Terms & Conditions

Last updated: 25 May 2026 · Perform Digital Private Limited

These terms govern your use of perform.digital and any content hosted on it. Engagements, services, deliverables, and proofs of concept are governed by a separate Master Services Agreement (MSA) and Statement of Work (SOW), which take precedence over these terms in case of conflict.

1. About us

Perform Digital Private Limited is incorporated in the European Union and the Republic of India. We design, build, fine-tune, evaluate, deploy, and operate AI agents on behalf of enterprise clients. We also provide advisory and consulting work around agent strategy, model selection, build-vs-buy analysis, and AI governance. The contracting entity for any engagement is identified in the relevant SOW.

2. Definitions

For the purposes of these terms:

• Agent means an LLM-powered software system that takes inputs, plans, calls tools, and returns an output, including the prompt architecture, retrieval components, guardrails, evaluation harness, and orchestration code we deliver.
• Base Model means a foundation model supplied by a third party (for example Anthropic, OpenAI, Google, Mistral) or an open-weight model self-hosted on agreed infrastructure.
• Fine-tuned Model means a Base Model after we apply parameter-efficient fine-tuning (PEFT/LoRA), supervised fine-tuning (SFT), or other weight updates using datasets supplied or approved by the client.
• RAG Brain means the retrieval-augmented generation system we build for a client: the document ingestion pipeline, embedding choice, vector store, chunking strategy, reranker, and any custom retrieval logic.
• Evaluation Harness means the test suite of inputs, expected behaviours, and scoring functions used to measure agent quality before and after each release.
• Engagement means a discrete piece of work governed by an MSA and one or more SOWs.
• Master Services Agreement (MSA) means the framework contract signed between Perform Digital and the client.
• Statement of Work (SOW) means the per-project scope, deliverables, milestones, pricing, success criteria, and service levels.
• Subprocessor means a third-party service engaged by Perform Digital to deliver an engagement (cloud providers, model providers, observability vendors, and so on).
• Personal Data has the meaning given in the applicable data protection law (GDPR, UK GDPR, India DPDP).
• Confidential Information means non-public information disclosed by one party to the other in connection with an Engagement.

3. Use of the site

You may browse perform.digital, view our work, download anything we publish for download, and contact us. You may not:

• use the site to send unsolicited commercial communications;
• attempt to probe, scan, or circumvent the security of any system we operate, except as part of a coordinated disclosure agreed with us in writing;
• copy, modify, or republish our content in a way that misrepresents our work or our team;
• train any model on the contents of perform.digital without our prior written consent.

The cost estimator on perform.digital is provided for indicative budgeting only. The ranges it produces are based on the answers you give and our current pricing observations, and they are meant to help you plan a conversation with us. They are not a contractual quote, they do not constitute an offer, and they do not bind Perform Digital or you. A binding price for any engagement is set out only in a signed Statement of Work.

4. Engagement model

If you commission Perform Digital to design, build, train, or operate an AI agent:

• scope, deliverables, pricing, milestones, acceptance criteria, and service levels are set per engagement in a written SOW countersigned by both parties;
• work proceeds in two-week sprints by default, with weekly demos and a written sprint summary;
• deliverables are handed over with complete documentation, including Architecture Decision Records, configuration, datasets (where in scope), prompt architecture, evaluation results, and runbooks;
• we work as a processor on client data and follow the controls set out in our Privacy Policy, including regional data residency, encryption at rest and in transit, MFA, salted credential hashing, pseudonymization, data minimization, consent-aware activation, retention windows, and deletion workflows.

5. Acceptable use of agents

Agents we build are general-purpose software and can be applied to many tasks. Use of any agent we deliver is subject to the following limits, in addition to the use restrictions in the SOW:

• High-risk applications. Use of an agent for clinical diagnosis, life-safety decisions, autonomous legal advice, autonomous financial trading, autonomous weaponry, or autonomous decision-making about hiring, firing, credit, insurance, housing, or law enforcement requires an explicit written addendum identifying the use case, the human review steps, the accountability owner, and the residual risk.
• Human in the loop. Where an agent supports a decision that materially affects a person, the SOW will specify the human review checkpoint. We do not deliver human-out-of-the-loop agents for these decisions.
• Impersonation and manipulation. Agents may not impersonate real, identifiable individuals without their consent, and may not be used to manipulate, deceive, or coerce end users.
• Lawful purpose. Agents may not be used to evade legal obligations, infringe rights, or undertake activities that would be unlawful if a human performed them.
• Training data rights. The client warrants that all data supplied for fine-tuning, retrieval, or evaluation is data the client has the right to use for that purpose.
• Genuine contact details. If you ask us to send you anything by email (including the cost-estimator PDF), you will give us a genuine, working email address that you own or are authorised to use. We may decline service, withhold the PDF, and remove records associated with addresses we reasonably believe to be disposable, role-based without authorisation, or used to harass the team.

