Intuitus_AudienceLens_Service_Agreement.docx. Check document version and legal status before relying on it.AudienceLens
Service Agreement
Prepared for Intuitus Ltd
Version: 0.1 draft | Date: 23 May 2026
| Drafting note This document is a commercial template for Intuitus Ltd to review with legal counsel before signature. It is designed for B2B charity/customer use and should be completed with the actual order details, fees, support commitments, hosting setup, subprocessor list and AI provider terms before issue. |
|---|
| Supplier | Intuitus Ltd |
|---|---|
| Service | AudienceLens |
| Customer | [Customer legal name] |
| Agreement date | [Date] |
| Initial term | [e.g. 12 months] |
| Governing law | England and Wales, unless varied in the Order Form |
Contents
1. Parties and structure
2. Background
3. Definitions
4. Orders and commencement
5. The Service
6. Customer access and users
7. Customer responsibilities
8. Usage restrictions and acceptable use
9. AI-assisted functionality
10. Fees and payment
11. Support, maintenance and availability
12. Data protection
13. Confidentiality
14. Security
15. Intellectual property
16. Customer content and outputs
17. Third-party services and subprocessors
18. Suspension
19. Warranties and disclaimers
20. Liability
21. Term and termination
22. Consequences of termination
23. Changes to the Service or Agreement
24. Publicity and references
25. General
26. Governing law and jurisdiction
Schedule 1: Order Form template
Schedule 2: Service Description
Schedule 3: Support and Service Levels
Schedule 4: Security Schedule
Schedule 5: Data and AI Use Schedule
Schedule 6: Acceptable Use Policy
Schedule 7: Commercial Terms
Schedule 8: Signature blocks
1. Parties and structure
This Service Agreement is made between Intuitus Ltd, a company incorporated in England and Wales with company number [insert] and registered office at [insert] (Supplier), and the customer named in the relevant Order Form (Customer).
This Agreement comprises these main terms, the Order Form, the schedules, the Data Processing Agreement, and any documents expressly incorporated by reference. If there is a conflict, the following order of precedence applies: signed Order Form, Data Processing Agreement for data-protection matters, these main terms, then the schedules.
The Agreement is intended for business, charity, public-sector and organisational customers. It is not intended for consumers.
2. Background
The Supplier operates AudienceLens, a service designed to help organisations review, test and improve communications, messaging and related content for intended audiences.
AudienceLens is primarily intended for communications that are planned for publication or external distribution. It is not designed for safeguarding records, health records, payment card data, donor financial records, HR files, confidential case-management records, or other highly sensitive records unless expressly agreed in writing.
3. Definitions
- Affiliate means an entity that controls, is controlled by, or is under common control with a party.
- Agreement means this Service Agreement and all incorporated documents.
- Authorised Users means the Customer personnel, contractors or representatives permitted to access the Service under the Order Form.
- Customer Content means materials, prompts, files, text, information, audience assumptions, drafts, communications, metadata and other content submitted to or generated through the Service by or on behalf of the Customer.
- Data Processing Agreement or DPA means the Supplier data processing agreement applicable to the Service.
- Fees means the charges set out in the Order Form.
- Output means reports, scores, recommendations, rewritten wording, audience insights or other outputs generated by or through the Service.
- Service means AudienceLens and any related onboarding, support, reporting, configuration or consultancy services described in the Order Form.
- Sensitive Data means special-category data, criminal-offence data, safeguarding records, health data, financial account data, payment card data, passwords, secret keys, confidential casework records and any other data that would create heightened risk if processed in the Service.
4. Orders and commencement
Each subscription or project will be set out in an Order Form. The Order Form should identify the Customer, Service scope, permitted users, fees, subscription period, usage limits, support arrangements, special terms and any agreed deviations from this Agreement.
The Agreement starts on the Agreement date stated in the Order Form and continues for the initial term unless terminated earlier under this Agreement. Renewal terms apply as set out in the Order Form.
