V1.0 TriFact365 AI Terms and Conditions

Effective Date: 1 August 2026


These AI Terms and Conditions form part of the Agreement between TriFact365 and the Customer.

1. Definitions

Terms capitalised in these AI Terms and Conditions have the meanings set forth below or in the General Terms and Conditions. Defined terms have the same meaning in both the singular and plural forms.

1.1 AI Input

The Customer Data that the Customer or an Application User provides to an AI feature for Processing. AI Input forms part of Customer Data as referred to in Section 1.10 of the General Terms and Conditions.

1.2 AI Output

The data or results that an AI functionality generates based on AI Input and makes available to the Customer or an Application User. AI Output forms part of Customer Data as referred to in Section 1.10 of the General Terms and Conditions.

1.3 Synthetic Data

Artificially generated data that is not derived from Customer Data or Derived Data.

1.4 Applicable AI Legislation

All laws and regulations applicable to the deployment and use of AI systems, including the EU AI Act (Regulation (EU) 2024/1689), the UK ICO AI Guidance, and other applicable AI regulations as further specified in the applicable Annexes.

2. AI Technology

TriFact365 uses two types of AI:

2.1 Proprietary AI Models

Developed and trained by TriFact365 itself. These models are used for the recognition, extraction, and classification of invoices and other documents. The data remains within the TriFact365 infrastructure.

2.2 Generative AI

Sourced from external AI providers. Generative AI is used for additional functionalities, such as the chatbot for customer support.

2.3 Subprocessors

The complete list of AI subprocessors is available on the Subprocessors page.

2.4 Modifications

TriFact365 may modify AI functionalities when technology, the market, or regulations warrant such changes.

3. Use of Customer Data

3.1 Delivery and Training

TriFact365 uses Customer Data to provide the Service. Within this context, Customer Data, Derived Data, and Synthetic Data are used to train and improve AI models for the purposes of the Service.

3.2 AI Input and AI Output

AI Input and AI Output are subject to the rules governing Customer Data set forth in Article 13 of the General Terms and Conditions.

3.3 Personal Data

To the extent that Customer Data contains Personal Data, the provisions of the Data Processing Agreement apply in addition.

4. What TriFact365 Does Not Do

4.1 No Sale

TriFact365 does not sell Customer Data.

4.2 No Third-Party Training

TriFact365 does not share Customer Data with third parties for their own model training.

4.3 No Use by Suppliers

TriFact365's suppliers of generative AI functionalities do not use Customer Data for their own training or commercial purposes. This is contractually stipulated.

4.4 Data Processing Agreement

Customer Data is processed in accordance with the provisions of the Data Processing Agreement. For transfers outside the EEA, the safeguards set forth in the Data Processing Agreement apply.

4.5 Supplier Responsibility

TriFact365's external AI suppliers are responsible for ensuring compliance with the Applicable AI Legislation for their models. TriFact365 implements appropriate contractual safeguards when using generative AI through these suppliers.

5. Integration into the Service

5.1 Integral Part

The AI functionalities are an integral part of the Software. Anyone who subscribes to a Subscription accepts the use of AI as part of the Service. It is not possible to disable AI functionalities separately.

5.2 Future Options

If TriFact365 expands the Service with modules in which AI features can be individually enabled or disabled, TriFact365 will make the corresponding options known via the Software or the website.

6. AI Legislation — Classification and Jurisdictions

6.1 Jurisdiction-Specific Requirements

The Applicable AI Legislation varies by jurisdiction. The annexes accompanying these AI Terms describe how TriFact365 addresses the relevant requirements for each jurisdiction in which the Customer uses the Service:

  • Annex A — European Economic Area (EEA), United Kingdom, Switzerland, Gibraltar (EU AI Act, UK ICO AI Guidance, Swiss revFADP Principles for AI)

  • Annex B — International Applicability (Customers or Data Subjects outside the EEA, the United Kingdom, and Switzerland)

6.2 Shift to the Customer

If the Customer uses the AI for its own application that falls under a higher risk category under applicable AI legislation, the associated obligations shift to the Customer as the provider or deployer of that application.

