Terms of Service

Welcome to ThisOne AI Platform, provided by Hashed Horizon (Hashed Horizon Sp. z o.o.), located at ul. Marszałkowska 1, 00-624 Warsaw, Poland.

Introduction

These Terms of Service ("Terms") govern your access to and use of ThisOne AI Platform, including our website at https://thisone.app, our application programming interfaces, mobile applications, and any related services (collectively, the "Services").

Legal Document Hierarchy: These Terms should be read together with our:

Privacy Policy: Explains how we collect, use, and protect your Personal Data
Cookie Policy: Describes our use of cookies and tracking technologies
Enterprise Addendum: Applies only to Business/Team plan customers (see "Enterprise Customers" section below)
Data Processing Agreement (DPA): Applies only to Business/Team customers who sign a DPA (incorporated via Enterprise Addendum)

In case of conflict, the order of precedence is: (1) Enterprise Addendum (if applicable), (2) DPA (if applicable), (3) Order Form (if any), (4) Privacy Policy for data protection matters, (5) Terms of Service, (6) Cookie Policy.

CRITICAL: AI Features Disclaimer - Accuracy and Limitations

Our Services use artificial intelligence (AI) technology to process your inputs and generate outputs. AI-generated content is NOT guaranteed to be accurate, complete, factually correct, or suitable for any specific purpose.

By using our AI features, you explicitly acknowledge and accept that:

AI Makes Mistakes: AI models can produce incorrect, incomplete, misleading, or nonsensical outputs ("hallucinations")
No Professional Advice: AI outputs are NOT professional advice (legal, medical, financial, etc.) and should NOT be relied upon as such
Bias and Errors: AI may reflect biases present in training data or produce discriminatory, offensive, or inappropriate content
Verification Required: You MUST independently verify all AI-generated content before using it for any important purpose
No Warranties: We make NO warranties about AI accuracy, reliability, completeness, or fitness for any particular use

You are solely responsible for:

Reviewing and verifying all AI-generated content
Determining whether AI outputs are suitable for your intended use
Any consequences of relying on AI-generated content
Compliance with applicable laws when using AI outputs

We are NOT liable for:

Inaccurate, incomplete, or misleading AI outputs
Financial losses from relying on AI-generated content
Professional malpractice or negligence claims related to AI outputs
Copyright infringement by AI-generated content
Harm caused by biased, offensive, or inappropriate AI outputs

For critical decisions (legal, medical, financial, safety-related), always consult qualified professionals—NOT AI.

Acceptance of Terms

By accessing or using our Services, you agree to be bound by these Terms. If you do not agree to these Terms, you may not access or use the Services.

Minimum Age Requirement: You must be at least 18 years old to use our Services. By creating an account, you confirm that you are 18 years or older and agree to these Terms and Conditions. If you are under 18, you may not use the Services.

Enterprise Customers

Important: If you purchase a Business/Team plan or sign an Order Form, our Enterprise Addendum applies and incorporates our Data Processing Agreement (DPA). Otherwise, these consumer Terms govern your use of the Service.

When Enterprise Terms Apply

The Enterprise Addendum applies when you:

Purchase a Business/Team subscription plan, OR
Execute a written Order Form or Enterprise Agreement with Hashed Horizon, OR
Explicitly agree to the Enterprise Addendum during account setup

What Changes for Enterprise Customers

The Enterprise Addendum modifies these consumer Terms by:

Enhanced SLA: 99% uptime target uptime guarantee with Priority support with 4-hour target response time (business hours)
Increased Liability Cap: €1000 per incident (vs. €100 for consumers)
Data Processing Agreement: We act as your Data Processor for end-user data (you are the Controller)
Custom Terms: Negotiable contract terms, custom security, and data handling

How to Activate Enterprise Terms

Self-Service: Upgrade to a Business/Team plan via your account dashboard. The Enterprise Addendum automatically applies upon checkout.
Custom Agreement: Contact support@hashedhorizon.com with subject "Enterprise Agreement Request" to negotiate custom terms and execute an Order Form.

Documentation:

View Enterprise Addendum - Complete enterprise terms
View Data Processing Agreement - GDPR Art. 28 DPA for B2B customers

Note for Consumer Users: If you use ThisOne AI Platform for personal, non-commercial purposes, the Enterprise Addendum does not apply. These standard consumer Terms govern your use.

Changes to Terms

We reserve the right to modify these Terms at any time. We will notify you of material changes by posting the updated Terms on our website and updating the "Last Updated" date above. Your continued use of the Services after such changes constitutes your acceptance of the new Terms.

Contact Information

If you have questions about these Terms, please contact us:

Email: support@hashedhorizon.com
Address: ul. Marszałkowska 1, 00-624 Warsaw, Poland
Company Registration: KRS 0000987654 (Polish National Court Register)
Tax ID: NIP 5272825625

Governing Law and Jurisdiction

Governing Law: These Terms are governed by and construed in accordance with the laws of Poland, without regard to conflict of law principles.

Jurisdiction: Subject to applicable consumer protection laws, any disputes arising from these Terms shall be subject to the jurisdiction of the courts of Poland. EU consumers retain the right to bring proceedings in their country of residence.

Definitions

For the purposes of these Terms, the following definitions apply:

"Account" means the registered user account you create to access certain features of the Services.

"Content" means any text, images, videos, audio, code, data, or other materials that you submit, upload, or generate through the Services.

"AI Services" means the artificial intelligence features provided through ThisOne AI Platform, including but not limited to text generation, image generation, chat completion, and other machine learning-based functionalities.

"Input" means any Content you provide to our AI Services for processing.

"Output" means any Content generated by our AI Services in response to your Input.

"Personal Data" means any information relating to an identified or identifiable natural person, as defined under applicable data protection laws including the General Data Protection Regulation (GDPR).

"Processing" means any operation performed on Personal Data, including collection, storage, use, disclosure, and deletion.

"Data Controller" means Hashed Horizon Sp. z o.o., the entity that determines the purposes and means of Processing Personal Data through the Services.

"Subprocessor" means any third-party service provider engaged by Hashed Horizon to Process Personal Data on our behalf, as listed in our Privacy Policy and outlined below:

Google Cloud AI (Gemini): AI photo conversion and enhancement (Location: EU/USA)
Vercel: Application hosting and CDN (Location: EU)
Neon: PostgreSQL database hosting (Location: EU)
Sentry: Error tracking and crash diagnostics (Location: EU/USA)
Stripe: Payment processing and subscription management (Location: EU/USA)
Apple (App Store / Apple Pay): iOS in-app purchases and Apple Pay transactions (Location: USA)
Google (Play Store / Google Pay): Android in-app purchases and Google Pay transactions (Location: USA)

"Services" means ThisOne AI Platform and all related services, including:

Our website at https://thisone.app
Our mobile applications for iOS and Android
All associated features, content, and functionality

"User," "You," "Your" means any individual or entity accessing or using the Services.

"We," "Us," "Our" means Hashed Horizon Sp. z o.o., operating as Hashed Horizon.

"Intellectual Property Rights" means all patents, copyrights, trademarks, trade secrets, and any other proprietary rights recognized under applicable law.

"Subscription" means the paid plan you select to access premium features of the Services.

"Billing Cycle" means the recurring period for which you are charged for your Subscription (e.g., monthly, annually).

"Effective Date" means the date you first access or use the Services, or the date of the most recent update to these Terms, whichever is later.

Under the General Data Protection Regulation (GDPR), our primary lawful basis for Processing your Personal Data is:

Performance of a Contract (GDPR Art. 6(1)(b) GDPR): Processing is necessary for the performance of our contract with you to provide the Services.

Account Registration and Responsibilities

Account Creation

To access certain features of the Services, you must create an Account. By creating an Account, you represent and warrant that:

Age Requirement: You are at least 18 years of age
Accurate Information: All information you provide is accurate, current, and complete
Legal Capacity: You have the legal capacity to enter into binding contracts
Compliance: You will comply with all applicable laws and these Terms

Age Requirements

Minimum Age

You must be at least 18 years of age to create an Account or use the Services.

Self-Certification: During account registration, you will be asked to confirm that you meet the minimum age requirement. By creating an Account, you represent and warrant that you are 18 or older.

Verification if Suspected: We rely on self-certification, but we may request proof of age (such as government-issued ID) if we have reason to believe an Account is held by someone under 18. Accounts that fail to provide satisfactory proof within 14 days may be suspended or terminated.

Immediate Termination for Misrepresentation: Providing false age information may result in immediate Account termination without notice.

NO IMAGES OF MINORS: Regardless of your age, you may NOT upload, process, or generate any images containing persons under 18 years of age. Violation will result in immediate account termination and may be reported to authorities.

Account Security

You are responsible for:

Password Security: Maintaining the confidentiality of your password and Account credentials
Unauthorized Access: Notifying us immediately of any unauthorized access or security breach
Account Activity: All activities that occur under your Account, whether authorized or not

We will never ask for your password. Any request for your password should be reported to support@hashedhorizon.com immediately.

Account Data Processing

By creating an Account, you consent to our Processing of your Personal Data as described in our Privacy Policy, including:

Identity Data: Name, email address, and contact information
Authentication Data: Encrypted password, session tokens
Usage Data: Inputs, Outputs, and interaction history with AI Services
Payment Data: Billing information processed by our payment processor(s)
Technical Data: IP address, device information, browser type

This Processing is necessary for the performance of our contract with you (GDPR Art. 6(1)(b)).

Data Controller Responsibilities

Hashed Horizon Sp. z o.o. acts as the Data Controller for all Personal Data collected through your Account. We implement appropriate technical and organizational measures to ensure data security, including:

Encryption: All data transmitted over public networks is encrypted using TLS 1.3 or higher
Access Controls: Role-based access controls and multi-factor authentication for administrative access
Regular Audits: Periodic security assessments and penetration testing
Breach Notification: Compliance with GDPR Art. 33-34 breach notification requirements

Account Suspension and Termination

We reserve the right to suspend or terminate your Account if:

You violate these Terms or our Acceptable Use Policy
Your Account is involved in fraudulent or illegal activities
We are required to do so by law or court order
Your Account has been inactive for more than 2 years

Upon termination, you retain the right to request deletion of your Personal Data under GDPR Art. 17 (Right to Erasure). See our Privacy Policy for data retention periods.

You have the right to receive your Personal Data in a structured, commonly used, and machine-readable format and to transmit that data to another service provider. To exercise this right, contact support@hashedhorizon.com with the subject line "Data Portability Request."

We will provide your data in JSON or CSV format within 30 days of your verified request.

Right of Withdrawal (EU Consumers)

Consumers in the European Union have the right to withdraw from this contract within 14 days without giving any reason, in accordance with Directive 2011/83/EU (EU Consumer Rights Directive).

Withdrawal Period

The withdrawal period will expire after 14 days from the day of the conclusion of the contract.

For digital services (such as ThisOne AI Platform), the withdrawal period begins:

For one-time purchases: From the date of contract conclusion (purchase date)
For subscriptions: From the date you first access the service or subscription activation, whichever occurs first

How to Exercise Your Right of Withdrawal

To exercise your right of withdrawal, you must inform us at support@hashedhorizon.com of your decision to withdraw from this contract by way of a clear statement. You may use:

Email: Send an email to support@hashedhorizon.com with the subject line "Withdrawal from Contract"
Clear Statement: Provide any clear written statement of your decision to withdraw
Written Notice: Send written notice to ul. Marszałkowska 1, 00-624 Warsaw, Poland

To meet the withdrawal deadline, it is sufficient for you to send your communication concerning your exercise of the right of withdrawal before the withdrawal period has expired.

Information Required in Your Withdrawal Notice

Please include the following information in your withdrawal notice:

Your full name and email address associated with your account
The date of contract conclusion (purchase date or subscription start date)
A clear statement that you are withdrawing from the contract
(Optional) Reason for withdrawal (not required but helps us improve our Services)

Effects of Withdrawal

If you withdraw from this contract, we shall reimburse to you all payments received from you, including the costs of delivery (with the exception of the supplementary costs resulting from your choice of a type of delivery other than the least expensive type of standard delivery offered by us), without undue delay and in any event not later than 14 days from the day on which we are informed about your decision to withdraw from this contract.

Reimbursement Method

We will carry out such reimbursement using the same means of payment as you used for the initial transaction, unless you have expressly agreed otherwise; in any event, you will not incur any fees as a result of such reimbursement.

Payment Processing: Refunds will be processed to your original payment method within 14 days. Depending on your bank or payment provider, it may take an additional 3-5 business days for the refund to appear in your account.

Loss of Right of Withdrawal for Digital Content

Important: Early Commencement Waiver

Under Article 16(m) of Directive 2011/83/EU, you lose your right of withdrawal if:

You expressly requested that we begin performance of the digital services before the end of the 14-day withdrawal period, AND
You acknowledged that you will lose your right of withdrawal by giving such consent

When Does This Apply?

When you create an account and start using ThisOne AI Platform's digital services (such as AI image generation, cloud storage, or API access), you are expressly requesting immediate performance. By clicking "I Agree" or "Accept Terms" and beginning to use the Services, you:

Consent to immediate performance of the contract
Acknowledge that you lose your right of withdrawal once performance has fully begun
Understand that once you have used the Services, you cannot withdraw from the contract

Exception: Partial Performance

If you withdraw before fully using all the digital content or services provided, you shall pay us an amount which is in proportion to what has been provided until you communicated your withdrawal, in comparison with the full coverage of the contract.

Example: Subscription Services

If you purchase a monthly subscription and use the Services for 5 days before withdrawing:

Withdrawal Period: You are still within the 14-day withdrawal period
Proportional Payment: You must pay for the 5 days of service used (5/30 of the monthly fee)
Refund: You will receive a refund for the remaining unused period (25/30 of the monthly fee)

Example: AI Credits or Usage-Based Services

If you purchase AI credits or usage-based services:

Unused Credits: Full refund for unused credits
Used Credits: No refund for credits already used
Partial Usage: Proportional payment for partially used credit packages

Right of Withdrawal Does Not Apply To

Under Article 16 of Directive 2011/83/EU, the right of withdrawal does not apply to:

Digital content not supplied on a tangible medium where performance has begun with your prior express consent and acknowledgment that you lose your right of withdrawal
Supply of goods or services made to your specifications or clearly personalized (such as custom AI-generated content you have already created and saved)

Additional Consumer Rights

Withdrawal Does Not Affect Other Rights: Your right of withdrawal is in addition to (not instead of) other consumer rights under EU law, including:

Right to a refund for defective digital content (Directive (EU) 2019/770)
Right to compensation for non-conformity with the contract
Right to damages for breach of contract
GDPR rights (right to access, rectification, erasure, data portability)

Questions About Withdrawal?

If you have questions about your right of withdrawal, please contact us:

Email: support@hashedhorizon.com
Data Protection Officer: dpo@hashedhorizon.com (for GDPR-related questions)

Response Time: We will respond to all withdrawal requests within 2 business days and process refunds within 14 days as required by law.

Legal References:

Directive 2011/83/EU (EU Consumer Rights Directive), Articles 9-16
Directive (EU) 2019/770 (Digital Content Directive)
GDPR Art. 17 (Right to Erasure / Right to be Forgotten)

Use of the Services

Grant of License

Subject to your compliance with these Terms, Hashed Horizon grants you a limited, non-exclusive, non-transferable, revocable license to access and use the Services for your personal or internal business purposes.

Acceptable Use Policy

You agree to use the Services in compliance with all applicable laws and regulations. You will NOT use the Services to:

Prohibited Content

Images of Minors: Upload, process, or generate any images containing persons under 18 years of age - ZERO TOLERANCE
Sexually Explicit Content (NSFW): Create, upload, or generate pornographic, sexually explicit, or adult content
Harmful Content: Generate Content that promotes violence, terrorism, child exploitation, or human trafficking
Hateful Content: Create Content that promotes discrimination, harassment, or hatred based on protected characteristics
Deepfakes and Unauthorized Likeness: Generate deepfakes, manipulated media using someone's likeness without consent, or Content designed to deceive or defraud
Non-Consensual Images: Upload or process images of individuals without their consent, including private or intimate images
Privacy Violations: Process Personal Data of others without proper legal basis and consent
Illegal Content: Create, upload, or distribute Content that violates any applicable law or regulation
Intellectual Property Infringement: Violate copyrights, trademarks, or other Intellectual Property Rights

Prohibited Activities

Unauthorized Access: Attempt to access, probe, or test the vulnerability of our systems or breach security measures
Service Disruption: Interfere with or disrupt the Services or servers/networks connected to the Services
Automated Abuse: Use automated systems (bots, scrapers) to access the Services
Reverse Engineering: Reverse engineer, decompile, or attempt to extract source code from our Services
Resale: Resell, redistribute, or make the Services available to third parties without authorization
Resource Abuse: Engage in cryptocurrency mining, denial-of-service attacks, or other resource-intensive abuse

AI-Specific Restrictions

No Jailbreaking: Attempt to circumvent safety filters, content policies, or model limitations
No Model Extraction: Use the Services to train competing AI models or extract model parameters
No Adversarial Testing: Conduct adversarial attacks or prompt injection without prior written authorization
No Automated Decision-Making: Use AI Outputs for consequential automated decision-making affecting individuals (employment, credit, healthcare) without human oversight
No Biometric Surveillance: Use AI Services for mass surveillance, tracking, or social scoring systems

GDPR Art. 22 Compliance: Where AI Outputs are used for automated decision-making with legal or similarly significant effects, you must:

Implement human oversight and review mechanisms
Provide transparency about the automated decision-making process
Allow individuals to contest decisions and request human review

Data Protection Obligations

When using the Services to Process Personal Data, you agree to:

Lawful Basis: Ensure you have a valid lawful basis under GDPR Art. 6 for Processing
Data Minimization: Only Process Personal Data that is necessary for your purposes (GDPR Art. 5(1)(c))
Purpose Limitation: Process Personal Data only for specified, explicit, and legitimate purposes (GDPR Art. 5(1)(b))
Data Subject Rights: Respect individuals' rights under GDPR Art. 15-22 (access, rectification, erasure, etc.)
International Transfers: Ensure appropriate safeguards for cross-border data transfers (GDPR Art. 44-50)

You act as a Data Controller for any Personal Data you Process through the Services. Hashed Horizon acts as a Data Processor on your behalf.

User Warranties and Representations

By using the Services, you warrant and represent that:

Legal Capacity: You have the legal capacity to enter into these Terms and are at least 18 years old
Accurate Information: All information you provide is accurate, current, and complete
Compliance: You will comply with all applicable laws, regulations, and these Terms
Authorized Use: You have the right and authority to use all Content you upload to the Services
No Infringement: Your use of the Services will not infringe any Intellectual Property Rights of third parties
Consent: You have obtained all necessary consents and permissions for Personal Data you Process through the Services
Property Rights: If you upload photographs of interior or exterior spaces:
- You own the property, OR
- You are a tenant with landlord's permission to photograph, OR
- You have explicit written permission from the property owner
You warrant that your use of our Services will not violate any property rights, lease agreements, or privacy expectations of property owners, landlords, neighbors, or third parties.

Consequences of Breach: Any breach of these warranties may result in immediate Account termination and potential legal liability.

Monitoring and Enforcement

We reserve the right to:

Monitor Usage: Monitor your use of the Services for compliance with these Terms
Content Review: Review Content for violations of our Acceptable Use Policy
Suspend Access: Immediately suspend your access if we detect violations
Report Violations: Report illegal activities to law enforcement authorities
Retain Evidence: Preserve evidence of violations as required by law

AI Content Moderation: We use automated systems and human review to detect policy violations in AI Inputs and Outputs. Repeated violations may result in permanent Account termination.

Reporting Violations

If you become aware of any violations of these Terms, please report them immediately to support@hashedhorizon.com with the subject line "Terms Violation Report."

Violations of these Terms may result in civil or criminal liability under the laws of Poland.

Artificial Intelligence Services

AI Services Overview

ThisOne AI Platform provides AI-powered features that use machine learning models to process your Inputs and generate Outputs. Our AI Services are powered by third-party AI providers:

How AI Processing Works

Input Submission: You provide Input (text, images, or other data) to our AI Services
Subprocessor Processing: Your Input is transmitted to our AI Subprocessors for processing
Output Generation: The AI model generates Output based on your Input
Output Delivery: The Output is returned to you through the Services

Cross-Border Data Transfer (GDPR Art. 44-50): Your Input may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States. We ensure appropriate safeguards through:

Standard Contractual Clauses (SCCs): EU Commission-approved data transfer agreements with our Subprocessors
Adequacy Decisions: Transfers to countries recognized by the EU Commission as providing adequate protection
Data Processing Agreements (DPAs): Contractual commitments from Subprocessors to protect Personal Data

Photo Processing and Biometric Data

Photos Are Not Biometric Data: Photos and images you upload to our Services are processed solely for editing, enhancement, and creative purposes. We do NOT use photos for biometric identification or verification purposes.

No Special Category Processing: Your photos are not treated as special category data under GDPR Art. 9. We do not process photos for the purpose of uniquely identifying individuals through facial recognition or other biometric means.

Purpose of Photo Processing:

Image editing and enhancement
Creative transformations and artistic effects
AI-powered image generation
Metadata tagging for organizational purposes (enabled by default)

AI Editing Metadata: We embed non-visual metadata (EXIF/XMP tags) in processed images to indicate AI editing where technically feasible. This metadata:

Is not visible on the image itself (no watermarks or overlays)
May be stripped by platforms when you share images (social media, messaging apps often remove metadata)
Provides transparency about AI use for platforms that preserve metadata
Does not contain identifying information about you

Visible Watermarks: We do NOT apply visible watermarks to your images by default. Visible watermarks will only be applied if:

You explicitly enable watermarking in your account settings, OR
Required by law or regulation in your jurisdiction

Platform Responsibility: When sharing AI-edited images, platforms may strip metadata. You remain responsible for complying with any applicable disclosure requirements for AI-generated or AI-modified content on third-party platforms.

AI Transparency Metadata Disclosure

Proactive Transparency Commitment: To promote transparency and responsible AI use, we may embed technical metadata in AI-generated Outputs to indicate their AI-generated status.

Metadata Implementation

Where technically feasible, we embed non-visible metadata in AI Outputs including:

AI-Generated Status: Flag indicating content was generated or modified by AI
Model Information: AI provider and model used (e.g., "OpenAI GPT-4", "Anthropic Claude", "Google Gemini")
Generation Timestamp: Date and time of AI generation
Service Attribution: ThisOne AI Platform as the service facilitating generation
Content Type: Type of AI operation performed (generation, enhancement, editing)

Technical Format: Metadata is embedded using industry-standard formats:

Images: EXIF/XMP metadata tags (C2PA Content Credentials where available)
Documents: Document properties or embedded XML metadata
Code: Comment headers or file metadata

Non-Intrusive: Metadata is NOT visible on the content itself (no watermarks, overlays, or visible marks) unless you explicitly enable watermarking in your account settings.

Metadata Limitations

Platform Stripping: Third-party platforms (social media, messaging apps, file converters) may strip or remove metadata when you share content. We cannot control how third parties handle metadata.

