Date Published: 06 Nov 2024

These Terms and Conditions (“Terms”) govern the use of services provided by Bolt Insight Limited (“Bolt”, “we”, “our”, or “us”). By using our services, you (“Client”, “you”, or “your”) agree to these Terms.

  1. Definitions
  • Agreement: These Terms and any associated Order Forms.
  • Client: The legal entity or individual entering into this Agreement.
  • Order Form: Document specifying purchased services and fees.
  • Services: Our AI-powered qualitative research platform and related services.
  • Effective Date: Date of execution of the first Order Form or first use of the Services.
  • Confidential Information: Non-public information disclosed by either party.
  1. Service Description

We provide an AI-powered qualitative research platform (“Platform”) designed for market research purposes. Clients use the Platform to:

  • Define their qualitative research requirements and project objectives.
  • Have our AI moderators select appropriate consumer participants for in-depth interviews.
  • Access comprehensive, actionable summaries of key insights and findings from these interviews to support informed decision-making.
  1. Order Process

Each project or purchase of Services requires an Order Form signed by both parties. In case of conflict, Order Forms take precedence over these Terms.

  1. Service Levels

We will use reasonable efforts to maintain 99% uptime availability for the Platform, excluding scheduled maintenance and events beyond our control. Technical support is available Monday to Friday, 9am–5pm GMT.

  1. Subscription Terms

Subscriptions are billed annually or as otherwise stated in the Order Form. Subscription fees are non-refundable except as required by law.

  1. Payment Terms

You agree to provide valid payment details. If automatic payment fails, you will be manually invoiced and must pay within the specified period.

  1. Confidentiality

Both parties agree to protect each other’s Confidential Information and not disclose it to third parties without consent, except to authorised personnel bound by similar obligations.

  1. Warranties

We warrant that we have the right to provide the Services and that the Services will substantially conform to their documentation. All other warranties are excluded to the maximum extent permitted by law.

  1. Limitation of Liability

Our liability to you is limited to the total fees you paid in the twelve (12) months preceding the claim. This does not limit liability for death, personal injury, fraud, or other liabilities that cannot be limited by law.

  1. Indemnity

We will indemnify you against claims that the Services infringe third-party intellectual property rights, provided you give prompt notice and cooperation.

  1. Force Majeure

Neither party is liable for delays or failures caused by circumstances beyond their control, including natural disasters, war, terrorism, strikes, pandemics, or governmental actions.

  1. Assignment

Neither party may assign these Terms without the prior written consent of the other party, except that we may assign these Terms to an affiliate or successor without your consent.

  1. Entire Agreement

These Terms and all related Order Forms constitute the entire agreement between us and supersede all prior agreements. Amendments must be in writing and signed by both parties.

  1. Audit Rights

You may audit our compliance with these Terms once per year with reasonable notice, provided that the audit does not unreasonably disrupt our operations and is at your expense.

  1. Termination

Either party may terminate these Terms for convenience with ninety (90) days’ prior written notice. All outstanding fees for Services provided up to termination must be paid.

  1. Data Protection

Both parties will comply with UK GDPR and applicable data protection laws. Each party acts as an independent data controller unless otherwise specified.

Each party agrees to:

  • Only process personal data in compliance with applicable data protection laws.
  • Inform individuals whose personal data is shared with the other party.
  • Take appropriate measures to ensure the legality of data processing.

The parties acknowledge they Bolt may act as a data processor when you choose to use your respondent panels and add their data to our platform, or when you decide to create surveys where you ask the respondents to disclose personal data or to upload media files that may contain personal data.

  1. Governing Law

These Terms are governed by English law. The courts of England and Wales have exclusive jurisdiction over any disputes.

By using our Platform and services, you agree to these Terms. If you have any questions, please contact us at [email protected].

Data Processing Agreement

This Data Processing Agreement (hereinafter referred to as “DPA") has been executed by and between 

“Bolt Insight Limited” having its registered office at Unit 217 Metal Box Factory, 30 Great Guildford Street, Southwark, London, SE1 0HS, United Kingdom

(“Bolt”, “we”)

and

You (“Customer”)

In this DPA, Bolt and the Customer shall be referred to as the "Party" individually and the "Parties" collectively.

Regarding the processing activities undertaken by the Parties as described in section 16, paragraph 2 of the Terms and Conditions, Bolt will act as a Processor, and you will act as a Controller.

