Terms of Service.

01 / WHO WE ARE

Who Sygil is.

Sygil (referred to throughout these terms as we, us, or our) is an operational compliance support service. We provide human editorial review of AI-generated text content and we produce the documentation that publishers use to support a human review claim under Article 50(4) of the EU AI Act.

Sygil is operated by Abid Nawaz, MD, from India, with a reviewer network distributed across India and the European Union. Sygil is not incorporated as a law firm. Sygil is not licensed to practice law in any jurisdiction. The founder is a medical doctor, not a lawyer.

Public contact for these terms: founder@sygil.co.

02 / WHAT WE PROVIDE

What we provide.

Sygil provides operational compliance support for the EU AI Act Article 50(4) human review pathway. The service includes:

• Human editorial review of AI-generated text content submitted by the customer, performed by named reviewers from a credentialed roster.
• An Editorial Review Procedure document, customized to the customer's publishing workflow and versioned over time.
• A reviewer roster identifying the natural persons authorized to perform reviews on the customer's content.
• An editorial responsibility designation document recording the editorially responsible person under the engagement.
• Per-article attestation log entries with reviewer name, timestamp, methodology version, and a verification hash.
• A monthly evidence report tying together the procedure, roster, and attestation entries from the period.
• A customer compliance vault containing the artefacts above, available for retention as set out in the customer agreement.

The deliverables are operational artefacts. They are designed to support a customer's compliance posture. They are not legal opinions and they do not constitute legal advice.

03 / WHAT WE DO NOT PROVIDE

What we do not provide. This is the most important section of this document.

Read this section twice. The boundaries it draws are the foundation of every other clause in these terms.

Sygil does not provide legal advice. Nothing in our deliverables, our website, our scoping calls, our procedure documents, our attestation entries, our reviewer notes, or any communication from any Sygil representative constitutes legal advice. We are not licensed to practice law. If you need legal advice on the EU AI Act, on any other regulation, on your contractual obligations to third parties, or on any matter requiring legal counsel, you must consult a qualified lawyer in the relevant jurisdiction.

Sygil does not guarantee any regulatory outcome. We do not promise that any regulator will accept our documentation as sufficient for the human review pathway under Article 50(4). We do not promise that any enforcement action against the customer will succeed or fail. We do not promise that the customer will be found in compliance by any authority. The deliverables we produce are evidence the customer can present; they are not a regulator's verdict and we cannot deliver one.

Sygil is not a certification body. We do not certify content. We do not certify customers. We do not certify procedures. We do not hold accreditation from any standards body and we do not represent ourselves as a certification authority. The attestation entries we issue are records of the review work we performed, not certifications.

Sygil does not assume the customer's compliance risk. The customer's regulatory exposure under the EU AI Act and any other applicable law remains the customer's exposure. Sygil provides operational support; the customer holds the risk.

Sygil does not provide content accuracy verification beyond the scope of the agreed review. Our reviewers apply the methodology defined in the customer's Editorial Review Procedure. We do not independently fact-check content against external sources unless the customer agreement specifically includes a fact-check tier. The customer is responsible for the factual accuracy of all content the customer publishes.

This is operational compliance support, not legal advice. Customers should consult their own legal counsel for jurisdiction-specific questions.

04 / CUSTOMER RESPONSIBILITIES

Customer responsibilities.

By engaging Sygil, the customer accepts and commits to the following responsibilities:

• Editorial designation. The customer designates a natural person as the editorially responsible party for content covered by the engagement. By default this is a customer-side designation (Configuration A). Configuration B (Sygil-side) and Configuration C (shared) are available only by separate written addendum.
• Factual accuracy. The customer is responsible for ensuring the factual accuracy of all content submitted for review and all content published. Sygil reviewers apply the agreed editorial methodology. Sygil reviewers are not the warranty layer for content truth.
• Scope honesty. The customer is responsible for honestly identifying which content is in scope under the engagement. Misrepresentation of scope (excluding content that is in scope from the review pipeline) voids any compliance support Sygil could otherwise provide for that content and is a material breach of the agreement.
• Timely submission. The customer is responsible for submitting content for review with sufficient lead time to meet the agreed turnaround. Missed turnarounds caused by late submission are not Sygil's responsibility.
• Lawful content. The customer represents and warrants that all content submitted for review is lawful, non-defamatory, non-infringing of third-party intellectual property, and does not violate any applicable law in the customer's jurisdiction or in any jurisdiction where the content will be published.
• Cooperation. The customer commits to providing context, source materials, and reviewer access necessary for the reviewer to perform the agreed methodology.

Customer responsibility is the foundation of the operational model. Sygil provides the review work; the customer remains the publisher and the editorial authority.

05 / OUR OBLIGATIONS

Our obligations.