5. The Service
Subject to payment of the Fees and compliance with this Agreement, the Supplier grants the Customer a limited, non-exclusive, non-transferable right for Authorised Users to access and use the Service during the subscription term for the Customer's internal business and charitable purposes.
The Supplier will provide the Service with reasonable skill and care. The Supplier may improve or modify the Service from time to time, provided that it does not materially reduce the core functionality purchased by the Customer during the then-current subscription term.
The Service is intended to support communications planning and review. It does not replace the Customer's own editorial, legal, safeguarding, fundraising, regulatory, accessibility, equality, reputational or professional judgement.
6. Customer access and users
The Customer is responsible for selecting and managing Authorised Users, keeping user details accurate, and promptly removing access for leavers or users who no longer require access.
The Customer must ensure that Authorised Users keep credentials confidential, use strong passwords or single sign-on where configured, and follow any multi-factor authentication requirements made available by the Supplier.
The Customer is responsible for all activity under its accounts unless caused by the Supplier's breach of this Agreement.
7. Customer responsibilities
The Customer is responsible for ensuring that Customer Content is lawful, accurate, appropriate for the Service, and does not include Sensitive Data unless expressly agreed in writing.
The Customer is responsible for reviewing all Outputs before use. Outputs may be incomplete, inaccurate, biased, unsuitable or inappropriate if the Customer Content, assumptions or configuration are incomplete or inaccurate.
- The Customer should not upload safeguarding case files, clinical records, donor payment records, HR grievances, disciplinary records, confidential beneficiary casework, criminal-offence data, passwords, secret keys or other high-risk information.
- The Customer must obtain any permissions, consents or lawful bases required for the Customer Content it submits to the Service.
- The Customer must ensure that its use of the Service complies with applicable law, charity rules, fundraising rules, advertising rules, equality obligations, accessibility obligations and internal policies.
8. Usage restrictions and acceptable use
The Customer must not misuse the Service or permit anyone else to do so.
- No attempts to bypass usage limits, security controls, authentication, monitoring or rate limits.
- No reverse engineering, scraping, automated bulk extraction, security testing or benchmarking without prior written consent.
- No use to create unlawful, discriminatory, harassing, deceptive, harmful, defamatory or infringing content.
- No upload of malware, malicious code, exploit payloads, secrets, passwords or unauthorised personal data.
- No use for high-risk automated decision-making about individuals, including decisions with legal or similarly significant effects.
Additional acceptable-use terms are set out in Schedule 6.
9. AI-assisted functionality
The Service may use AI-assisted or machine-learning functionality to analyse Customer Content and generate Outputs. The Customer acknowledges that AI-assisted functionality can produce plausible but incorrect, incomplete or unsuitable results.
The Supplier does not represent that Outputs will be error-free, legally compliant, audience-complete, unbiased, or suitable for any particular campaign or publication without human review.
Unless expressly stated in the Order Form or DPA, the Supplier will not intentionally use Customer Content to train a public foundation model. Any different arrangement must be clearly stated in the Order Form or DPA.
The Customer must not rely on the Service as the sole basis for legal, safeguarding, clinical, financial, employment, fundraising-regulatory, public-affairs or reputational decisions.
10. Fees and payment
The Customer will pay the Fees set out in the Order Form. Unless the Order Form says otherwise, Fees are exclusive of VAT and any applicable taxes.
Invoices are payable within [30] days of invoice date unless the Order Form states otherwise. The Supplier may charge interest on overdue amounts at the statutory rate or suspend the Service in accordance with clause 18.
Fees are non-refundable except where expressly stated in this Agreement or required by law.
11. Support, maintenance and availability
The Supplier will provide support in accordance with the support arrangements in Schedule 3 or the Order Form.
The Supplier may perform maintenance, updates and security work. Where practicable, the Supplier will schedule planned maintenance outside normal UK business hours and give reasonable notice of material planned downtime.