We reserve the right to refuse, pause, or terminate an engagement on credible evidence of breach of this section, with prompt written notice and reasonable opportunity to cure where the breach is curable.

6. Model performance and probabilistic outputs

Agents are probabilistic systems. Their outputs are not deterministic, can vary across runs with identical inputs, and can be incorrect or contextually inappropriate. We design evaluation harnesses, regression suites, online evaluations, and human review steps to measure and reduce this, but no agent achieves perfect accuracy.

We define quantitative quality targets for each engagement in the SOW (for example, task-level accuracy thresholds, escalation rates, false-positive ceilings, latency budgets). Acceptance is measured against those targets. Behaviour outside the agreed evaluation scope is not warranted.

The client is responsible for maintaining the human review steps described in the SOW for the agreed duration. Removing a human review step is a material change and must be agreed in writing.

7. Third-party model providers

Where an engagement uses a third-party Base Model (for example Anthropic, OpenAI, Google, Mistral), the provider's usage policy, acceptable-use policy, and pricing apply to the agent and are passed through to the client. We will identify the provider, the model version, and the relevant policy links in the SOW.

Third-party model availability, latency, pricing, and policy may change without our control. We will provide reasonable notice of material provider changes and propose mitigations or alternative providers where the change affects the engagement.

For engagements that require non-disclosure of inputs to third-party providers, we offer self-hosted open-weight deployment (Llama, Mistral, Qwen, or equivalent) on infrastructure agreed with the client. Performance, capacity, and cost trade-offs are documented in the SOW.

8. Data processing, residency, and security

When we process client data we act as a processor, and the client acts as the controller. The processing terms, categories of data, processing purposes, retention, and data subjects are set out in the Data Processing Addendum (DPA) attached to the MSA.

We apply the technical and organisational measures described in our Privacy Policy: regional data residency (client servers and weight training in the same regulatory region as the client), encryption at rest and in transit, multi-factor authentication, encrypted key management, salted credential hashing, pseudonymization, data minimization, purpose limitation, consent-aware activation, retention windows, and automated deletion workflows.

9. Subprocessors

We engage subprocessors to deliver engagements (cloud providers, third-party model providers, observability vendors, email and ticketing services). The current list is maintained in the DPA and updated when a subprocessor changes.

We provide at least 30 days written notice of any new subprocessor that will process client personal data. The client may object on reasonable grounds within that period; if the objection cannot be resolved, the client may terminate the affected engagement.

10. Service levels and availability

Engagements that include operated infrastructure carry a written SLA in the SOW. Default targets are:

• Monthly uptime: 99.5% for production agents on managed infrastructure, measured at the orchestration layer, excluding planned maintenance and third-party model provider outages.
• Severity 1 response: within 1 hour during agreed support hours.
• Severity 2 response: within 4 hours during agreed support hours.
• Patching of critical security advisories: within 7 days of public disclosure for the components we own.

Service credits, escalation paths, and on-call expectations are specified per engagement.

11. Security incident notification

On confirmation of a security incident affecting client data or client systems, we will notify the client without undue delay and in any event within 72 hours, with the information required by Article 33 GDPR and the equivalent provisions of India DPDP. The notification includes the nature of the incident, the categories and approximate volume of records affected, likely consequences, mitigation steps already taken, and our point of contact.

We cooperate fully with the client's own incident response, regulators, and any agreed third-party forensic investigator. Post-incident, we publish a written root-cause analysis and a remediation plan within 14 days.

12. Audit rights

Once per calendar year, with at least 30 days written notice, the client may audit our compliance with the MSA and DPA, either directly with a mutually-agreed senior person or through an independent auditor bound by equivalent confidentiality obligations. The audit is scoped to the engagement, conducted during business hours, and cannot unreasonably disrupt operations.

Where we hold a relevant third-party audit report (SOC 2 Type II, ISO 27001, or equivalent), the client agrees to rely on that report in lieu of an on-site audit, except where the law requires otherwise or where the report does not address the specific subject of the audit.

13. Change management

Material changes to scope, success criteria, model selection, base infrastructure, subprocessors, or data residency require a written change order signed by both parties. The change order records the impact on price, timeline, and SLA. Until signed, the existing SOW remains in effect.

