Effective date: May 17, 2026
This Master Services Agreement (“MSA”) is between the customer (“Customer”) and Lovex AB(“Provider”) and governs the Customer’s use of the Provider’s services described in one or more Order Forms. The MSA together with each signed Order Form, the Data Processing Agreement, and the Terms of Serviceform the full agreement between the parties for the services it covers (the “Agreement”).
1. Definitions
Servicesmeans the products and professional services described in an Order Form, including software-as-a-service access to the Provider’s products (such as Lova and Pact) and any custom development or advisory engagement. Order Form means a written ordering document, signed by both parties or otherwise mutually accepted in writing, that references this MSA. Customer Data means data, content, or material submitted by the Customer or its users to the Services. Documentation means the product documentation made generally available on lovex.dev. Fees means the amounts payable under an Order Form. Subscription Term means the period during which the Customer is entitled to use a subscription Service as set out in an Order Form.
2. The Services
The Provider grants the Customer a non-exclusive, non-transferable right to access and use the Services during the term of the applicable Order Form for the Customer’s internal business purposes, subject to the Agreement and any usage limits stated in the Order Form. The Provider may modify the Services to reflect product evolution provided material reductions in core functionality during a paid Subscription Term are limited to those required by law, security, or sub-processor change.
3. Customer obligations
The Customer:
- Uses the Services in accordance with the Agreement and applicable law.
- Is responsible for its users’ access credentials, conduct, and the Customer Data they submit.
- Does not use the Services to build a competing product, to train competing AI models, to scan for vulnerabilities outside a coordinated disclosure under /trust, or in violation of the acceptable use rules in the Terms of Service.
- Does not submit special-category personal data (health, biometric, political, religious, sexual data) unless expressly agreed in writing in advance.
4. Fees, taxes, and payment
The Customer pays the Fees stated in the applicable Order Form. Unless the Order Form says otherwise, Fees are charged in EUR, exclusive of value-added tax (moms) and any other taxes, which the Customer pays in addition at the rate required by its billing location. Subscription Fees are invoiced in advance on the cycle stated in the Order Form; professional-services Fees are invoiced on milestone completion. Invoices are due net 30 days from invoice date unless the Order Form provides otherwise. Late amounts accrue interest at the lower of 1.5% per month or the maximum rate permitted by law. All Fees are non-refundable except where this MSA expressly says so or where required by law.
5. Term and termination
This MSA starts on the Effective Date and continues for so long as any Order Form is in effect. Each Order Form has its own term as stated in the Order Form. Either party may terminate this MSA or any Order Form on written notice if the other party materially breaches the Agreement and fails to cure the breach within 30 days after receiving written notice describing the breach. Either party may terminate immediately on written notice if the other becomes insolvent, makes an assignment for the benefit of creditors, or has bankruptcy proceedings initiated against it.
On termination or expiry the Customer’s right to use the Services ends. The Provider makes Customer Data available for export for at least 30 days after termination, after which Customer Data is deleted on the schedule described in the DPA. Sections that by their nature should survive termination survive, including sections 6 (Customer Data), 7 (IP), 8 (Confidentiality), 10 (Warranties & disclaimers), 11 (Indemnification), 12 (Limitation of liability), 14 (Governing law), and any accrued payment obligations.
6. Customer Data
As between the parties, the Customer owns the Customer Data and grants the Provider the limited right to host, process, and transmit it as needed to provide the Services and to comply with applicable law. The Provider does not use Customer Data to train its own generative models. The Provider does not sell Customer Data. The Provider’s processing of personal data is governed by the DPA, which is incorporated by reference.
7. Intellectual property
The Provider retains all rights in the Services, the Documentation, and any improvements to the Services. The Customer retains all rights in Customer Data and in any work product developed exclusively for the Customer under a professional-services Order Form, subject to (a) the Provider’s retained ownership of any of its pre-existing materials and general-purpose tooling, and (b) a perpetual licence back to the Provider to use anonymous, aggregated, or de-identified usage and performance data to operate and improve the Services. Feedback the Customer provides is not confidential and the Provider may use it without restriction.
8. Confidentiality
Each party will hold the other’s non-public information disclosed under the Agreement (“Confidential Information”) in confidence, use it only to perform its obligations and exercise its rights under the Agreement, and protect it with at least the same degree of care it uses for its own confidential information of similar importance, and in any event no less than reasonable care. The obligation does not apply to information that is publicly available without breach, was already known without duty of confidentiality, is independently developed without use of the disclosing party’s Confidential Information, or is rightfully received from a third party without restriction. A party may disclose Confidential Information as required by law if it gives reasonable prior notice where legally permitted. Confidentiality obligations survive for five years after termination of the Agreement; trade secrets are protected for as long as they remain trade secrets under applicable law.
9. Security and data protection
The Provider maintains technical and organizational measures appropriate to the risk, described at /trust and in Annex B of the DPA, and reviews them at least annually. The Provider notifies the Customer of any Personal Data Breach affecting Customer Data without undue delay and in any event within 72 hours of becoming aware, per the DPA.
10. Warranties and disclaimers
Mutual. Each party warrants that it has the authority to enter into the Agreement and that doing so does not breach any other agreement to which it is bound.
Provider.During each Subscription Term the Provider warrants that the Services will perform materially in accordance with the Documentation. The Customer’s exclusive remedy and the Provider’s entire liability for breach of this warranty is, at the Provider’s option, (a) modification of the Services to conform, or (b) termination of the affected Order Form and refund of pre-paid Fees for the period after termination.