Optional for Users: You may remove metadata from your AI Outputs for legitimate purposes. However, you must NOT misrepresent AI-generated content as entirely human-created where such disclosure is required by:

Applicable laws or regulations
Professional ethics standards
Platform policies or terms of service
Context where misrepresentation could cause harm (journalism, legal proceedings, academic work)

Future AI Act Compliance

EU AI Act Preparation: This metadata framework is designed to comply with emerging AI transparency requirements under:

EU AI Act (Regulation (EU) 2024/1689) Article 52 - Transparency obligations for AI systems
California AB 2655/AB 2839 - AI-generated content disclosure requirements
Other jurisdictions adopting similar AI transparency mandates

Evolving Standards: As AI transparency standards evolve (e.g., Content Authenticity Initiative, C2PA), we may adopt additional metadata formats or disclosure mechanisms.

Your Responsibilities

Disclosure Obligations: When sharing AI-generated content, you are responsible for:

Complying with platform-specific AI content disclosure requirements
Providing appropriate context when metadata may be stripped
Not misrepresenting AI content as human-created where disclosure is required
Respecting professional and ethical standards in your field

High-Stakes Contexts: For use in journalism, legal proceedings, academic work, or advertising, you must provide clear disclosure of AI generation regardless of metadata preservation.

Transparency under EU AI Act (Regulation (EU) 2024/1689)

AI System Disclosure (Article 52): You are interacting with an artificial intelligence system. This notice is provided to comply with the EU AI Act transparency requirements.

AI System Classification

Our AI Services are classified as limited-risk AI systems under the EU AI Act:

Risk Level: Limited risk (Article 52 - Transparency obligations)
Type: General-purpose AI system for content generation (text, images, code)
Purpose: Photo editing, image enhancement, and creative content generation
NOT High-Risk: We do NOT use AI for biometric identification, emotion recognition, social scoring, or critical infrastructure

AI System Characteristics

How Our AI Works:

Technology: Large language models (LLMs) and diffusion models trained on extensive datasets
Processing: Pattern recognition and statistical inference from training data
Output Generation: Probabilistic generation based on input prompts and learned patterns
Non-Deterministic: Same prompt may produce different results on different occasions

Training Data:

Our AI providers train models on large datasets from diverse sources
Training data may include publicly available content, licensed data, and synthetic data
We do NOT train models on your personal data without explicit opt-in consent

Intended Use:

Creative content generation (images, text, artistic works)
Photo editing and enhancement
Code assistance and completion
Research and experimentation

AI Limitations and Risks

Known Limitations:

Hallucinations: AI may generate plausible-sounding but factually incorrect information
Training Data Bias: Models may reflect biases present in training data
Lack of True Understanding: AI processes statistical patterns, not human comprehension
Context Limits: AI has limited ability to understand nuanced context or complex reasoning
No Real-Time Knowledge: Training data has a cutoff date; AI lacks current information
Copyright Risks: Outputs may inadvertently resemble copyrighted works from training data

Prohibited Uses (to mitigate risks):

Medical diagnosis or treatment recommendations
Legal advice or contract interpretation
Financial advice or investment recommendations
Safety-critical applications (automotive, aviation, infrastructure)
Decisions with legal or similarly significant effects on individuals (without human oversight)

AI System Governance

Design & Development:

Regular testing for accuracy, bias, and safety
Continuous monitoring of AI system performance
Version control and model tracking
Incident response procedures for AI failures

Human Oversight:

Content moderation team reviews flagged outputs
Technical support team monitors system performance
Users maintain full control over AI usage decisions
Appeals process for moderation decisions

Accountability:

Hashed Horizon Sp. z o.o. is the provider responsible for AI system deployment
AI model providers (OpenAI, Anthropic, Google) are technology suppliers
Clear lines of responsibility for AI-related incidents
Compliance monitoring and audit processes

User Control and Transparency

Your Control:

You control what inputs you provide to the AI
You decide which AI-generated outputs to use
You can regenerate or reject unsatisfactory outputs
You can opt out of AI training data usage
You can request deletion of your AI interaction history

Transparency Commitments:

We disclose all AI subprocessors and their privacy policies
We provide clear information about data retention and usage
We publish transparency reports on AI content moderation
We notify you of material changes to AI systems or policies

Reporting AI Issues

If you experience issues with our AI systems (inaccurate outputs, harmful content, bias, or safety concerns), please report them:

Email: support@hashedhorizon.com with subject "AI System Issue"
Response Time: 24-48 hours for safety issues, 5-10 business days for general issues
Incident Tracking: All AI incidents are logged and reviewed

Supervisory Authority Contact: For AI Act compliance questions, you may contact your national AI supervisory authority or the European Artificial Intelligence Board.

Human Oversight and Control (EU AI Act Article 14)

Human-in-the-Loop Principle: Our AI Services are designed with meaningful human oversight:

User Control

You retain full control over AI usage:

Input Control: You decide what information to provide to the AI
Output Review: You must review all AI outputs before use
Regeneration: You can regenerate outputs if unsatisfactory
Rejection: You can reject and delete any AI-generated content
Discontinuation: You can stop using AI features at any time

No Autonomous Decisions: Our AI does not make autonomous decisions with legal or significant effects. All AI outputs are advisory and require your review and approval before use.

Hashed Horizon Oversight

We use automated systems and may employ human oversight at our discretion:

Content Moderation: Automated AI systems moderate content. Human moderators may review ambiguous cases at our discretion
System Monitoring: Technical teams monitor AI performance and safety metrics
Quality Assurance: Periodic review of AI outputs for quality and safety improvements
Incident Response: Critical issues escalated for human decision-making
No Guarantee: We do not guarantee human review of all flagged content or automated decisions

Escalation Procedures: Critical issues (safety threats, legal violations, system failures) are immediately escalated to human decision-makers.

Your Responsibilities for Human Oversight

If you use AI outputs in contexts with legal or significant effects on individuals, you must implement appropriate human oversight, including:

Human review before making decisions based on AI outputs
Competent personnel with authority to override AI recommendations
Procedures to identify and correct AI errors or biases
Meaningful opportunity for affected individuals to contest decisions
Compliance with GDPR Art. 22 (automated decision-making requirements)

Prohibited Fully Automated Use: You may NOT use our AI Services for fully automated decision-making without human oversight in high-stakes contexts (employment, credit, healthcare, law enforcement, education).

AI Safety and Risk Mitigation (EU AI Act Article 9)

Risk Management Commitment: We implement ongoing risk management processes to identify, assess, and mitigate risks associated with our AI systems.

Safety Measures

Technical Safeguards:

Input Filtering: Automated detection of prohibited content (hate speech, violence, CSAM)
Output Filtering: Content safety classifiers to detect harmful or inappropriate outputs
Rate Limiting: Protection against misuse and adversarial attacks
Encryption: End-to-end encryption for data transmission (TLS 1.3)
Isolation: AI processing in isolated environments with security controls

Operational Safeguards:

Continuous Monitoring: Real-time monitoring of AI system performance and safety metrics
Bias Detection: Regular testing for unfair bias and discriminatory outputs
Model Versioning: Controlled rollout of AI model updates with testing
Incident Tracking: Comprehensive logging of AI failures and safety incidents
Regular Audits: Periodic security and safety audits by internal and external teams

Ongoing Safety Improvements

We continuously improve AI safety through:

User Feedback: Analysis of user reports and moderation appeals
Adversarial Testing: Red team exercises to identify vulnerabilities
Research Collaboration: Participation in AI safety research initiatives
Industry Standards: Adoption of emerging AI safety best practices
Regulatory Compliance: Monitoring and compliance with evolving AI regulations

AI Safety Transparency: We may publish reports on AI safety metrics, moderation statistics, and improvement initiatives at https://thisone.app/ai-safety-report when we determine it's appropriate to share information. We do not commit to annual or regular reporting schedules

Incident Response

AI System Failure Procedures:

Detection: Automated monitoring alerts for anomalies and failures
Assessment: Human team evaluates severity and impact
Mitigation: Immediate action to prevent harm (service suspension if necessary)
Communication: Notification to affected users within 24 hours for significant incidents
Root Cause Analysis: Investigation and implementation of corrective measures

User Notification: For incidents affecting your data or AI outputs, we will notify you via email with details of the incident, impact, and remediation steps.

No Professional Advice Disclaimer CRITICAL

AI-Generated Content is Not Professional Advice: Our AI Services are designed for creative, informational, and experimental purposes only. AI outputs do NOT constitute professional advice of any kind.

Specific Disclaimers

NOT Medical Advice

AI outputs about health, symptoms, treatments, or medications are NOT medical advice
Do NOT use AI for medical diagnosis, treatment planning, or prescription decisions
ALWAYS consult qualified healthcare professionals for medical matters
AI may generate medically inaccurate or harmful information

NOT Legal Advice

AI outputs about laws, contracts, or legal matters are NOT legal advice
Do NOT rely on AI for contract drafting, legal interpretation, or compliance guidance
ALWAYS consult licensed attorneys for legal matters
AI lacks understanding of jurisdiction-specific laws and recent legal changes

NOT Financial Advice

AI outputs about investments, trading, or financial planning are NOT financial advice
Do NOT make investment decisions based solely on AI recommendations
ALWAYS consult certified financial advisors or licensed professionals
AI cannot account for your specific financial situation or risk tolerance

NOT Safety-Critical Guidance

Do NOT use AI for safety-critical applications (automotive, aviation, construction, emergency response)
AI lacks real-time awareness and may provide outdated or inaccurate safety information
Disregarding this warning may result in serious injury or death

NOT Professional Engineering or Technical Advice

AI code suggestions may contain security vulnerabilities or bugs
ALWAYS review and test AI-generated code before production use
Do NOT use AI for critical infrastructure, life-safety systems, or security-sensitive applications

Your Responsibility for Verification

You Must Verify All AI Outputs: You are solely responsible for:

Accuracy Verification: Checking facts, data, and claims in AI outputs against reliable sources
Suitability Assessment: Determining whether AI outputs are appropriate for your intended use
Professional Consultation: Seeking advice from qualified professionals when needed
Legal Compliance: Ensuring your use of AI outputs complies with applicable laws and regulations
Risk Assessment: Evaluating potential risks before relying on AI outputs

No Warranties: We make NO warranties regarding the accuracy, completeness, reliability, or suitability of AI outputs for any purpose. See "Disclaimers" and "Limitation of Liability" sections for complete warranty disclaimer.

Prohibited High-Stakes Use Without Human Expertise

You may NOT use AI outputs without qualified human review and approval for:

Medical diagnosis, treatment, or patient care
Legal advice, contract creation, or regulatory compliance
Financial planning, investment advice, or securities trading
Safety-critical systems or infrastructure
Professional engineering or architectural decisions
Any decision with legal or similarly significant effects on individuals

Indemnification: If you use AI outputs for prohibited purposes or without appropriate professional oversight, you agree to indemnify Hashed Horizon Sp. z o.o. for any resulting claims, damages, or liabilities.

Input and Output Ownership

Your Inputs

You retain all Intellectual Property Rights in your Inputs. By submitting Inputs to our AI Services, you grant us and our AI Subprocessors a worldwide, non-exclusive, royalty-free license to:

Process: Use your Inputs to generate Outputs for you
Improve: Analyze Inputs to improve service quality, detect abuse, and enhance safety systems
Comply: Retain Inputs as required by law or legal process

Input Retention: We retain your Inputs for ~30 days to provide the Services. After this period, Inputs containing Personal Data are deleted or anonymized in compliance with GDPR Art. 17.

Your Outputs

Subject to applicable law and these Terms, you own the Output generated in response to your Inputs. However, Outputs may not be unique, and other users may receive similar or identical Outputs.

Output License: We grant you all rights to use, reproduce, distribute, and create derivative works from your Outputs, subject to:

Compliance with Law: Outputs must not be used for illegal purposes
Attribution Restrictions: You may not falsely attribute Outputs to human authorship where disclosure is required by law
Third-Party Rights: Outputs must not infringe third-party Intellectual Property Rights

Output Similarity: Due to the nature of AI models, other users may receive identical or substantially similar Outputs. We do not guarantee that Outputs will be unique.

AI Model Training and Data Usage IMPORTANT

Transparency Commitment: We believe in full transparency regarding how your data may be used for AI training. This section explains whether and how your Inputs and Outputs may be used to train or improve AI models.

Our Data Usage for AI Training

Hashed Horizon Position on AI Training:

WE DO NOT use your Inputs or Outputs to train publicly available AI models WE DO NOT share your data with third parties for their model training purposes WE DO NOT sell or license your data to AI companies for training

What We MAY Use Your Data For (with limitations):

Service Quality Improvements (Aggregated & Anonymized Only)
- Improving our own internal systems and features
- Detecting and preventing abuse, spam, and violations
- Enhancing safety systems and content moderation
- Data Used: Aggregated, anonymized, de-identified data ONLY
- Personal Data: Stripped from all improvement datasets
- Identifiers Removed: All personally identifiable information removed
Legal Compliance & Safety
- Complying with legal obligations, court orders, or law enforcement requests
- Investigating violations of Terms or Acceptable Use Policy
- Protecting against fraud, security threats, or illegal activity
Required Functionality
- Providing the AI Services you explicitly request
- Caching responses for performance optimization (temporary, deleted after 24 hours)
- Debugging and technical support (with your explicit consent)

What We NEVER Do:

Train or fine-tune AI models on your unmodified Inputs or Outputs
Share identifiable data with AI research organizations
Sell training data to third parties
Use your data for advertising or marketing purposes

Third-Party AI Provider Data Usage Policies

Our AI Services rely on third-party AI providers. Here's how each provider handles your data:

Your Rights Regarding AI Training Data

You have the following rights regarding use of your data for AI training:

1. Right to Know

Request: "Is my data being used for AI training?"
Response Time: 30 days
Method: Email support@hashedhorizon.com with subject "AI Training Inquiry"

2. Right to Opt-Out

What It Covers: Opting out of ANY use of your data for model improvement or training
Effect: Your data will be flagged as "NO TRAINING USE" in our systems
Retroactive: Applies to all past and future data
Method: Email support@hashedhorizon.com with subject "AI Training Opt-Out"
Confirmation: You will receive written confirmation within 5 business days

3. Right to Delete Training Data

Request: "Delete any of my data that may have been used for training"
Effect: We will delete or anonymize all your data in improvement datasets
Timeline: 30 days for deletion, 60 days for verification
Method: Email support@hashedhorizon.com with subject "Delete AI Training Data"

4. Right to Access Training Data Policies

Request: "Provide details on your AI training data policies"
Response: We will provide a detailed report of our current practices
Method: Email support@hashedhorizon.com with subject "AI Training Data Policy Request"

5. Right to Data Portability (EU/EEA Users)

GDPR Art. 20: Receive your Inputs and Outputs in machine-readable format
Includes: All AI-generated content associated with your account
Method: Email support@hashedhorizon.com with subject "GDPR Data Portability Request"

Opt-Out Process (Step-by-Step)

To Opt Out of AI Training Data Usage:

Send Email: Email support@hashedhorizon.com
Subject Line: "AI Training Opt-Out"
Body (optional): Include your account email and any specific concerns
Confirmation: We will confirm within 5 business days
Effect: Immediate flag in our systems (processes may take 24-48 hours to propagate)
Ongoing: Opt-out applies to all future data collection

Alternative Method (If Available):

AI Training Data Retention

Default Retention (Without Opt-Out):

Aggregated Data: Indefinitely (anonymized, no Personal Data)
Identifiable Data: NOT used for training
Safety Monitoring: 30-90 days (per subprocessor policies above)

With Opt-Out:

Training Use: Zero retention (immediate deletion from improvement datasets)
Service Provision: Retained only as long as necessary to provide Services
Legal Compliance: Retained only as required by law

Changes to AI Training Policies

Notification of Changes: If we change our AI training data policies:

30-Day Advance Notice: Via email to your registered email address
Opt-Out Window: 30 days to opt out before new policy takes effect
Automatic Opt-Out: If policy becomes MORE permissive and you previously opted out, you remain opted out
Affirmative Consent: If policy becomes significantly different, we may require re-consent

Third-Party AI Research Participation (Opt-In Only)

Occasionally, we may be invited to participate in AI research programs with our AI providers or academic institutions:

Participation is ALWAYS Opt-In:

NOT Automatic: You are NEVER enrolled without explicit consent
Separate Consent: Requires separate consent form with full disclosure
Clear Benefits: We explain what research is for and how data will be used
Revocable: You can withdraw consent at any time

We Will Never:

Enroll you in research programs without consent
Share identifiable data with researchers without anonymization
Allow third parties to use your data beyond stated research purpose

Contact for AI Training Questions

For questions about AI training data usage:

Email: support@hashedhorizon.com
Subject Lines:
- "AI Training Inquiry" (general questions)
- "AI Training Opt-Out" (opt out of training use)
- "Delete AI Training Data" (deletion request)
- "AI Training Data Policy Request" (detailed policy documentation)

Response Time: 5-10 business days for inquiries, 24-48 hours for opt-out confirmations

AI Accuracy and Limitations

No Warranties: AI-generated Outputs may contain inaccuracies, errors, or misleading information. We do not guarantee that Outputs will be:

Accurate: Factually correct or up-to-date
Complete: Comprehensive or include all relevant information
Suitable: Appropriate for your specific purpose or use case
Original: Free from similarity to existing copyrighted works

Your Responsibility: You are solely responsible for:

Verification: Verifying the accuracy and suitability of Outputs before use
Human Review: Implementing human oversight for consequential decisions
Legal Compliance: Ensuring Outputs comply with applicable laws and regulations
Third-Party Rights: Respecting Intellectual Property Rights and privacy rights

AI Output Advisory Notice: AI-generated Outputs are advisory only and do not constitute automated decision-making under GDPR Art. 22. All AI Outputs require human review and validation before use in any decision-making context.

Human-in-the-Loop: You are responsible for implementing appropriate human oversight when using AI Outputs for decisions that have legal or similarly significant effects on individuals.

You may NOT use our AI Services for:

High-Risk Applications

Critical Infrastructure: Operation of critical infrastructure (energy, transportation, water) without adequate safeguards
Law Enforcement: Biometric identification, predictive policing, or risk assessments without human oversight
Employment Decisions: Automated hiring, firing, or performance evaluation without human review
Credit Decisions: Credit scoring or loan approval without human oversight and GDPR Art. 22 compliance
Healthcare Diagnosis: Medical diagnosis, treatment decisions, or prescription without licensed healthcare professional review
Education Assessment: Automated student evaluation with significant consequences without human oversight
Social Scoring: Systems that evaluate or classify individuals based on behavior, social status, or personal characteristics

Prohibited Biometric Processing

Mass Surveillance: Real-time remote biometric identification in publicly accessible spaces
Emotion Recognition: Workplace or educational emotion recognition systems without explicit consent
Biometric Categorization: Inferring sensitive attributes (race, religion, sexual orientation) from biometric data

Where you use AI Outputs for automated decision-making with legal or similarly significant effects on individuals, you MUST:

Provide Notice: Inform individuals that automated decision-making is being used
Obtain Consent: Obtain explicit consent or demonstrate another lawful basis under GDPR Art. 22(2)
Enable Human Review: Implement meaningful human oversight and the ability to contest decisions
Explain Decisions: Provide meaningful information about the logic, significance, and consequences

Content Moderation and Safety

We employ automated content moderation systems to detect and prevent:

Illegal Content: Child sexual abuse material (CSAM), terrorist content, illegal drugs
Harmful Content: Violence, hate speech, harassment, self-harm
Malicious Use: Phishing, malware generation, disinformation campaigns
Privacy Violations: Attempts to extract Personal Data or generate non-consensual intimate imagery

Moderation Process:

Automated Filtering: AI-based content filters analyze Inputs and Outputs in real-time
Moderation Review: Flagged Content may be reviewed by moderators at our discretion
Appeals: DSA-required appeals (EU users, VLOP status) handled per statutory requirements. Other appeals at our discretion

Content Moderation Transparency: We may publish transparency reports on content moderation activities at https://thisone.app/transparency when published. Frequency is at our discretion with no fixed schedule. If we become subject to DSA transparency requirements (45M+ monthly EU users), we will comply with statutory reporting obligations.

Data Subject Rights for AI Processing

Under GDPR Art. 15-22, you have the right to:

Access: Obtain information about what Personal Data is Processed through AI Services (GDPR Art. 15)
Rectification: Correct inaccurate Personal Data (GDPR Art. 16)
Erasure: Request deletion of Personal Data after the retention period (GDPR Art. 17)
Restriction: Restrict Processing in certain circumstances (GDPR Art. 18)
Portability: Receive Personal Data in machine-readable format (GDPR Art. 20)
Objection: Object to Processing based on legitimate interests (GDPR Art. 21)
Automated Decision-Making: Not be subject to solely automated decisions with significant effects without human oversight (GDPR Art. 22)

To exercise these rights, contact our Data Protection Officer at dpo@hashedhorizon.com.

AI Subprocessor Changes

We may add or change AI Subprocessors to improve the Services. We will:

Provide Notice: Notify you of material Subprocessor changes at least 30 days in advance
Allow Objection: Give you the opportunity to object to new Subprocessors
Enable Migration: Provide reasonable assistance to migrate away if you object

Current AI Subprocessors are listed in the Definitions section and our Privacy Policy.

EU AI Act Transparency (Article 52)

EU AI Act Compliance Declaration

Hashed Horizon complies with Regulation (EU) 2024/1689 (the "EU AI Act"), particularly Article 52 regarding transparency obligations for AI systems.

Article 52(1): AI-Generated Content Disclosure

Transparency Requirement: Users of AI systems that generate or manipulate image, audio, or video content resembling existing persons, objects, places, entities, or events must disclose that the content is artificially generated or manipulated.

Our Commitment: When you use ThisOne AI Platform to generate or manipulate images:

Automatic Disclosure: All AI-generated or AI-manipulated images are automatically marked with:
- Metadata: EXIF/IPTC metadata tags identifying AI processing (non-visual, embedded in file)
- No Visible Watermarks: We do NOT apply visible watermarks by default to preserve image quality
- Optional Watermarking: You can enable visible watermarks in account settings if desired
User Responsibility: YOU are responsible for:
- Disclosing that content is AI-generated when sharing publicly (EU AI Act Article 52 requirement)
- Maintaining metadata unless technically infeasible (note: many platforms strip metadata)
- Complying with platform-specific AI disclosure requirements (Instagram, TikTok, etc.)
- Not using AI-generated content to deceive or mislead others

Article 52(3): Synthetic Content ("Deep Fake") Disclosure

Deep Fake Definition: Content that resembles existing persons, objects, places, or events that could falsely appear authentic.

Prohibited Uses: You may NOT use ThisOne AI Platform to:

Identity Deception: Create images impersonating real individuals without consent
Misleading Context: Generate content designed to deceive about authenticity
Non-Consensual Imagery: Create or manipulate images of identifiable individuals without consent
Political Manipulation: Generate deceptive content related to elections, public figures, or political events
Fraud: Create synthetic identity documents, credentials, or authentication materials

Required Disclosure: If you generate content resembling real persons or events:

Clear Labeling: Label content as "AI-Generated" or "Synthetic"
Prominent Placement: Disclosure must be clear, conspicuous, and unambiguous
Platform Compliance: Follow platform-specific deepfake disclosure rules
Good Faith: Do not undermine disclosure through technical means

Photo/Image Processing Transparency

ThisOne AI Platform processes user-uploaded photos and images that may contain biometric data (facial features, body characteristics). Under GDPR Art. 9, biometric data is a special category of personal data requiring explicit consent and additional safeguards.

