services.
  • Categories of data subjects: Employees, contractors, or other individuals whose data is submitted by you in connection with the services.
  • Categories of personal data: Names, contact details (email, phone, postal address), conversation transcripts, and other PII included in control documentation. Special category data must not be submitted unless explicitly agreed in writing.

10.3 Our obligations as processor

We will:

  • Process personal data only on your documented instructions and not for our own purposes, except where required by EU or Member State law.
  • Ensure that all personnel authorised to process the data are bound by confidentiality obligations.
  • Implement and maintain appropriate technical and organisational security measures (Art. 32 GDPR).
  • Assist you in responding to data subject rights requests (access, rectification, erasure, etc.) within a reasonable timeframe.
  • Notify you without undue delay (and in any event within 72 hours where feasible) after becoming aware of a personal data breach affecting Client Data.
  • Assist you in fulfilling your obligations under Articles 32–36 GDPR, including with security, breach notification, DPIAs, and prior consultation.
  • Make available to you all information necessary to demonstrate compliance with Art. 28 GDPR and allow for audits conducted by you or your appointed auditor, subject to reasonable notice and confidentiality obligations.

10.4 Your obligations as controller

You confirm that you have a lawful basis for processing the personal data you submit, that data subjects have been informed as required under the GDPR, and that you will not instruct us to process personal data in a way that would violate applicable law.

10.5 Sub-processors

You provide general authorisation for us to engage sub-processors. We will notify you of any intended changes (additions or replacements) with at least 30 days' notice, giving you the opportunity to object. Current sub-processors involved in processing Client Data are:

Sub-processor Purpose Location
Hetzner Cloud GmbH Cloud infrastructure and storage EU (Germany)

We impose data protection obligations on all sub-processors equivalent to those in this DPA and remain fully liable to you for their performance.

10.6 International transfers

All sub-processors listed above are established within the EEA. Any future sub-processor outside the EEA will only be engaged where adequate safeguards are in place (e.g. Standard Contractual Clauses or an adequacy decision), and you will be notified in advance.

10.7 Deletion and return of data

Upon termination of the engagement, we will, at your choice, return all Client Data in a portable format or securely delete it, within 30 days of your written request. We will provide written confirmation of deletion upon request. Copies retained solely to comply with legal obligations will be kept confidential and deleted as soon as those obligations no longer require retention.

11. GENERAL

11.1 Governing law

These Terms and any disputes arising out of or in connection with them are governed by the laws of Spain, without regard to its conflict of laws provisions.

11.2 Jurisdiction

The parties submit to the exclusive jurisdiction of the courts of Madrid, Spain to resolve any dispute, except where mandatory consumer protection or other statutory rules require a different jurisdiction.

11.3 Changes to these Terms

We may update these Terms from time to time. We will notify you of material changes with at least 30 days' notice (by email or in-platform notification). Continued use of the services after the effective date of the updated Terms constitutes acceptance. If you do not agree to the changes, you may terminate the engagement by written notice before the effective date.

11.4 Entire agreement

These Terms (together with any applicable Order) constitute the entire agreement between the parties in relation to the services and supersede all prior agreements, representations, or understandings relating to the same subject matter.

11.5 Severability

If any provision of these Terms is found to be unenforceable, it will be modified to the minimum extent necessary to make it enforceable, without affecting the validity of the remaining provisions.

11.6 Waiver

Failure to enforce any provision of these Terms does not constitute a waiver of the right to enforce it in the future.

11.7 Assignment

You may not assign or transfer your rights under these Terms without our prior written consent. We may assign these Terms in connection with a merger, acquisition, or sale of substantially all our assets, with reasonable notice to you.

12. CONTACT

For any questions about these Terms:

Sotavento Labs SLU

Calle Valderribas 14, Planta Primera Puerta A, 28007 Madrid, Spain

hello@sotaventolabs.eu