14. Pricing and payment

Pricing is set per engagement in the SOW and may be a fixed fee, time-and-materials, milestone-based, or an outcome-linked structure. Unless otherwise stated, invoices are payable within 30 days of receipt. Late payment carries interest at the statutory rate applicable to the contracting entity.

Third-party model usage, cloud infrastructure, and other variable costs are passed through at cost where the SOW so states, with a monthly statement of usage.

Where the engagement includes a satisfaction guarantee, the conditions, the success criteria, and the remediation path are recorded in the SOW. The standard guarantee is: if the agent does not meet the agreed success criteria by the milestone named in the SOW, we work without further fee until it does.

15. Intellectual property

Pre-existing intellectual property brought to an engagement remains with the party that brought it.

Custom code, fine-tuned model weights, prompt architecture, datasets, evaluation harnesses, and documentation produced for a client engagement vest in the client on full payment of the corresponding invoice, unless the SOW says otherwise.

We retain a perpetual, royalty-free, non-exclusive licence to general know-how, generic engineering patterns, internally developed tooling, and anonymised, aggregated learnings that do not identify the client or expose any of the client's data.

The terms applicable to third-party Base Model weights remain governed by the provider's licence. We pass through those terms without modification.

16. Confidentiality

Each party will treat the other's Confidential Information with reasonable care and will not disclose it to third parties, except to its own employees, contractors, and advisers who need to know it and who are bound by equivalent confidentiality obligations. We sign mutual NDAs on request before any commercial conversation begins.

Confidentiality obligations survive termination for a period of five years, or indefinitely for trade secrets, technical architecture, fine-tuned weights, and Personal Data.

17. Warranties and disclaimers

We deliver our services with reasonable skill and care, in line with the standards set out in the relevant SOW and with industry good practice for AI agent development.

We warrant that, at delivery, the custom code we have written for the engagement does not knowingly infringe a third party's intellectual property rights and is free of deliberately introduced malware.

The site itself is provided "as is", without warranty of any kind beyond what is required by law. We do not warrant that the site or any agent will be uninterrupted, error-free, free of harmful components, or that the outputs of any probabilistic model will be accurate in every case, although we put significant effort into making sure they are fit for the agreed purpose.

18. Liability

To the maximum extent permitted by law, our aggregate liability to you under these site terms is limited to the greater of EUR 100 (or its rupee equivalent at the date of the claim) and the amount you have paid us, if any, in the twelve months before the event giving rise to the claim. Liability under any engagement is governed by the corresponding MSA and is typically capped at the fees paid in the twelve months preceding the claim.

Neither party is liable for indirect, consequential, incidental, or punitive damages, including lost profits, lost revenue, lost data, or loss of goodwill, except where such exclusion is unlawful.

We do not exclude or limit liability for fraud, fraudulent misrepresentation, gross negligence, breach of confidentiality, IP indemnification obligations, or any liability that cannot lawfully be excluded.

19. Indemnification

Each party (the indemnifying party) will indemnify the other (the indemnified party) against third-party claims arising from the indemnifying party's breach of these terms, gross negligence, or wilful misconduct, subject to the liability cap in Section 18.

We indemnify the client against third-party claims that the custom code we deliver infringes the third party's copyright, patent, or trade secret in the country where the agent is operated, provided the client gives us prompt written notice, control of the defence, and reasonable cooperation. This indemnity does not apply where the alleged infringement arises from the client's modification, the client's data, third-party Base Model outputs, or the combination of our deliverable with other software not recommended by us.

The client indemnifies us against third-party claims arising from the client's data (including claims that data processing infringes data subject rights or third-party IP), the client's use of the agent outside the scope agreed in the SOW, and any prohibited use under Section 5.

20. Force majeure

Neither party is liable for delay or non-performance caused by events outside its reasonable control, including earthquake, flood, war, civil unrest, government action, national-level internet outage, and large-scale third-party model provider failure. The affected party will give prompt notice, take reasonable steps to mitigate, and resume performance as soon as practicable. If the force majeure event continues for more than 60 consecutive days, either party may terminate the affected engagement on written notice.

21. Termination

We may suspend or terminate access to the site at our discretion if you breach these terms. You may stop using the site at any time.

Engagement termination, including notice periods and exit assistance, is governed by the relevant MSA. Standard exit assistance includes hand-back of client data, model weights, prompt architecture, evaluation results, and documentation, with a Deletion Attestation issued within 30 days of the hand-back.