What We Process:

User-Uploaded Photos: Images you submit for AI enhancement, generation, or manipulation
Facial Features: Visual characteristics in photos (for enhancement, NOT identification)
Body Characteristics: Physical attributes visible in images (for enhancement purposes only)

What We DO NOT Do:

Biometric Identification: We do NOT use biometric data to identify individuals
Biometric Categorization: We do NOT infer sensitive attributes (race, religion, sexual orientation, etc.)
Biometric Authentication: We do NOT use biometric data for user verification
Biometric Surveillance: We do NOT track individuals across multiple images or sessions
Training Data: We do NOT use your uploaded images to train AI models (see AI Model Training section)

Your Consent:

By uploading images containing biometric data, you provide explicit consent under GDPR Art. 9(2)(a) for:

Processing images for the specific AI service you requested (enhancement, generation, editing)
Transmitting images to our AI subprocessors for processing (with contractual safeguards)
Temporary retention for service delivery (maximum ~30 days)

You may withdraw consent at any time by:

Deleting your images from the service
Contacting support@hashedhorizon.com with subject "Withdraw Biometric Consent"
Using the "Delete My Images" feature in your account settings (if available)

Image Retention and Deletion

Automatic Deletion Policy:

Uploaded Images: Retained for ~30 days after upload, then automatically deleted
AI-Generated Outputs: Retained for ~30 days (if you save them), then deleted
Processing Cache: Cleared after 24 hours (temporary processing only)
Deletion Verification: You can verify deletion by requesting a data access report (GDPR Art. 15)

Manual Deletion: You can delete images immediately at any time:

During Upload: Cancel upload before submission
After Processing: Use "Delete Image" button in your gallery/history
Bulk Deletion: Contact support@hashedhorizon.com for account-wide image deletion
Account Closure: All images deleted within 30 days of account termination

Data Minimization Principle (GDPR Art. 5(1)(c)): We retain images only for the minimum time necessary to provide the service and comply with legal obligations.

AI System Classification (EU AI Act Annex III)

Risk Classification: ThisOne AI Platform's photo/image AI system is classified as LIMITED RISK under the EU AI Act:

NOT High-Risk: Our AI system does NOT fall under Annex III high-risk categories:
NOT used for biometric identification or categorization
NOT used for critical infrastructure operation
NOT used for employment, education assessment, or credit decisions
NOT used for law enforcement or migration management
Limited Risk - Article 52 Applies: Our AI generates synthetic content (images), requiring:
Transparency disclosure (Article 52(1))
Deep fake prevention and disclosure (Article 52(3))
Clear labeling of AI-generated content
User responsibility for disclosure when sharing content

Compliance Measures:

Automatic metadata tagging (EXIF/IPTC) identifying AI processing (non-visual)
Optional visible watermarking (user-enabled in account settings)
User education on disclosure obligations (EU AI Act Article 52)
Prohibited use cases enforcement (deep fakes, identity theft, impersonation)
Human oversight for flagged content

AI Transparency and Explainability

How Our AI Works (Simplified Explanation):

Input Analysis: Your uploaded image is analyzed for visual features (colors, shapes, objects, composition)
AI Model Processing: Machine learning models transform, enhance, or generate new content based on your instructions
Output Generation: The AI produces enhanced or new images following your specified parameters
Quality Assurance: Automated safety filters check for prohibited content (CSAM, violence, hate imagery)

Model Information:

AI Providers:
Model Types: Generative AI (diffusion models, GANs), image enhancement neural networks
Training Data: Models trained on publicly available, licensed image datasets (NOT your user data)
Decision Logic: Probabilistic generation based on learned patterns, text prompts, and image inputs

Limitations and Risks:

Accuracy: AI may generate unrealistic or inaccurate features
Bias: Models may reflect biases present in training data
Copyright: Generated images may inadvertently resemble copyrighted works
Harmful Content: Despite filters, AI may occasionally produce inappropriate content

Your Responsibilities When Using Photo AI

When using ThisOne AI Platform's photo/image AI features, you are responsible for:

YOU MUST: Obtain consent from individuals whose biometric data (faces, bodies) appears in uploaded images:

If uploading photos of others, ensure you have their permission
Do not upload images of minors without parental/guardian consent
Do not upload images obtained without consent (scraped, stolen, leaked)

2. AI-Generated Content Disclosure

YOU MUST: Disclose AI generation when sharing content publicly:

Label content as "AI-Generated" or "Created with AI" when posting to social media
Do not present AI-generated content as authentic photography
Maintain embedded metadata where technically feasible (note: many platforms strip metadata)
Follow platform-specific AI disclosure requirements (Instagram, TikTok, Facebook, etc.)

3. Prohibited Content Generation

YOU MUST NOT:

Create non-consensual intimate imagery (NCII) or deepfake pornography
Generate images to impersonate real individuals for deceptive purposes
Create fake identity documents, licenses, or official credentials
Produce misleading political content or election disinformation
Generate content depicting illegal activities or CSAM

4. Intellectual Property Respect

YOU MUST:

Respect copyright and trademark rights when generating images
Not use AI to replicate distinctive artistic styles without permission
Not generate images infringing on third-party IP rights
Verify you have rights to use uploaded images as inputs

5. Compliance with Local Laws

YOU MUST: Comply with applicable laws in your jurisdiction:

EU AI Act (if in EU/EEA)
Digital Services Act (DSA) transparency requirements
National deepfake and synthetic media laws
Advertising disclosure laws (if using AI for commercial content)

Enforcement: Violation of these responsibilities may result in:

Content removal and account suspension
Reporting to law enforcement (for illegal content)
Cooperation with legal proceedings
Termination of service access

Contact for EU AI Act Compliance Questions

For questions about EU AI Act compliance, biometric data processing, or AI transparency:

Email: dpo@hashedhorizon.com
Subject Lines:
- "EU AI Act Compliance Inquiry"
- "Biometric Data Processing Question"
- "AI Transparency Request"
- "Withdraw Biometric Consent"

Response Time: 30 days for compliance inquiries (GDPR Art. 12(3))

User Content and Intellectual Property

Your Content Ownership

You retain all Intellectual Property Rights in the Content you create, upload, or submit to the Services ("Your Content"). We do not claim ownership of Your Content.

AI-Generated Content Ownership and Rights

Ownership of AI Outputs

You Own AI-Generated Content: Subject to these Terms and applicable law, you own all rights to the content generated by our AI Services in response to your inputs ("AI Outputs"). This ownership model aligns with the terms of our AI providers (OpenAI, Anthropic, Google Cloud AI).

Rights Granted to You: We grant you the following rights to AI Outputs you generate:

Use: Use AI Outputs for any lawful purpose
Reproduce: Copy and reproduce AI Outputs without restriction
Distribute: Share, publish, or distribute AI Outputs
Modify: Edit, adapt, or create derivative works from AI Outputs
Commercialize: Use AI Outputs in commercial projects and products

No Royalties: These rights are granted to you royalty-free and without additional compensation to Hashed Horizon or our AI providers.

Important Limitations and Disclaimers

1. Training Data Overlap

Disclaimer: AI Outputs may contain elements derived from AI models' training datasets. While you own the specific AI Output generated for you:

Training Data Sources: AI models are trained on vast datasets that may include publicly available content, licensed materials, and synthetic data
Pattern Recognition: AI generates content by recognizing patterns in training data, not by "creating" in a human sense
Inadvertent Similarity: AI Outputs may inadvertently resemble content from training datasets
No Guarantees: We cannot guarantee that AI Outputs are free from similarity to pre-existing works

What This Means: While you own the AI Output, it may share characteristics or similarities with content the AI model was trained on. This is an inherent limitation of current AI technology.

2. Non-Exclusivity and Similarity

AI Outputs Are Not Exclusive: Due to the probabilistic nature of AI systems:

Other Users May Receive Similar Outputs: Multiple users providing similar prompts may receive identical or substantially similar AI Outputs
Same Prompt, Different Times: You may receive different outputs for the same prompt on different occasions
Determinism Not Guaranteed: AI output generation is non-deterministic

No Exclusivity Guarantee: We do NOT guarantee that:

Your AI Output is unique or original
Other users will not receive the same or similar outputs
The AI Output has not been or will not be generated for others

3. Third-Party Rights and Copyright Risks

Your Responsibility to Verify: Before using AI Outputs, especially for commercial purposes, you are responsible for:

Copyright Clearance: Verifying that AI Outputs do not infringe third-party copyrights
Trademark Review: Ensuring AI Outputs do not misuse trademarks or brand identities
Publicity Rights: Confirming AI Outputs do not violate individuals' publicity or privacy rights
Independent Legal Review: Consulting legal counsel for high-stakes or commercial uses

Known Copyright Risks: AI systems may:

Generate content that resembles copyrighted works (inadvertently learned from training data)
Reproduce distinctive styles associated with specific creators
Include elements that may be subject to copyright protection

Our Position: We do NOT warrant that AI Outputs are free from third-party intellectual property rights. You assume all risk and liability for verifying clearance before use.

4. Prohibited Misrepresentation

You may NOT misrepresent AI-Generated Content as:

Human-Created: Falsely claiming AI Outputs are entirely human-created (where disclosure is required by law or professional ethics)
Authentic Media: Representing AI-generated images, videos, or audio as authentic recordings (deepfakes)
Your Original Creation: Claiming copyright in AI Outputs where AI generation is material to the work
Endorsements: Creating AI-generated content that falsely implies endorsements or affiliations

Transparency Requirement: In contexts where misrepresentation could cause harm (journalism, academic work, legal proceedings, advertising), you must disclose AI generation.

Alignment with AI Provider Terms

Our AI ownership approach mirrors the terms of our underlying AI providers:

OpenAI Terms (effective March 1, 2023):

Users own output they generate using OpenAI Services
OpenAI assigns to users all rights, title, and interest in output
Subject to similar non-exclusivity and similarity disclaimers

Anthropic Terms:

Users own the outputs Claude generates in response to their inputs
Subject to technical limitations regarding uniqueness

Google Cloud AI Terms:

Users retain ownership of outputs generated by AI services
Google does not claim ownership of customer-generated content

Consistency: By mirroring these terms, we ensure consistency across the AI ecosystem and avoid conflicting ownership claims.

Indemnification for AI Output Use

Your Indemnification Obligation: You agree to indemnify, defend, and hold harmless Hashed Horizon Sp. z o.o., our AI providers, and our respective officers, directors, employees, and agents from any claims, damages, losses, liabilities, and expenses (including reasonable attorneys' fees) arising from or relating to:

Your use of AI Outputs in violation of third-party intellectual property rights
Your misrepresentation of AI Outputs as human-created or authentic media
Your failure to verify AI Output accuracy or suitability for your intended use
Your violation of applicable laws or regulations using AI Outputs
Claims alleging misuse of a person's likeness, personality rights violations, privacy violations, publicity rights violations, or failure to obtain necessary consents or model releases from identifiable individuals in your Content or AI Outputs

Scope: This indemnification obligation survives termination of these Terms and applies even after you cease using the Services.

AI Output Best Practices

Recommendations for Safe Use:

Review and Edit: Always review AI Outputs and make meaningful edits before use
Fact-Check: Verify factual claims in AI Outputs against authoritative sources
Copyright Search: For commercial use, conduct copyright searches for similar content
Disclosure: When appropriate, disclose AI assistance in content creation
Human Review: Implement human oversight for high-stakes or professional use
Legal Consultation: Seek legal advice for significant commercial or legal uses

High-Risk Uses: For uses with significant legal, financial, or reputational risk, we strongly recommend obtaining legal clearance and indemnity insurance.

License Grant to Hashed Horizon

By submitting Your Content to the Services, you grant Hashed Horizon a limited, worldwide, non-exclusive, non-transferable, royalty-free license to:

Host and Store: Store Your Content on our servers and cloud infrastructure
Display: Display Your Content to you and authorized users you designate
Process: Process Your Content solely for the purpose of providing the Services you requested, including:
- Generating AI Outputs based on Your Content
- Performing backups and disaster recovery
- Detecting abuse, fraud, and security threats
- Complying with legal obligations and court orders
Transmit to Subprocessors: Transmit Your Content only to our authorized Subprocessors (listed in our Privacy Policy) for the specific purposes above, under contractual obligations to protect Your Content

License Limitations:

NOT for commercial use: We do NOT use Your Content for our own commercial purposes, advertising, or marketing
NOT transferable: We do NOT sell, license, or transfer Your Content to third parties (except authorized Subprocessors under contract)
NOT for training: We do NOT use Your Content to train publicly available AI models (see AI Model Training section)
NOT perpetual: This license applies ONLY while you use the Services and for the limited retention periods stated in our Privacy Policy

License Termination: This license ends when you delete Your Content from the Services, except where retention is required by law or for legitimate purposes (e.g., backup retention for up to 12 months after account closure, legal compliance).

Content Representations and Warranties

By submitting Your Content, you represent and warrant that:

Ownership: You own or have the necessary rights to submit Your Content
No Infringement: Your Content does not infringe any third-party Intellectual Property Rights
Legal Compliance: Your Content complies with all applicable laws and regulations
No Harm: Your Content does not contain malicious code, viruses, or harmful materials
Privacy Compliance: If Your Content includes Personal Data of others, you have obtained proper consent and lawful basis under GDPR Art. 6
Likeness and Consent: You have obtained all necessary consents, model releases, and authorizations from any identifiable person in your photos or Content, and your uploads do not infringe personality rights, privacy rights, or publicity rights of any individual
Property Rights: If your Content includes images of private property (homes, buildings, interiors), you have obtained all necessary permissions from property owners, tenants, or authorized representatives to photograph and process such property

Violation Consequences: If you breach these warranties, you agree to indemnify Hashed Horizon for any damages, losses, or legal costs arising from such breach.

User Indemnification Obligations

You agree to defend, indemnify, and hold harmless Hashed Horizon Sp. z o.o., our officers, directors, employees, agents, affiliates, and Subprocessors from and against any and all claims, damages, obligations, losses, liabilities, costs, debts, and expenses (including but not limited to attorney's fees) arising from:

Intellectual Property Infringement: Your Content's infringement of any third-party copyright, trademark, patent, trade secret, or other intellectual property right
Likeness and Personality Rights: Misuse of a person's likeness, image, voice, or other personality rights, including right of publicity and privacy violations
Property Rights: Unauthorized photography, trespass, or invasion of property rights claims related to your Content
Failure to Obtain Consent: Your failure to obtain necessary consents, model releases, property permissions, or other authorizations required for your Content
Violation of Terms: Your breach of these Terms of Service, Privacy Policy, or Acceptable Use Policy
Misrepresentation: Your violation of the warranties and representations in the "Content Representations and Warranties" section
Third-Party Harm: Any harm, loss, or damage to third parties resulting from your use of the Services or your Content

Scope: This indemnification obligation:

Survives termination of these Terms
Applies to claims brought during and after your use of the Services
Includes costs of investigation, litigation, settlement, and judgment
Requires you to cooperate with our defense of any such claims

No Waiver: Our failure to enforce this indemnification provision does not waive our right to seek indemnification for future claims.

If Your Content contains Personal Data:

Your Role as Data Controller

When you submit Content containing Personal Data of others, you act as the Data Controller and are responsible for:

Lawful Basis: Ensuring you have a valid lawful basis under GDPR Art. 6 to Process that Personal Data
Data Subject Rights: Honoring individuals' rights under GDPR Art. 15-22 (access, rectification, erasure, etc.)
Transparency: Providing individuals with privacy notices as required by GDPR Art. 13-14
Data Minimization: Only including Personal Data that is necessary for your purposes (GDPR Art. 5(1)(c))

Our Role as Data Processor

Hashed Horizon acts as a Data Processor when Processing Personal Data within Your Content. We:

Follow Instructions: Process Personal Data only on your documented instructions
Implement Security: Maintain appropriate technical and organizational security measures (GDPR Art. 32)
Assist with Rights: Provide reasonable assistance to help you respond to data subject requests
Enable Audits: Allow you to audit our Processing activities upon reasonable notice
Report Breaches: Notify you of any Personal Data breaches without undue delay (GDPR Art. 33)

Data Processing Agreement (DPA)

Our Data Processing Agreement is available and is incorporated into these Terms by reference. The DPA includes:

Standard Contractual Clauses (SCCs) for international data transfers
Subprocessor list and change notification procedures
Security measures and breach notification obligations
Data subject rights assistance procedures

Content Moderation and Removal

We reserve the right to:

Review Content: Review Your Content for compliance with these Terms and applicable laws
Remove Content: Remove Content that violates our Acceptable Use Policy
Suspend Access: Suspend your Account if you repeatedly violate content policies
Report Violations: Report illegal Content to law enforcement authorities
Preserve Evidence: Retain copies of removed Content as required by law

Content Removal Decisions: Content removal decisions are final. We are not obligated to provide explanations or accept appeals.

DSA Appeal Rights (EU users only): If you are an EU user and we are subject to DSA appeal requirements (Very Large Online Platform with 45M+ monthly EU users), you may appeal content removal decisions by contacting support@hashedhorizon.com with subject "DSA Appeal". Otherwise, appeals are handled at our discretion.

Repeated Violations: Accounts with multiple content violations may be permanently suspended without notice or appeal rights.

Third-Party Content and Links

The Services may display or link to third-party content, websites, or services. We do not:

Endorse: Endorse or recommend third-party content
Control: Control or take responsibility for third-party content
Warrant: Make any warranties about third-party content accuracy or safety

Your use of third-party content is at your own risk and subject to their respective terms and privacy policies.

Intellectual Property Infringement

DMCA Compliance (U.S. Users)

DMCA Compliance: Hashed Horizon complies with the Digital Millennium Copyright Act (DMCA), 17 U.S.C. § 512.

Safe Harbor Status: Our DMCA agent is NOT yet registered with the U.S. Copyright Office. We are in the process of completing registration. Until registration is complete, we do not have DMCA safe harbor protection.

Designated DMCA Agent: Send DMCA copyright infringement notices to:

Legal Department Hashed Horizon Sp. z o.o.

U.S. Service Address (for legal notices): ul. Marszałkowska 1, 00-624 Warsaw, Poland

Email: dmca@hashedhorizon.com Phone: +48-22-000-0000

DMCA Notice Requirements: If you believe content on our Services infringes your copyright, your DMCA notice must include:

Signature: Physical or electronic signature of the copyright owner or authorized agent
Identification of Work: Description of the copyrighted work claimed to be infringed
Location: URL or specific location of the infringing material on our Services
Contact Information: Your name, address, phone number, and email address
Good Faith Statement: Statement that you have a good faith belief the use is not authorized by the copyright owner, agent, or law
Accuracy Statement: Statement under penalty of perjury that the information in the notice is accurate and you are authorized to act on behalf of the copyright owner
Notifying Party: Your name and title (if acting as agent)

Response Time: We will respond to valid DMCA notices within 24-72 hours by removing or disabling access to the allegedly infringing content.

Counter-Notification: If your content was removed due to a DMCA notice and you believe the removal was erroneous, you may submit a DMCA counter-notification to our DMCA agent including:

Your physical or electronic signature
Identification of the removed content and its prior location
Statement under penalty of perjury that content was removed by mistake or misidentification
Your contact information and consent to jurisdiction in federal court
Statement that you consent to service of process from the complaining party

Restoration: If we receive a valid counter-notification, we will forward it to the complaining party and restore the content within 10-14 business days unless the complaining party files a court action seeking an injunction.

Repeat Infringer Policy: We terminate accounts of users who are repeat copyright infringers in accordance with DMCA § 512(i).

For EU users, we comply with the Copyright Directive (2019/790/EU) Article 17 requirements:

Best Efforts: Make best efforts to obtain authorization from rightholders
Content Recognition: Implement content recognition technologies to prevent unauthorized uploads
Notice and Action: Provide mechanisms for rightholders to notify us of infringements
Stay Down: Ensure notified content stays down after removal

Counter-Notification: If your Content was removed due to a copyright claim and you believe the removal was erroneous, you may submit a counter-notification to support@hashedhorizon.com.

Content Backup and Retention

We automatically backup Your Content to ensure service reliability. Our backup retention policy:

Active Backups: Retained for up to 90 days
Archived Backups: Retained for up to 12 months after account closure

After you delete Your Content, it may remain in backups for the periods above. Backups containing Personal Data are deleted or anonymized at the end of the retention period in compliance with GDPR Art. 17.

User-Generated Content Responsibilities

If the Services allow you to share Content publicly or with other users, you are solely responsible for:

Content Accuracy: Ensuring Your Content is accurate and not misleading
Legal Compliance: Complying with all applicable laws (defamation, privacy, intellectual property)
Consent: Obtaining consent from individuals before sharing their Personal Data or images
Consequences: Any consequences arising from Your Content shared publicly

Hashed Horizon is not liable for user-generated content shared through the Services.

Platform Immunity (United States Users)

Section 230 Protection: Under the Communications Decency Act, 47 U.S.C. § 230 ("Section 230"), Hashed Horizon operates as an interactive computer service provider and is not liable for user-generated content.

No Publisher Liability

Not the Publisher: We are not the publisher or speaker of any information provided by users. Under Section 230(c)(1):

"No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider."

User Content Responsibility: Users who submit Content are solely responsible for that Content. Hashed Horizon is not liable for:

Defamatory, libelous, or slanderous statements made by users
Harmful, offensive, or illegal user-generated content
Copyright, trademark, or other intellectual property infringement by users
Privacy violations or unauthorized disclosure of Personal Data by users
False or misleading information posted by users

Good Faith Content Moderation

Protected Moderation: Under Section 230(c)(2), we are protected from liability for good faith efforts to restrict access to objectionable content:

"No provider or user of an interactive computer service shall be held liable on account of any action voluntarily taken in good faith to restrict access to or availability of material that the provider or user considers to be obscene, lewd, lascivious, filthy, excessively violent, harassing, or otherwise objectionable."

Moderation Discretion: We may, but are not obligated to:

Review, monitor, or screen user-generated content
Remove content that violates our policies or applicable law
Suspend or terminate users who violate our Acceptable Use Policy

No Duty to Monitor: Section 230 protection does not create any duty or obligation to monitor user content. Our content moderation is discretionary and conducted in good faith.

No Waiver of Immunity

Immunity Preserved: By using the Services, you acknowledge and agree that:

Hashed Horizon operates as an interactive computer service under Section 230
You will not bring claims against Hashed Horizon for user-generated content
Section 230 immunity applies to all user content, including AI-enhanced content

Cooperation with Law Enforcement: Section 230 immunity does not prevent us from cooperating with law enforcement or responding to court orders regarding user content.

Limitations of Immunity

Federal Criminal Law: Section 230 immunity does not apply to:

Federal criminal statutes (intellectual property, obscenity)
Electronic Communications Privacy Act violations
Sex trafficking violations (FOSTA-SESTA)

Our Content: Section 230 immunity does not apply to content created by Hashed Horizon (website copy, product descriptions, marketing materials).

