Terms and Conditions

Last updated: March 2026

Terms and Conditions (T&C) – Declarion

1. Scope

(1) These Terms and Conditions (“T&C”) apply to all contracts between Declarion GmbH (“Declarion”) and its customers (“Customer”) regarding the use of the software platform “Declarion”.

(2) Declarion provides a cloud-based software solution for the structured implementation of regulatory requirements, particularly in the areas of continuous compliance, control management, evidence collection, and audit reporting.

(3) These T&C apply exclusively to entrepreneurs within the meaning of Section 14 of the German Civil Code (BGB).

(4) Any deviating, conflicting, or supplementary terms and conditions of the Customer shall only become part of the contract if Declarion has expressly agreed to their validity in writing.

2. Description of Services

(1) Declarion provides a Software-as-a-Service (SaaS) platform, which includes in particular the following functionalities:

  • Mapping regulatory requirements into structured controls
  • Definition, management, and monitoring of controls
  • Collection, versioning, and management of evidence
  • Continuous monitoring of compliance status and risks
  • Third-party risk management
  • Audit and reporting functionalities

(2) The platform follows an integrated compliance workflow:

Regulation → Control → Evidence → Monitoring → Risk → Audit → Improvement

(3) Declarion does not owe any specific regulatory outcome, certification, or approval by supervisory authorities.

(4) Declarion is entitled to further develop the platform, provided that no significant functional limitations arise.

3. Registration and User Accounts

(1) Use of the platform requires the creation of a user account.

(2) The Customer is obliged to provide complete and accurate information and to keep it up to date.

(3) Access credentials must be treated confidentially and protected against unauthorized access.

(4) The Customer is responsible for all activities carried out via its account.

(5) The Customer may create and manage multiple users and roles (e.g., FinTech, partner bank, auditor).

4. Usage Rights

(1) Declarion grants the Customer a simple, non-exclusive, non-transferable right to use the platform, limited to the term of the contract.

(2) Transfer, sublicensing, or use for third parties is not permitted unless expressly agreed.

  • (3) In particular, the following are prohibited:
  • Reverse engineering
  • Decompilation
  • Circumvention of technical protection measures

5. Obligations of the Customer

(1) The Customer is obliged to use the platform only in compliance with applicable law.

(2) The Customer is particularly responsible for:

  • The accuracy, completeness, and timeliness of entered data
  • The maintenance of controls, evidence, and risks
  • Compliance with regulatory requirements

(3) The Customer shall ensure that no unlawful content is processed.

6. Availability and Maintenance

(1) Declarion aims for platform availability of 99% on an annual average.

(2) Planned maintenance work will be announced in advance.

(3) Short-term restrictions may occur, particularly due to security measures or external influences.

7. Data Protection

(1) Declarion processes personal data on behalf of the Customer in accordance with Art. 28 GDPR.

(2) The parties shall conclude a separate data processing agreement (DPA).

(3) The Customer remains the data controller within the meaning of data protection law.

8. Third-Party Integrations

(1) The platform may include interfaces to third-party providers.

(2) Declarion assumes no liability for the availability, security, or functionality of such services.

9. Remuneration

(1) Use of the platform is subject to payment in accordance with the agreement.

(2) The remuneration is due in advance.

(3) In the event of payment default, Declarion is entitled to suspend access to the platform.

10. Liability

(1) Declarion shall be liable without limitation in cases of intent and gross negligence.

(2) In cases of simple negligence, Declarion shall only be liable for breaches of essential contractual obligations and limited to foreseeable damages.

(3) Liability for indirect damages, in particular loss of profit, is excluded.

11. Term and Termination

(1) The contract is concluded for the agreed term.

(2) It shall automatically renew for the agreed renewal period unless terminated with 30 days’ notice prior to the end of the term.

(3) The right to terminate for cause remains unaffected. A valid reason exists in particular if:

  • A party breaches essential contractual obligations and fails to remedy such breach within a reasonable period
  • A party becomes insolvent or insolvency proceedings are initiated

(4) Termination must be in text form.

