Neuralshape GmbHBidAtlas Subscription Terms & Conditions
Version 1.1 – June 29, 2026
These subscription terms and conditions (the "Terms") are entered into between Neuralshape GmbH, a limited liability company (Gesellschaft mit beschränkter Haftung) organised under the laws of Switzerland, with its registered office at Dammstrasse 16, 6300 Zug, Switzerland, registered in the Commercial Register of the Canton of Zug under company identification number CHE-143.359.504 ("Neuralshape", "we", "us"), and the customer identified on the applicable Order ("Customer", "you").
Neuralshape operates BidAtlas, an AI-powered platform for the preparation, analysis and management of tenders, bids and requests for proposal/information (the "Service", as further described in Section 2 and any applicable Order).
These Terms, together with each order form, online subscription or written quotation that references or incorporates them (each, an "Order"), form a single binding agreement between Neuralshape and Customer (the "Agreement"). An Order may be (a) an order form executed by both parties, or (b) a subscription that Customer selects and confirms online through the BidAtlas website or application. Where the two conflict, the Order prevails over these Terms for the specific subject matter it addresses, except as expressly stated otherwise herein.
The Agreement takes effect on the earlier of the date the first Order is executed or confirmed, or the date Customer first accesses or uses the Service (the "Effective Date").
By executing or confirming an Order, by clicking to accept these Terms, or by accessing or using the Service, Customer agrees to be bound by the Agreement. If the individual accepting does so on behalf of an entity, that individual represents that they are authorised to bind that entity. If you do not agree, do not access or use the Service.
1. Definitions
Capitalised terms have the meaning given where first defined. In addition:
- "Authorised Users" means the individual employees, officers and contractors of Customer whom Customer permits to access the Service.
- "Customer Data" means all data and content that Customer or Authorised Users submit to or generate through the Service, comprising both Inputs (e.g. tender documents, knowledge-base content, prompts, files and instructions) and Outputs (the responses, drafts, analyses, models and other material the Service generates in reply to Inputs).
- "Documentation" means the user-facing guides and technical descriptions that Neuralshape makes available for the Service.
- "Sub-processor" means a third party engaged by Neuralshape to process Customer Data in providing the Service (see Section 9.5).
2. The Service and Subscription
2.1 Description
The Service is an agentic, cloud-hosted software platform that assists Customer with tender, bid and RFP/RFI workflows — including document analysis, response drafting, knowledge management (a persistent, Customer-specific knowledge base) and related functionality. The Service is provided as a tool that operates under human direction; it does not act as an autonomous decision-maker (see Section 3).
2.2 Licence
Subject to the Agreement and payment of applicable fees, during the term of the relevant Order Neuralshape grants Customer a limited, non-exclusive, non-transferable, non-sublicensable right for its Authorised Users to access and use the Service for Customer's internal business purposes. Neuralshape reserves all rights not expressly granted.
2.3 Hosting, data residency and infrastructure
The Service is provided exclusively as a hosted (cloud) offering. There is no on-premises deployment.
The Service runs across two cloud providers, both located in Switzerland: Google Cloud (region europe-west6, Zürich) and Amazon Web Services (AWS) (region eu-central-2, Zürich). Customer Data is stored and processed across these providers using managed cloud database and storage services, and AI inference is performed on AWS Bedrock within the same Swiss region. Customer Data is stored and processed within Switzerland and is not transferred outside Switzerland or the EU/EEA in connection with the operation of the Service or AI inference; certain Service notifications are sent from Neuralshape's own Microsoft Azure environment within the EU/EEA, as described below and listed in Annex 3 of the DPA. Any Microsoft 365 / SharePoint integration that Customer chooses to connect runs in Customer's own environment and is addressed in Section 6.7. The specific cloud services used within each provider, and further architectural detail, are available to Customer under confidentiality as part of a security review. Further data-residency and processing commitments are set out in Section 9.
