Terms & Conditions

Last update: April 16, 2025

1. GENERAL TERMS AND CONDITIONS DIFFLY

1.1 PREAMBLE

DIFFLY provides services (hereinafter referred to as the “Services”), including the use of a SaaS platform (hereinafter referred to as the “DIFFLY Platform”) developed and operated by DIFFLY. The Services are offered to professional clients seeking to enhance their sales performance through the analysis of their strengths and weaknesses with prospects and customers (“Win-loss analysis”).

The DIFFLY Platform is marketed in a SaaS model and has been selected by the Client for use in its professional activities.

The Parties confirm that they have received all necessary information enabling them to understand the nature and scope of the present contractual commitment and that they negotiated in good faith prior to entering into this contract. In particular, the Client acknowledges having reviewed the features of the DIFFLY Platform prior to entering the contract (e.g. presentations, demos, etc.) and having received all the information required to independently assess the suitability of the DIFFLY Platform selected in the Purchase Order for its needs. The Client thus recognizes that DIFFLY has fulfilled its duty to provide advice.

1.2 PURPOSE OF THE CONTRACT

These general terms and conditions (the “General Terms and Conditions”) are intended to specify the terms and conditions of the non-exclusive provision by DIFFLY of the DIFFLY Platform and the related services for the benefit of the Client, for its own needs.

The General Terms and Conditions, together with the Purchase Order, constitute the entire agreement (hereinafter referred to as the “Contract”) governing the relationship between DIFFLY and the Client. In case of any conflict, the Purchase Order shall prevail over the General Terms and Conditions. The Contract shall take precedence over any other document issued by the Parties.

1.3 USE OF DIFFLY SERVICES

1.3.1 Creation of Client Accounts on the Platform

In order to access the DIFFLY Platform, the Client must create a client account (hereinafter referred to as the “Client Account”) and appoint an administrator (hereinafter the “Administrator”). The Client is solely responsible for safeguarding and managing the account credentials.

The Administrator may create specific accounts linked to the Client Account for other users (hereinafter the “Users”), who will have distinct login credentials. It is the Client’s responsibility to ensure that only authorized Users access User Accounts. The Client is liable for all actions carried out through the User Accounts and agrees to promptly notify DIFFLY in the event of the loss or theft of credentials and/or passwords. Under no circumstances can DIFFLY be held liable in this regard.

For the avoidance of doubt, it is specified that Users do not derive any rights from the General Terms and Conditions.

The Client may request the deactivation or deletion of a User Account. Deactivation does not result in the deletion of the User Account. Deletion of the User Account is permanent, and the data contained within the account will be erased.

1.3.2 Performance of the Service

DIFFLY undertakes to provide the services in accordance with industry standards, utilizing its expertise and skills under a best-efforts obligation (obligation of means).

1.3.3 Terms of Use of the Services

  • Means

The Client alone is responsible, at its own expense and under its sole responsibility, for acquiring the technical means (hardware, software, networks, etc.) and the skills necessary to access the Services. DIFFLY shall not be held liable for damages resulting from improper use, including the deletion or entry of incomplete or incorrect data or information.

  • Content

The Client is solely responsible for the content it provides to DIFFLY and/or publishes on the DIFFLY Platform. DIFFLY shall not be held liable for any failure to perform the Services due to the provision of incorrect information by the Client, particularly regarding the contact details of prospects or customers to be contacted.

The Services are designed to be provided to multiple clients and are not personalized or specifically tailored for the Client unless explicitly agreed upon by the Parties.

  • AI-based feature

DIFFLY has integrated into its Platform a feature called Diffly AI, which is based on artificial intelligence. The responses provided by Diffly AI may not be complete, accurate, or up to date, and it is the Client's responsibility to always verify them. DIFFLY shall not be held liable for any errors or omissions in the information provided by Diffly AI, nor for any decisions made by the Client based on such information. DIFFLY expressly disclaims any liability for any direct or indirect damage resulting from the implementation of or reliance on responses generated by Diffly AI.