(5) In the event of termination, the following provisions regarding contract termination shall apply.

12. Consequences of Termination

(1) Upon termination, the Customer’s right to use the platform ends.

(2) The Customer shall have the opportunity to export its data in a structured, commonly used, and machine-readable format for a period of 30 days after contract termination (“export phase”).

(3) During the export phase, access to the platform may be limited to read-only access.

(4) After the export phase, Declarion is entitled to irreversibly delete all Customer data, unless statutory retention obligations apply.

(5) Upon request, Declarion shall provide support for an additional fee regarding:

  • Migration of data to another system
  • Transfer of documentation
  • Technical support for a provider change

(6) Declarion is entitled to fully suspend access to the platform upon termination or after the export phase.

(7) Fees already paid will not be refunded unless required by mandatory law.

13. Data Retrieval

(1) After contract termination, the Customer may export its data within 30 days.

(2) Thereafter, Declarion is entitled to delete the data.

14. Confidentiality

(1) Both parties undertake to maintain confidentiality.

(2) This obligation shall continue after termination of the contract.

15. Amendments to the T&C

(1) Declarion may amend these T&C with effect for the future.

(2) Changes will be communicated at least 30 days in advance.

16. Place of Jurisdiction, Applicable Law

(1) German law shall apply.

(2) The place of jurisdiction is the registered office of Declarion.

17. No Advisory Services

The platform constitutes a purely technical solution. Declarion does not provide tax, legal, or regulatory advice.

18. No Guarantee of Compliance

Declarion does not guarantee regulatory compliance or successful audits.

19. Automated Assessments

Automated scores and assessments may be incomplete or inaccurate and do not constitute a binding basis for decisions.

20. Data Responsibility

The Customer is solely responsible for all data and evidence provided.

21. Multi-Party Usage

The Customer is responsible for assigning and controlling access rights.

22. Third Parties

Assessments of third parties do not constitute a guarantee of their compliance.

23. Audit Reports

Reports are for support purposes only and are not binding for authorities or auditors.

24. AI Functions

AI-based functions may produce incorrect results; verification by the Customer is required.

25. APIs and Exports

Declarion assumes no liability for the use of exported data outside the platform.

26. Security Cooperation

The Customer is obliged to implement appropriate security measures.

27. Beta Features

Beta features are provided without warranty.

28. Regulatory Classification

The platform may qualify as an ICT service or outsourcing within the meaning of regulatory requirements.

29. Regulatory Support

Declarion supports the Customer in implementing regulatory requirements without assuming regulatory responsibility.

30. Audit Rights

The Customer, as well as authorized auditors and authorities, shall be granted reasonable access to relevant information.

31. Information Obligations

Declarion shall inform the Customer without undue delay about security-related incidents and material disruptions.

32. Subcontractors

Declarion is entitled to engage subcontractors and ensures their appropriate contractual obligations.

33. Information Security

Declarion implements appropriate technical and organizational measures in accordance with recognized standards (e.g., DORA, ISO 27001).

34. Business Continuity

Declarion maintains measures to ensure business continuity.

35. Exit Strategy

Declarion supports the Customer in migration and data export after contract termination.

36. Data Location

Data is generally processed within the EU/EEA.

37. Audit Trail

All essential activities are logged in a traceable manner.

38. Monitoring

The platform enables continuous monitoring of compliance and risks.

39. Role Model

A role-based access system is provided.

40. Incident Management

Declarion operates a structured incident management system.

41. Further Development

Declarion continuously develops the platform.

42. Severability Clause

(1) Should individual provisions of these T&C be or become wholly or partially invalid, void, or unenforceable, the validity of the remaining provisions shall remain unaffected.

(2) In place of the invalid or unenforceable provision, a valid provision shall be deemed agreed that most closely reflects the economic purpose of the invalid provision.

(3) The same applies to any gaps in the provisions.