To operate our business around the Service, we also use a limited number of third-party providers that process certain categories of data falling outside the in-application Customer Data described above. Depending on the provider, this data may be processed or stored outside Switzerland and the EU/EEA, including in the United States:
- Payment processing (Stripe). Billing and payment-related data — such as payment-method details, billing name and address, and transaction records — is processed by Stripe to take payment and manage subscriptions. Stripe processes this data internationally, including in the United States. We do not store full payment-card numbers ourselves; card data is handled directly by Stripe, which is PCI-DSS compliant.
- Business operations and productivity (Microsoft). Business correspondence and internal operational records — documents, spreadsheets and associated metadata — are handled using Microsoft 365 and related Microsoft services within the EU/EEA under Microsoft's EU Data Boundary commitments; certain support, security and telemetry functions may result in limited processing outside Switzerland and the EU/EEA, including in the United States.
- Service notifications (Microsoft Azure). Neuralshape uses its own Microsoft Azure environment to generate and send Service notifications to Authorised Users, such as overnight alerts about new tender opportunities. Where these notifications contain personal data (for example a recipient's name and business email), Neuralshape processes that data as part of providing the Service; this processing takes place within the EU/EEA. Microsoft Azure is listed as a Sub-processor in the DPA (Annex 3).
Where data is transferred outside Switzerland or the EU/EEA in connection with these providers, the transfer is made on the basis of a recognised transfer mechanism — in particular the EU Standard Contractual Clauses together with the Swiss adaptations recognised by the FDPIC, and/or the provider's certification under the EU-U.S. Data Privacy Framework and the Swiss-U.S. Data Privacy Framework, as applicable. The current list of sub-processors and the safeguards applicable to each is maintained in Section 9.
2.4 Updates and maintenance
Neuralshape may, at its discretion, deploy fixes, updates, releases and improvements to the Service and its infrastructure. Customer acknowledges that this may cause occasional, temporary interruptions. Neuralshape will give reasonable advance notice of planned maintenance that is expected to materially affect availability.
2.5 Availability
Neuralshape will use commercially reasonable efforts to keep the Service available, subject to the exclusions below. Any specific service-level commitment (e.g. an uptime target) applies only if and as stated in an Order or service-level annex. Availability is measured excluding: (a) scheduled or emergency maintenance; (b) suspensions permitted under the Agreement; (c) failures caused by Customer, Authorised Users, or third-party systems, networks or services; (d) Customer's acts or omissions; and (e) events outside Neuralshape's reasonable control, including force majeure events (Section 12.9).
2.6 Support
Neuralshape provides email and/or in-product support during its normal business hours and will use commercially reasonable efforts to acknowledge support requests in a timely manner. Support contact: support@bidatlas.ch.
3. AI-Specific Terms
3.1 Nature of AI outputs
The Service uses large language models and other AI techniques. Outputs are generated probabilistically and may be inaccurate, incomplete, outdated or unsuitable for a particular purpose. The Service supports verification through features such as source citations for retrieved content and activity logs. Customer remains responsible for reviewing, validating and, where appropriate, correcting Outputs through competent human review before relying on or submitting them.
3.2 Human oversight; no autonomous decision-making
The Service is a decision-support tool. It does not make autonomous decisions, and Customer does not delegate decision-making authority to it. Customer retains full control over, and sole responsibility for, every tender, bid, submission, communication or other decision it makes with the assistance of the Service.
3.3 No professional advice; procurement responsibility
Neuralshape is not a law firm, procurement advisor, tax advisor or financial advisor, and the Service does not constitute legal, procurement, tax, financial or other professional advice. Customer is solely responsible for compliance with all laws and rules applicable to its tenders and bids, including applicable public-procurement law and the requirements of each individual tender. Neuralshape does not warrant that use of the Service will result in the award of any tender or any particular outcome.
3.4 Models and transparency
AI inference is performed via AWS Bedrock using a combination of open-source and closed-source (including Anthropic) models. The model version used is tracked per query, fallback arrangements are documented, and Neuralshape will make available, on reasonable request, a description of the model-selection rationale relevant to the Service. No model is fine-tuned on Customer Data (Section 7.3).