  • Service Changes

DIFFLY reserves the right to make changes to the Services at any time for the purpose of improvement. If a change could have significant negative impacts on the Client's use of the Services as described in the documentation, DIFFLY will notify the Client whenever possible.

  • Limits

DIFFLY reserves the right to establish reasonable limits on the use and storage of the Services to ensure the stability, legality, availability, scalability, user-friendliness, commercial viability, and responsiveness of the services provided to the Client and other DIFFLY clients. DIFFLY will inform the Client within a reasonable timeframe before implementing such limits.

  • Unauthorized Use

Any fraudulent, abusive, inappropriate, or unauthorized use of the Services may, at DIFFLY’s discretion, constitute grounds for suspending, terminating, or revoking the Client’s right to use the Services or access the DIFFLY Platform. DIFFLY will notify the Client in advance or justify the necessity of immediate action in the event of a violation requiring prompt intervention.

1.3.3 Service Levels - SLA

  • Availability

DIFFLY will make all economically reasonable efforts to ensure that the DIFFLY Platform is available 24/7.
DIFFLY guarantees 99% availability on an annual basis, except in the following cases: (i) the Client uses a version designated as beta; (ii) the Client acts in violation of the General Terms and Conditions or uses the Services in an unintended manner; (iii) the Services downtime was planned by DIFFLY.

  • Incidents

If normal use of DIFFLY Services—unattributable to improper use by the Client, unrelated to internet network issues, and not planned—becomes impossible for more than two (2) consecutive days or fails to meet the availability guarantee, DIFFLY agrees to apply compensatory penalties in favour of the Client. These penalties will take the form of a credit equivalent to 5% of the annual fees on the Client’s next invoice, provided the Client submits a written and justified claim within 7 days following the incident.

In the case of a major anomaly, defined as a widespread malfunction of the DIFFLY Platform relative to its documentation, which is reproducible and not attributable to improper use or modification of the Platform’s access by the Client or any other party, the Client agrees to notify DIFFLY in writing with sufficient detail to facilitate the resolution of the anomaly.

  • Backup and Reversibility

At the end of the Contract, the Client has a period of thirty (30) days to request the extraction of its data, which will be provided in a machine-readable format.

1.4 PRICE AND PAYMENT

The price of the Services is specified in the Purchase Order. DIFFLY may adjust the prices of its Services by up to 5% per year or by the percentage increase of the Syntec index. In such a case, the Client will be informed, and the new prices will apply on the renewal date of the Contract.

The subscription and orders are paid by the Client according to the frequency and terms provided in the Purchase Order, either via a payment service provider or by bank transfer. The total invoice amount must be paid in full upon receipt of the invoice and no later than thirty (30) days thereafter. The Client agrees to update its banking information to prevent any payment failure during the automatic renewal of the Contract.

In the event of non-payment at the due date, DIFFLY may: (i) charge late payment interest on all outstanding amounts until full payment is made, at a rate ten (10) times the legal interest rate in effect on the due date; and/or (ii) charge all recovery costs, including bank fees related to payment rejections, in addition to the statutory recovery fee of €40; and/or (iii) suspend, by operation of law, the Client's access to DIFFLY Services seven (7) days after written notification, which may be sent via email, reminding the Client of the overdue amount and remaining unpaid; and/or
(iv) take any other action without prejudice to potential damages and interest, including the possible termination of the Contract.

Discounts and benefits – DIFFLY may grant discounts or benefits to the Client, particularly when the Client agrees to refer DIFFLY to individuals interested in DIFFLY Services, under the conditions set out in the Purchase Order. In case of the Client’s default, adjustments will be made at the end of the year or offset against the subscription fee for the following year.

Unless otherwise explicitly agreed in writing and signed by both Parties, the Client acknowledges that any benefits offered by DIFFLY at the signing of the first Purchase Order, such as free months or complimentary consultations, will terminate at the end of the Initial Term and will no longer apply to renewed periods of the Contract.