Disclaimer.Except as expressly stated in this section, the Services are provided “as is” and the Provider disclaims, to the maximum extent permitted by law, all other warranties, whether express, implied, or statutory, including warranties of merchantability, fitness for a particular purpose, non-infringement, and any warranty that the Services will be uninterrupted, error-free, or secure against all attacks. AI-generated outputs are provided as drafts and require the Customer’s human review before reliance.
11. Indemnification
By Provider.The Provider will defend the Customer against third-party claims alleging that the Services as provided infringe a valid intellectual property right enforceable in Sweden or the EU, and will pay any final award against the Customer in respect of the claim or any settlement the Provider approves. This obligation does not apply to claims arising from (a) Customer Data or material provided by the Customer, (b) use of the Services in combination with anything not provided by the Provider where the claim would have been avoided absent the combination, (c) use of the Services outside the Documentation, or (d) modifications not made by the Provider. If the Services become or in the Provider’s opinion are likely to become the subject of an infringement claim, the Provider may, at its option, (i) procure a right to continued use, (ii) modify the Services to be non-infringing while remaining materially equivalent, or (iii) terminate the affected Order Form and refund pre-paid Fees for the period after termination. This section states the Provider’s entire liability and the Customer’s exclusive remedy for IP infringement claims.
By Customer.The Customer will defend the Provider against third-party claims arising from Customer Data, the Customer’s use of the Services in breach of the Agreement, or the Customer’s violation of applicable law, and will pay any final award against the Provider in respect of the claim or any settlement the Customer approves.
Procedure.The indemnified party must give prompt written notice of the claim, let the indemnifying party control the defense and settlement (provided the settlement releases the indemnified party without admission of liability), and cooperate reasonably at the indemnifying party’s expense.
12. Limitation of liability
Cap.Except for the excluded items below, each party’s total aggregate liability arising out of or related to the Agreement is limited to the Fees paid or payable by the Customer to the Provider under the affected Order Form during the twelve months immediately preceding the event giving rise to the liability.
Excluded damages. Neither party is liable for any indirect, incidental, special, consequential, or punitive damages, or for lost profits, lost revenue, lost data, or business interruption, even if advised of the possibility.
Carve-outs.The cap and excluded-damages clauses above do not apply to (a) a party’s indemnification obligations in section 11, (b) breach of section 8 (Confidentiality) involving willful misconduct, (c) the Customer’s payment obligations, (d) fraud or willful misconduct, or (e) liability that cannot be limited under applicable law (including, where applicable, liability to Data Subjects under Article 82 GDPR).
13. Insurance
The Provider maintains commercially reasonable insurance appropriate to its size, stage, and risk profile, including general business liability and, where applicable, cyber liability coverage. On request and under confidentiality, the Provider provides current certificates of insurance to enterprise customers as part of a security review.
14. Governing law and forum
The Agreement is governed by the laws of Sweden, without regard to its conflict-of-laws rules and excluding the UN Convention on Contracts for the International Sale of Goods. The courts of Stockholm, Sweden have exclusive jurisdiction over disputes arising from or related to the Agreement, without prejudice to Data Subjects’ rights to bring claims in the courts of their habitual residence as permitted by the GDPR. Each party consents to that jurisdiction and venue.
15. Force majeure
Neither party is liable for failure or delay in performance (other than payment obligations) caused by events beyond its reasonable control, including acts of war, terrorism, natural disasters, labor disputes affecting third parties, telecommunication or hosting provider failures, denial-of-service attacks, government action, and epidemics. The affected party will use reasonable efforts to mitigate. If a force majeure event continues for more than 30 consecutive days, either party may terminate the affected Order Form on written notice.
16. Notices
Notices under the Agreement must be in writing and are deemed given when received by email to the addresses stated in the Order Form or, in the absence of a stated address, to hello@lovex.devfor the Provider and to the Customer’s billing contact for the Customer. Legal notices (breach, termination, indemnification) must also be confirmed by a second email to hello@lovex.dev.
17. Assignment
Neither party may assign the Agreement without the other’s prior written consent, except that either party may assign on written notice to an affiliate or to a successor in a merger, reorganization, or sale of substantially all assets, provided the successor agrees in writing to be bound by the Agreement. Any other purported assignment is void.
18. Independent contractors
The parties are independent contractors. The Agreement does not create a partnership, franchise, joint venture, agency, fiduciary, or employment relationship.
19. Order of precedence
In the event of a conflict between the documents that make up the Agreement, the following order controls, top down: (a) a signed Order Form, but only with respect to the Services it covers; (b) the DPA, with respect to the processing of personal data; (c) this MSA; (d) the Terms of Service; (e) the /trust page and Documentation, which are descriptive rather than contractual unless expressly referenced.
20. Entire agreement; amendments
The Agreement is the entire agreement between the parties on the subject matter and supersedes all prior agreements, proposals, and communications. No purchase order or other ordering document issued by the Customer modifies the Agreement; conflicting terms are rejected. The Agreement may be amended only by a writing signed by both parties. Failure to enforce a provision is not a waiver. If any provision is held unenforceable, the remainder remains in effect.
Contact
Questions about this MSA, requests for a signed counterpart, or proposed redlines for an enterprise engagement: hello@lovex.dev.