Our Terms & Conditions

Welcome to KOMBO AI! By using our website and services, you agree to comply with these Terms and Conditions ("T&Cs"). Please review them carefully before proceeding.

Ownership

Entity Name: KOMBOAI TECHNOLOGIES S.L. ("KOMBOAI")

VAT: B-70709753
NIF: ESB70709753

Address: Carrer de Zamora 65, Sant Martí, 08005 Barcelona

Website: www.getkombo.ai

Email: support@getkombo.ai

Acceptance of T&Cs

By clicking to accept, you acknowledge that you have read and agree to these T&Cs. If you do not agree, please refrain from purchasing or using our services.

Description of the Service

KOMBO AI provides AI-powered solutions designed to help digital sales teams improve their sales outreach by gathering and analyzing information from third-party sources and APIs. KOMBO AI processes this data and provides tailored recommendations to help sales professionals optimize pitches and send targeted commercial communications to their clients.

Clients can access different subscription plans based on their needs. These plans are detailed on the website. By subscribing to the service, you agree to the automatic renewal of your subscription on a monthly basis, unless canceled under the conditions described in these T&Cs.

KOMBO AI is committed to providing high levels of availability and customer support. If you encounter any technical issues or need help with the service, you can reach our support team via email at support@getkombo.ai. We aim to resolve any issues promptly.

Pricing, Payments and Termination

KOMBO AI offers various subscription plans, with pricing displayed on our website. Payments are processed monthly through Stripe, and you authorize us to charge your selected payment method on a recurring basis.

You can cancel your subscription at any time with 30 days' notice, and the service will continue until the end of the current billing cycle. No refunds will be provided for digital services, and payments already made are non-refundable. Should any pricing changes be introduced, you will be notified at least 30 days in advance, allowing you to cancel your subscription without penalties.

KOMBO AI may suspend or terminate your access to the service immediately in cases of non-payment, fraud, or breach of these T&Cs. Upon termination, all licenses granted under these T&Cs will be revoked.

Responsibility, Exclusion of Warranties and Liability

You are responsible for maintaining the confidentiality of your account, including your login credentials and payment information. You agree not to use the services for unlawful activities, and any fraudulent use will result in account suspension.

KOMBO AI is not liable for any misuse or improper handling of the data or services we provide. You must ensure that your use of the services complies with all applicable laws and regulations.

KOMBO AI provides its services "as is" without any express or implied warranties of any kind. While we strive to provide reliable data, we cannot guarantee its absolute accuracy or completeness. KOMBO AI is not responsible for any damages arising from the use of the service.

Similarly, KOMBO AI does not guarantee the absolute availability and continuity of the service's operation. KOMBO AI will endeavor to provide sufficient advance notice of any interruptions to the service's operation whenever possible. KOMBO AI excludes, to the fullest extent permitted by law, any liability for damages of any kind that may result from the lack of availability or continuity of the service's operation, including, but not limited to, cases of force majeure, unforeseen circumstances, natural disasters, or similar situations. Likewise, regarding any disappointment in the utility that users may have attributed to the service.

KOMBO AI will not be liable for any indirect, incidental, or consequential damages, including loss of profits, data, or business opportunities, resulting from the use or inability to use our services. This includes but is not limited to losses resulting from system issues, delayed access, or breaches beyond our control.

Intellectual Property and Confidentiality

KOMBO AI owns all intellectual property rights to the software, features offered on our platform, and the brand and content of the website. In accordance with the provisions of the Intellectual and Industrial Property Law, the reproduction, distribution, duplication, copying, and public communication, including its availability in any form, of all or part of the contents of this website for commercial purposes and other forms of exploitation, in any format and by any technical means, are expressly prohibited without the authorization of KOMBO AI.

The user agrees to respect the Intellectual and Industrial Property rights owned by KOMBO AI. The user must refrain from removing, altering, bypassing, or tampering with any protection device or security system installed on the pages of KOMBO AI. For any other use of the service's content, you need our prior written consent.

You are granted a limited, non-exclusive, non-transferable license to use our service solely for your personal or business use. Any unauthorized reproduction or distribution of our intellectual property is strictly prohibited.