Payment Terms and Subscriptions

Payment Processors

We use the following trusted payment processor(s) to handle billing and payments:

Data Processing: Payment processors act as independent Data Controllers for payment information. Your payment data is subject to their respective privacy policies and terms of service.

Payment Data We Collect: We may receive limited payment information from processors (last 4 digits of card, billing country, payment status) for fraud prevention and compliance purposes.

Accepted Currencies

We accept payments in the following currencies:

Exchange rates are determined by your payment processor and may include currency conversion fees.

App Store Billing (iOS and Android)

Apple App Store and Google Play Billing: If you purchase a Subscription through the Apple App Store or Google Play Store, the following special terms apply:

Store-Governed Billing

Billing, Cancellation, and Refunds: When you subscribe via Apple App Store or Google Play, all billing, subscription management, cancellation, and refunds are governed by the respective store's terms of service, not our terms:

Apple App Store: Governed by Apple's Terms of Service and App Store Review Guidelines
Google Play: Governed by Google Play Terms of Service

Manage in Store Settings: To manage your subscription, change payment methods, or cancel auto-renewal:

iOS: Settings → Your Apple ID Name → Subscriptions → ThisOne AI Platform
Android: Google Play Store app → Menu → Subscriptions → ThisOne AI Platform

Direct Refund Limitations

We Cannot Process App Store Refunds: Hashed Horizon does NOT have access to Apple or Google's payment systems and cannot directly issue refunds for in-app purchases.

Request Refunds Through Store:

Apple: Visit reportaproblem.apple.com or request through App Store app
Google: Visit play.google.com/store/account/subscriptions or request through Google Play app

Refund Policies: Apple and Google each maintain their own refund policies. We recommend reviewing:

Apple's refund policy: https://support.apple.com/billing
Google's refund policy: https://support.google.com/googleplay/answer/2479637

Store-Specific Payment Terms

Payment Methods: In-app purchases use the payment method associated with your Apple ID or Google Play account.

Pricing and Currency: Prices displayed in the App Store or Google Play may differ from web pricing due to:

Store commission fees (typically 15-30%)
Local currency conversion
Regional pricing adjustments
Store-specific promotional pricing

Tax Handling: Apple and Google handle VAT/sales tax collection and remittance for in-app purchases in accordance with local regulations.

Account Linking

Service Access: Your ThisOne AI Platform Subscription purchased through Apple or Google is linked to your app store account and can be accessed:

Within the mobile app on the device where purchased
On other devices by signing in with the same Apple ID or Google account (family sharing may apply)
On the web by linking your ThisOne AI Platform account to your app store purchase (if supported)

Account Migration: Contact support@hashedhorizon.com if you need assistance linking your App Store/Play Store purchase to a web account.

Subscription Changes

Upgrades and Downgrades: Subscription tier changes are managed through your app store:

Changes take effect per Apple/Google's terms (typically at the next renewal)
Refunds or credits for unused portions are subject to store policies

Platform Switching: To switch from App Store/Play Store billing to direct billing (or vice versa):

Cancel your current subscription through the store
Wait until the current period ends
Subscribe through your preferred platform (web or mobile app)

Store Compliance

Age Restrictions: In-app purchases may be subject to parental controls and family sharing settings configured in your Apple ID or Google account.

Auto-Renewal Notices: Apple and Google provide their own auto-renewal notices and disclosures in accordance with applicable laws (including California SB 340).

Privacy: Data collected through in-app purchase flows is subject to Apple's Privacy Policy and Google's Privacy Policy in addition to our Privacy Policy.

Subscription Plans and Billing

Subscription Types

We offer various Subscription plans with different features and pricing. Current plans and pricing are available at https://thisone.app/pricing.

Billing Cycle

Monthly Subscriptions: Charged on the same day each month
Annual Subscriptions: Charged once per year on the anniversary of your Subscription start date

Auto-Renewal: Subscriptions automatically renew at the end of each Billing Cycle unless you cancel before the renewal date.

Price Changes

We reserve the right to change Subscription prices with at least 30 days' advance notice. Price changes will:

Apply to Renewals: Take effect at your next renewal after the notice period
Not Affect Current Period: Your current Billing Cycle price remains unchanged
Allow Cancellation: You may cancel before the new price takes effect

EU Consumer Rights (Directive 2011/83/EU)

14-Day Cooling-Off Period (Right of Withdrawal)

For EU/EEA consumers, you have the right to withdraw from your Subscription within 14 days of purchase without giving any reason, in accordance with Directive 2011/83/EU Article 9.

How to Exercise: To exercise your right of withdrawal, send a clear statement to support@hashedhorizon.com with the subject line "Right of Withdrawal" within 14 days of your Subscription purchase.

Early Service Commencement: If you request that the Services begin immediately (before the 14-day period expires), you expressly agree that:

You waive your right of withdrawal if you fully consume the Services during the cooling-off period
For partially consumed Services, you will receive a pro-rata refund for the unused portion

Withdrawal Statement: Any clear written statement of your decision to withdraw is sufficient.

Refund Processing

Refunds for rightful withdrawals will be processed:

Within 14 days of receiving your withdrawal notice
Using the same payment method you used for the purchase, unless you expressly agree otherwise
Without undue delay and at no additional cost to you

California Auto-Renewal Law Compliance (SB 340, AB 2412)

For California residents, we comply with California's Automatic Renewal Law (Business & Professions Code §§ 17600-17606).

Clear and Conspicuous Disclosure

Before You Purchase, we clearly and conspicuously disclose:

Auto-Renewal Terms: Your Subscription will automatically renew at the end of each Billing Cycle
Cancellation Procedure: You can cancel at any time through your account settings or by emailing support@hashedhorizon.com
Renewal Charges: The amount you will be charged upon renewal (current pricing at https://thisone.app/pricing)
Billing Frequency: How often you will be charged (monthly or annually)

Acknowledgment Required: During checkout, you must affirmatively consent to auto-renewal by:

Checking a box acknowledging the auto-renewal terms
Accepting these Terms of Service which include auto-renewal provisions

Advance Renewal Notices (AB 2412 Compliance)

Renewal Reminder Emails: We will send you advance notice of upcoming renewal charges:

For Subscriptions €100+ per billing cycle:

First Notice: 30 days before renewal
Second Notice: 7 days before renewal
Content: Email includes amount to be charged, renewal date, and cancellation instructions

For Subscriptions under €100 per billing cycle:

Notice: At least 3 business days (but no more than 30 days) before renewal
Content: Email includes amount to be charged, renewal date, and cancellation instructions

Email Address: Renewal notices are sent to the email address associated with your account. You are responsible for keeping your email address current.

Notice Delivery: Notices are sent to your most recent email on file. We are not responsible for failed delivery due to:

Incorrect email addresses
Spam/junk folder filtering
Email service provider issues
Abandoned or inactive email accounts

Cancellation Rights

Easy Cancellation: You can cancel your auto-renewing Subscription at any time using an online method that is:

Available 24/7: Cancel through your account settings any time
Easy to Use: Cancel in 3 clicks or fewer from account dashboard
Immediate Confirmation: Receive instant confirmation of cancellation
No Obstacles: No requirement to speak to customer service (though support is available if needed)

Cancellation Methods:

Account Settings (Preferred): Log in → Account → Subscriptions → Cancel Subscription
Email: Send cancellation request to support@hashedhorizon.com with subject "Cancel Subscription"
Same Method as Purchase: You can cancel using the same online platform where you purchased

Effective Date:

Cancellations take effect at the end of your current Billing Cycle
You retain access to Services until the end of the paid period
No refunds for partial months/years (unless required by law)

Price Increase Notices

Advance Notice for Price Increases: If we increase your Subscription price:

30-Day Notice: We will notify you at least 30 days before the price increase takes effect
Clear Disclosure: Notice will clearly state the new price and effective date
Cancellation Right: You may cancel before the price increase without penalty
Automatic Cancellation Option: For price increases exceeding 20%, we will offer an automatic cancellation option if you do not affirmatively consent to the new price

Account Inactivity (SB 340 §17602(c))

Inactive Account Policy: If you have not logged into your account for 12 consecutive months:

Inactivity Notice: We will send notice to your email address
Cancellation Option: Notice will include instructions to cancel or confirm continuation
No Charge for Inactivity: We will not charge for renewal during periods of prolonged inactivity without your express consent
Data Retention: Inactive accounts may be archived or deleted per our data retention policy

Trial Periods and Promotional Offers

Free Trials: If you sign up for a free trial that converts to a paid Subscription:

Clear Disclosure: Trial terms, duration, and conversion date disclosed at signup
Reminder Email: Notice sent at least 3 days before trial ends (for trials >31 days)
Easy Cancellation: Cancel during trial with no charges (same cancellation methods above)
Affirmative Consent: Requires affirmative consent to auto-renewal at end of trial

Promotional Pricing: If you receive a promotional or introductory price:

Full Price Disclosure: Regular price clearly disclosed alongside promotional price
Duration Disclosure: How long promotional pricing lasts
Renewal Notice: Reminder before first renewal at regular price

Gift Subscriptions (If Applicable)

Compliance Documentation

Record Keeping: We maintain records of:

Your affirmative consent to auto-renewal at time of purchase
All renewal reminder emails sent to you
Cancellation requests and confirmations
Price change notices

California Attorney General: If you have concerns about our auto-renewal practices:

California Attorney General's Office
Consumer Protection Section
https://oag.ca.gov/consumers

Changes to Auto-Renewal Terms

Material Changes: If we make material changes to our auto-renewal terms:

We will provide 30 days' advance notice via email
Continued use after notice period constitutes acceptance
You may cancel before changes take effect

Payment Authorization and Security

By providing payment information, you:

Authorize Charges: Authorize Hashed Horizon to charge your payment method for all fees
Represent Accuracy: Represent that payment information is accurate and belongs to you
Update Information: Agree to promptly update payment information if it changes
PCI Compliance: Acknowledge that our payment processors maintain PCI-DSS compliance

Failed Payments: If a payment fails:

We will attempt to contact you via email at support@hashedhorizon.com
We may retry the payment up to 3 times over 7 days
Your Subscription may be suspended or downgraded if payment remains unsuccessful
You remain responsible for outstanding fees

Taxes and VAT

VAT for EU/EEA Customers

Prices displayed may exclude Value Added Tax (VAT). For EU/EEA customers:

B2C Sales: VAT is automatically calculated based on your location and added at checkout
B2B Sales: If you provide a valid VAT number, sales may be reverse-charged under GDPR Art. 44 VAT Directive
VAT Invoices: Available in your Account dashboard for download

VAT Number Verification: We use the EU VAT Information Exchange System (VIES) to validate VAT numbers. Invalid VAT numbers will result in VAT being charged.

Sales Tax (Non-EU Jurisdictions)

For customers outside the EU/EEA, applicable sales tax, goods and services tax (GST), or similar taxes may apply based on your jurisdiction.

Usage Limits and Overages

Some Subscription plans include usage limits (e.g., API calls, storage). If you exceed your plan limits:

Soft Limits: We may temporarily allow overages and notify you to upgrade
Hard Limits: Service functionality may be restricted until you upgrade or reset (next Billing Cycle)
Overage Charges: Some plans charge for overages at documented rates

Transparent Billing: Overage charges will be clearly itemized on your invoice.

Subscription Changes and Downgrades

Upgrades

You may upgrade your Subscription at any time. Upgrades:

Take Effect Immediately: New features are available immediately
Pro-Rated Credit: You receive credit for the unused portion of your current plan
New Billing Date: Your Billing Cycle resets to the upgrade date

Downgrades

You may downgrade your Subscription at any time. Downgrades:

Take Effect Next Cycle: Changes apply at the end of your current Billing Cycle
No Pro-Rated Refunds: You retain access to current features until the Billing Cycle ends
Feature Restrictions: Some features may become unavailable after downgrade

Cancellation

You may cancel your Subscription at any time through your Account dashboard or by contacting support@hashedhorizon.com.

Cancellation Terms:

Access Continues: You retain access until the end of your current Billing Cycle
No Refunds: No refunds for partial Billing Cycles (except EU 14-day cooling-off period)
Data Retention: Your data is retained for up to 12 months after account closure after cancellation
Reactivation: You may reactivate your Subscription at any time

Auto-Renewal Cancellation: To avoid auto-renewal charges, cancel at least 24 hours before your next Billing Cycle.

Free Trials

We may offer free trials for certain Subscriptions. Free trial terms:

Trial Duration: Specified at the time of sign-up (typically 7-30 days)
Payment Method Required: You must provide valid payment information to start a trial
Auto-Conversion: Trials automatically convert to paid Subscriptions unless canceled
One Per User: Limited to one free trial per user per plan
Cancellation: Cancel anytime during the trial to avoid charges

Trial Eligibility: We reserve the right to limit trial eligibility to prevent abuse.

Refund Policy

In addition to EU consumer rights, we may provide refunds at our discretion for:

Service Outages: Extended service unavailability (pro-rated refund)
Billing Errors: Charges made in error (full refund)
Unsatisfactory Service: Case-by-case evaluation (contact support@hashedhorizon.com)

Refund Requests: Submit refund requests to support@hashedhorizon.com with your Account details and reason.

Disputes and Chargebacks

Contact Us First: Before initiating a chargeback, please contact support@hashedhorizon.com to resolve billing disputes.

Chargeback Consequences:

Account Suspension: Your Account may be suspended pending investigation
Evidence Submission: We will submit evidence to your payment processor
Reactivation Fees: Accounts suspended due to invalid chargebacks may incur reactivation fees

Good Faith Resolution: We commit to working in good faith to resolve all billing disputes.

Payment Terms for API Usage

Invoice and Receipt Access

All invoices and receipts are available in your Account dashboard under "Billing History." Invoices include:

Transaction date and amount
Subscription plan details
VAT/Tax breakdown (if applicable)
Payment method used

PDF Downloads: Invoices can be downloaded as PDF for accounting and tax purposes.

Cookies and Tracking Technologies

What Are Cookies

Cookies are small text files stored on your device when you visit our website. We use cookies and similar tracking technologies (web beacons, pixels, local storage) to provide, protect, and improve our Services.

Full Cookie Policy: For complete details about our cookie usage, see our Cookie Policy.

Our use of cookies is governed by:

ePrivacy Directive 2002/58/EC: Requires informed consent for non-essential cookies
GDPR Art. 6(1)(a): Consent as lawful basis for cookie-based data processing
GDPR Art. 7: Requirements for valid consent (freely given, specific, informed, unambiguous)

Consent Requirement: For EU/EEA users, we obtain explicit consent before placing non-essential cookies on your device, in accordance with ePrivacy Directive Article 5(3).

We use the following categories of cookies:

Purpose: Strictly necessary for the Services to function.

Legal Basis: ePrivacy Directive exemption for "strictly necessary" cookies; GDPR Art. 6(1)(f) legitimate interests.

Examples:

Authentication: Session tokens to keep you logged in
Security: CSRF tokens to prevent cross-site request forgery
Load Balancing: Routing cookies to distribute traffic across servers
Preferences: Language and accessibility settings

Retention: Session cookies deleted when you close your browser; persistent cookies expire after up to 90 days.

Cannot Be Disabled: Essential cookies cannot be disabled without preventing service functionality.

Purpose: Help us understand how users interact with the Services to improve user experience.

Consent Required: Yes, for EU/EEA users under ePrivacy Directive GDPR Art. 5(3).

Analytics Services Used:

Google Analytics (ID: G-XXXXXXXXXX)

Provider: Google Ireland Limited (EU) / Google LLC (USA)
Purpose: Website traffic analysis, user behavior tracking
Data Collected: Page views, session duration, referral source, device type, approximate location (city-level)
Retention: Up to 26 months (configurable)
Privacy Policy: Google Analytics Privacy
Opt-Out: Google Analytics Opt-Out

Data Minimization: We configure analytics tools to minimize personal data collection:

IP address anonymization enabled
User ID pseudonymization
Sensitive form field exclusion
Geographic precision limited to city-level

We do not currently use marketing or advertising cookies.

Purpose: Remember your choices to provide enhanced, personalized features.

Examples:

User Preferences: Theme selection (dark/light mode), dashboard layout
Video Playback: Resume position for embedded videos
Chat Widgets: Third-party chat service state

Retention: Up to up to 12 months after account closure or until you clear browser data.

For EU/EEA Users

Consent Banner: When you first visit our website from the EU/EEA, you will see a cookie consent banner allowing you to:

Accept All: Consent to all cookie categories
Reject Non-Essential: Only essential cookies will be used
Customize: Select specific cookie categories

Granular Control: You can enable/disable each category individually (except essential cookies).

Consent Storage: Your consent choices are stored in an essential cookie for up to 12 months. After expiry, you will be asked to renew consent.

Withdraw Consent: You can withdraw consent at any time by:

Clicking "Cookie Settings" in the website footer
Clearing your browser cookies
Contacting support@hashedhorizon.com

Pre-Consent Blocking: Non-essential cookies are blocked until you provide consent. We use cookie consent management technology to prevent unauthorized cookie placement.

Our cookie consent mechanism ensures:

Freely Given: No cookie walls; you can use basic Services without consenting to non-essential cookies
Specific: Separate consent options for each cookie category
Informed: Clear information about each cookie's purpose, data collected, and retention
Unambiguous: Affirmative action required (no pre-ticked boxes)
Easily Withdrawn: Consent can be withdrawn as easily as it was given

Proof of Consent: We maintain records of your consent choices (timestamp, categories, consent method) to comply with GDPR Art. 7(1) accountability requirements.

Third-Party Cookies

Some features on our Services use cookies from third-party providers. We do not control these third-party cookies, and they are subject to the respective third party's privacy policy.

Third-Party Providers:

Cross-Site Tracking: Some third-party cookies may track your activity across multiple websites. You can opt out of cross-site tracking using:

Browser "Do Not Track" (DNT) settings
Industry opt-out tools: Your Online Choices (EU), NAI Opt-Out (USA)
Third-party provider opt-out links (listed above)

Do Not Track (DNT) Signals

For EU/EEA users, we honor explicit cookie consent choices made through our consent banner, which provides more granular control than DNT signals. DNT browser signals are not universally standardized and may be overridden by your explicit consent choices.

Automatic Expiry: Cookies expire automatically according to their set retention periods (detailed in our Cookie Policy).

Manual Deletion: You can delete cookies at any time through your browser settings. Note that deleting essential cookies may impair service functionality.

Account Deletion: When you delete your Account, we instruct third-party cookie providers to delete or anonymize data associated with your Account within 30 days.

International Data Transfers via Cookies

Cross-Border Transfers: Some analytics and advertising cookies transfer personal data to countries outside the EU/EEA, including the United States.

Transfer Safeguards (GDPR Art. 44-50):

Standard Contractual Clauses (SCCs): We ensure third-party providers have SCCs in place
Privacy Shield (Deprecated): We do not rely on the invalidated EU-U.S. Privacy Shield
Adequacy Decisions: Transfers to countries with EU adequacy decisions (e.g., UK, Switzerland)

Consent-Based Transfers: By consenting to analytics/marketing cookies, you consent to international data transfers under GDPR Art. 49(1)(a).

Mobile Apps and Similar Technologies

While our mobile applications do not use traditional browser cookies, they may use similar technologies:

Mobile Identifiers:

Advertising ID: Device advertising identifier (IDFA on iOS, AAID on Android) for ad personalization
Analytics SDK: Embedded analytics libraries for app usage tracking

Mobile Consent: You control mobile identifiers through:

iOS: Settings → Privacy → Tracking → ThisOne AI Platform
Android: Settings → Google → Ads → Opt out of Ads Personalization

App Permissions: Our mobile apps request permissions for specific features (camera, location, etc.). You can revoke permissions in device settings at any time.

We may update our cookie usage to improve Services or comply with legal requirements. Material changes will be communicated via:

Updated Cookie Policy: With "Last Updated" date
Renewed Consent Request: For EU/EEA users, if new cookies require consent
Email Notification: For significant changes affecting your privacy

For questions about our use of cookies, contact:

Email: support@hashedhorizon.com
Data Protection Officer: dpo@hashedhorizon.com

Supervisory Authority (EU/EEA): If you are unsatisfied with our response, you have the right to lodge a complaint with your national data protection authority. Contact details available at: https://edpb.europa.eu/about-edpb/board/members_en

Privacy and Data Protection

Our Commitment to Privacy

Hashed Horizon is committed to protecting your privacy and Personal Data in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR) where applicable.

Full Privacy Policy: For comprehensive details about how we collect, use, and protect your Personal Data, please read our Privacy Policy.

Data Controller: Hashed Horizon Sp. z o.o.

Contact Information:

Email: support@hashedhorizon.com
Website: https://thisone.app
Data Protection Officer: dpo@hashedhorizon.com

Registration: Registered in Poland and European Union and United Kingdom and USA and Worldwide

We collect and process the following categories of Personal Data:

Account Information

Name, email address, username
Authentication credentials (encrypted passwords)
Profile information you choose to provide

Usage Data

IP address, browser type, device information
Pages visited, features used, interaction timestamps
AI Service usage: Inputs, Outputs, prompts, generated content
Error logs and diagnostic data

Payment Information (Processed by Payment Processors)

Billing address, country
Payment method type (last 4 digits only)
Transaction history and invoice data

Analytics and Marketing Data

Cookie identifiers and tracking data
Ad interaction and conversion data
Website behavior and preferences

Data Minimization (GDPR Art. 5(1)(c)): We only collect Personal Data that is necessary for the purposes outlined in our Privacy Policy.

We process your Personal Data for the following purposes:

Service Provision: To provide, maintain, and improve the Services
Account Management: To create and manage your Account
AI Processing: To generate AI Outputs based on your Inputs
Payment Processing: To process payments and prevent fraud
Communication: To respond to inquiries and provide customer support
Legal Compliance: To comply with legal obligations and enforce our Terms
Security: To detect, prevent, and address fraud, abuse, and security issues

Our primary lawful basis for processing your Personal Data is:

Performance of a Contract (GDPR Art. 6(1)(b)): Processing is necessary to provide the Services under our contract with you.

Additional Bases:

Consent (GDPR Art. 6(1)(a)): For analytics cookies, marketing communications, and optional features
Legal Obligation (GDPR Art. 6(1)(c)): For tax, accounting, and law enforcement compliance
Legitimate Interests (GDPR Art. 6(1)(f)): For fraud prevention, security, and service improvement

We share your Personal Data with the following categories of recipients:

Subprocessors (Third-Party Service Providers)

Google Cloud AI (Gemini)

Purpose: AI photo conversion and enhancement
Location: EU/USA
Privacy Policy: Google Cloud AI (Gemini) Privacy
DPA: Google Cloud AI (Gemini) DPA

Vercel

Purpose: Application hosting and CDN
Location: EU
Privacy Policy: Vercel Privacy
DPA: Vercel DPA

Neon

Purpose: PostgreSQL database hosting
Location: EU
Privacy Policy: Neon Privacy
DPA: Neon DPA

Sentry

Purpose: Error tracking and crash diagnostics
Location: EU/USA
Privacy Policy: Sentry Privacy
DPA: Sentry DPA

Stripe

Purpose: Payment processing and subscription management
Location: EU/USA
Privacy Policy: Stripe Privacy
DPA: Stripe DPA

Apple (App Store / Apple Pay)

Purpose: iOS in-app purchases and Apple Pay transactions
Location: USA
Privacy Policy: Apple (App Store / Apple Pay) Privacy
DPA: Apple (App Store / Apple Pay) DPA

Google (Play Store / Google Pay)

Purpose: Android in-app purchases and Google Pay transactions
Location: USA
Privacy Policy: Google (Play Store / Google Pay) Privacy
DPA: Google (Play Store / Google Pay) DPA

Subprocessor Changes: We will notify you at least 30 days before adding or replacing Subprocessors, allowing you to object under GDPR Art. 28(2).