Sygil commits to:

• Perform the agreed reviews. Each article submitted under the engagement is reviewed by a named reviewer from the customer's roster, applying the methodology in the version of the Editorial Review Procedure in force at the time of submission.
• Log every attestation. Every completed review produces an attestation log entry recording reviewer identity, timestamp, methodology version, and a verification hash.
• Maintain the procedure document. The Editorial Review Procedure is versioned. Every change is dated. Customers are notified of material changes within 14 days as set out in the customer agreement.
• Maintain the reviewer roster. The customer's reviewer roster is maintained as reviewers join, leave, or change scope. Customers are notified of changes affecting their roster.
• Notify the customer of regulator inquiries. If a regulator contacts Sygil directly about the customer's content, Sygil notifies the customer within 48 hours of receipt unless the regulator instructs otherwise. Sygil coordinates with the customer on the response.
• Hold customer content in confidence. Customer content submitted for review is held in confidence and is shared only within the Sygil reviewer team to the extent necessary to perform the review.
• Disclose reviewer identity to the customer. Reviewer names, roles, and contact details are part of every customer's compliance file. Sygil does not hide reviewer identities from the customer.

Sygil's obligations are obligations of operational performance, not obligations of regulatory outcome. We commit to do the work to a defined standard. We do not commit to a verdict.

06 / CONFIDENTIALITY

Confidentiality.

Confidentiality obligations flow in both directions under these terms.

Sygil holds customer content in confidence. Customer content submitted for review, customer-specific attestation entries, customer-specific reviewer assignments, and any other information disclosed by the customer in the course of the engagement are confidential. Sygil discloses such information only to the assigned reviewer team and to the extent necessary to perform the agreed services. Sygil does not use customer content to train any AI model. Sygil does not share customer content with third parties beyond the reviewer team and the cloud infrastructure providers identified in our privacy policy.

The customer holds Sygil materials in confidence. The Editorial Review Procedure template, the reviewer roster format, the attestation template, the monthly evidence report format, internal Sygil process documentation, and any non-public methodology disclosed during the engagement are Sygil confidential information. The customer is licensed to use the customer-specific instances of these materials for the customer's compliance purposes; the customer does not acquire ownership of the underlying templates or methodology.

Standard mutual non-disclosure obligations apply. Confidentiality survives termination of the engagement for three years.

07 / DATA HANDLING

Data handling and GDPR.

Sygil processes personal data and customer content in the course of providing the service. Our handling of personal data is governed by our privacy policy, which forms part of these terms by reference.

In summary, Sygil:

• Processes inquiry form data, scoping call metadata, customer content submitted for review, reviewer notes, and attestation logs.
• Acts as a data controller for inquiry data and as a data processor for customer content under the customer's instructions.
• Retains customer content for the period set out in the customer agreement and the privacy policy.
• Retains attestation logs for seven years for compliance evidence purposes.
• Honors data subject rights under the GDPR including access, rectification, erasure, portability, restriction, and objection.
• Does not transfer personal data outside the EU and India without applying the safeguards described in the privacy policy.

For data processing requests, write to founder@sygil.co (the alias privacy@sygil.co is reserved for routing data requests once the alias is provisioned).

08 / TERM AND TERMINATION

Term and termination.

Term. The standard customer engagement is a 12-month term from the engagement start date.

Renewal. Renewal is automatic at the end of the term unless either party gives written notice of non-renewal at least 30 days before the renewal date. Renewal is at the same pricing for the original term length unless Sygil has notified the customer of a change at least 60 days before the renewal date.

Cancellation during the term. The customer may cancel the engagement at any time during the term by written notice. Cancellation during the term does not entitle the customer to a refund of fees already paid. Sygil does not refund unused capacity within a term.

Termination for cause. Either party may terminate the engagement immediately for material breach by the other party that is not cured within 30 days of written notice. Material breach by the customer includes non-payment, providing false information about content scope, attempting to obtain attestations for content not actually reviewed, and any breach of confidentiality. Material breach by Sygil includes failure to deliver the contracted reviews, knowingly producing false attestations, and any breach of confidentiality.

Effect of termination. On termination, Sygil delivers the customer's compliance file as it stands at the date of termination. The customer's right to use the customer-specific deliverables already produced survives termination. The customer's right to receive new reviews ends on the termination date.

Right of regulator-driven update. Sygil may update the Editorial Review Procedure unilaterally when the regulatory landscape changes (new Code of Practice version, new EU guidance, new case law). Customers are notified within 14 days of any material change. Customers may terminate within 30 days of such notification with a prorated refund if they object to the change.

09 / LIABILITY CAP

Limitation of liability.

Liability cap. In no event shall Sygil's aggregate liability under any customer engagement exceed the lesser of: (a) twelve months of fees paid by the customer under the engagement, or (b) US $50,000.