The Supplier does not guarantee that the Service will be uninterrupted or error-free, but will use reasonable efforts to restore material service issues in accordance with the support arrangements.
12. Data protection
The parties will comply with applicable data protection laws. The Customer is normally the controller of personal data contained in Customer Content, and the Supplier is normally the processor when processing that personal data to provide the Service.
The DPA forms part of this Agreement and governs processing of personal data by the Supplier on behalf of the Customer. The Customer's instructions are set out in this Agreement, the Order Form, the DPA, and documented instructions issued through authorised use of the Service.
The Customer acknowledges that AudienceLens is primarily intended for public or pre-publication communications material, but that account data, organisation data, support data, logs, prompts, drafts, Outputs and incidental personal data may be processed.
13. Confidentiality
Each party must keep the other party's Confidential Information confidential and must not use it except to perform or receive the Service or exercise rights under this Agreement.
Confidential Information does not include information that is public through no breach of this Agreement, already known lawfully, independently developed without use of the other party's Confidential Information, or lawfully received from a third party without restriction.
A party may disclose Confidential Information to personnel, professional advisers, auditors, regulators, insurers, subcontractors and Affiliates who need to know it and are subject to appropriate confidentiality obligations, or where required by law.
14. Security
The Supplier will maintain appropriate technical and organisational measures designed to protect Customer Content against unauthorised access, loss, destruction or alteration, taking account of the nature of the Service and the risk profile of the data processed.
The Supplier's baseline security controls are summarised in Schedule 4. The parties acknowledge that security is shared: the Customer remains responsible for its own devices, networks, user management, content governance and publication decisions.
The Supplier will notify the Customer without undue delay after becoming aware of a confirmed security incident affecting Customer Content, and will provide reasonable information and cooperation to support the Customer's assessment and response.
15. Intellectual property
The Supplier and its licensors retain all rights in the Service, software, platform, models, workflows, templates, know-how, documentation and underlying technology.
The Customer and its licensors retain all rights in Customer Content. The Customer grants the Supplier a limited licence to host, copy, process, transmit, display and use Customer Content as necessary to provide, secure, support and improve the Service in accordance with this Agreement and the DPA.
Subject to payment of the Fees and compliance with this Agreement, the Customer may use Outputs for its internal and external communications purposes. The Supplier does not guarantee that Outputs are unique or that similar outputs will not be generated for other customers.
16. Customer content and outputs
The Customer is responsible for final approval, publication and use of Customer Content and Outputs. The Supplier is not responsible for how the Customer edits, publishes, relies on or distributes Outputs after delivery through the Service.
The Customer must review Outputs for accuracy, legal compliance, factual claims, tone, safeguarding impact, equality impact, fundraising compliance, reputational risk and suitability for the intended audience.
The Supplier may use aggregated, anonymised or statistical information about use of the Service to monitor, secure, operate and improve the Service, provided that such information does not identify the Customer, Authorised Users or individuals in Customer Content.
17. Third-party services and subprocessors
The Service may depend on third-party hosting, infrastructure, analytics, email, support, payment, security, AI/model or other services. The Supplier will maintain a list of material subprocessors or third-party service providers relevant to personal data processing.
The Supplier remains responsible for its subcontractors' performance of obligations that the Supplier delegates to them, subject to this Agreement.
Where Customer Content is processed by an AI/model provider, the Supplier will document the provider, the relevant processing purpose, applicable data-retention/training position and any international transfer safeguards in the DPA or subprocessor list.
18. Suspension
The Supplier may suspend access to all or part of the Service where reasonably necessary to protect the Service, the Supplier, the Customer, other customers or third parties; where the Customer materially breaches this Agreement; where Fees are overdue; or where required by law.
Where practicable and lawful, the Supplier will give notice before suspension and will work with the Customer to resolve the issue. The Supplier will restore access when the reason for suspension has been resolved.
19. Warranties and disclaimers
Each party warrants that it has authority to enter into this Agreement.