Other Recipients

Legal Authorities: When required by law, court order, or legal process
Acquirers: In the event of a merger, acquisition, or sale of assets (with advance notice)
Professional Advisors: Lawyers, accountants, auditors (under confidentiality obligations)

No Sale of Personal Data: We do not sell your Personal Data to third parties for monetary consideration.

Your Personal Data may be transferred to and processed in countries outside the European Economic Area (EEA), including:

Transfer Safeguards (GDPR Art. 44-50):

Standard Contractual Clauses (SCCs): EU Commission-approved data transfer agreements
Adequacy Decisions: Transfers to countries recognized by the EU Commission as providing adequate protection
Binding Corporate Rules: Internal data protection policies for multinational groups

Your Rights: You can request a copy of the safeguards we have in place for international transfers by contacting dpo@hashedhorizon.com.

We retain your Personal Data for the following periods:

Temporary Processing Data: up to 90 days

This includes temporary files, caches, logs, and non-essential processing data
AI Inputs and Outputs from non-authenticated users

Retained User Data: up to 12 months after account closure

Account information and user profiles
Transaction history and billing records
Essential compliance and legal data

Legal Hold Exception: Data subject to legal proceedings, investigations, or regulatory requirements is retained until resolution, regardless of standard retention periods.

Deletion Process: At the end of retention periods, Personal Data is securely deleted or irreversibly anonymized.

Under the GDPR, you have the following rights:

Request a copy of your Personal Data and information about how it is processed.

Request correction of inaccurate or incomplete Personal Data.

Request deletion of your Personal Data (subject to legal exceptions).

Request temporary restriction of processing in certain circumstances.

Receive your Personal Data in a structured, machine-readable format (JSON, CSV).

Object to processing based on legitimate interests or for direct marketing purposes.

Not be subject to solely automated decisions with legal or similarly significant effects without human oversight.

AI Automated Decisions: If you use our AI Services for consequential automated decision-making, you must implement human oversight and provide individuals with the right to contest decisions.

How to Exercise Your Rights

Contact: Email dpo@hashedhorizon.com with the subject line "[GDPR Right] - [Right Name]"

Identity Verification: We will verify your identity to prevent unauthorized access to Personal Data.

Response Time: We will respond within 30 days (extendable by 2 months for complex requests).

No Fee: Exercising your rights is free of charge, unless requests are manifestly unfounded or excessive.

Children's Privacy

Our Services are not intended for individuals under the age of 18.

We do not knowingly collect Personal Data from individuals under 18.

Discovery and Deletion: If we discover that we have collected Personal Data from an underage individual without proper consent, we will delete it immediately in compliance with GDPR Art. 17.

We implement appropriate technical and organizational measures to protect your Personal Data:

Technical Measures:

Encryption in transit (TLS 1.3) and at rest (AES-256)
Access controls and authentication (multi-factor authentication for admin access)
Regular security audits and penetration testing
Intrusion detection and monitoring systems

Organizational Measures:

Employee training on data protection
Data protection impact assessments (DPIAs) for high-risk processing
Incident response and breach notification procedures
Regular security policy reviews and updates

Breach Notification (GDPR Art. 33-34): In the event of a Personal Data breach, we will:

Notify the relevant supervisory authority within 72 hours (if required)
Notify affected individuals without undue delay (if high risk to rights and freedoms)

Privacy Policy Updates

We may update our Privacy Policy to reflect changes in our practices or legal requirements. Material changes will be communicated via:

Email Notification: To registered users at least 30 days before changes take effect
Website Notice: Prominent notice on our website and in the Services

Continued Use: Your continued use of the Services after changes become effective constitutes acceptance of the updated Privacy Policy.

Supervisory Authority and Complaints

Right to Lodge a Complaint: Under GDPR Art. 77, you have the right to lodge a complaint with a supervisory authority, particularly in your country of habitual residence, place of work, or place of alleged infringement.

European Data Protection Board: List of all EU supervisory authorities available at: https://edpb.europa.eu/about-edpb/board/members_en

Contact for Privacy Questions

For questions about our privacy practices or to exercise your GDPR rights:

Email: support@hashedhorizon.com
Data Protection Officer: dpo@hashedhorizon.com
Postal Address: ul. Marszałkowska 1, 00-624 Warsaw, Poland

Response Commitment: We will respond to privacy inquiries within 30 days.

Service Availability and Uptime

Service Availability Commitment

We strive to provide reliable, high-quality Services with minimal downtime. However, we do not guarantee uninterrupted or error-free operation of the Services.

Best Efforts: We use commercially reasonable efforts to maintain service availability, including:

Redundant infrastructure and failover systems
24/7 monitoring and alerting
Regular maintenance and security updates
Incident response procedures

No Absolute Guarantee: Due to the nature of internet-based services, we cannot guarantee 100% uptime or availability.

Planned Maintenance

We may perform planned maintenance that temporarily interrupts service availability:

Advance Notice: We will provide reasonable advance notice of planned maintenance:

Major Maintenance: At least 48 hours' notice via email
Minor Maintenance: At least 24 hours' notice via email
Emergency Security Updates: May be performed with minimal or no advance notice

Maintenance Windows: Planned maintenance is typically scheduled during low-usage periods to minimize disruption.

No Credits: Planned maintenance windows do not entitle you to service credits or refunds, except as expressly provided in a separate Service Level Agreement (SLA).

Unplanned Outages

Despite our best efforts, the Services may experience unplanned outages due to:

Technical Issues

Hardware or software failures
Database corruption or performance issues
Network connectivity problems
Third-party infrastructure failures (cloud providers, CDNs)

External Factors

Distributed denial-of-service (DDoS) attacks
Internet service provider disruptions
Natural disasters and severe weather
Power outages and infrastructure damage

Subprocessor Dependencies

Our Services rely on third-party Subprocessors:

Google Cloud AI (Gemini): AI photo conversion and enhancement
Vercel: Application hosting and CDN
Neon: PostgreSQL database hosting
Sentry: Error tracking and crash diagnostics
Stripe: Payment processing and subscription management
Apple (App Store / Apple Pay): iOS in-app purchases and Apple Pay transactions
Google (Play Store / Google Pay): Android in-app purchases and Google Pay transactions

Third-Party Downtime: Service availability may be affected by Subprocessor outages beyond our control. We are not liable for third-party service interruptions.

AI Service Availability

AI Services may experience additional availability challenges:

Model Availability: AI model availability depends on our AI Subprocessors (OpenAI, Google, Anthropic). Model downtime, rate limiting, or deprecation may affect service availability.

Rate Limits: AI Services are subject to rate limits and quotas:

Request Limits: Maximum requests per minute/hour/day
Token Limits: Maximum input/output tokens per request
Concurrent Requests: Maximum simultaneous requests

Exceeding Limits: Exceeding rate limits may result in temporary throttling or service errors (HTTP 429 status codes).

Model Changes: AI providers may update, change, or deprecate models with limited notice. We will provide reasonable notice of material model changes but cannot guarantee advance warning from upstream providers.

Service Status and Incident Communication

Incident Notifications: During service disruptions, we will:

Acknowledge: Post initial incident acknowledgment within 30 minutes of detection
Update: Provide regular status updates every 1-2 hours during major outages
Resolve: Post resolution notice and root cause analysis (RCA) after restoration

Communication Channels:

Email notifications to registered users (for major incidents)
Social media updates (for widespread outages)

Service Level Agreement (SLA)

Consumer Plans (No SLA)

Consumer/Individual Subscriptions: Consumer plans (including paid personal subscriptions) are NOT covered by formal Service Level Agreements. Services are provided on a best-efforts basis with no uptime guarantees or service credits for downtime.

Best-Efforts Commitment: We use commercially reasonable efforts to maintain high availability, but do not guarantee specific uptime percentages for consumer accounts.

Enterprise Plans (SLA Available)

Enterprise Customers: Business/Team plans with executed Enterprise Addendum may negotiate custom Service Level Agreements, including:

Specific uptime guarantees (e.g., 99.9% monthly uptime)
Service credits for SLA breaches
Priority support with guaranteed response times
Dedicated account management

Enterprise SLA Terms: Contact support@hashedhorizon.com with subject "Enterprise SLA Request" to discuss custom SLA terms for your Business/Team plan.

Credit Claims (Enterprise only): To claim SLA credits:

Submit a claim within 30 days of the incident
Provide details of the outage (dates, times, impact)
Credits will be applied to your next billing cycle per your Enterprise Addendum

Maximum Liability: SLA credits constitute your sole remedy for service unavailability and our maximum liability for downtime.

Data Backup and Recovery

We maintain regular backups to ensure data integrity and enable disaster recovery:

Backup Frequency:

Database Backups: Every 6 hours
File Storage Backups: Daily incremental, weekly full backups
Configuration Backups: Before each deployment

Backup Retention: Backups are retained for up to 90 days and stored in geographically distributed locations for redundancy.

Recovery Time Objective (RTO): We target service restoration within 4 hours for critical outages.

Recovery Point Objective (RPO): Maximum data loss in disaster scenarios: up to 6 hours (time since last database backup).

Your Responsibility: While we maintain backups, you are responsible for:

Exporting Critical Data: Regularly export data you cannot afford to lose
Local Backups: Maintain your own backups of critical Content
Business Continuity: Have contingency plans for service outages

Limitations and Exclusions

No Uptime Guarantee: Unless expressly provided in a separate SLA, we make no guarantees regarding:

Specific uptime percentages
Response times or latency
Error rates or success rates
Data transmission speeds

Excluded Outages: The following are not considered service outages for SLA purposes:

Planned maintenance windows with proper notice
Outages caused by your actions or misuse
Third-party service failures beyond our control
Force majeure events (natural disasters, war, etc.)
Internet connectivity issues affecting your access
Browser or device compatibility issues

Force Majeure

Neither party is liable for delays or failures to perform due to circumstances beyond reasonable control, including:

Natural Disasters: Earthquakes, floods, hurricanes, pandemics, severe weather events
Government Actions: War, terrorism, civil unrest, embargoes, regulatory changes
Infrastructure Failures: Power outages, internet backbone disruptions, data center failures
Cybersecurity Incidents: Large-scale cyber attacks, DDoS attacks affecting internet infrastructure, ransomware incidents
AI Service Provider Outages: Downtime, rate limiting, service changes, or service discontinuation by third-party AI providers (OpenAI, Google, etc.)
AI Model Unavailability: Deprecation, removal, or technical failures of AI models we rely upon
Service Quota Limitations: Rate limits, quota exhaustion, or cost-based restrictions imposed by AI service providers
Third-Party Service Failures: Outages or failures of essential subprocessors, payment processors, cloud infrastructure providers
Legal and Regulatory: Court orders, government requests, compliance requirements mandating service suspension
Labor Disruptions: Strikes, labor shortages, or other workforce-related disruptions

AI-Specific Force Majeure Events

For AI-powered Services, force majeure events specifically include:

1. Third-Party AI Provider Actions

Service Changes: OpenAI, Google, or other AI providers modifying, rate-limiting, or discontinuing service access
Pricing Changes: Cost increases that make service economically infeasible (€10K+/month increase)
Policy Changes: Content policies, usage restrictions, or compliance requirements preventing our use
Model Deprecation: Removal of AI models without adequate replacement or migration path

2. AI Model Performance Issues

Model Failures: Systematic errors, degraded quality, or complete model failures
Training Data Issues: Legal challenges to training data invalidating model use
Regulatory Restrictions: Government bans or restrictions on AI model deployment
Ethical Concerns: Discovery of bias, harm, or other issues requiring immediate model discontinuation

3. Technical AI Limitations

Capacity Constraints: AI provider infrastructure unable to handle demand
Regional Restrictions: AI services unavailable in specific geographic regions
Compliance Blockers: GDPR, AI Act, or other regulations preventing AI use

Impact on Services: During AI force majeure events:

Services may degrade to limited functionality (non-AI features only)
AI features may be temporarily disabled or substituted with alternative models
We will provide notice via email within 24 hours of discovery

No Liability: We are NOT liable for:

Lost revenue or business opportunities due to AI service outages
Data loss or corruption caused by AI provider failures
Alternative service costs incurred during AI downtime
Migration costs if forced to change AI providers

Alternative Measures: We will make commercially reasonable efforts to:

Maintain relationships with multiple AI providers for redundancy
Implement failover to alternative models when possible
Provide advance notice if we become aware of upcoming AI provider changes
Offer data export options if permanent AI discontinuation is necessary

Mitigation Efforts: During force majeure events, we will use reasonable efforts to:

Promptly notify affected users via email
Mitigate impact through alternative providers or workarounds where feasible
Provide regular status updates on resolution progress
Resume normal operations as quickly as reasonably possible

Extended Force Majeure: If a force majeure event prevents service delivery for more than:

30 consecutive days: Either party may terminate affected services with written notice
Pro-rata Refund: You may be entitled to a refund for the affected service period
Data Export: We will provide 30 days to export your data before account termination

Documentation: We will maintain records of force majeure events, including:

Event description and timeline
Impact on services
Mitigation measures taken
Resolution date and post-mortem analysis (for significant events)

Service Modifications and Discontinuation

We reserve the right to:

Modify Services: Change, suspend, or discontinue any feature or aspect of the Services with reasonable notice.

Discontinue Services: Permanently discontinue ThisOne AI Platform with at least 90 days' advance notice via email and service announcements.

Emergency Suspension: Immediately suspend Services to:

Prevent security threats or ongoing attacks
Comply with court orders or law enforcement requests
Address violations of Terms or Acceptable Use Policy

Refund for Discontinuation: If we discontinue Services for our convenience (not for cause), you may be entitled to a pro-rata refund of prepaid fees for the unused service period.

Beta Features and Experimental Services

We may offer beta, preview, or experimental features:

No Availability Guarantees: Beta features are provided "as is" with no uptime, performance, or support guarantees.

Data Loss Risk: Beta features may result in data loss or corruption. Do not use beta features for production or critical data.

Discontinuation: Beta features may be discontinued at any time without notice or compensation.

Feedback: By using beta features, you agree that we may collect feedback and usage data to improve the Services.

Monitoring and Transparency

Uptime Monitoring: We use third-party monitoring services to track service availability from multiple geographic locations.

Transparency: We are committed to transparent communication about service availability and incident response.

Incident Reports: Post-mortem reports for major incidents are available upon request via support@hashedhorizon.com, including:

Timeline of events
Root cause analysis
Impact assessment
Preventive measures

Contact for Service Issues

For service availability issues:

Report Outage: support@hashedhorizon.com with subject "Service Outage Report"
Emergency Contact: For critical security issues, use support@hashedhorizon.com with subject "URGENT: Security Issue"

Response Times:

Paid Subscribers: Priority support with 1-hour acknowledgment for critical issues
Free Tier: Best-efforts support with 24-hour response target

Disclaimers and Warranties

General Disclaimer

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, the Services are provided "AS IS" and "AS AVAILABLE" without warranties of any kind, either express or implied.

Consumer Protection: For EU/EEA consumers, statutory warranty rights under EU Directive 2011/83/EU and national consumer protection laws cannot be excluded or limited. These disclaimers apply only to the extent permitted by mandatory consumer protection law.

Non-Consumer Users: For business users and non-consumer users, the following disclaimers apply to the fullest extent permitted by law.

No Warranties

We expressly disclaim all warranties, including but not limited to:

Implied Warranties

Merchantability: No warranty that the Services are merchantable or fit for commercial sale
Fitness for Purpose: No warranty that the Services will meet your specific requirements or purposes
Non-Infringement: No warranty that use of the Services will not infringe third-party rights
Title: No warranty of undisturbed possession or ownership

Performance Warranties

Availability: No warranty of uninterrupted, timely, secure, or error-free operation
Accuracy: No warranty that results, data, or content will be accurate, complete, or reliable
Error-Free: No warranty that defects or errors will be corrected
Compatibility: No warranty of compatibility with your systems, devices, or software

Data and Content Warranties

Data Integrity: No warranty that data will not be lost, corrupted, or damaged
Backup: No warranty regarding the adequacy or success of backup processes
Security: No warranty that security measures will prevent unauthorized access or breaches

AI-Specific Disclaimers

ThisOne AI Platform uses artificial intelligence technologies that have inherent limitations and uncertainties.

AI Accuracy Disclaimer

NO WARRANTY OF AI ACCURACY: AI-generated Outputs may contain:

Factual Errors: Incorrect, outdated, or fabricated information ("hallucinations")
Biased Content: Outputs reflecting biases in training data
Inconsistencies: Contradictory or logically inconsistent statements
Nonsensical Content: Grammatically correct but semantically meaningless text
Incomplete Information: Missing critical context or nuances

Your Responsibility: You are solely responsible for:

Verifying Accuracy: Fact-checking AI Outputs before use
Human Review: Implementing human oversight for consequential decisions
Quality Control: Reviewing Outputs for errors, biases, and appropriateness
Legal Compliance: Ensuring Outputs comply with applicable laws and regulations

AI Reliability Disclaimer

NO GUARANTEE OF CONSISTENCY: AI models may produce different Outputs for identical Inputs due to:

Model non-determinism and stochasticity
Model updates and retraining
Infrastructure variations and load balancing
Temperature and sampling parameter effects

NO GUARANTEE OF AVAILABILITY: AI Services depend on third-party AI providers:

Model Deprecation: AI models may be deprecated, updated, or replaced with limited notice. We do not guarantee continued availability of specific models.

AI Intellectual Property Disclaimer

NO WARRANTY OF ORIGINALITY: AI-generated Outputs may:

Resemble Existing Works: Be substantially similar to copyrighted materials in the training data
Trigger Copyright Claims: Generate content that third parties claim infringes their rights
Lack Copyrightability: In some jurisdictions, AI-generated content may not be eligible for copyright protection

Your Risk: You bear all risk regarding:

Intellectual property ownership of AI Outputs
Copyright infringement claims related to AI Outputs
Commercialization and licensing of AI-generated content

No Indemnification: We do not indemnify you for third-party IP claims arising from your use of AI Outputs, except as expressly provided in these Terms.

AI Safety Disclaimer

CONTENT FILTERING LIMITATIONS: Despite our content moderation systems, AI Services may occasionally generate:

Harmful Content: Violence, hate speech, or disturbing material
Unsafe Instructions: Dangerous or illegal instructions (e.g., weapons, explosives, hacking)
Deceptive Content: Misinformation, deepfakes, or manipulative content
Privacy Violations: Unintentional disclosure of information resembling Personal Data

Safety Measures: We implement safety filters and content moderation, but cannot guarantee complete prevention of harmful Outputs.

Report Unsafe Content: Immediately report unsafe or harmful Outputs to support@hashedhorizon.com with subject "Unsafe AI Output Report."

Prohibited Reliance on AI Outputs

DO NOT RELY ON AI OUTPUTS FOR:

Medical Decisions: Diagnosis, treatment, medication, or health advice without licensed medical professional consultation
Legal Advice: Legal opinions, contract drafting, or litigation strategy without licensed attorney review
Financial Advice: Investment decisions, tax planning, or financial strategies without qualified financial advisor review
Safety-Critical Applications: Life-support systems, autonomous vehicles, aviation, or other applications where failures could result in death or serious injury
Regulatory Compliance: Compliance determinations without expert review (e.g., GDPR, HIPAA, financial regulations)

Professional Review Required: Always consult qualified professionals for consequential decisions in specialized domains.

Third-Party Content and Services

Third-Party Links

The Services may contain links to third-party websites, services, or resources:

No Endorsement: Links do not imply endorsement, sponsorship, or recommendation
No Control: We do not control third-party content, services, or privacy practices
No Responsibility: We are not responsible for third-party availability, accuracy, or legality
Your Risk: Access and use of third-party services is at your sole risk

Third-Party Terms: Third-party services are governed by their respective terms and privacy policies.

Third-Party Content

User-generated content and third-party contributions are not reviewed, endorsed, or verified by us:

Accuracy: No warranty regarding accuracy or reliability of user-generated content
Legality: No warranty that third-party content complies with applicable laws
Safety: No warranty that third-party content is safe, appropriate, or non-infringing

Report Violations: Report inappropriate or illegal third-party content to support@hashedhorizon.com.

Security Disclaimer

NO ABSOLUTE SECURITY: While we implement industry-standard security measures, we cannot guarantee absolute security:

Breach Risk: No system is completely secure; data breaches may occur despite reasonable precautions
Unauthorized Access: Hacking, phishing, and social engineering may compromise accounts
Transmission Security: Internet transmission is inherently insecure; interception is possible

Your Responsibilities:

Use strong, unique passwords
Enable multi-factor authentication (where available)
Protect account credentials
Report suspected security incidents immediately

Compatibility and Interoperability

NO COMPATIBILITY GUARANTEE: We do not warrant that the Services will be compatible with:

Devices: All devices, operating systems, or hardware configurations
Browsers: All web browsers or browser versions
Software: Third-party software, plugins, or integrations
Networks: All network configurations or internet service providers

System Requirements: Recommended system requirements are provided for guidance only and do not constitute warranties.

Updates: Software updates may affect compatibility with older devices or systems.

Mobile App Disclaimers

Platform Dependencies: Mobile apps depend on iOS and Android platforms beyond our control.

OS Compatibility: Apps may not be compatible with all device models or OS versions.

Battery and Performance: App usage may affect device battery life, data usage, and performance.

App Store Availability: App availability in app stores is subject to Apple and Google policies.

Regulatory Compliance Disclaimer

NO LEGAL ADVICE: ThisOne AI Platform is not a substitute for professional legal, financial, medical, or other expert advice.

Compliance Responsibility: You are solely responsible for:

Regulatory Compliance: Ensuring your use complies with applicable laws and regulations
Industry Standards: Meeting industry-specific standards and certifications
Licensing: Obtaining necessary licenses and permits for your activities
Jurisdictional Requirements: Complying with laws in jurisdictions where you operate

No Compliance Guarantee: We do not warrant that the Services comply with regulations specific to your industry or jurisdiction beyond those we explicitly commit to (e.g., GDPR).

Forward-Looking Statements

Statements about future features, roadmaps, or planned improvements are "forward-looking statements" and do not constitute commitments:

No Guarantee: Future features may not be implemented as described or at all
Timeline Uncertainty: Timelines are estimates and may change
Subject to Change: Features may be modified, delayed, or cancelled without notice

Reliance Disclaimer: Do not rely on forward-looking statements when making purchasing or business decisions.