Both parties agree to maintain the confidentiality of any sensitive information shared during the contractual relationship. This obligation remains in effect during and after the termination of the service, for as long as the confidential information is considered secret and confidential.

Prohibited Actions

You agree not to:

- Use the website or services for illegal or fraudulent purposes.

- Tamper with or attempt to hack the platform or its security.

- Modify or reverse-engineer any part of our service.

- Access KOMBO AI through automated systems (e.g., bots).

- Use the service to send or transmit unsolicited emails ("spam"), chain letters, contests, "junk mail," pyramid schemes, or other mass messages, whether commercial or not.

- Misuse the services, including unauthorized access to data or accounts.

Any breach of this agreement may result in immediate termination of your subscription without prior notice.

External Links

KOMBO AI may contain links to third-party websites. We are not responsible for the content, availability, or legality of these external sites. The inclusion of such links does not imply any endorsement by KOMBO AI.

Age Requirement

By using this service, you declare that you are of legal age and have the legal capacity necessary to be bound by this agreement and to use the service in accordance with its terms and conditions, which you fully understand and acknowledge.

If you are contracting the service on behalf of a company, you acknowledge that you have the proper authorization and representation to do so on behalf of the organization.

Right of Withdrawal

You may exercise your right of withdrawal in accordance with Article 103(a) of Royal Legislative Decree 1/2007, provided that the service has not been fully executed. To exercise this right, you must notify us in writing at support@getkombo.ai within a maximum of 14 days from the date of acceptance of the present T&Cs. If the service provision has already begun, KOMBO AI may retain a proportional amount corresponding to the services already provided.

Modification of Terms

KOMBO AI reserves the right to modify these T&Cs at any time. Any changes will be communicated via email or prominently on our website. Your continued use of the service after such modifications will be considered your acceptance of the revised terms.

Data Protection and Privacy

KOMBO AI processes personal data in accordance with the General Data Protection Regulation (EU 2016/679) ("GDPR") and applicable Spanish data protection law. Full details of how we collect, use, and protect your personal data are set out in our Privacy Policy, which forms part of these T&Cs.

Lawful bases for processing. We process your personal data on the following lawful bases: (a) performance of the contract between us; (b) our legitimate interests in operating and improving our services; and (c) your consent, where obtained.

Data subject rights. You have the right to: access your personal data; rectify inaccurate data; request erasure ("right to be forgotten"); restrict or object to processing; receive your data in a portable format; and withdraw consent at any time where processing is based on consent. To exercise any of these rights, contact us at support@getkombo.ai.

Right to complain. You have the right to lodge a complaint with the Spanish Data Protection Authority (Agencia Española de Protección de Datos — AEPD) at www.aepd.es if you believe your data has been processed unlawfully.

Data retention. We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, to provide the services, and to comply with our legal obligations. Upon termination of your account, data is deleted or anonymised in accordance with our retention schedule, unless retention is required by law.

International data transfers. Some of our sub-processors are located outside the European Economic Area (EEA), including the United States. Where personal data is transferred to third countries, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission, or other lawful transfer mechanisms. You can obtain a copy of the relevant safeguards by contacting support@getkombo.ai.

Cookies. Our website uses cookies and similar tracking technologies. Please refer to our Cookie Policy for full details and to manage your preferences.

Security

KOMBO AI implements technical and organisational security measures aligned with industry standards, including ISO/IEC 27001 and SOC 2 frameworks [placeholder — update once certifications are obtained or in progress], to protect your data against unauthorised access, disclosure, alteration, and destruction. These measures include encryption in transit and at rest, access controls, regular security assessments, and a formal incident response programme.

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay in accordance with GDPR Article 34. We will also notify the competent supervisory authority within 72 hours of becoming aware of the breach, where required.

We maintain a list of sub-processors that have access to personal data. This list is available on request by emailing support@getkombo.ai.

Dispute Resolution

In the event of a dispute, the parties agree to submit to the exclusive jurisdiction of the courts of Barcelona, Spain, unless otherwise dictated by applicable law.

Severability

If any clause in these T&Cs is found to be invalid or unenforceable, the remaining provisions will remain in full effect.

Contact Information

If you have any questions about these T&Cs, please contact us at support@getkombo.ai.