Either party may terminate an engagement for material breach on 30 days written notice if the breach has not been cured. We may terminate immediately on credible evidence of breach of Section 5 (Acceptable use of agents) where the breach is not curable.

22. Notices

Formal notices under these terms or an MSA must be in writing and sent to the contact addresses listed in the SOW or, in the absence of those addresses, to legal@perform.digital for Perform Digital and to the client's registered office. Notices delivered by recognised courier or by email with confirmation of receipt are deemed received on the next business day in the recipient's jurisdiction.

23. Assignment and subcontracting

Neither party may assign these terms or an engagement without the other's prior written consent, except that either party may assign to a successor entity in connection with a merger, acquisition, or sale of substantially all its assets, on written notice to the other party.

We may subcontract specific tasks to qualified third parties provided we remain responsible for the work as if performed by us. Subcontractors processing client personal data are subprocessors and are governed by Section 9.

24. Severability, waiver, entire agreement

If any provision of these terms is held invalid or unenforceable, the remaining provisions remain in full force, and the invalid provision will be modified to the minimum extent needed to make it enforceable while reflecting the original intent.

A failure to enforce a right under these terms is not a waiver of that right. Any waiver must be in writing to be effective.

These terms, together with the MSA, the SOW, the DPA, and any signed change orders, form the entire agreement between the parties on the subject matter and supersede all prior discussions, proposals, and communications. In case of conflict, the order of precedence is: signed change order, SOW, DPA, MSA, these terms.

25. Survival

The following sections survive termination of these terms or any engagement: 2 (Definitions), 8 (Data processing, residency, and security), 11 (Security incident notification), 15 (Intellectual property), 16 (Confidentiality), 18 (Liability), 19 (Indemnification), 22 (Notices), 24 (Severability, waiver, entire agreement), 25 (Survival), and 26 (Governing law).

26. Governing law and jurisdiction

These terms are governed by the laws of the jurisdiction of the contracting entity: the European Union (specifically the jurisdiction of registration of our EU entity) for engagements contracted through our EU entity, and the Republic of India for engagements contracted through our Indian entity. Each party submits to the exclusive jurisdiction of the competent courts in the contracting entity's registered jurisdiction.

For data protection matters, the supervisory authority and dispute mechanism applicable to the client's jurisdiction also apply.

27. Updates to these terms

We update these terms from time to time. Material changes are flagged on the site for at least 30 days before they take effect. Continued use of the site after that period constitutes acceptance of the updated terms. Changes to an MSA or SOW require written agreement of both parties.

28. Marketing communications

If you tick the marketing checkbox on the cost estimator, you are consenting to receive emails from Perform Digital about our products, services, research, and events. We cap the volume at three emails per week. The selection is informed by the answers you gave in the estimator and by your subsequent activity on perform.digital, so the messages stay relevant to you. You can withdraw at any time using the one-click link in any email footer, by emailing privacy@perform.digital, or through the rights process in the Privacy Policy. Withdrawal stops new sends immediately and is confirmed in writing within five working days.

We do not sell your email address, we do not share it with third parties for their own marketing, and we do not enrol you in any list you did not tick. Re-subscribing is also a one-click flow if you ever change your mind.

29. Spiderbrain source-available software

Spiderbrain is source-available software published by Perform Digital Private Limited at github.com/SaroirCommunity/Spiderbrain-V3. This section sets out the terms that apply to the source code, the trademarks, contributions, and commercial use. Where there is any conflict between this section and the licence file shipped in the repository, the repository file governs the source code itself, and this section governs the commercial, trademark, and operational surface around it.

29.1 Licensing structure

The core engine (the contents of the core/ directory in the repository) is released under the Business Source Licence 1.1("BUSL-1.1"). The Change Date is 2030-01-01. On that date, the core engine converts automatically to the Apache Licence 2.0. Until the Change Date, the BUSL-1.1 governs all use of the core engine.

The platform adapters (the contents of the platforms/ directory in the repository) are released under the Apache Licence 2.0 from day one. The first adapter, for the Claude integration, ships in v3.0.0. Adapters for other model providers are open community challenges and, on release, follow the same Apache-2.0 terms.

The documentation, the release notes, and the contents of any docs/ directory in the repository are made available for reference and integration into the work of downstream users, with all rights reserved by Perform Digital Private Limited except where a more permissive licence is stated in the file itself.