Beta and Experimental Features

ADDITIONAL DISCLAIMERS FOR BETA FEATURES:

No Testing Guarantees: Beta features may not have undergone full testing
Data Loss Risk: Beta features may cause data loss, corruption, or service disruption
No Support: Beta features may have limited or no customer support
Discontinuation: Beta features may be discontinued without notice or migration path

Use at Your Own Risk: Beta features are provided for evaluation purposes only.

Damage and Loss Disclaimer

NO LIABILITY FOR LOSSES: To the maximum extent permitted by law, we disclaim liability for:

Data Loss: Loss of data, content, or work product
Business Interruption: Lost profits, revenue, or business opportunities
Consequential Damages: Indirect, incidental, special, or consequential damages
Reputational Harm: Damage to reputation or goodwill

See the "Limitation of Liability" section for additional limitations.

Jurisdictional Limitations

DISCLAIMER LIMITATIONS: In some jurisdictions, limitations on implied warranties or exclusions of certain damages may not be permitted.

EU Consumer Protection: EU consumers retain all mandatory statutory warranty rights, including:

Conformity Guarantee: Goods and services must conform to contract (Directive 2011/83/EU)
Right of Repair/Replacement: Right to repair, replacement, or refund for non-conforming goods
Two-Year Guarantee: Minimum two-year guarantee period for consumer goods

Severability: If any disclaimer is found unenforceable, it will be limited to the minimum extent necessary to comply with applicable law, and all other disclaimers remain in full force.

Acknowledgment of Risk

By using the Services, you acknowledge and accept the following risks:

Technology Risks: Software may contain bugs, errors, or security vulnerabilities
Internet Risks: Internet transmission may be intercepted, delayed, or lost
AI Risks: AI-generated content may be inaccurate, biased, or inappropriate
Third-Party Risks: Third-party services may fail, change, or discontinue without notice
Regulatory Risks: Legal and regulatory requirements may change, affecting service legality or your use

Informed Consent: You accept these risks with full knowledge and understanding.

Modifications to Disclaimers

We may modify these disclaimers as legal requirements or services evolve. Material changes will be communicated via:

Updated Terms: With "Last Updated" date
Email Notice: For registered users (at least 30 days' advance notice)
Continued Use: Continued use after changes constitutes acceptance

Objection Right: If you object to disclaimer changes, your sole remedy is to stop using the Services and terminate your Account.

Limitation of Liability

User Classification: Business vs Consumer

These liability limitations apply differently based on whether you are a Business User (B2B) or Consumer (B2C):

Business Users (B2B)

You are a Business User if you use the Services:

In the course of your trade, business, craft, or profession
For commercial purposes
On behalf of a company, organization, or legal entity
With an API key or enterprise/business plan

Consumers (B2C)

You are a Consumer if you:

Use the Services outside your trade, business, craft, or profession
Use the Services for personal, family, or household purposes
Are a natural person (individual)
Do not use the Services for commercial gain

Ambiguous Cases: If unclear, you will be treated as a Consumer for the purposes of these Terms (principle of in dubio pro consumatore).

Liability Limitations for Business Users (B2B)

Applicable to: Business customers, commercial users, API users, enterprise customers

Limitation Amount (Business Users)

Definition of "Incident"

For purposes of these liability limitations, an "Incident" means a single technical or security event with a common root cause, regardless of:

The duration of the incident
The number of users, accounts, or customers affected
The number of complaints, claims, or reports received

Multiple users or accounts affected by the same underlying technical issue, system failure, or security breach constitute a single Incident for liability calculation purposes.

Example: If our database experiences an outage affecting 1,000 Enterprise customers for 6 hours, this constitutes one Incident, not 1,000 separate incidents.

Per-Incident Liability Cap

TO THE MAXIMUM EXTENT PERMITTED BY LAW, Hashed Horizon's total aggregate liability to Business Users for all claims arising out of or relating to these Terms or the Services shall not exceed:

The LESSER of: (a) €10.000 (ten thousand euros), or (b) the total amount you paid to Hashed Horizon in the 12 months immediately preceding the event giving rise to the claim.

Aggregate Annual Liability Cap

Notwithstanding the per-Incident caps above, Hashed Horizon's total aggregate liability to all Business Users combined for all non-breach claims arising from all Incidents in any 12-month period shall not exceed:

€10000

Rationale: This aggregate cap protects Hashed Horizon from catastrophic liability exposure during widespread system failures affecting multiple customers simultaneously. This cap applies to non-breach claims only; data breach claims are subject to a separate €10.000 per-breach cap (see exception #4 below). Once this aggregate cap is reached in any 12-month period, no additional liability will be incurred for that period for non-breach claims, regardless of the number of additional Incidents or customers affected.

12-Month Period Calculation: Each 12-month period is calculated on a rolling basis from the date of the first claim in that period.

Exceptions to Cap: The per-Incident and aggregate caps above do NOT apply to:

Death or Personal Injury: Caused by our negligence or that of our employees or agents (unlimited liability)
Fraud: Fraud or fraudulent misrepresentation by Hashed Horizon (unlimited liability)
Gross Negligence: Grossly negligent or willful misconduct by Hashed Horizon (unlimited liability)
Data Protection Violations: Liability under GDPR for data protection violations is capped at €10.000 (ten thousand euros) per data breach Incident, regardless of the number of users affected. This recognizes the serious nature of data breaches while providing operational protection for startups.
Indemnification: Your indemnification obligations to us (unlimited liability)
IP Infringement: Liability for our infringement of third-party intellectual property rights (subject to our IP indemnity)

Exclusion of Consequential Damages (Business Users)

TO THE MAXIMUM EXTENT PERMITTED BY LAW, Hashed Horizon shall not be liable to Business Users for any indirect, incidental, special, consequential, or punitive damages, including but not limited to:

Lost Profits: Loss of profits, revenue, sales, or business opportunities
Business Interruption: Costs of business interruption or downtime
Lost Savings: Loss of anticipated savings or economic losses
Contract Losses: Loss of contracts or business relationships
Wasted Expenditure: Costs of alternative services or workarounds
Data Loss: Loss, corruption, or deletion of data or content
Reputation Damage: Harm to reputation, brand, or goodwill
Customer Loss: Loss of customers, users, or subscribers

Scope: This exclusion applies regardless of the legal theory (contract, tort, negligence, strict liability) and whether or not Hashed Horizon has been advised of the possibility of such damages.

B2B Justification: Business users have the resources to implement backup systems, disaster recovery, insurance, and professional risk mitigation. These exclusions reflect commercial risk allocation.

Liability Provisions for Consumers (B2C)

Applicable to: Individual consumers using Services for personal, family, or household purposes

Polish Consumer Protection Law

Consumer Rights Cannot Be Waived: Under Polish Consumer Protection Act (Ustawa o prawach konsumenta) and Article 385¹ of the Polish Civil Code, contractual provisions that limit or exclude consumer rights are prohibited and void.

Full Liability for Consumers: Hashed Horizon remains fully liable to Consumers for:

Non-Conformity with Contract: If the Services do not conform to the contract, you have the right to:
- Demand performance of the service in accordance with the contract
- Demand a reduction in price
- Withdraw from the contract (with refund)
Defects in Services: We are liable for defects in digital services and digital content under the Act on Consumer Rights (implementing EU Directive 2019/770)
Negligence: We are liable for damages caused by our negligence, including:
- Personal injury or property damage
- Economic loss resulting from our breach
- Data loss due to our failure to implement reasonable safeguards
Fraud or Misrepresentation: We are fully liable for fraud, fraudulent misrepresentation, or willful misconduct
GDPR Violations: We are liable for damages resulting from GDPR violations (GDPR Art. 82)

What Consumers Can Claim

As a Consumer, you may claim:

Direct Damages: Actual losses you suffered as a direct result of our breach
Consequential Damages: Foreseeable consequential damages resulting from our breach
Non-Material Damages: Compensation for non-material harm (e.g., distress, inconvenience) under Article 23 and 24 of Polish Civil Code
Statutory Remedies: All remedies available under Polish consumer protection law

Limitations That Still Apply to Consumers

Even under Polish consumer law, our liability is limited by:

Causation: We are only liable for damages caused by our breach or negligence
Foreseeability: We are liable only for damages that were reasonably foreseeable at the time of contract conclusion
Mitigation: You must take reasonable steps to mitigate your damages
Proportionality: Damages must be proportionate to the breach

Third-Party Actions: We are not liable for:

Damages caused by third-party Subprocessors (you may have direct claims against them)
Force majeure events beyond our reasonable control
Damages resulting from your violation of these Terms or misuse of Services

Exclusion of Consequential Damages

TO THE MAXIMUM EXTENT PERMITTED BY LAW, Hashed Horizon shall not be liable for any indirect, incidental, special, consequential, or punitive damages, including but not limited to:

Business and Financial Losses

Lost Profits: Loss of profits, revenue, sales, or business opportunities
Business Interruption: Costs of business interruption or downtime
Lost Savings: Loss of anticipated savings or economic losses
Contract Losses: Loss of contracts or business relationships
Wasted Expenditure: Costs of alternative services or workarounds

Data and Content Losses

Data Loss: Loss, corruption, or deletion of data or content
Work Product: Loss of work product, projects, or creative output
AI Outputs: Loss of AI-generated content or training data
Backup Failures: Failure of backup or recovery processes

Reputational and Goodwill Damages

Reputation Damage: Harm to reputation, brand, or goodwill
Customer Loss: Loss of customers, users, or subscribers
Market Position: Loss of market share or competitive advantage

Third-Party Claims

Downstream Damages: Damages arising from claims by your customers or users
Regulatory Penalties: Fines, penalties, or sanctions from regulatory authorities
Legal Costs: Legal fees and expenses defending third-party claims

Exclusion Scope: This exclusion applies regardless of the legal theory (contract, tort, negligence, strict liability, statute) and whether or not Hashed Horizon has been advised of the possibility of such damages.

Specific Service Limitations

AI Services Liability Limitation

AI-SPECIFIC LIMITATIONS: You acknowledge and agree that Hashed Horizon is not liable for:

Output Accuracy: Inaccuracies, errors, or "hallucinations" in AI-generated Outputs
Harmful Content: Generation of offensive, harmful, or inappropriate content despite safety filters
IP Infringement: Allegations that AI Outputs infringe third-party intellectual property rights
Prohibited Uses: Consequences of using AI Outputs for prohibited high-risk applications (medical, legal, financial advice without professional review)
Model Changes: Impacts of AI model updates, deprecations, or performance changes
Bias and Discrimination: Biased or discriminatory Outputs reflecting training data biases

Independent Judgment: You are solely responsible for exercising independent judgment and professional expertise when relying on AI Outputs.

Third-Party AI Providers: We are not liable for failures, errors, or discontinuations by our AI Subprocessors (OpenAI, Google, etc.).

API Services Liability Limitation

Payment Services Liability Limitation

PAYMENT-SPECIFIC LIMITATIONS: Hashed Horizon is not liable for:

Payment Processor Failures: Errors, delays, or failures by payment processors ()
Transaction Errors: Incorrect billing amounts (subject to correction)
Currency Conversion: Exchange rate fluctuations or conversion fees
Payment Declines: Declined transactions or insufficient funds
Tax Calculations: Errors in VAT or tax calculations (subject to correction)

Payment Processor Liability: Payment processors are independent Data Controllers and service providers. Their liability is governed by their respective terms of service.

Third-Party Liability Limitations

SUBPROCESSOR ACTIONS: Hashed Horizon is not liable for acts or omissions of third-party Subprocessors:

Google Cloud AI (Gemini): Not liable for failures, data breaches, or service disruptions by Google Cloud AI (Gemini)
Vercel: Not liable for failures, data breaches, or service disruptions by Vercel
Neon: Not liable for failures, data breaches, or service disruptions by Neon
Sentry: Not liable for failures, data breaches, or service disruptions by Sentry
Stripe: Not liable for failures, data breaches, or service disruptions by Stripe
Apple (App Store / Apple Pay): Not liable for failures, data breaches, or service disruptions by Apple (App Store / Apple Pay)
Google (Play Store / Google Pay): Not liable for failures, data breaches, or service disruptions by Google (Play Store / Google Pay)

Third-Party Claims: We are not liable for third-party claims arising from:

Content or services provided by third parties
Violations of third-party terms of service
Third-party intellectual property infringement claims

Independent Contractors: Subprocessors are independent contractors, not our agents. We disclaim vicarious liability for their actions.

Force Majeure Limitation

Hashed Horizon is not liable for delays or failures to perform due to events beyond our reasonable control, including:

Natural Disasters: Earthquakes, floods, fires, storms, pandemics
Government Actions: War, terrorism, civil unrest, embargoes, sanctions
Infrastructure Failures: Power outages, internet disruptions, telecommunications failures
Cyber Attacks: DDoS attacks, ransomware, large-scale hacking campaigns
Supply Chain Disruptions: Failures by critical suppliers or infrastructure providers

Extended Force Majeure: Liability limitations continue during the period of force majeure events.

Allocation of Risk

These liability limitations reflect a reasonable allocation of risk between you and Hashed Horizon:

Pricing: Service pricing reflects limited liability exposure
Insurance: You should obtain appropriate insurance for risks excluded from our liability
Control: Limitations apply to matters largely within your control (data backup, professional review of AI Outputs, etc.)
Mitigation: You have the ability to mitigate risks through reasonable precautions

Negotiated Terms: These limitations are fundamental to our agreement and were negotiated based on this risk allocation.

Exceptions to Limitations

The following liabilities CANNOT be limited or excluded under applicable law:

Mandatory Liability (Cannot Be Excluded)

Death or Personal Injury: Liability for death or personal injury caused by our negligence
Fraud: Liability for fraud or fraudulent misrepresentation
Gross Negligence: Liability for gross negligence or willful misconduct
Consumer Protection: Liability under mandatory consumer protection laws (Directive 2011/83/EU)
Data Protection: Liability under GDPR for data protection violations (fines, compensation)

Time Limitation for Claims

CLAIMS MUST BE BROUGHT PROMPTLY: To the extent permitted by law, any claim against Hashed Horizon must be brought within:

Within the applicable statute of limitations in Poland, but in no event more than 5 years from the date of the event giving rise to the claim.

Notice Requirement: You must notify us in writing of any claim within 30 days of discovering the issue, or waive the right to claim damages for that issue.

Indemnification

Your Indemnification Obligations

You agree to indemnify, defend, and hold harmless Hashed Horizon, its affiliates, officers, directors, employees, and agents from any claims, damages, losses, liabilities, and expenses (including reasonable attorneys' fees) arising from:

Terms Violations: Your violation of these Terms or our Acceptable Use Policy
Content: Your Content, including allegations of infringement or privacy violations
Negligence: Your negligent or willful misconduct
Third-Party Claims: Claims by your users or customers arising from your use of the Services
AI Output Use: Your use of AI Outputs for prohibited purposes (medical, legal, financial advice without professional review)
Regulatory Violations: Your violations of applicable laws or regulations
Property Rights Claims: Claims by property owners, landlords, or tenants regarding unauthorized photography or use of property images
Property Use Violations: Violations of lease agreements or property use restrictions

Defense Control: We reserve the right to assume exclusive control of the defense of any claim subject to your indemnification, at your expense.

Our Indemnification (Limited)

Hashed Horizon will indemnify you from third-party claims that the Services infringe third-party intellectual property rights, subject to:

Prompt Notice: You must promptly notify us of the claim
Cooperation: You must cooperate in the defense
Control: We retain sole control of the defense and settlement
Exclusions: Indemnification does not apply to:
- Claims arising from your modifications to the Services
- Claims arising from your combination of Services with third-party products
- Claims arising from your use of Services in violation of Terms
- Claims arising from AI Outputs (third-party AI providers indemnify under their respective terms)

Sole Remedy: This indemnification is your sole remedy for intellectual property infringement claims.

Damages Cap Rationale

The limitations in this section are reasonable and enforceable because:

Free/Low-Cost Services: Pricing reflects limited liability exposure
Risk Control: You have greater control over many risks (data backup, professional review, etc.)
Insurance Availability: You can obtain insurance for excluded risks
Industry Standard: Limitations are consistent with industry practices (OpenAI, Google, Anthropic)
Service Nature: Internet-based services inherently carry uncertainties and risks

Fundamental Basis: These limitations are a fundamental basis of the bargain between you and Hashed Horizon. If found unenforceable, the liability cap will be the minimum amount permitted by law.

Severability

If any provision of this Limitation of Liability section is found invalid or unenforceable:

Reformation: Courts should reform the provision to the minimum extent necessary to make it enforceable
Partial Enforcement: If reformation is not possible, courts should enforce the provision to the maximum extent permitted by law
Severability: Invalid provisions are severed; all other provisions remain in full force

Preservation of Intent: The intent is to limit liability to the maximum extent permitted by applicable law.

Acknowledgment

By using the Services, you acknowledge that:

Read and Understood: You have read and understood these liability limitations
Considered Alternatives: You have considered the limitations in deciding to use the Services
Accept Risk: You accept the allocated risks as reasonable and appropriate
Obtain Insurance: You will obtain appropriate insurance for risks excluded from our liability

Informed Agreement: This acknowledgment evidences your informed and voluntary agreement to these limitations.

Termination and Account Deletion

Your Right to Terminate

You may terminate these Terms and close your Account at any time by:

Account Dashboard: Using the account deletion feature in your Account settings
Email Request: Sending a termination request to support@hashedhorizon.com with the subject line "Account Termination"
Written Notice: Sending written notice to Hashed Horizon Sp. z o.o. at our registered address

Effective Date: Termination takes effect immediately upon processing your request, or at the end of your current Billing Cycle if you have an active Subscription.

Our Right to Terminate

We reserve the right to suspend or terminate your Account if:

Terms Violation: You violate these Terms or our Acceptable Use Policy
Illegal Activity: Your Account is involved in illegal activities
Payment Failure: You fail to pay outstanding fees after reasonable notice
Fraudulent Conduct: You engage in fraudulent or deceptive practices
Inactivity: Your Account has been inactive for more than 2 years
Legal Requirement: We are required to do so by law or court order
Service Discontinuation: We discontinue the Services (with 90 days' notice)

Notice of Termination: We will provide reasonable advance notice of termination via email to support@hashedhorizon.com, except where immediate termination is required for security, legal, or safety reasons.

Upon Account termination, your Personal Data is handled as follows:

Immediate Actions

Account Deactivation: Your Account is immediately deactivated and you cannot access the Services
Content Anonymization: Your publicly shared Content is anonymized (personal identifiers removed)
Active Data Processing Stops: We cease Processing your Personal Data except as required for legal obligations

Data Retention Periods

Temporary Processing Data: Deleted or anonymized within up to 90 days

This includes:

AI Inputs and Outputs
Session logs and activity data
Temporary cache and working files
Non-essential analytics data

Retained User Data: Retained for up to 12 months after account closure

This includes:

Account registration information (for fraud prevention)
Billing and transaction records (for tax and accounting compliance)
Legal compliance data (for contract enforcement and legal claims)

Legal Hold: Data subject to legal hold, ongoing litigation, or regulatory investigation is retained until the matter concludes, regardless of standard retention periods.

Under GDPR Art. 17, you have the right to request complete erasure of your Personal Data. To exercise this right:

Submit Request: Email dpo@hashedhorizon.com with the subject line "GDPR Art. 17 Erasure Request"
Identity Verification: We will verify your identity to prevent unauthorized data access
Exceptions Review: We will assess whether any legal exceptions to erasure apply
Deletion Confirmation: We will confirm erasure within 30 days or explain why erasure cannot be completed

Exceptions to Erasure (GDPR Art. 17(3)): We may refuse erasure if retention is necessary for:

Legal Obligations: Compliance with legal obligations under EU or Member State law
Public Interest: Archiving purposes in the public interest, scientific/historical research, or statistical purposes
Legal Claims: Establishment, exercise, or defense of legal claims
Freedom of Expression: Exercise of the right to freedom of expression and information

These exceptions are interpreted in accordance with the laws of Poland and European Union and United Kingdom and USA and Worldwide.

Before terminating your Account, you may exercise your right to data portability:

Request Export: Navigate to Account Settings → "Export My Data"
Format Options: Receive your data in JSON or CSV format
Processing Time: Data export is typically available within 48 hours
Download Window: Export links remain active for 7 days

What You Receive:

Account information and profile data
Content you created or uploaded
Usage history and preferences
Metadata (timestamps, categories, tags)

Backup Retention and Deletion

After Account termination, your data may remain in our backup systems for the following periods:

Active Backups: up to 90 days

Daily backups retained for backup and disaster recovery purposes
Encrypted and access-restricted

Archived Backups: up to 12 months after account closure

Long-term compliance and legal backups
Subject to same security controls as active data

Backup Erasure: At the end of retention periods, backups containing your Personal Data are:

Securely Deleted: Overwritten using industry-standard data destruction methods
Anonymized: Personal identifiers permanently removed, making re-identification impossible
Certified: Deletion is logged and auditable for compliance purposes

Subprocessor Data Deletion

Upon termination, we instruct our Subprocessors to delete or return your Personal Data in accordance with our Data Processing Agreements:

Google Cloud AI (Gemini): Data deletion requested within 30 days of termination
Vercel: Data deletion requested within 30 days of termination
Neon: Data deletion requested within 30 days of termination
Sentry: Data deletion requested within 30 days of termination
Stripe: Data deletion requested within 30 days of termination
Apple (App Store / Apple Pay): Data deletion requested within 30 days of termination
Google (Play Store / Google Pay): Data deletion requested within 30 days of termination

Verification: We maintain records of deletion instructions sent to Subprocessors for audit purposes.

Consequences of Termination

Upon Account termination:

Immediate Effects

Access Revoked: All access to the Services is immediately terminated
API Keys Invalidated: All API keys are immediately revoked
Subscriptions Cancelled: All active Subscriptions are cancelled (no refunds for partial periods)
Content Deleted: Your Content is deleted according to retention schedules above
Third-Party Integrations Disconnected: All third-party service integrations are disconnected

No Refunds

Except for the EU 14-day cooling-off period, termination does not entitle you to refunds for:

Unused portions of Subscription periods
Prepaid fees or credits
Data export or migration costs

Exception: If we terminate your Account for our convenience (not for cause), you may be entitled to a pro-rata refund of prepaid fees.

Survival of Terms

The following sections survive termination of these Terms:

Intellectual Property: Ownership and license provisions
Liability: Limitation of liability and disclaimers
Indemnification: Your indemnification obligations
Governing Law: Jurisdiction and dispute resolution
Data Protection: Data retention and erasure obligations

Reactivation After Termination

If you wish to reactivate a terminated Account:

Within Retention Period: Contact support@hashedhorizon.com within up to 12 months after account closure to request reactivation
After Retention Period: Data has been deleted; you must create a new Account
Termination for Cause: Accounts terminated for Terms violations may not be eligible for reactivation

Reactivation Review: We reserve the right to review and approve/deny reactivation requests, particularly for Accounts terminated for violations.