3.5 Acceptable AI use and EU AI Act
Customer shall not use the Service for any purpose prohibited or restricted under applicable law, including the EU Artificial Intelligence Act. Where the parties' respective roles under the EU AI Act are relevant to Customer's use, the parties shall cooperate reasonably and in good faith to support appropriate use-case classification and compliance.
4. Fees and Payment
4.1 Fees
Customer shall pay the fees stated in the applicable Order. Unless an Order states otherwise, all fees are in Swiss Francs (CHF) and are exclusive of value-added tax and any other applicable taxes, duties or levies, which Customer shall bear.
4.2 Invoicing and payment terms
Unless an Order states otherwise, subscription fees for the initial term are invoiced on or shortly after the Effective Date, and for each renewal term at the start of that term. Invoices are payable within thirty (30) days of the invoice date. Online subscriptions are billed and collected through our payment processor (Stripe) in accordance with the plan selected.
4.3 Professional services
Any implementation, configuration or other professional services are provided only if agreed in an Order or a statement of work, which forms part of the Agreement and, for its specific subject matter, prevails over these Terms in the event of conflict.
4.4 Late payment
If Customer fails to pay an undisputed amount when due, Neuralshape may, after written notice and a reasonable cure period: (a) charge default interest at the rate permitted under Swiss law; and/or (b) suspend access to the Service until all overdue amounts are paid. Customer remains liable for fees accruing during any suspension for non-payment.
5. Term and Termination
5.1 Term and renewal
The Agreement starts on the Effective Date and continues for the term stated in the applicable Order. Unless the Order states otherwise, each subscription term renews automatically for successive one (1) month periods, unless either party gives written notice of non-renewal within the ongoing month.
5.2 Termination for cause
Either party may terminate the Agreement (or the affected Order) on written notice: (a) if the other party materially breaches the Agreement and fails to cure within thirty (30) days of written notice (or immediately, if the breach is incapable of cure); or (b) immediately, if the other party becomes insolvent, enters bankruptcy or liquidation, or makes an arrangement with its creditors.
5.3 Effect of termination
Upon termination or expiry:
- Customer's right to access and use the Service ends.
- For a period of thirty (30) days following termination, Neuralshape will make Customer Data available for export in a structured, machine-readable format, and will provide reasonable transition support for an orderly handover.
- Neuralshape will delete Customer Data within sixty (60) days following termination, except where retention is required by law, and will confirm deletion on request.
- Accrued payment obligations, and any provisions that by their nature should survive (including Sections 6.3, 7, 8, 10, 11 and 12), survive termination.
6. Customer Obligations and Acceptable Use
6.1 Compliance with law
Customer shall use the Service in compliance with the Agreement, the Documentation and all laws applicable to Customer and its Authorised Users.
6.2 Authorised Users and account security
Customer is responsible for its Authorised Users' compliance with the Agreement and for all activity under its accounts. Customer shall keep account credentials confidential, ensure registration information is accurate and current, prohibit credential sharing intended to understate the number of Authorised Users, and promptly notify Neuralshape of any suspected unauthorised access or compromise.
6.3 Customer Data; rights and warranties
As between the parties, Customer is responsible for its Inputs. Customer represents and warrants that it has all rights, consents and authority necessary to submit its Inputs to the Service and to permit the processing contemplated by the Agreement, and that doing so does not infringe any third-party right or breach any confidentiality or other obligation. Customer is responsible for not submitting Inputs it is not entitled to share.
6.4 Restrictions
Customer shall not, and shall not permit any Authorised User or third party to: (a) circumvent or attempt to circumvent any security or access control of the Service; (b) use the Service unlawfully or fraudulently; (c) interfere with or impose an unreasonable load on the Service or its infrastructure, or use it via unauthorised automated means; (d) reverse engineer, decompile, disassemble or otherwise attempt to derive the source code or underlying structure of the Service, except to the extent this restriction is prohibited by mandatory law; (e) copy, modify, distribute, resell, sublicense or otherwise make the Service available to third parties, or create derivative works of it, except as expressly permitted; or (f) access or use the Service to build, or to assist anyone in building, a product or service competitive with the Service.