By proceeding to use our services or by clicking "Agree," you acknowledge that you have read, understood, and accepted these T&Cs.

KOMBOAI as Data Processor – Data Processing Addendum (DPA)

1. Purpose of the Data Processing

In the event that the provision of the service involves the provider having access to personal data under the control of the client, this contract fulfils the requirement of Article 28.3 of the General Data Protection Regulation (EU 2016/679), which provides that the processing of personal data by a data processor shall be governed by a contract or other legal act.

By means of these clauses, PROVIDER, KOMBOAI TECHNOLOGIES, S.L., holder of CIF/NIF no. B70709753 (hereinafter, the "Data Processor"), is empowered to process on account of the CLIENT (hereinafter, the "Data Controller") the personal data necessary to render the services for analysis and improvement of methodologies for attracting and managing potential customers, including recording/access to recordings of calls between sales representatives and customers. This shall involve access to and the processing of the personal data in keeping with the needs of the service rendered (collection, structuring, storage, consultation, comparison).

2. Identification of the Information Affected

In order to render the services arising from the performance of this engagement, the Data Controller shall place at the disposal of the Data Processor the following information:

Identification data of employees and customers/potential customers.

3. Duration

The duration of this agreement shall be the same as that of the underlying service provision agreement.

4. Obligations of the Data Processor

The Data Processor and all its personnel undertake to:

a. Use the personal data processed or collected for inclusion solely for the purpose of this engagement. Under no circumstance may the data be used for its own purposes.

b. Process the data in keeping with the instructions of the Data Controller. Immediately inform the Data Controller in the event the Data Processor deems that any of the instructions infringes any data protection law.

c. When so required by the law on data protection, keep a record of the categories of processing activities carried out on account of the controller that contains the requirements of the current data protection law.

d. Not disclose the data to third persons unless the latter are expressly authorised by the Data Controller in a legally admissible scenario.

e. Not subcontract any of the services falling within the purpose of this contract that may entail the processing of personal data, except such ancillary services as may be necessary for proper performance of the services. Should it be necessary to subcontract any processing activity, the controller must be previously informed in writing with 1 month's notice, indicating the processing to be subcontracted and clearly and unequivocally identifying the subcontractor and its contact details. The subcontracting may be carried out if the controller does not object within the timeframe indicated.

The subcontractor, who will also act in the capacity of a data processor, must likewise comply with the obligations contained herein and the instructions provided by the controller. It is the initial processor's responsibility to regulate the new relation such that the new processor is subject to the same conditions and formal requisites as the former as it relates to the appropriate processing of personal data and the guarantee of the affected persons' rights. In the event of a breach by the subprocessor, the initial processor shall continue to be fully liable to the controller as regards compliance with the obligations.

We also have Google and OpenAI as auxiliary service providers, with whom data access has been regulated through a data processing agreement, which can be accessed at:

OpenAI Data Processing Addendum

Google Cloud Data Processing Addendum

f. Abide by its duty of confidentiality with regard to the personal data it has gained access to by virtue hereof, including subsequent to termination of its purpose.

g. Ensure that the persons authorised to process the personal data undertake, expressly and in writing, to respect its confidentiality and to comply with the relevant security measures, which they must be duly informed of.

h. Maintain at the disposal of the controller supporting documentation evidencing compliance with the obligation set forth in the preceding paragraph.

i. Ensure that the persons authorised to process the personal data know their roles and obligations in relation to the processing of same, in accordance with the requirements of the Regulation or, if applicable, have received appropriate training in the matter.

j. When the affected parties exercise their rights to access, rectify, delete, oppose, or other rights contained in data protection law vis-à-vis the Data Processor, the latter must immediately inform the controller — and under no circumstance later than the business day following receipt of the request — together with any relevant information for complying with the request.

k. In the event the Data Processor becomes aware of any infringement of data security which constitutes a risk for the rights and freedoms of natural persons, it shall notify the Data Controller without undue delay and within a 72-hour deadline, together with all the relevant information for documenting and reporting the incident.

l. Support the Data Controller in prior consultations with the controlling authority when applicable.

m. Place all the necessary information at the disposal of the controller to demonstrate compliance with its obligations, including the performance of audits or inspections carried out by the controller or other auditor authorised by same.

n. Implement the necessary security measures in accordance with the nature, scope, context and purposes of the processing so as to:

Guarantee the confidentiality, integrity, availability and ongoing resilience of the processing systems and services.