The Supplier warrants that it will provide the Service with reasonable skill and care.
Except as expressly stated in this Agreement, the Service and Outputs are provided on an as-is and as-available basis. All implied warranties, conditions and terms are excluded to the fullest extent permitted by law.
20. Liability
Nothing in this Agreement limits or excludes liability for death or personal injury caused by negligence, fraud or fraudulent misrepresentation, breach of confidentiality where exclusion is not permitted, payment obligations, or any liability that cannot be limited by law.
Subject to the previous paragraph, neither party is liable for indirect or consequential loss, loss of profit, loss of revenue, loss of goodwill, loss of anticipated savings, loss of opportunity, or loss arising from the Customer's publication or operational use of Outputs without appropriate review.
Subject to the first paragraph of this clause, each party's total aggregate liability arising out of or in connection with this Agreement is limited to [the Fees paid or payable in the 12 months before the event giving rise to liability] or [insert monetary cap], whichever is higher/lower as selected in the Order Form.
The parties should review this liability clause with legal advisers and insurers before signature, especially for public-sector, healthcare, safeguarding, regulated-fundraising or large national charity customers.
21. Term and termination
This Agreement continues for the term stated in the Order Form. Either party may terminate for convenience at the end of the then-current term by giving the notice stated in the Order Form.
Either party may terminate immediately by written notice if the other party commits a material breach and fails to remedy it within 30 days of written notice, becomes insolvent, ceases business, or is unable to perform its obligations for a prolonged period.
The Supplier may terminate or refuse renewal if continued provision would create legal, security, operational, reputational or commercial risk that cannot reasonably be mitigated.
22. Consequences of termination
On termination or expiry, the Customer's right to access the Service ends, except for any agreed export or wind-down period in the Order Form.
The Customer remains responsible for exporting Customer Content and Outputs before termination where export functionality is available. The Supplier may delete or anonymise Customer Content in accordance with the DPA and retention statement.
Clauses intended to survive termination will continue, including confidentiality, data protection, payment, intellectual property, liability, governing law and any accrued rights.
23. Changes to the Service or Agreement
The Supplier may update the Service to improve functionality, security, usability, compliance or performance. Material changes that adversely affect the Customer's use during a paid term will be notified where reasonably practicable.
The Supplier may update standard terms for renewals or new orders. Changes to an active signed Order Form require written agreement unless the change is required by law, improves security, or does not materially reduce Customer rights.
24. Publicity and references
Neither party may use the other party's name, logo or case study publicly without prior written consent, except that the Supplier may identify the Customer internally and to professional advisers as necessary to manage the relationship.
Any public case study, testimonial or charity logo use must be agreed separately in writing.
25. General
Neither party may assign this Agreement without the other party's prior written consent, except to an Affiliate or successor in connection with merger, reorganisation or sale of substantially all relevant assets.
Neither party is liable for delay or failure caused by events beyond reasonable control, provided it takes reasonable steps to minimise the impact.
Notices must be given to the contacts stated in the Order Form or any updated notice address notified in writing.
If any provision is invalid or unenforceable, the rest of the Agreement remains effective. No failure to enforce a right is a waiver. This Agreement is the entire agreement about the Service and supersedes prior discussions about that subject matter.
No third party has rights under the Contracts (Rights of Third Parties) Act 1999 unless expressly stated.
26. Governing law and jurisdiction
This Agreement and any dispute or claim arising out of or in connection with it are governed by the law of England and Wales, unless the Order Form states otherwise.
The courts of England and Wales have exclusive jurisdiction, unless the Order Form states otherwise.