Service Discontinuation

If we decide to discontinue ThisOne AI Platform entirely:

Advance Notice: We will provide at least 90 days' advance notice via email and website announcement
Data Export Window: You will have at least 90 days to export your data via account dashboard (GDPR Art. 20 - Data Portability)
No Migration Obligation: We are not obligated to provide migration assistance, custom integrations, or maintain alternative services for users
Pro-Rated Refunds: Unused prepaid fees will be refunded on a pro-rata basis

Legal Effect of Termination

Termination does not:

Waive Rights: Waive any rights or remedies available at law or equity
Release Liabilities: Release you from liabilities incurred prior to termination
Affect Legal Proceedings: Affect any ongoing legal proceedings or claims
Override Legal Obligations: Override obligations imposed by applicable law

All rights and obligations under these Terms are governed by the laws of Poland, which continue to apply after termination.

Contact for Termination Questions

For questions about Account termination, data deletion, or exercising your GDPR rights, contact:

General Inquiries: support@hashedhorizon.com
Data Protection Officer: dpo@hashedhorizon.com
Postal Address: ul. Marszałkowska 1, 00-624 Warsaw, Poland

Governing Law and Dispute Resolution

Governing Law

These Terms and your use of the Services are governed by and construed in accordance with the laws of Poland, without regard to conflict of law principles.

EU Law Supremacy

For users in the European Union and European Economic Area:

GDPR Primacy: Data protection matters are governed by the General Data Protection Regulation (EU) 2016/679
Consumer Rights: Consumer protection is governed by EU Directive 2011/83/EU (Consumer Rights Directive)
Copyright: Intellectual property matters are governed by EU Directive 2019/790 (Copyright Directive)
ePrivacy: Cookie and tracking matters are governed by ePrivacy Directive 2002/58/EC

Mandatory Provisions: No provision of these Terms can waive or limit rights granted under EU law.

Jurisdiction and Venue

For Consumer Users (B2C)

EU Consumer Protection: Under EU law, consumers may bring legal proceedings in:

Your Home Court: The courts of your country of residence
Our Home Court: The courts of Poland

Consumer Choice: As a consumer, you retain the right to choose which court has jurisdiction. This does not affect your mandatory consumer protection rights under EU law.

Rome I Regulation: Choice of law provisions are subject to Regulation (EC) No 593/2008 (Rome I), which protects consumers' mandatory rights under their home country law.

EU Online Dispute Resolution (Required under Regulation 524/2013)

ODR Platform: EU consumers can access the European Commission's Online Dispute Resolution (ODR) platform for online dispute resolution:

https://ec.europa.eu/consumers/odr/

The ODR platform provides a simple, efficient, fast, and low-cost out-of-court solution for disputes arising from online purchases of goods and services. We are committed to participate in good faith in any dispute resolution proceedings initiated through the ODR platform.

Our Email for ODR Purposes: support@hashedhorizon.com

For Business Users (B2B)

For businesses and commercial users, all disputes arising out of or relating to these Terms shall be subject to the exclusive jurisdiction of the courts located in:

Poland
United Kingdom
USA
Worldwide

Waiver of Objections: Business users waive any objections to venue or jurisdiction in these courts.

Dispute Resolution Process

Before initiating formal legal proceedings, the parties agree to attempt good faith resolution through the following process:

Step 1: Direct Negotiation

Notice of Dispute: Send written notice to support@hashedhorizon.com describing the dispute
Response Time: We will respond within 14 days with our position
Negotiation Period: Parties will negotiate in good faith for 30 days
Escalation: If unresolved, proceed to Step 2

Step 2: Alternative Dispute Resolution (ADR)

EU ODR Platform: For EU consumers, you may use the European Commission's Online Dispute Resolution (ODR) platform available at: https://ec.europa.eu/consumers/odr

Mediation: Parties may agree to submit the dispute to mediation by a mutually agreed mediator. Mediation costs are shared equally unless otherwise agreed.

Non-Binding: ADR is non-binding unless both parties agree otherwise. Either party may proceed to formal legal proceedings after ADR.

Step 3: Formal Legal Proceedings

If ADR fails to resolve the dispute within 60 days, either party may initiate formal legal proceedings in accordance with the Jurisdiction provisions above.

Class Action Waiver (Where Permitted by Law)

Individual Disputes Only: To the maximum extent permitted by applicable law, you agree to bring disputes only in your individual capacity and not as part of any class, collective, or representative action.

No Class Actions: You waive any right to participate in class action lawsuits or class-wide arbitration.

Severability: If this class action waiver is found unenforceable, the entire dispute resolution provision is severable and does not affect the validity of other provisions.

EU Exception: This waiver does NOT apply to EU/EEA consumers, who retain all collective action rights under EU law.

Binding Arbitration (United States Business Users and Non-EU Users Only)

EU Consumer Exclusion (CJEU Case C-168/05 Mostaza Claro)

This Arbitration Clause Does NOT Apply to EU/EEA Consumers: In accordance with CJEU Case C-168/05 (Mostaza Claro) and Council Directive 93/13/EEC (Unfair Terms in Consumer Contracts Directive), consumers (natural persons acting outside their trade, business, craft, or profession) in the European Union and European Economic Area are expressly excluded from mandatory arbitration.

Who This Arbitration Clause Applies To:

Business Users (B2B): Companies, organizations, or individuals using the Services for commercial purposes
Non-EU Users: Individual users located outside the European Union and European Economic Area who are not consumers under their local law
EU/EEA Consumers: Individual users in the EU/EEA using Services for personal, family, or household purposes (EXCLUDED from arbitration)

EU Consumer Rights: EU/EEA consumers retain all rights to bring disputes in courts as described in the "Jurisdiction and Venue" section above, including the right to use the EU Online Dispute Resolution (ODR) platform at https://ec.europa.eu/consumers/odr.

Legal Basis: Under EU law (CJEU C-168/05, Directive 93/13/EEC Article 3, and Rome I Regulation 593/2008), contractual terms that deprive consumers of judicial protection are considered unfair and unenforceable. This exclusion ensures compliance with mandatory EU consumer protection law.

Mandatory Arbitration Agreement (Non-EU Users and Business Users): For users located in the United States who are either business users or non-consumers, all disputes, claims, or controversies arising out of or relating to these Terms, your use of the Services, or your relationship with Hashed Horizon (whether based in contract, tort, statute, fraud, misrepresentation, or any other legal theory) shall be resolved exclusively through binding individual arbitration.

Arbitration Provider and Rules

Administration: Arbitration shall be administered by the American Arbitration Association (AAA) under its Commercial Arbitration Rules and Supplementary Procedures for Consumer-Related Disputes.

AAA Rules: The AAA rules are available at www.adr.org or by calling 1-800-778-7879.

JAMS Alternative: If AAA is unavailable or unwilling to arbitrate, disputes shall be arbitrated by JAMS under its Comprehensive Arbitration Rules.

Arbitration Location and Format

Location: Arbitration shall be conducted:

In the county where you reside (for consumer users)
In [County, State] (for business users)
Remotely via video conference or telephone (if agreed by both parties)

Individual Arbitrator: One neutral arbitrator mutually agreed upon by the parties, or appointed according to AAA rules.

Costs and Fees

Filing Fees: Hashed Horizon will pay all AAA filing, administration, and arbitrator fees for claims under €10.000, unless the arbitrator finds your claim frivolous.

Your Costs: You are responsible for your own attorneys' fees unless:

Applicable law requires Hashed Horizon to pay, or
You prevail and the arbitrator awards fees

Large Claims: For claims over €10.000, AAA rules govern fee allocation.

Small Claims Court Exception

Small Claims Option: Either party may bring an individual action in small claims court instead of arbitration if:

The claim is within the court's jurisdictional limit (typically €5.000-€10.000)
The claim is brought in the party's county of residence
The claim proceeds on an individual (non-class, non-representative) basis

No Arbitration Required: Small claims court proceedings are not subject to mandatory arbitration.

Arbitration Procedure

Discovery: Limited discovery is permitted as determined by the arbitrator to ensure fair proceedings.

Hearing: The arbitrator may conduct hearings in person, by video conference, by telephone, or based solely on written submissions as the parties agree or the arbitrator determines.

Written Decision: The arbitrator must provide a written decision with findings of fact and conclusions of law.

Final and Binding: The arbitrator's decision is final and binding, except for limited appeal rights under the Federal Arbitration Act.

Court Enforcement: Judgment on the arbitration award may be entered in any court with jurisdiction.

No Class or Representative Arbitration

Individual Basis Only: Arbitration shall proceed on an individual basis only. You may not bring claims as a plaintiff or class member in any class, collective, or representative arbitration.

Consolidation Prohibited: The arbitrator may not consolidate claims of multiple persons or preside over any form of representative or class proceeding.

Severability of Class Waiver: If this class action waiver is found unenforceable for any particular claim or request for relief, then that claim or request must be severed and proceed in court, while remaining claims proceed in arbitration.

Opt-Out Right

30-Day Opt-Out: You may opt out of this mandatory arbitration agreement by sending written notice to support@hashedhorizon.com within 30 days of:

First accepting these Terms, or
The effective date of material changes to this arbitration provision

Opt-Out Requirements: Your notice must include:

Your full name
Email address associated with your Account
Statement: "I opt out of the mandatory arbitration agreement"

Effect of Opt-Out: If you opt out, neither you nor Hashed Horizon can require the other to participate in arbitration, but all other Terms remain applicable.

No Retroactive Effect: Opting out does not affect any previous arbitration agreements or claims already subject to arbitration.

Governing Arbitration Law

Federal Arbitration Act: This arbitration agreement is governed by the Federal Arbitration Act (FAA), 9 U.S.C. §§ 1-16, and evidences a transaction involving interstate commerce.

FAA Supremacy: The FAA governs the interpretation and enforcement of this arbitration provision, preempting conflicting state law to the maximum extent permitted.

Changes to Arbitration Terms

Notice Required: We will provide at least 30 days' advance notice of material changes to this arbitration provision.

Rejection Right: You may reject changes by opting out within 30 days of notice. If you do not opt out, continued use of the Services constitutes acceptance of the updated arbitration terms.

Pending Disputes: Changes do not apply to disputes that arose before the effective date of the change.

Limitation Period for Claims

All claims arising under these Terms must be brought within the following time limits:

Latest Possible Claim: In no event shall any claim be brought more than 5 years after the event giving rise to the claim, regardless of when discovered.

Injunctive Relief

Notwithstanding the dispute resolution process above, either party may seek injunctive or other equitable relief in any court of competent jurisdiction to:

Prevent Irreparable Harm: Prevent irreparable harm or ongoing violations
Protect IP Rights: Protect Intellectual Property Rights
Enforce Confidentiality: Enforce confidentiality obligations
Comply with Court Orders: Comply with court orders or legal processes

Immediate Relief: Applications for injunctive relief may be made without completing the dispute resolution process where immediate action is necessary.

Legal Fees and Costs

Consumer Users

EU Consumer Protection: For EU consumers, legal fee arrangements are governed by applicable national law and court rules. In many EU jurisdictions, the losing party pays the winning party's reasonable legal fees.

Business Users

For business users, the prevailing party in any legal proceeding is entitled to recover reasonable attorneys' fees and costs from the non-prevailing party.

Severability

If any provision of this Governing Law section is found invalid or unenforceable:

Limited Invalidity: Only the invalid provision is severed; all other provisions remain in full effect
Reformation: Courts may reform invalid provisions to the minimum extent necessary to make them enforceable
Preservation of Intent: Reformed provisions should preserve the original intent to the maximum extent possible

Force Majeure

Polish Civil Code Article 471 Standard: Neither party is liable for delays or failures to perform obligations due to extraordinary and unforeseeable circumstances beyond reasonable control, the consequences of which could not have been avoided even if all due care had been exercised.

Force Majeure Events (strictly interpreted):

Acts of God: Earthquakes, floods, hurricanes, tsunamis, volcanic eruptions
War and Armed Conflict: Declared war, armed conflict, invasion, military mobilization
Terrorism: Large-scale terrorist attacks affecting infrastructure or regions
Government Orders: Government prohibitions, legal changes making performance impossible, expropriation
Pandemics: Pandemics declared by the World Health Organization (WHO) with government-mandated shutdowns
Large-Scale Power Grid Failures: Regional or national power grid failures affecting multiple geographic areas

NOT Force Majeure (these are normal business risks):

Third-Party AI Model Outages: Failures by OpenAI, Anthropic, or Google (we maintain backup providers and redundancy)
Routine Internet Disruptions: Localized internet service outages or CDN failures
Supplier Failures: Failures by individual subprocessors or vendors (we are responsible for vetting our supply chain)
Technical Capacity Issues: Server capacity limits, database issues, or performance degradation
Cyberattacks: DDoS attacks, ransomware, or hacking (these are foreseeable risks requiring mitigation)
Labor Disputes: Strikes, lockouts, or labor shortages (these are ordinary business risks)
Financial Difficulties: Cash flow problems, insolvency, or payment processor issues

Strict Criteria: Under Polish law (Article 471 Civil Code) and EU law (CJEU Case C-413/12), force majeure requires:

Extraordinariness: Event must be exceptional and abnormal
Unforeseeability: Event could not have been reasonably anticipated
Unavoidability: Consequences could not be prevented despite all reasonable precautions
External: Event must be external to the party claiming force majeure

Notice and Mitigation: The party claiming force majeure must:

Immediate Notice: Notify the other party within 24 hours of the force majeure event
Evidence: Provide documentation of the event and its impact
Mitigation: Use all reasonable efforts to minimize the impact and resume performance
Updates: Provide regular updates on the status and expected resolution

Duration and Effects:

Suspension: Performance obligations are suspended during the force majeure event
No Liability: Neither party is liable for delays or failures caused by force majeure
Termination Right: If force majeure continues for more than 30 days, either party may terminate the affected Services with written notice
Resumption: Performance obligations resume immediately when the force majeure event ends

Suspension of Obligations: Performance obligations are suspended during force majeure events but resume when circumstances permit.

No Waiver

Failure to enforce any provision of these Terms does not constitute a waiver of that provision or any other provision. Any waiver must be in writing and signed by Hashed Horizon.

Entire Agreement

These Terms, together with our Privacy Policy, Cookie Policy, and any other legal notices published by Hashed Horizon, constitute the entire agreement between you and Hashed Horizon regarding the Services.

Supersedes Prior Agreements: These Terms supersede all prior or contemporaneous agreements, communications, and proposals (whether oral, written, or electronic) between you and Hashed Horizon.

Language

Authoritative Version: The English version of these Terms is the authoritative version for interpretation and enforcement purposes.

Translations: Translations may be provided for convenience, but in case of conflict between the English version and any translation, the English version prevails.

EU Language Requirements: For consumer contracts, if your Member State law requires contracts to be provided in a specific language, we will provide a translation. In such cases, both the English and local language versions are equally authoritative.

Contact for Legal Matters

For legal questions or notices regarding these Terms:

Email: support@hashedhorizon.com
Data Protection Officer: dpo@hashedhorizon.com
Registered Address: ul. Marszałkowska 1, 00-624 Warsaw, Poland

Notices and Communications

How We Contact You

We may provide notices, disclosures, and communications to you through the following methods:

Email Notifications

Primary Method: Email to the address associated with your Account.

Your Responsibility:

Accurate Email: Maintain a current, accurate email address in your Account settings
Check Regularly: Check your email regularly for important notices
Spam Filters: Configure spam filters to allow emails from https://thisone.app and support@hashedhorizon.com
Update Promptly: Update your email address immediately if it changes

Deemed Received: Email notices are deemed received 24 hours after sending, regardless of whether you actually read them.

Bounce Back: If an email bounces back as undeliverable, we may suspend your Account until you provide a valid email address.

In-Service Notifications

Dashboard Alerts: Important notices may be displayed when you log in to your Account.

Banner Notifications: Critical notices may appear as banners on the website or in the application.

Deemed Received: In-service notifications are deemed received when displayed, whether or not you acknowledge them.

Website Announcements

Legal Page: Changes to Terms, Privacy Policy, or Cookie Policy posted at:

Check Regularly: You are responsible for regularly reviewing our website for updates.

Postal Mail (When Required)

For formal legal notices, we may send physical mail to:

The billing address in your Account (if you have a paid Subscription)
The address you provide for legal correspondence

Update Address: Promptly update your postal address if it changes.

How You Contact Us

Depending on the nature of your communication, use the appropriate contact method:

General Inquiries and Support

Email: support@hashedhorizon.com

Subject Lines: Use clear, descriptive subject lines:

"Account Issue: [Brief Description]"
"Billing Question: [Brief Description]"
"Technical Support: [Brief Description]"

Response Time: We aim to respond to paid Subscribers within 24 hours (business days) and free tier users within 48 hours.

Data Protection and Privacy

Data Protection Officer: dpo@hashedhorizon.com

Subject Lines for GDPR Requests:

"GDPR Art. 15 - Access Request"
"GDPR Art. 16 - Rectification Request"
"GDPR Art. 17 - Erasure Request"
"GDPR Art. 20 - Data Portability Request"
"GDPR Art. 21 - Objection to Processing"

Response Time: 30 days (extendable by 2 months for complex requests under GDPR Art. 12(3)).

Identity Verification: We will verify your identity before processing GDPR requests to prevent unauthorized data access.

Legal Notices and Formal Communications

Registered Office:

Hashed Horizon Sp. z o.o. ul. Marszałkowska 1, 00-624 Warsaw, Poland

Email: support@hashedhorizon.com with subject "LEGAL NOTICE: [Topic]"

Requirements for Legal Notices:

Writing: Must be in writing (email or postal mail)
Specific: Clearly identify the issue and legal basis
Contact Information: Include your name, Account details, and contact information
Evidence: Attach relevant evidence or documentation

Deemed Received:

Email: 24 hours after sending
Postal Mail: 5 business days after posting (domestic), 10 business days (international)

Intellectual Property Infringement

Copyright Claims (DMCA): support@hashedhorizon.com with subject "DMCA Copyright Claim"

Requirements:

Physical or electronic signature of copyright owner
Description of copyrighted work allegedly infringed
Location of infringing material on our Services (URL or specific identification)
Your contact information (address, phone, email)
Good faith statement that use is not authorized
Statement under penalty of perjury that information is accurate

EU Copyright Claims: support@hashedhorizon.com with subject "EU Copyright Directive GDPR Art. 17 Claim"

Trademark Claims: support@hashedhorizon.com with subject "Trademark Infringement Claim"

Security Incidents

Security Issues: support@hashedhorizon.com with subject "URGENT: Security Issue"

What to Report:

Suspected unauthorized access to your Account
Discovery of security vulnerabilities
Suspected data breaches
Phishing attempts impersonating Hashed Horizon

Response Priority: Security reports receive priority handling with acknowledgment within 2 hours during business hours.

Responsible Disclosure: If you discover a security vulnerability, please follow responsible disclosure:

Report privately to support@hashedhorizon.com (do not publicly disclose)
Provide detailed description and steps to reproduce
Allow us reasonable time to address the issue before public disclosure (typically 90 days)

Billing and Payment

Billing Questions: support@hashedhorizon.com with subject "Billing: [Brief Description]"

Refund Requests: support@hashedhorizon.com with subject "Refund Request: [Reason]"

Requirements for Refund Requests:

Account email and username
Transaction ID or invoice number
Reason for refund request
Supporting evidence (if applicable)

EU 14-Day Cooling-Off: support@hashedhorizon.com with subject "Right of Withdrawal" (must be submitted within 14 days of purchase for EU/EEA consumers)

Content Moderation Appeals

Content Removal Appeal: support@hashedhorizon.com with subject "Content Removal Appeal"

Requirements:

Specific content that was removed (URL, description, timestamp)
Reason you believe removal was in error
Explanation of how content complies with Terms

Review Time: Content moderation appeals are reviewed within 7 business days.

Notice Requirements for Specific Situations

Account Termination Notice

From You: To terminate your Account, send written notice to support@hashedhorizon.com with subject "Account Termination Request" including:

Account email and username
Confirmation of termination intent
Acknowledgment of data deletion consequences

From Us: If we terminate your Account, we will provide notice via:

Email to your registered address (minimum 14 days for non-violations)
In-service notification
Immediate termination for serious violations (fraud, illegal activity, security threats)

Terms Changes Notice

Material Changes: We will provide at least 30 days' advance notice of material changes to Terms via:

Email to registered users
Prominent website notice
In-service notification upon next login

Continued Use: Your continued use after the notice period constitutes acceptance of changes.

Objection: If you object to changes, your sole remedy is to terminate your Account before changes take effect.

Subprocessor Changes

30-Day Notice: We will notify you at least 30 days before adding or changing Subprocessors via:

Email to registered users
Update to Privacy Policy with change log
Website announcement

Objection Right: You may object to new Subprocessors by contacting dpo@hashedhorizon.com within the notice period.

Price Changes

Subscription Price Changes: We will provide at least 30 days' advance notice of price changes via:

Email to active Subscribers
Account dashboard notification
Next invoice preview

Effective Date: Price changes take effect at your next renewal after the notice period.

Cancellation Right: You may cancel your Subscription before the new price takes effect to avoid the increase.

Service Discontinuation

90-Day Notice: If we discontinue ThisOne AI Platform, we will provide at least 90 days' notice via:

Email to all registered users
Prominent website announcement
In-service notifications

Data Export Window: You will have at least 90 days to export your data before service discontinuation.

Language and Translation

Primary Language: English is the primary language for all official communications.

Translations: We may provide translations of Terms, Privacy Policy, and notices for convenience.

Controlling Version: In case of conflict between English and translated versions, the English version controls, except where EU consumer law requires otherwise.

Consumer Language Rights: EU consumers may request communications in their national language where required by Member State consumer protection law.

By using the Services, you consent to receive communications from us electronically (email, in-service notifications, website postings).

Electronic Delivery: You agree that electronic delivery satisfies legal requirements for written communications.

Withdrawal: You may withdraw consent to electronic communications by:

Contacting support@hashedhorizon.com to request postal mail communications
Acknowledging that withdrawal may delay communications and service delivery
Paying any reasonable costs for postal communications (if applicable)

Opting Out of Non-Essential Communications

You may opt out of certain communications:

Marketing Communications: Unsubscribe links in marketing emails, or update preferences in Account settings.

Service Updates: Newsletters and product updates can be unsubscribed from without affecting essential Account communications.

Cannot Opt Out:

Transactional emails (account creation, password reset, payment receipts)
Legal notices (Terms changes, privacy policy updates)
Security alerts (unauthorized access, data breaches)
Service disruption notices (outages, maintenance)

Communication Retention

We retain communications in accordance with our data retention policies:

Support Emails: up to 90 days for operational purposes.

Legal Notices: for compliance and legal defense.

GDPR Requests: Permanent retention of GDPR request logs for accountability (GDPR Art. 5(2)).

Third-Party Communication Channels

Unofficial Channels: Communications through unofficial channels (social media, forums) are not legally binding.

Official Channels Only: For legally binding communications, use only the contact methods specified in this section.

Impersonation: Report suspected impersonation or phishing to support@hashedhorizon.com immediately.

Notice Effectiveness

Proof of Delivery: We may require proof of delivery for critical legal notices (delivery receipts, certified mail).

Deemed Receipt:

Email: 24 hours after sending to your registered email address
Postal Mail: 5 business days (domestic), 10 business days (international) after posting
In-Service: Upon display in your Account or dashboard

Failure to Receive: Your failure to receive a notice due to:

Spam filtering
Email bounces
Failure to check Account
Outdated contact information

...does not invalidate the notice. You remain bound by notices sent to your registered contact information.