1.5 OWNERSHIP AND INTELLECTUAL PROPERTY

DIFFLY retains ownership of the methods, know-how, and tools it uses to deliver the Services.

The content of the DIFFLY Platform and its documentation, including its general structure, as well as trademarks, designs, models, animated or static images, texts, photographs, logos, graphic charters, software and programs, search engines, databases, sounds, videos, domain names, and any other information therein, are the exclusive property of DIFFLY or its partners or third parties who have granted it a license. These are protected by intellectual property rights as recognized or to be recognized under applicable laws.

The Contract does not transfer or assign any intellectual property rights to the Client or Users, except for a non-exclusive, non-transferable right to use the DIFFLY Platform for its own needs, as specified in the Purchase Order, under the conditions of the Contract, and in accordance with the intended use of the DIFFLY Platform and Services. The Client guarantees compliance with these provisions by the Users.

DIFFLY guarantees the Client against any third-party claims, confirmed by a final decision, arising from infringement or violation of their intellectual property rights. If the Client is notified that it cannot use an element of the DIFFLY Platform or Services without infringing third-party rights, DIFFLY may either replace the concerned element or modify it to eliminate the infringement or other violations.

The Client grants DIFFLY a license to use any content transmitted to DIFFLY as part of the use of the Services, for the purposes of providing and improving the Services.

Right of reference – The Client expressly authorizes DIFFLY to feature it as one of its business references and to use the Client’s name and logo for this purpose on DIFFLY’s official website, as well as in its marketing and commercial materials (e.g. sales presentations, website, brochures).

1.6 CONFIDENTIALITY

"Confidential Information" refers to information identified as such by the inclusion of a "confidential" label, as well as information that is inherently confidential to a Party due to its nature, including but not limited to information related to its business activities, finances, technologies, trade secrets, pricing, methods, know-how, procedures, products, documents, materials, software, and tools. The Contract itself constitutes Confidential Information.

The Parties agree not to disclose the other Party’s Confidential Information to any third party without the prior written consent of the other Party. They also agree to protect such Confidential Information by taking at least the same level of precautions as they would for their own Confidential Information. This obligation applies for the duration of the Contract and for five (5) years after the termination of the Contract. The Parties shall ensure compliance with this obligation by their personnel and any subcontractors involved in the execution of the Contract. Each Party shall delete the other Party's Confidential Information at the end of the Contract, unless otherwise required by law.

The following information shall not be considered Confidential Information: • Information that is or becomes public domain without any fault attributable to the receiving Party; • Information that was known to the receiving Party prior to disclosure, provided that: (i) the receiving Party can prove this through appropriate documentation; (ii) it was not obtained directly or indirectly from the disclosing Party; (iii) neither the receiving Party nor any third party violated a confidentiality obligation or committed any fault; • Information disclosed to the receiving Party by a third party without breaching any confidentiality obligation or committing any other fault; • Information independently developed by the receiving Party without using any Confidential Information of the disclosing Party; • Information required to be disclosed under law, regulation, or a court order, but only to the extent strictly necessary.

1.7 PROTECTION OF PERSONAL DATA

In the context of executing the Contract, each Party undertakes to comply with the applicable regulations concerning the protection of personal data (hereinafter referred to as the "Personal Data Regulation"), including EU Regulation No. 2016/679 (hereinafter "GDPR") and French Law No. 78-17 of January 6, 1978, known as the "Informatique et Libertés" law.

When processing personal data under the Contract (notably for managing contact information or other personal data mentioned in the contractual documents and managing Users), the Parties acknowledge that they act as independent data controllers and independently determine the means and purposes of the processing they perform.

Data subjects may exercise their rights within the limits of the Personal Data Regulation directly with the Party concerned.

For processing the data of Users and the Client’s Prospects or customers, DIFFLY most often acts as a data processor on behalf of the Client, the data controller. The applicable provisions in this context are detailed in the "Personal Data" Appendix.

However, DIFFLY may act as a data controller for purposes related to the improvement and monitoring of the performance of the Services, as described in DIFFLY's Privacy Policy, available on its website.