Schedule 1: Order Form template
Complete this schedule for each customer order. The signed Order Form should override conflicting details in the main terms.
| Field | Details |
|---|---|
| Customer legal name | [insert] |
| Customer registered charity/company number | [insert if applicable] |
| Customer address | [insert] |
| Primary contact | [name, role, email] |
| Supplier | Intuitus Ltd |
| Service | AudienceLens |
| Subscription / project type | [pilot / annual subscription / project / enterprise / other] |
| Start date | [insert] |
| Initial term | [insert] |
| Renewal | [auto-renewal / renewal by written agreement / no renewal] |
| Authorised Users | [number / named users / fair-use basis] |
| Usage limits | [insert if applicable] |
| Fees | [insert fees] |
| Payment terms | [e.g. 30 days from invoice] |
| VAT | [exclusive/inclusive/not applicable] |
| Support level | [standard / enhanced / custom] |
| Special requirements | [insert] |
| Customer purchase order | [insert if required] |
| Supplier notice contact | [insert] |
| Customer notice contact | [insert] |
Schedule 2: Service Description
AudienceLens helps organisations review and improve communications intended for external audiences. The exact functionality may vary by subscription, project or configuration, but may include:
- uploading or entering draft communications, campaign copy, messaging, audience assumptions or related context;
- analysing content against audience, tone, clarity, accessibility, risk, consistency or messaging criteria;
- generating reports, recommendations, alternative wording, summaries or prompts for editorial review;
- saving projects, versions, outputs and related organisation context where enabled;
- administrative dashboards, user management, usage reporting or support workflows where enabled.
Out of scope unless agreed in writing
- legal, safeguarding, medical, clinical, financial, HR or regulated professional advice;
- automated decisions about individuals with legal or similarly significant effects;
- processing of safeguarding records, health records, criminal-offence data, payment card data, donor financial records, HR files or confidential casework records;
- guaranteed publication outcomes, fundraising outcomes, audience behaviour, campaign performance or stakeholder acceptance;
- bespoke integrations, custom model training, migration, managed editorial review or consultancy unless listed in the Order Form.
Schedule 3: Support and Service Levels
Unless the Order Form states otherwise, standard support is provided during UK business hours, excluding weekends and public holidays in England and Wales.
| Priority | Description | Target acknowledgement | Target response |
|---|---|---|---|
| Critical | Service unavailable for all users or confirmed security incident affecting Customer Content | Acknowledge within [4 business hours] | Restore service or provide workaround as soon as reasonably practicable |
| High | Major feature unavailable with no practical workaround | Acknowledge within [1 business day] | Target fix or workaround within [3 business days] |
| Medium | Degraded functionality or non-critical defect | Acknowledge within [2 business days] | Address in normal maintenance cycle |
| Low | General question, minor issue or feature request | Acknowledge within [3 business days] | Respond or consider for roadmap |
Service-level targets are targets only unless the Order Form expressly states that service credits apply. No service credits are included by default.
Schedule 4: Security Schedule
The Supplier will maintain baseline controls appropriate to a service handling mainly public or pre-publication communications material, account data, logs and incidental personal data. These controls should be completed with actual production details before customer issue.
| Area | Baseline position |
|---|---|
| Access control | Unique accounts for Supplier personnel; least privilege; admin access limited to authorised personnel; MFA where available for cloud/admin services. |
| Configuration | Production services configured securely; unnecessary services disabled; secrets stored outside source code; environment variables or managed secret storage used. |
| Network protection | Production services protected by hosting firewall/security-group controls; public access limited to required ports and endpoints. |
| Patch management | Operating systems, frameworks, dependencies and third-party services reviewed and updated using a risk-based process. |
| Malware protection | Supplier devices used to administer the Service protected by operating-system security controls and malware protection appropriate to the device type. |
| Encryption | TLS used for service access; encryption at rest used where supported by hosting, database, backup and storage providers. |
| Backups | Backups maintained for operational resilience; backup retention and restore testing to be confirmed in the production runbook. |
| Logging and monitoring | Security and operational logs used to support troubleshooting, abuse detection and incident response, subject to retention controls. |
| Incident response | Confirmed security incidents assessed, contained, remediated and notified to affected customers where required. |
| Certification status | Cyber Essentials status: [preparing / certified / certificate number and date]. Do not claim certification until issued. |
Schedule 5: Data and AI Use Schedule
Data categories
- Customer account data: names, work email addresses, roles, organisation details and account settings.