6.5 Usage parameters
To maintain the performance, reliability and integrity of the Service, Neuralshape may apply reasonable usage parameters, including rate limiting and reasonable limits on stored data volumes. Where an Order specifies usage thresholds, those apply in addition to any other limits in the Agreement; if Customer materially exceeds them, the parties will work in good faith to bring usage within the threshold or to agree commercial terms for the excess.
6.6 Suspension
Neuralshape may suspend access to the Service or an affected account where reasonably necessary to address: (a) a material security risk; (b) suspected unlawful, fraudulent or abusive activity; or (c) a material breach of Section 6. Neuralshape will limit the scope and duration of any suspension to what is reasonably necessary and will restore access promptly once the cause is resolved.
6.7 Third-party services and integrations
The Service may integrate with third-party services that Customer chooses to connect — for example, Customer's own Microsoft 365 / SharePoint tenant. Such customer-connected services run in Customer's own environment under Customer's separate agreement with the relevant provider, are not part of the Service, and Neuralshape is not responsible for them. Customer is responsible for configuring and managing any data-sharing settings for such integrations. For the avoidance of doubt, this is distinct from Neuralshape's own Microsoft Azure environment used to provide the Service (Section 2.3 and Annex 3 of the DPA).
7. Intellectual Property and Data
7.1 Ownership of the Service
Each party retains all intellectual property rights it holds independently of the Agreement. Neuralshape (and its licensors) retain all intellectual property rights in and to the Service, the Documentation, and all related software, models, configurations and materials, and in any aggregated or statistical data described in Section 7.4.
7.2 Customer Data and Outputs
As between the parties, Customer owns all Customer Data, including Inputs and, to the extent capable of ownership, the Outputs generated for Customer. Customer grants Neuralshape the limited right to host, process, transmit and use Customer Data solely as necessary to provide, secure, support and maintain the Service in accordance with the Agreement.
7.3 No training on Customer Data
Neuralshape does not use Customer Data to train or fine-tune any AI or machine-learning model, and this applies across all models used by the Service. Inputs submitted for inference are processed on an ephemeral basis and are not retained by, or shared for training purposes with, the underlying model providers. Inference on closed-source (Anthropic) and open-source models is performed via AWS Bedrock under the applicable AWS data-processing terms. Customer Data is logically isolated to Customer's tenant and is not disclosed to, or incorporated into the Service provided to, any other customer.
7.4 Aggregated and usage data
Neuralshape may collect and use technical and usage information about the operation and use of the Service (such as performance metrics, feature usage, error logs and configuration data) to operate, secure, support, improve and develop the Service. Where such information is used beyond providing the Service to Customer, it is used only in aggregated or de-identified form that does not identify Customer or any individual, and Neuralshape does not sell it.
7.5 Feedback
If Customer or its Authorised Users provide suggestions or feedback about the Service, Neuralshape may use that feedback to improve and develop its products and services without restriction or obligation, provided it does not identify Customer as the source.
8. Confidentiality
Each party (as "Recipient") may receive confidential information of the other (as "Discloser"). "Confidential Information" means non-public information disclosed by Discloser that is marked confidential or that a reasonable person would understand to be confidential, including the Service's non-public features and the terms of the Agreement, and (where Customer is Discloser) Customer Data. Confidential Information does not include information that: (a) is or becomes public through no fault of Recipient; (b) is lawfully received from a third party without a duty of confidentiality; (c) was already lawfully known to Recipient without such duty; or (d) is independently developed by Recipient without use of the Discloser's Confidential Information.
Recipient shall use Confidential Information only as necessary to perform under the Agreement, protect it with at least reasonable care, and disclose it only to its representatives who need to know it and are bound by confidentiality obligations at least as protective. If compelled by law or legal process to disclose Confidential Information, Recipient shall, where lawful, give Discloser prompt notice and reasonable cooperation. These obligations survive termination.
9. Data Protection and Security
9.1 Data protection
Where Customer Data includes personal data processed through the Service, the parties' data-protection roles and obligations are governed by Neuralshape's Data Processing Agreement (the "DPA"), which is incorporated into the Agreement and made available by Neuralshape. Neuralshape processes personal data in line with the principles of data minimisation and purpose limitation and supports data-subject rights (including erasure) as set out in the DPA and Neuralshape's Privacy Policy, available at https://bidatlas.ch/privacy-policy. The Service is operated under an EU/GDPR-aligned, Switzerland-first data-processing model.