Contact Information Summary

General Support: support@hashedhorizon.com Data Protection Officer: dpo@hashedhorizon.com Security Issues: support@hashedhorizon.com (subject: "URGENT: Security Issue") Legal Notices: support@hashedhorizon.com (subject: "LEGAL NOTICE: [Topic]") Copyright Claims: support@hashedhorizon.com (subject: "DMCA Copyright Claim")

Postal Address: Hashed Horizon Sp. z o.o. ul. Marszałkowska 1, 00-624 Warsaw, Poland

Website: https://thisone.app

General Provisions

Assignment

Our Rights

Hashed Horizon may assign, transfer, or delegate these Terms and our rights and obligations without your consent in connection with:

Merger or Acquisition: Sale, merger, consolidation, or acquisition of Hashed Horizon
Corporate Reorganization: Reorganization, restructuring, or change of control
Asset Sale: Sale of substantially all assets of Hashed Horizon
Affiliate Transfer: Transfer to parent companies, subsidiaries, or affiliates

Notice of Assignment: We will provide reasonable notice of material assignments that affect your use of the Services.

GDPR Compliance: Any assignment involving Personal Data will comply with GDPR Art. 28(3)(g) and GDPR Art. 44-50 for international transfers.

Your Restrictions

You may NOT assign, transfer, or delegate these Terms or your rights and obligations without our prior written consent.

Attempted Assignment Void: Any attempted assignment in violation of this section is void and of no effect.

Death or Incapacity: Upon your death or incapacity, your executor, administrator, or legal representative may request Account access for the purpose of data retrieval and Account closure.

Severability

If any provision of these Terms is found to be invalid, unlawful, or unenforceable by a court of competent jurisdiction:

Severance and Reformation

Limited Severance: Only the invalid provision is severed; all other provisions remain in full force and effect
Reformation: Courts may reform the invalid provision to the minimum extent necessary to make it enforceable
Preservation of Intent: Reformed provisions should preserve the original intent as closely as possible

Replacement Provision

If severance creates a material gap in the Terms, the parties will negotiate in good faith to replace the invalid provision with a valid provision that achieves the same commercial purpose.

EU Consumer Protection: If any provision is found unenforceable against EU consumers, it will be replaced with the minimum consumer protection standards required by EU Directive 2011/83/EU.

Entire Agreement

These Terms, together with the following documents, constitute the entire agreement between you and Hashed Horizon regarding the Services:

Incorporated Documents

Privacy Policy
Cookie Policy
Acceptable Use Policy: Referenced in Use of the Services section above
Service Level Agreement (SLA): Uptime guarantees and credits for paid Subscribers
Data Processing Agreement (DPA)

Hierarchy: See the "Order of Precedence" section for the complete document hierarchy. Enterprise Addendum and DPA (if applicable) take precedence over these Terms for Business Customers. Mandatory consumer protection and data protection laws prevail over any conflicting contractual terms.

Supersedes Prior Agreements

These Terms supersede all prior or contemporaneous:

Negotiations: Oral or written negotiations
Proposals: Proposals, quotes, or preliminary agreements
Communications: Email exchanges or informal understandings
Prior Versions: Previous versions of Terms of Service

No Reliance: You acknowledge that you have not relied on any statements, promises, or representations not expressly set forth in these Terms.

Order of Precedence

In the event of any conflict or inconsistency between legal documents, the following order of precedence applies (highest to lowest):

Enterprise Addendum - Controls enhanced terms for Enterprise Customers
Data Processing Agreement (DPA) - Controls data processing terms for Business Customers
Order Form (if any) - Controls service-specific terms and pricing
Privacy Policy - Controls personal data processing and privacy rights (for data protection matters)
Terms of Service - Controls general use, liability, and dispute resolution
Cookie Policy - Controls cookie use and consent management

Interpretation Rules:

Specific Prevails Over General: More specific provisions prevail over general provisions
Later Prevails Over Earlier: In case of amendments, the most recent version prevails
Mandatory Law Prevails: Nothing in these documents limits rights granted by mandatory consumer protection, data protection, or other applicable laws

For Business Customers: The DPA and Enterprise Addendum (if applicable) take precedence over consumer-focused provisions in the Terms of Service and Privacy Policy.

For Consumer Customers: Consumer protection laws (GDPR, ePrivacy Directive, national consumer laws) prevail over any conflicting contractual terms.

Waiver

No Implied Waiver

Failure or delay by Hashed Horizon to enforce any provision of these Terms does not constitute a waiver of that provision or any other provision.

Specific Examples:

Delayed Enforcement: Delaying enforcement of a violation does not waive our right to enforce later violations
Selective Enforcement: Enforcing Terms against some users but not others does not waive our right to enforce against all users
Partial Enforcement: Enforcing only part of a provision does not waive the remaining parts

Written Waiver Required

Any waiver of these Terms must be:

In Writing: Documented in a written agreement
Signed: Signed by an authorized representative of Hashed Horizon
Specific: Clearly identify the provision being waived and the scope of the waiver
Limited: Apply only to the specific instance; not a general waiver of future violations

Email Authority: Only email from an official Hashed Horizon domain can constitute official waiver communications.

Amendment and Modification

Our Right to Modify

We reserve the right to modify these Terms at any time, subject to:

Advance Notice: At least 30 days' advance notice of material changes (via email and website posting)
Effective Date: Changes take effect on the date specified in the notice
Continued Use: Your continued use after the effective date constitutes acceptance

Material vs. Non-Material Changes

Material Changes (requiring 30-day notice):

Changes to pricing or payment terms
Reduction of your rights or increase of your obligations
Changes to liability limitations or dispute resolution
Changes to data processing or privacy practices

Non-Material Changes (effective immediately):

Clarifications or corrections
Updates to contact information
Addition of new features or services (without changing existing Terms)
Formatting or organizational changes

Your Modification Rights

You may not modify these Terms except by:

Written Amendment: Signed written agreement with an authorized Hashed Horizon representative
Individual Negotiation: For enterprise customers, negotiated amendments may be documented in separate agreements

No Oral Modifications: Oral modifications are not binding and have no effect.

Relationship of Parties

Independent Contractors

You and Hashed Horizon are independent contractors. These Terms do not create:

No Partnership: Partnership or joint venture relationship
No Agency: Agency, employment, or fiduciary relationship
No Authority: Authority to bind the other party or create obligations on their behalf
No Control: Right to control or direct the other party's business operations

Tax Status: Each party is responsible for its own taxes, benefits, and legal compliance.

Subprocessors Are Independent

Our Subprocessors are independent contractors, not agents:

Google Cloud AI (Gemini): Independent contractor providing AI photo conversion and enhancement
Vercel: Independent contractor providing Application hosting and CDN
Neon: Independent contractor providing PostgreSQL database hosting
Sentry: Independent contractor providing Error tracking and crash diagnostics
Stripe: Independent contractor providing Payment processing and subscription management
Apple (App Store / Apple Pay): Independent contractor providing iOS in-app purchases and Apple Pay transactions
Google (Play Store / Google Pay): Independent contractor providing Android in-app purchases and Google Pay transactions

No Vicarious Liability: We disclaim vicarious liability for Subprocessor actions beyond our contractual obligations under Data Processing Agreements.

Third-Party Beneficiaries

These Terms are exclusively between you and Hashed Horizon. No third party has any right to enforce or benefit from these Terms, except:

Limited Exceptions

Subprocessors: Our Subprocessors may enforce limitation of liability provisions to the extent they benefit from such protections
Affiliates: Hashed Horizon parent companies, subsidiaries, and affiliates may enforce provisions protecting Hashed Horizon
Successors: Permitted successors and assigns may enforce these Terms

No Other Beneficiaries: No other third parties (including your customers, users, or downstream recipients) are third-party beneficiaries of these Terms.

Interpretation

Rules of Construction

Headings: Section headings are for convenience only and do not affect interpretation
Examples: "Including," "e.g.," and "such as" are non-exhaustive examples
Singular/Plural: Singular terms include plural and vice versa
Gender: Masculine terms include feminine and neuter
"Or": Includes "and/or" unless context requires otherwise

Ambiguity Resolution

No Contra Proferentem for Consumers: For EU consumers, ambiguities are resolved in favor of the consumer under EU Directive 93/13/EEC (Unfair Contract Terms Directive).

Business Users: For non-consumer users, ambiguities are not automatically resolved against the drafter; normal principles of contract interpretation apply.

Language

Authoritative Language: English is the authoritative language for these Terms.

Translations: Translations may be provided for convenience. In case of conflict:

English Controls: The English version governs for interpretation
EU Consumer Exception: For EU consumers, if local law requires translation, both English and local language versions are equally authoritative

Survival

The following provisions survive termination or expiration of these Terms:

Permanent Survival

Intellectual Property: Ownership and license provisions (Intellectual Property Infringement section)
Liability: Disclaimers and limitation of liability (Sections 11-12)
Indemnification: Indemnification obligations (Contact Information)
Disputes: Governing law and dispute resolution (Governing Law and Dispute Resolution)
Confidentiality: Confidentiality obligations (if any)

Temporary Survival

Data Retention: Data retention and deletion obligations (survive until retention periods expire)
Payment: Outstanding payment obligations (survive until paid)
GDPR Rights: Data subject rights (survive until Personal Data is deleted)

Purpose: Survival provisions remain in effect to the extent necessary to accomplish their purposes.

Publicity

Our Publicity Rights

Unless you opt out, we may:

Customer List: Identify you as a customer on our website and marketing materials
Logo Usage: Use your company name and logo in customer lists
Case Studies: With your prior written consent, publish case studies about your use of the Services

Opt-Out: Contact support@hashedhorizon.com to opt out of customer publicity.

Enterprise Customers: Enterprise agreements may include separate publicity provisions.

Your Publicity Restrictions

You may not issue press releases or public statements about your use of the Services without our prior written consent, except:

Factual Statements: Factual statements that you use the Services
Legally Required: Disclosures required by law or stock exchange regulations
Trademark Use: Proper trademark usage under Intellectual Property Infringement section

Export Controls

The Services may be subject to export control laws and regulations, including:

EU Export Controls: EU Dual-Use Regulation 2021/821
U.S. Export Controls: Export Administration Regulations (EAR), if applicable
Sanctions: EU and international sanctions programs

Your Obligations:

Compliance: Comply with all applicable export control laws
Prohibited Destinations: Do not access Services from or export to embargoed countries
Restricted Entities: Do not provide access to sanctioned individuals or entities
Encryption: Comply with encryption export controls

Restricted Countries: You represent that you are not located in, and will not use the Services from:

Countries subject to comprehensive EU or U.S. sanctions (e.g., North Korea, Syria, Crimea)
Countries where the Services are prohibited by law

Government Users

EU Government Users: If you are a government entity within the European Union:

Public Procurement: Acquisition may be subject to EU public procurement directives (2014/24/EU, 2014/25/EU)
State Aid: Pricing must comply with EU state aid rules
Data Sovereignty: Additional data processing terms may apply under national law

Contact: Government entities should contact support@hashedhorizon.com for tailored procurement terms.

Feedback and Suggestions

If you provide feedback, suggestions, or ideas about the Services ("Feedback"):

No Obligation: We have no obligation to use, implement, or respond to Feedback
No Compensation: You are not entitled to compensation for Feedback we use
License Grant: You grant us a perpetual, irrevocable, worldwide, royalty-free license to use, modify, and incorporate Feedback into the Services
No Confidentiality: Feedback is not confidential or proprietary

Unsolicited Ideas: We do not accept unsolicited feature ideas under confidentiality agreements.

Questions About These Terms

For questions about these Terms:

General Questions: support@hashedhorizon.com
Legal Department: support@hashedhorizon.com (subject: "Legal Inquiry")
Data Protection Officer: dpo@hashedhorizon.com
Postal Address: ul. Marszałkowska 1, 00-624 Warsaw, Poland

Website: https://thisone.app

By using ThisOne AI Platform, you acknowledge that you have read, understood, and agree to be bound by these Terms of Service.

Effective: 2025-10-25 | Version: 5.0.0

EU Consumer Notice: These Terms do not affect your statutory rights under EU consumer protection law, including your right to a 14-day cooling-off period (where applicable) and your rights under the GDPR.

Questions? Contact support@hashedhorizon.com for clarification or assistance.

Regulatory Compliance and Future Changes

EU Digital Services Act (DSA) Compliance

DSA Classification

Hashed Horizon operates ThisOne AI Platform as an intermediary service under Regulation (EU) 2022/2065 (Digital Services Act). Our DSA classification:

Service Type: Hosting Service (DSA Art. 14-16)
Platform Status: Online Platform (user-generated content)
Size: Not a Very Large Online Platform

Content Moderation Transparency (DSA Art. 15, 24)

Moderation Timelines: We commit to the following content moderation timelines:

Content Type	Detection Method	Review Time	Action Time	Appeal Time
Illegal Content (CSAM, Terrorism)	Automated + PhotoDNA hash matching	Real-time	Immediate removal (<1 hour)	24 hours
Prohibited Use (ToS Violations)	AI content filter + user reports	24-48 hours	48-72 hours	7 days
User Reports	Manual review	48 hours	72 hours	7 days
Copyright (DMCA)	Counter-notice process	10-14 days	Per DMCA statute	10-14 days
Privacy Violations	Manual review	24 hours	48 hours	7 days
Harmful Content (Non-Illegal)	AI moderation (human review at discretion)	48-72 hours	72 hours	7 days

Moderation Process (DSA Art. 16):

Detection: Automated systems flag potentially violating content
Review: Content reviewed by automated systems or human moderators (as determined appropriate for the case)
Decision: Content is approved, removed, or restricted based on Terms and applicable law
Notification: User receives clear statement of reasons for moderation decisions (DSA Art. 17)
Appeal: User may appeal decisions through internal complaint system (DSA Art. 20)
Escalation: Unresolved appeals may be escalated to out-of-court dispute settlement (DSA Art. 21)

Exceptions (DSA Art. 16(3)):

Emergency Removals: Immediate removal for imminent risk of serious harm (terrorism, CSAM)
Legal Orders: Compliance with court orders or law enforcement requests
Manifestly Illegal: Clear violations removed without delay

Statement of Reasons (DSA Art. 17)

When we remove or restrict content, we provide a clear statement of reasons including:

Decision: Whether content was removed, restricted, suspended, or account terminated
Facts: Specific facts and circumstances resulting in the decision
Legal Basis: Applicable Terms of Service provision, law, or court order
Technological Means: Whether automated or human decision-making was used
Redress: Information about internal complaint system and out-of-court dispute settlement

Example Statement of Reasons:

Decision: Content Removed Reason: Image contained non-consensual intimate imagery (NCII), violating Prohibited Content provisions of our Terms of Service and Polish Criminal Code Art. 191a. Detection: User report reviewed by human moderator (not automated decision) Action Taken: Image permanently deleted, user account temporarily suspended (48 hours) Appeal: You may appeal this decision within 7 days by emailing support@hashedhorizon.com with subject "DSA Appeal - [Case ID]" Dispute Settlement: If appeal is rejected, you may escalate to certified out-of-court dispute settlement body (details provided upon appeal rejection)

Trusted Flaggers (DSA Art. 22)

We work with trusted flaggers - entities with particular expertise in detecting illegal content:

INHOPE: International Association of Internet Hotlines (CSAM reporting)
Europol: Law enforcement coordination for terrorism content
National Hotlines: Country-specific illegal content reporting organizations

Priority Processing: Reports from trusted flaggers receive priority review (target: <1 hour for illegal content).

Trusted Flagger Application: Organizations may apply to become trusted flaggers by contacting support@hashedhorizon.com with subject "Trusted Flagger Application".

Transparency Reporting (DSA Art. 15, 24)

DSA Compliance: If we become subject to DSA transparency reporting requirements (Very Large Online Platforms with 45M+ monthly EU users), we will publish annual transparency reports with the following information:

Content Moderation:
- Number of removal/restriction orders from authorities (by country)
- Number of user reports received and acted upon
- Average decision-making timeframes
- Number of content removals and account suspensions by category
Automated Decision-Making:
- Use of automated content moderation systems
- Accuracy metrics and error rates
- Human oversight mechanisms
Complaints and Appeals:
- Number of internal complaints received
- Complaint resolution rates and timelines
- Out-of-court dispute settlement referrals and outcomes
Government Requests:
- Law enforcement data requests (number, type, compliance rate)
- Content removal orders from public authorities
- Emergency disclosure requests

Report Availability: If required by DSA, transparency reports will be published at https://thisone.app/transparency. We may also publish reports at our discretion even when not legally required.

Out-of-Court Dispute Settlement (DSA Art. 21)

If your internal complaint is rejected, you may escalate to an out-of-court dispute settlement body:

Certified Bodies (examples):

Center for Democracy & Technology (CDT): EU-certified dispute settlement for content moderation
Civil Rights Defenders: EU-certified body for platform content decisions
Your National Consumer Protection Agency: Check EU ODR Platform for certified bodies

Process:

Submit internal complaint to support@hashedhorizon.com
If rejected, we provide information about certified dispute settlement bodies
You may submit dispute to certified body within 90 days
Certified body issues binding or non-binding decision (depending on body)
We commit to consider certified body recommendations in good faith

Cost: Out-of-court dispute settlement may be free or low-cost depending on the body.

DSA Compliance Contact

For DSA-specific inquiries:

Email: support@hashedhorizon.com
Subject Lines:
- "DSA Content Moderation Inquiry"
- "DSA Appeal - [Case ID]"
- "DSA Transparency Report Request"
- "Trusted Flagger Application"
Electronic Point of Contact: support@hashedhorizon.com (DSA Art. 11)
Legal Representative (if applicable): To be designated if required under DSA Art. 13

EU AI Act Compliance

AI Act Classification and Obligations

Risk Classification: ThisOne AI Platform's AI system is classified as LIMITED RISK under Regulation (EU) 2024/1689 (EU AI Act):

NOT Prohibited (Art. 5): We do not deploy social scoring, real-time biometric identification, or emotion recognition in workplaces/schools
NOT High-Risk (Annex III): We do not operate critical infrastructure, provide employment/education/credit decisions, or conduct law enforcement activities
Limited Risk (AI Act Art. 52): We generate synthetic content (AI images), requiring transparency obligations

Applicable Obligations:

Article 52(1) - AI-Generated Content Disclosure:
- Automatic metadata tagging (EXIF/IPTC) identifying AI processing (non-visual, embedded in files)
- Optional visible watermarking (user-enabled in account settings for additional transparency)
- User education on disclosure obligations when sharing content (EU AI Act requirement)
Article 52(3) - Deep Fake Disclosure:
- Prohibition on creating deceptive synthetic content
- Clear labeling requirements for content resembling real persons/events
- User responsibility clauses for compliance
Biometric Data Safeguards (AI Act Art. 5, Annex III):
- No biometric identification or categorization performed
- Explicit consent for processing facial features (GDPR Art. 9)
- Limited retention (~30 days)
- No surveillance or tracking across images

Detailed Compliance: See "EU AI Act Transparency (Article 52)" section for full compliance details.

AI System Transparency

We provide the following transparency information (AI Act Art. 13, 52):

Model Information: AI providers, model types, training data sources
Capabilities and Limitations: What the AI can and cannot do
Risk Mitigation: Safety filters, content moderation, prohibited use cases
Human Oversight: How humans review AI outputs and moderation decisions
Performance Metrics: Accuracy, error rates, bias testing results (where available)
Update Log: Changes to AI models, providers, or capabilities

AI Incident Reporting

If you experience serious AI incidents (unexpected harmful behavior, bias, errors):

Report To: support@hashedhorizon.com with subject "AI Incident Report"
Include: Description of incident, screenshots/examples, impact on you
Response Time: 48 hours for acknowledgment, 14 days for investigation
Escalation: Serious incidents may be reported to supervisory authorities (national AI authority)

Polish Data Protection Law Compliance

Future Regulatory Changes

Commitment to Regulatory Compliance

Hashed Horizon commits to monitoring and complying with emerging data protection and AI regulations, including:

Current and Upcoming Regulations:

EU AI Act (Regulation (EU) 2024/1689):
- Entered into force: August 1, 2024
- Limited-risk obligations: February 2, 2025
- High-risk obligations: August 2, 2026
- Ongoing monitoring of implementing acts and guidelines
EU Digital Services Act (Regulation (EU) 2022/2065):
- In force: November 16, 2022
- VLOP obligations: April 25, 2023 (if applicable)
- Full compliance: February 17, 2024
- Ongoing monitoring of guidelines and enforcement
EU Data Act (Regulation (EU) 2023/2854):
- Entered into force: January 11, 2024
- Application date: September 12, 2025
- Will enhance data portability and IoT data access rights
ePrivacy Regulation (Proposed):
- Expected to replace ePrivacy Directive (2002/58/EC)
- Will modernize cookie consent and electronic communications privacy
- We will update cookie policies upon adoption
AI Liability Directive (Proposed):
- Expected to establish liability rules for AI-caused harm
- We will update AI liability disclaimers upon adoption

Other Jurisdictions:

USA: CCPA/CPRA (California), VCDPA (Virginia), CPA (Colorado), and emerging state privacy laws
UK: UK GDPR and Data Protection Act 2018
Canada: PIPEDA and proposed Consumer Privacy Protection Act (CPPA)
Brazil: Lei Geral de Proteção de Dados (LGPD)
Japan: Act on the Protection of Personal Information (APPI)

Policy Update Process

How We Handle Regulatory Changes:

Monitoring: Continuous monitoring of regulatory developments via legal counsel and industry associations
Impact Assessment: Evaluate impact of new regulations on our services and your rights
Compliance Planning: Develop compliance plans with timelines and milestones
Policy Updates: Update Terms, Privacy Policy, and other legal documents as required
User Notification: Notify users of material changes via email (30 days advance notice)
Opt-Out Period: Provide opportunity to object or terminate service if changes are material

User Notification of Changes:

Material Changes: 30-day advance email notice + in-app notification
Non-Material Changes: Privacy Policy version update + notice on website
Emergency Changes: Immediate notice if required by law or court order
Automatic Acceptance: Continued use after notice period constitutes acceptance (unless you opt out)

Examples of Material Changes:

New legal basis for processing (e.g., consent to legitimate interest)
Significant expansion of data collection or processing purposes
Addition of high-risk AI features requiring user consent
Changes to data retention periods (longer retention)
New international data transfers to countries without adequacy decisions

Examples of Non-Material Changes:

Clarifications or formatting improvements
Updates to contact information or company address
Addition of new optional features (opt-in)
Regulatory citations or legal references

Regulatory Contact

For questions about regulatory compliance or future changes:

Email: dpo@hashedhorizon.com
Subject Lines:
- "Regulatory Compliance Inquiry"
- "Future Policy Changes Question"
- "New Regulation Impact Assessment"

Response Time: 30 days for general inquiries, 14 days for urgent regulatory matters

Last Updated: 2025-10-25 Version: 5.0.0

Regulatory Compliance Statement: This document reflects our commitment to comply with applicable data protection, AI, and platform regulation laws. If you have questions about specific regulations or our compliance, please contact us at the addresses above.