Restore the availability and access to personal data swiftly in the event of a physical or technical incident.

Verify, evaluate and assess on a regular basis the effectiveness of the technical and organizational measures introduced to ensure the security of the processing.

When the processing requires it, pseudonymise and encrypt the personal data.

o. Upon termination of this contract, the Data Processor, in accordance with the instructions of the Data Controller, must delete or return all the personal data in its possession stored on paper or in digital copies — or, if applicable, transfer it to another processor designated by the Data Controller. Either option means the Processor will not retain personal data held by the Data Controller, unless the processor must store it, duly blocked, while any liabilities may arise from the rendering of the service.

5. International Data Transfers

Where the performance of this agreement requires the transfer of personal data to countries outside the European Economic Area (EEA) — including transfers to sub-processors such as OpenAI (United States) and Google (United States) — the Data Processor shall ensure that such transfers are made only in compliance with Chapter V of the GDPR, including by:

a. Relying on an adequacy decision adopted by the European Commission, where applicable.

b. Implementing Standard Contractual Clauses (SCCs) approved by the European Commission, or other appropriate safeguards, in the absence of an adequacy decision.

c. Maintaining up-to-date records of all international transfers and the safeguards applied, available to the Data Controller upon request.

The Data Processor confirms that both OpenAI and Google Cloud have executed SCCs or equivalent transfer mechanisms with KOMBOAI, as referenced in their respective DPAs linked in Section 4(e).

6. Obligations of the Data Controller

The Data Controller shall:

a. Deliver to the processor the necessary data to render the service as described herein.

b. Carry out the relevant prior consultations.

c. Ensure, prior to and throughout the processing, due compliance by the processor with the law on personal data.

d. Supervise the processing, including the performance of inspections and audits.

7. Liabilities

The Data Controller shall be released from any liability arising from a breach on the part of the Data Processor of the conditions contained herein. The Data Processor shall also be considered a data controller and shall be liable for any infringements committed personally before the Data Protection Authorities, together with any civil or criminal claims the affected parties may file before the ordinary jurisdiction as a result of the breach, holding the Data Controller harmless from all and any liability.

8. Affidavit of Compliance with Regulation 2016/679 by the Data Processor

Pursuant to Article 28.1 of the Data Protection Regulation, which stipulates that only data processors offering adequate guarantees be chosen to apply the appropriate technical and organizational measures — such that the processing complies with the requisites of this Regulation and guarantees the protection of the rights of the interested party — the Data Processor affirms:

a. That in the course of its activity it complies with the obligations and principles contained in the General Data Protection Regulation (EU 2016/679).

b. That it keeps a log of the data processing activities performed under its responsibility.

c. That it has conducted the appropriate risk analysis to determine the technical and organizational security measures to be applied to conform to the Regulation.

d. That it has adopted the necessary security measures to guarantee:

Physical control of the facilities where the Controller's data is processed.

Access to its IT systems is obtained by means of individual usernames and passwords.

Access to the Controller's data is restricted solely to those users who require it.

Backup copies, where appropriate, of the Controller's personal data that are processed.

In the event of managing media or documents with the Controller's personal data, the latter are duly guarded under lock and key or by means of equivalent lockdown devices.

Perimeter protection systems and antivirus protection for its IT systems.

A log of security incidents is maintained.

Mechanisms and procedures to report security breaches are in place.

e. It undertakes to abide by the duty of confidentiality, including subsequent to termination of the relation, and to guarantee that the persons authorised to process the data also undertake to comply with the security measures.

f. That it proactively conducts regular verification of compliance with the obligations and technical and organizational security measures that ensure compliance with the Regulation.

9. Information on Data Protection

Both parties recognize that they have been informed of the purposes of the treatment of the personal data provided in this contract and those derived from the execution of the same, of the possibility of sending commercial information based on the legitimate interest of both parties by electronic means, as well as how to exercise their rights and other obligations of the data protection regulations.