  1. Where Bolt will process personal data (“Personal Data”) on behalf of the Customer, it shall act as a Processor for the Customer and undertakes to comply with the GDPR and these Clauses in accordance with and for the purposes of Article 28 of the GDPR, upon signing a Contract or creating and account with us and for the duration of the Contract.
  2. Bolt undertakes to carry out the Personal Data processing operations in accordance with the obligations imposed by the GDPR, these Clauses and the instructions subsequently issued by the Customer related to the use of the Platform. The Processor undertakes to immediately inform the Controller when, in its opinion, it considers that an instruction issued by the Controller violates the GDPR or other legal provisions of national or Union law on data protection to which Bolt is subject.
  3. The Controller's instructions are reflected in these clauses and the Terms and Conditions. Subsequent instructions may also be issued by the Controller during the processing of personal data, but they must always be documented and kept in writing, including in electronic form, and communicated in advance.
  4. The instructions shall include at least the following details of the processing:
    • subject-matter: Performance by the Processor of the services covered by the Terms and Conditions;
    • duration of the processing: Personal Data will be stored only as long as necessary for the performance of the services under the Terms and Conditions and for the duration for which the Customer us using the Platform unless there are deletion or return instructions from the Controller;
    • nature and purpose of processing: Carrying out the necessary processing operations with regard to Personal Data in order to achieve the purposes pursued by the execution of the services under the Terms and Conditions;
    • type of personal data: Depending on how the Customer decides to use the Platform, they may cover data in the following categories: general biographical data, and other categories of data specific to the services provided under the Terms and Conditions. The Customer is in full control over the types of personal data it may ask the respondents to provide.
    • categories of data subjects : Depending on the actual service provided under the Terms and Conditions, they may target the following categories of data subjects: respondents.
  1. The Processor and any person acting under his/her authority who has access to personal data shall process them exclusively solely for the purpose of providing the Services under the Terms and Conditions , unless they are required to do so under a legal provision to which the Processor is subject to. 
  2. If the Processor is required by a legal obligation to process personal data to which he has access in his capacity as a Processor of the Controller, it shall notify the Controller of this legal obligation without delay prior to the processing, unless such notification is prohibited by law for important reasons relating to the public interest.
  3. The Processor declares that it has designated its employees or collaborators who are authorized to carry out any operation relating to the processing of Personal Data only on a need-to-know basis for the purpose of providing the Service and in accordance with these clauses. In this respect, the Processor must ensure that these authorised persons are bound by confidentiality agreements or professional or legal obligations and that they are adequately trained on the principles and measures pertaining to the protection of Personal Data.
  4. The Processor shall take and maintain all security measures referred to in Article 32 of the GDPR, as well as any other appropriate preventive measure to avoid data processing that is not permitted or that is not in accordance with the purposes of the Terms and Conditions and the provisions of the GDPR. 
  5.  In the event of a personal data security breach affecting the data processed by the Processor for or on behalf of the Controller, the Processor shall take all necessary and appropriate corrective measures, immediately inform and cooperate with the Controller.
  6. The Processor shall assist the Controller in complying with the Controller's obligations relating to the handling of requests to exercise data subjects' rights, the security of personal data, namely those relating to data protection impact assessment and prior consultation, the handling of requests received from public authorities, including the supervisory authority, taking into account the nature of the processing and the information to which the Processor has access.
  7.   The Processor will return all original documents and will delete or destroy all materials in any medium containing personal data, unless there is a legal obligation for the Processor to store that data. The Processor may continue to retain documents containing personal data where applicable law requires the storage of such personal data (for example, including, but not limited to, legal tax, financial and accounting, archiving obligations).
  8. The Processor shall provide the Controller with all materials, documents or other information reasonable and necessary to enable the Controller to confirm that the Processor has acted in accordance with its data protection obligations under these Clauses.
  9. Only by way of exception and only to the extent that the materials, documents and information provided by the Processor to the Controller in accordance with the previous clause would not be sufficient to assess the compliance of the Processor with the data protection obligations under these Clauses, the Controller shall have the right to conduct an inspection at the premises of the Processor.  The request for such an inspection shall be communicated to the Processor by the Controller at least 30 days prior to the inspection.
  10. The Controller shall grant the Processor a general written authorization to engage subcontractors. The list of sub-processors, as well as any subsequent changes to the list, shall be communicated by the Processor to the Data Controller. Before such disclosure the Processor shall enter into a valid and enforceable written contract with such sub-processors, which shall include terms that (i) are substantially identical to the obligations applicable to personal data as set out in these clauses, (ii) require that such sub-authors comply with the terms and conditions of these clauses with respect to the processing of personal data.
  11. The Processor hereby declares that the sub-processors will process personal data in Member States of the European Union and the European Economic Area or in countries that ensure adequate protection of personal data in accordance with the European Commission's adequacy decisions in force at the date of signing this Agreement. If the sub-processors intend to process personal data in countries that are not considered adequate by the European Commission, the Processor shall ensure that the sub-processor enters into the standard contractual clauses as defined by the ICO/European Commission's decision in force and as applicable at the date of signing this Contract.