1.8 EFFECTIVE DATE - TERM

The Contract becomes effective on the date the Purchase Order is signed by the Client unless a specific subscription start date is mentioned in the Purchase Order.

The subscription entered into by the Client is agreed for the duration specified in the Purchase Order. The Contract will then be automatically renewed, by operation of law, for the duration of the Initial Term, unless terminated by either Party with three (3) months' prior notice before the expiration date. Such termination must be notified to the other Party by registered letter with acknowledgment of receipt.

1.9 TERMINATION OF THE CONTRACT AND LIABILITY

Each Party may terminate the Contract in the event of a material breach by the other Party of an essential provision of the Contract, one (1) month after a detailed formal notice remains unanswered. Such notice must be sent to the other Party by registered letter with acknowledgment of receipt. In the event of a termination due to the Client's fault by DIFFLY, such termination will result in the suspension of access to the DIFFLY Platform and Services, without prejudice to claims for damages.

DIFFLY’s obligations and liability are strictly limited to providing the DIFFLY Services as defined in the Purchase Order.

In all cases, the Parties understand and agree that the contractual balance limits any claim for damages to an amount equivalent to the annual amount paid by the Client under the Contract.

Each Party remains solely responsible for and agrees to comply with the regulations applicable to it, including anti-corruption laws. The Client remains solely responsible for any damage caused by itself, by Users, or by prospects to DIFFLY or third parties because of using DIFFLY Services. In the event that the Client uses the Services in violation of applicable laws and regulations, DIFFLY reserves the right to immediately suspend access to the DIFFLY Services.

1.10 MISCELLANEOUS

Good Faith – Each Party undertakes to perform its obligations hereunder in compliance with the laws applicable to it, in good faith, and, in this respect, to respect and refrain from damaging the image of the other Party, particularly on social media, forums, and influential websites. No waiver – The failure of one Party to invoke a breach by the other Party of any of its obligations under this Contract shall not be interpreted as a waiver of the obligation in question. Severability – If one or more provisions of the Contract are deemed invalid or declared as such pursuant to a law, regulation, or a final decision by a competent court, the other provisions shall remain in full force and effect.

1.11 GOVERNING LAW AND JURISDICTION

This Contract is governed by French law.

IN THE EVENT OF A DISPUTE, EXCLUSIVE JURISDICTION IS GRANTED TO THE COURTS WITHIN THE JURISDICTION OF THE PARIS COURT OF APPEAL, NOTWITHSTANDING MULTIPLE DEFENDANTS OR THIRD-PARTY CLAIMS, INCLUDING EMERGENCY PROCEEDINGS OR PROVISIONAL MEASURES, WHETHER BY SUMMARY JUDGMENT OR APPLICATION.

1. APPENDIX – PERSONAL DATA

Each Party undertakes to comply with the Personal Data Regulation.

When acting as the Client’s data processor, DIFFLY undertakes:

(i) to process personal data only on the documented instructions of the Client, in accordance with the Contract, including transfers to a third country or an international organization, unless required to do so under Union law or the laws of the Member State to which it is subject. In such a case, DIFFLY shall inform the data controller of this legal obligation before processing unless the relevant law prohibits such notification on important public interest grounds. Fees may apply for instructions not covered by the Contract, subject to feasibility;

(ii) to ensure that all authorized individuals involved in processing personal data are bound by a confidentiality obligation;

(iii) considering the scope of the Contract and the state of the art, to take all measures required under Article 32 of the GDPR and implement appropriate technical and organizational measures. It is the Client's responsibility to assess the risks of the processing performed by DIFFLY on its behalf and to request additional security measures if necessary; 

(iv) to take into account the nature of the processing and assist the Client, insofar as possible, through appropriate technical and organizational measures, in fulfilling its obligation to respond to requests for the exercise of data subjects' rights;

(v) to inform the Client if, in DIFFLY’s opinion, an instruction constitutes a violation of the Personal Data Regulation;