This cap applies to direct damages from breach of contract, damages from negligent performance of services, and any other liability arising under or related to the engagement. The cap is aggregate, not per-claim, and covers all claims combined over the lifetime of the engagement.

Exclusion of indirect damages. Sygil is not liable for any indirect, incidental, consequential, special, or punitive damages, including lost profits, lost business opportunities, lost data, regulatory fines, or third-party claims, arising out of or related to the engagement.

Exclusions from the cap. Certain types of liability cannot be capped under most jurisdictions and are therefore excluded from the cap. These are: gross negligence, wilful misconduct, death or personal injury caused by negligence, fraud, and indemnity obligations under the specific clauses set out in the customer agreement.

Raised liability addendum. Premium and Enterprise customers may request a raised-liability addendum at additional cost. Cap levels available: 2x annual fees up to $100,000 (premium of 20 percent over base fees), 3x annual fees up to $250,000 (premium of 40 percent), and negotiated higher caps for Enterprise customers up to $1 million in year one of operation.

What this cap is and is not. The cap is a limit on what the customer can recover from Sygil. It is not a limit on what the customer can recover from a regulator, a third party, or any other source. The cap protects Sygil from liability that would end the business. It does not protect the customer from regulatory exposure. The customer's compliance posture remains the customer's responsibility.

Limitation period. Claims under any customer engagement must be brought within two years of the event giving rise to the claim. After two years, the claim is time-barred.

Sygil is not a law firm and does not provide legal advice. The liability cap is a contractual term and may be subject to interpretation by a court of competent jurisdiction.

10 / INDEMNIFICATION

Indemnification.

Indemnification obligations under the engagement are narrow and balanced.

Sygil indemnifies the customer for:

• Third-party intellectual property infringement claims arising directly from Sygil's procedure document, reviewer roster, attestation templates, or other Sygil-supplied materials, where the customer used the materials as delivered and within the agreed scope.
• Damages arising from a breach of confidentiality by Sygil.
• Damages arising from gross negligence or wilful misconduct by Sygil in the performance of the agreed services.

The customer indemnifies Sygil for:

• Any claim arising from content the customer submits for review or publishes that is unlawful, defamatory, infringing of third-party intellectual property, or otherwise in breach of applicable law.
• Any misrepresentation by the customer about the scope of content covered by the engagement.
• Any third-party claim arising from the customer's publication decisions.
• Any failure by the customer to comply with applicable laws beyond the scope of the Sygil service.

Sygil does not automatically indemnify customer losses. Sygil does not indemnify the customer for losses arising from regulatory enforcement, content errors that fall outside the agreed review methodology, or third-party claims not directly attributable to Sygil-supplied materials. The customer is responsible for the customer's own compliance posture.

All indemnification obligations are subject to the liability cap set out in Section 9, except where the cap is excluded by law.

11 / GOVERNING LAW

Governing law and jurisdiction.

The choice of governing law and dispute resolution forum is recorded in the customer-specific engagement letter. The default choices are:

• EU customers: Irish law, disputes resolved in the courts of Dublin, Ireland.
• US customers: Delaware law, disputes resolved in the state and federal courts of Delaware, USA.
• Other customers: Negotiated case by case, defaulting to Delaware.

These default choices are flagged for confirmation by qualified legal counsel before any customer engagement is signed. Sygil is not a law firm. The jurisdictional defaults above reflect operational intent and are subject to revision when Sygil completes the legal review described in our internal architecture document on legal verification.

Operating context: Sygil is operated from India, with reviewers in India and the European Union. Cross-border data and service flows are documented in the privacy policy and the engagement letter.

12 / CHANGES TO TERMS

Changes to these terms.

Sygil may update these terms from time to time as the regulatory landscape changes, as the service evolves, or as legal counsel identifies needed changes.

Existing customers under an active engagement are governed by the version of the terms in force at the time the engagement was signed, until the engagement is renewed. Material changes to the terms applicable at renewal will be communicated to the customer at least 60 days before the renewal date.

For prospective customers visiting this page, the version published here is the version that applies from the date marked at the top of this document.

Sygil is not a law firm. These terms are operational service terms for a compliance support service, not legal advice. Customers should consult their own legal counsel before signing any engagement letter that incorporates these terms by reference.

13 / CONTACT

Contact.

Questions about these terms or about an existing or prospective engagement can be sent to founder@sygil.co.

For data protection requests under the GDPR, see the privacy policy and the contact details listed there.

For scoping calls, use the scoping call page.

Effective 2026-04-07. Sygil is operated from India and the European Union. Sygil is not a law firm and does not provide legal advice. Customer retains editorial responsibility for all published content under EU AI Act Article 50(4) Configuration A by default.