29.2 What requires a commercial licence

Before the Change Date, the BUSL-1.1 permits use of the core engine for development, evaluation, internal experimentation, and personal or academic study without a commercial licence. The following uses require a written commercial licence from Perform Digital Private Limited:

• enterprise deployment of the core engine in production environments;
• hosted use of the core engine for the benefit of third parties, including operation as a managed service;
• offering the core engine, or a derivative of it, as part of a SaaS, PaaS, or API product;
• redistribution of derivative works of the core engine where the redistribution is itself commercial in character;
• integration of the core engine into a commercial product, platform, or paid service;
• any other production commercial use of the core engine before the Change Date.

To request a commercial licence, contact contact@perform.digital. We size licences to the scope of intended use and the shape of the deploying organisation.

29.3 Trademarks and branding

The Spiderbrain source-code licence does not grant any rights in our trademarks. "Spiderbrain", "SpiderBrain", "Perform Digital", and "Perform Digital Private Limited" are trademarks of Perform Digital Private Limited (a trademark application is currently underway for the Spiderbrain marks). The Perform Digital logo and any Spiderbrain logo are reserved separately.

Unmodified redistribution of the source code under the licence may continue to identify the project as "Spiderbrain", because the unmodified project is the genuine project. Modified versions, forks, and derivative works must:

• choose a distinct name that is not "Spiderbrain" and does not incorporate "Spiderbrain" or any confusingly similar term as part of the product name (examples that are not permitted: "Spiderbrain Plus", "Spiderbrain Pro", "OpenSpiderbrain");
• remove the Perform Digital logo and any Spiderbrain branding from the modified version;
• avoid any naming, presentation, or marketing that implies the modified version is the official Spiderbrain or is endorsed, sponsored, certified, or supported by Perform Digital.

Honest descriptive references to the project (for example "our product is compatible with Spiderbrain", "a fork of Spiderbrain", "an article about Spiderbrain") remain permitted, provided they do not suggest official status or endorsement.

Use of the trademarks in the name of a product, service, company, domain name, social media account, or on merchandise, and any use of the logos in any form, requires prior written permission from Perform Digital. Requests: contact@perform.digital.

29.4 Contributions and the CLA

Contributions to Spiderbrain are governed by the Contributor Licence Agreement (CLA) and the contribution workflow described in the repository's CONTRIBUTING.md and CLA.md. By submitting a contribution, the contributor confirms that they have the right to license the contribution under the same terms as the corresponding part of the project (BUSL-1.1 for the core engine, Apache-2.0 for the platform adapters), and agrees to be bound by the CLA.

The chronological roster of contributors is maintained in the repository's CONTRIBUTORS.md. Removal is subject to the policy stated in that file. Community conduct for the project is governed by the repository's CODE_OF_CONDUCT.md.

29.5 Third-party attribution and the NOTICE file

As of v3.0.0 the core engine ships with zero third-party runtime dependencies. The repository's NOTICE file records the attributions required by the Apache-2.0 components and any future third-party material that is bundled with the project. Downstream users are required to preserve the NOTICE file in any redistribution that includes the platform adapters, in line with Apache-2.0 section 4(d).

29.6 Security disclosure

Vulnerability reports follow the protocol set out in the repository's SECURITY.md. Reports should be sent to security@perform.digital with sufficient detail to reproduce. We acknowledge receipt within two business days and publish a fix or a written mitigation plan within the timelines set out in SECURITY.md. Where a hosted deployment is affected, the client incident notification in section 11 of these terms also applies.

29.7 Spiderbrain ownership and licensing

Spiderbrain is a proprietary software product owned and operated by Perform Digital Private Limited, which is the sole licensor of all rights in it. It is distributed as a commercial product at spiderbrain.ai. The engine is proprietary and is not distributed as source.

29.8 Spiderbrain product terms

Use of the Spiderbrain product, including any account, download, cloud hosting and subscription, is governed by the Spiderbrain product terms, privacy policy and refund policy published on its own site. The Spiderbrain product terms can be found here: spiderbrain.ai/terms. Where both these terms and the Spiderbrain product terms apply, the Spiderbrain product terms govern your use of that product.

29.9 Hosted deployments of Spiderbrain

Where Perform Digital operates Spiderbrain as a hosted service on behalf of a client, the operation is treated as an Engagement under these terms and the Privacy Policy applies in full. Client code processed by the hosted Spiderbrain stays inside the client's data perimeter under the residency rules described in section 8. No telemetry, metrics, or graph shapes are exfiltrated from the deployment beyond the aggregates the client has authorised in writing.

30. Contact

Legal queries: legal@perform.digital
Engagement queries: hello@perform.digital
Spiderbrain licensing: contact@perform.digital