9.2 Security measures
Neuralshape implements and maintains appropriate technical and organisational measures to protect Customer Data, including:
- Encryption at rest (AES-256) for all stored Customer Data across our cloud providers, and encryption in transit (HTTPS/TLS).
- Secrets management via a managed secret-management service.
- Tenant isolation enforced at the application layer, supported by least-privilege identity and access management scoped to dedicated project roles on AWS and Google Cloud.
- Execution of AI-generated code in isolated, credential-less microservices.
- Audit logging and observability across services, with log retention of at least thirty (30) days.
Further detail on security measures is set out in the DPA.
9.3 Data residency
As described in Section 2.3, Customer Data is stored and processed in Switzerland, across Google Cloud (europe-west6) and AWS (eu-central-2), with AI inference performed on AWS Bedrock in eu-central-2. Customer Data is not transferred outside Switzerland or the EU/EEA in connection with the Service (other than certain Service notifications generated from Neuralshape's own Microsoft Azure environment within the EU/EEA; see Section 2.3).
9.4 Audit and certifications
On reasonable prior written notice, no more than once per year (or as otherwise required by mandatory law or the DPA), and subject to confidentiality, Neuralshape will provide reasonable information and documentation to enable Customer to verify Neuralshape's compliance with its security and data-protection obligations. Neuralshape's information-security programme is being aligned to ISO/IEC 27001 and SOC 2 (Type 1), with formal certification/attestation targeted for completion in 2027; until completed, these are described as in progress and are not represented as obtained. The underlying cloud providers maintain their own ISO/IEC 27001 certifications.
9.5 Sub-processors
Neuralshape uses Sub-processors to provide the Service, including Google Cloud and Amazon Web Services (hosting and storage, with AI inference on AWS Bedrock) and Microsoft (Microsoft Azure, used to send Service notifications to Authorised Users). The current list of Sub-processors — including their contracting entities and processing locations — and the process for changes are maintained in the Data Processing Addendum (DPA), available at https://bidatlas.ch/data-processing-addendum (Annex 3). Neuralshape remains responsible for its Sub-processors' performance of the obligations they perform on Neuralshape's behalf.
9.6 Breach notification
Neuralshape will notify Customer without undue delay after becoming aware of a personal-data breach affecting Customer Data, in accordance with the DPA and applicable law.
10. Warranties and Disclaimer
Each party warrants that it has the authority to enter into and perform the Agreement.
Except as expressly stated in the Agreement, the Service is provided "as is" and "as available". To the maximum extent permitted by applicable law, Neuralshape disclaims all other warranties, whether express, implied or statutory, including any implied warranties of merchantability, fitness for a particular purpose and non-infringement, and any warranty that the Service will be uninterrupted, error-free, or that Outputs will be accurate, complete or fit for any particular purpose. No statement by Neuralshape or its personnel creates any warranty beyond those expressly set out in the Agreement.
11. Limitation of Liability and Indemnity
11.1 Limitation of liability
Neither party is liable for any indirect, incidental, special, consequential or punitive damages, or for lost profits, lost revenues, loss of data or loss of business, arising out of or relating to the Agreement, even if advised of the possibility.
Subject to the remaining paragraphs of this Section 11.1, each party's total aggregate liability arising out of or relating to the Agreement is limited to the fees paid or payable by Customer under the Agreement in the twelve (12) months preceding the event giving rise to the liability (the "General Cap").
For liability arising from (a) a party's breach of its confidentiality obligations under Section 8, (b) Neuralshape's breach of its data-protection and security obligations under Section 9 and the DPA, including a personal-data breach caused by Neuralshape's failure to meet those obligations, and (c) any indemnification obligation Neuralshape expressly assumes under Section 11.2 or an Order, each party's total aggregate liability is instead limited to the greater of (i) CHF 50,000 or (ii) three (3) times the fees paid or payable by Customer under the Agreement in the twelve (12) months preceding the event (the "Enhanced Cap"). An Order may specify a higher Enhanced Cap for a given subscription.