- Customer Content: communications drafts, audience assumptions, campaign context, prompts, uploaded text and similar materials.
- Outputs: reports, scores, recommendations, summaries, alternative wording and generated content.
- Operational data: logs, usage events, security events, support requests, technical metadata and billing/admin records.
- Incidental personal data: personal data included by the Customer in Customer Content or support communications.
Data not intended for the Service
- safeguarding records, beneficiary case files, health or clinical records, criminal-offence data, donor payment details, cardholder data, bank-account data, HR grievance/disciplinary files, secrets or passwords;
- special-category data unless specifically agreed and documented in the Order Form and DPA;
- data subject to sector-specific restrictions that have not been assessed and agreed.
AI provider position
Complete this section with the actual AI/model provider and terms before issue. Suggested customer position:
| Suggested wording AudienceLens may use an AI/model provider to process Customer Content and generate Outputs. Unless expressly agreed otherwise, Intuitus Ltd will not intentionally use Customer Content to train a public foundation model. Provider identity, retention, training position, hosting region and transfer safeguards should be listed in the DPA or subprocessor schedule. |
|---|
Retention summary
| Data type | Default retention position |
|---|---|
| Account data | [for term plus up to 6 years for contract/tax records where required] |
| Customer Content and Outputs | [for active account term, then deletion/anonymisation within defined period after termination] |
| Support records | [up to 24 months after closure unless needed longer for legal/commercial reasons] |
| Security/operational logs | [normally 30-180 days, unless needed for security investigation] |
| Backups | [retained and overwritten in accordance with backup cycle; exact timing TBC] |
Schedule 6: Acceptable Use Policy
The Customer and Authorised Users must not use the Service to:
- break the law, infringe rights, defame, harass, discriminate, threaten or exploit individuals or groups;
- process Sensitive Data unless expressly agreed in writing;
- attempt to gain unauthorised access to systems, accounts, data, networks or models;
- upload malware, exploit code, credentials, secret keys, tokens or unlawful datasets;
- create or optimise deceptive, manipulative, fraudulent or materially misleading communications;
- make automated decisions about individuals with legal or similarly significant effects;
- submit personal data without a lawful basis or required permissions;
- use the Service in a way that could damage, disable, overload or impair Supplier systems;
- resell, white-label or provide bureau access to the Service unless allowed in the Order Form.
Schedule 7: Commercial Terms
Complete the following commercial options in the Order Form or proposal before signature.
| Commercial item | Position |
|---|---|
| Pricing model | [per organisation / per user / project fee / annual subscription / pilot fee] |
| Pilot conversion | [pilot converts to annual subscription unless cancelled / no auto conversion / other] |
| Expenses | [included / pre-approved only / billed at cost] |
| Training/onboarding | [included sessions / chargeable / self-service only] |
| Usage overages | [none / pre-approved / charged at rate card] |
| Renewal uplift | [none / CPI / fixed % / new quote] |
| Termination for convenience | [end of term only / notice period] |
| Data export assistance | [included self-service / chargeable assistance / bespoke] |
| Special customer terms | [insert] |
Schedule 8: Signature blocks
Signed for and on behalf of the Supplier:
| Supplier | Intuitus Ltd |
|---|---|
| Name | [insert] |
| Role | [insert] |
| Signature | |
| Date | [insert] |
Signed for and on behalf of the Customer:
| Customer | [Customer legal name] |
|---|---|
| Name | [insert] |
| Role | [insert] |
| Signature | |
| Date | [insert] |
| Final review checklist before issue Confirm company details, registered office, price, service scope, support commitments, liability cap, subprocessor list, hosting/region, AI/model provider terms, retention periods, security position and Cyber Essentials status before sending this agreement to a customer. |
|---|