(vi) to make available to the Client all information necessary to demonstrate compliance with the obligations set out in this clause and to enable the performance of document-based audits. If the document-based audit is unsatisfactory, the Client may, at its own expense, conduct an on-site audit by an independent auditor, provided DIFFLY is notified of the specific purpose of the audit at least fifteen (15) days in advance. DIFFLY agrees to cooperate, provided that the audit does not disrupt its operations and is subject to the following limitations: once (1) per year, with a maximum of two (2) man-days of DIFFLY resources, at the Client's expense. A full copy of the audit report prepared by the auditor shall be provided to DIFFLY simultaneously with the Client; otherwise, the report shall not be enforceable against DIFFLY;

(vii) to assist the Client in ensuring compliance with the obligations under articles 32 to 36 of the GDPR, based on the information available to DIFFLY. In particular, DIFFLY undertakes to notify the Client of any personal data breach within the meaning of the GDPR and Personal Data Regulation as soon as it becomes aware of it;

(viii) to retain personal data processed on behalf of the Client at the end of the Contract if the contractual relationship continues in accordance with the General Terms and Conditions. At the end of the contractual relationship or upon the Client’s request, DIFFLY will delete all data, including backups, unless required to retain them under a legal or regulatory obligation. If the Client wishes for its data to be retained beyond the contractual relationship, a written request must be made to DIFFLY;

(ix) to inform the Client of any transfer of personal data to a third country outside the European Union and to take all measures prescribed by applicable laws and regulations to ensure that such transfer is appropriately safeguarded.

Generally, the Client authorizes DIFFLY to engage subsequent subcontractors solely for the proper execution of the Contract, provided they agree to comply with the terms of this Contract. The list of authorized subcontractors is provided in the Annex to the Contract. In the event of the Client’s objection to a new DIFFLY subcontractor, the Client assumes all consequences and damages resulting from any delay or inability to use the DIFFLY Platform. DIFFLY remains responsible for the non-compliance of its subsequent subcontractors with their obligations.

If the Client requests DIFFLY to assist with matters related to the Personal Data Regulation for processing where the Client acts as the data controller, such services will be subject to feasibility and DIFFLY’s acceptance and will be provided at DIFFLY’s current rates.

Description of processing

- Object and Purpose of Processing

The performance of the Contract involves the processing of personal data by DIFFLY on behalf of the Client. The object and purpose of this processing is to provide DIFFLY Services: the collection and analysis, on behalf of the Client, of qualitative and quantitative feedback data from prospects or customers.

Data processing is carried out through the DIFFLY Platform and includes conducting interviews (surveys and phone calls).

- Duration of Processing

Duration of the Contract + 1 year, extended by any additional data retention request, if applicable.

- Categories of Personal Data Processed

Identification data (name, email address, phone number, postal address)

Professional information (position, company)

User photograph (optional)

Participation in a deal (as supplier or buyer)

For the Client's customers and prospects: in addition to the above, feedback data

- Categories of Data Subjects

Users

Administrators

Prospects contacted on behalf of the Client

Customers contacted on behalf of the Client

- Processing Operations Performed by DIFFLY

To ensure the provision of Services, DIFFLY collects, records, organizes, stores, allows consultation, transmits, and deletes personal data.

DIFFLY subprocessors: List of subprocessors

Security Measures:

The following is a non-exhaustive list of technical and organizational security measures implemented by DIFFLY:

  • User authentication via SSO or credentials using the HTTPS protocol.
  • Data replication.
  • Daily backups.
  • Access control and DIFFLY personnel awareness: data is made accessible through a secure access protocol only to individuals who need to know it and are trained in the proper handling of personal data.
  • Centralized rights management.
  • Encryption of all data in HTTPS during transmission between clients and servers.
  • Encryption of all stored data.
  • Data hosting in France on secure servers certified ISO 27001.
  • Separation of test and production environments.
  • System access protection through AWS rights management policies and implementation of audit logging (logs) retained for six months to identify and archive data access.