The General Cap and the Enhanced Cap do not apply to, and nothing in the Agreement limits, liability that cannot be limited or excluded under mandatory Swiss law — in particular liability for unlawful intent or gross negligence (Art. 100 of the Swiss Code of Obligations), and liability for death or personal injury. Customer's payment obligations are likewise excluded from both caps.
11.2 Indemnity by Neuralshape (IP)
Except as expressly agreed in an Order, Neuralshape provides no indemnity in respect of third-party claims, and each party's liability for intellectual-property matters is governed by Section 11.1.
11.3 Indemnity by Customer
Customer will defend and indemnify Neuralshape against third-party claims arising from Customer Data or from Customer's use of the Service in breach of the Agreement or applicable law.
11.4 Indemnity procedure
The indemnified party shall promptly notify the indemnifying party of the claim, give it sole control of the defence and settlement (provided any settlement releases the indemnified party without admission of fault or non-monetary obligation), and provide reasonable cooperation at the indemnifying party's expense.
12. Miscellaneous
12.1 Marketing
Neither party may use the other's name or logo publicly without prior consent, except that, if agreed in an Order, Customer permits Neuralshape to identify Customer as a customer and to use Customer's name and logo on its website and in sales and investment materials.
12.2 Entire agreement; order of precedence
The Agreement is the entire agreement between the parties on its subject matter and supersedes prior agreements relating to it. The parties' standard or pre-printed terms (e.g. in purchase orders or invoice boilerplate) have no effect unless expressly accepted in writing by both parties. In the event of conflict, the order of precedence is: (1) an applicable statement of work or Order (for its specific subject matter); (2) the DPA (for data protection); (3) these Terms.
12.3 Changes to these Terms
Neuralshape may update these Terms for future Orders or renewal terms, or to reflect legal or operational changes. For material changes affecting an active subscription, Neuralshape will give reasonable advance notice; the updated Terms take effect on renewal or as stated in the notice. Any change to an executed Order requires the written agreement of both parties.
12.4 Notices
Notices must be in writing and sent to the contact addresses on the Order; notices to Neuralshape shall additionally be sent to legal@bidatlas.ch. Notice by email is effective on transmission, provided no delivery-failure message is received. Either party may update its notice details by written notice to the other.
12.5 Assignment
Neither party may assign the Agreement without the other's prior written consent (not to be unreasonably withheld), except that either party may assign it, on notice, to an affiliate or to a successor in connection with a merger, reorganisation or sale of all or substantially all of the relevant business or assets. Any other purported assignment is void. The Agreement binds and benefits the parties' permitted successors and assigns.
12.6 Subcontracting
Neuralshape may use affiliates and subcontractors (including the Sub-processors in Section 9.5) to perform its obligations and remains responsible for their performance.
12.7 Relationship of the parties
The parties are independent contractors. The Agreement creates no agency, partnership, joint venture or employment relationship, and neither party may bind the other.
12.8 No third-party rights
The Agreement does not confer rights on any person who is not a party to it, except as expressly stated.
12.9 Force majeure
Neither party is liable for any delay or failure to perform (other than payment obligations) caused by events beyond its reasonable control, including natural disasters, war, civil unrest, labour disputes, epidemics or pandemics, governmental or regulatory action, court orders, and failures of utilities, networks or third-party providers.
12.10 Severability and waiver
If any provision of the Agreement is held invalid or unenforceable, the remaining provisions continue in full force, and the invalid provision is replaced by a valid one that most closely reflects the parties' original intent. A party's failure to enforce a provision is not a waiver of it.
12.11 Governing law and jurisdiction
The Agreement, and any dispute arising out of or in connection with it, is governed by the substantive laws of Switzerland, excluding its conflict-of-laws rules and the United Nations Convention on Contracts for the International Sale of Goods (CISG). The ordinary courts at the registered seat of Neuralshape (Zug, Switzerland) have exclusive jurisdiction, subject to any mandatory place of jurisdiction.