7. Security

7.1 Security Measures

AI Processing is subject to the technical and organisational security measures applicable to the Service as a whole. More information is available on the Trust Center.

Annex A — European Economic Area (EEA), United Kingdom, Switzerland, Gibraltar

For Customers located in the European Economic Area (EEA), the United Kingdom, Switzerland, or Gibraltar.

The terms used in this Annex A have the meanings assigned to them in the Applicable AI Legislation.

A.1 EU AI Act — Classification

The EU AI Act (Regulation (EU) 2024/1689) classifies AI systems into risk categories. TriFact365's AI functionalities for invoice and receipt processing do not constitute a high-risk AI system within the meaning of Annex III of the AI Act.

If this classification changes due to new regulations, guidelines, or a decision by a supervisory authority, TriFact365 will inform the Customer in a timely manner and adjust the AI functionalities as necessary.

A.2 EU AI Act — Transparency under Article 50

The following applies to the transparency obligations under Article 50 of the EU AI Act:

(a) TriFact365 ensures that the use of AI functionalities in the Service is recognisable to Application Users, where required under Article 50.

(b) If the Customer uses the Service as a deployer within the meaning of the EU AI Act for its own application that falls under Article 50, TriFact365 will, upon request, provide reasonable support in providing information to Data Subjects, to the extent that such information is reasonably available to TriFact365.

(c) Underlying AI models that TriFact365 procures via Google Cloud Platform or Microsoft Azure (see Section 2) include the transparency information provided by the model provider pursuant to the EU AI Act for general-purpose AI models.

A.3 United Kingdom — ICO AI Guidance

The United Kingdom does not have omnibus AI legislation but instead takes a principle-based approach through sector-specific regulators. The Information Commissioner's Office (ICO) has published AI guidelines that TriFact365 applies to the extent relevant to the Processing of Personal Data via the AI functionalities in the Service.

For Customers in the United Kingdom, the additional safeguards for the Processing of Personal Data under the UK GDPR are included in Annex E of the Data Processing Agreement.

A.4 Switzerland — revFADP Principles for AI

Switzerland does not have separate AI legislation. The Swiss Federal Act on Data Protection (revFADP) contains general principles for automated Processing and automated decision-making that TriFact365 observes when deploying AI functionalities for Customers in Switzerland.

For Customers in Switzerland, the additional safeguards for the Processing of Personal Data under the revFADP are included in Annex F of the Data Processing Agreement.

A.5 Gibraltar

Gibraltar is subject to the same transfer and data protection regime as the United Kingdom. The Gibraltar GDPR and the Gibraltar Information Commissioner are considered equivalent to the UK GDPR and the ICO, respectively; see the interpretation clause in Annex E of the Data Processing Agreement.


Annex B — International Applicability

For the use of the Service's AI functionalities with respect to Customers or Data Subjects worldwide, subject to Sanctions Legislation as further described in Article 23 of the General Terms and Conditions.

B.1 Applicability

These AI Terms apply worldwide to the use of the Service's AI functionalities, subject to Sanctions Legislation and the operational exclusion criteria as described in Article 23 of the General Terms and Conditions. The core provisions of these AI Terms apply universally to all use of AI functionalities.

B.2 Customer’s Responsibility for Local AI Laws

To the extent that the Customer is located in a jurisdiction outside the European Economic Area, the United Kingdom, and Switzerland, the Customer is responsible for complying with local AI and data protection laws applicable to the Customer and the Data Subjects. The Customer represents that its use of the Service's AI functionalities complies with such local laws.

B.3 Supplementary Addendum upon Request

If a Customer requires additional AI provisions specific to the laws and regulations of the Customer's or Data Subjects' place of business, the Customer may submit a request for a separate Addendum to TriFact365. Requests will be assessed on a case-by-case basis based on the nature of the AI functionality, the complexity of the applicable laws, and the operational feasibility for TriFact365.


— End of TriFact365 AI Terms and Conditions — Version 1.0 —

TriFact365 B.V.
Arnhemseweg 10, 3817 CH Amersfoort, The Netherlands | Chamber of Commerce No. 30262227 | VAT No. NL820778540B01