Welcome to KOMBO AI! By using our website and services, you agree to comply with these Terms and Conditions (“T&Cs“). Please review them carefully before proceeding.

1. Ownership

• Entity Name: KOMBOAI TECHNOLOGIES S.L. (“KOMBOAI“)
• NIF: B-70709753
• Address: C/ Mèxic, 3, 3º, 08024 Barcelona
• Website: www.getkombo.ai
• Email: [email protected] 

2. Acceptance of T&Cs

By clicking to accept, you acknowledge that you have read and agree to these T&Cs. If you do not agree, please refrain from purchasing or using our services.

3. Description of the service

KOMBO AI provides AI-powered solutions designed to help digital sales teams improve their sales outreach by gathering and analyzing information from third party sources and APIs. KOMBO AI processes this data and provides tailored recommendations to help sales professionals optimize pitches and send targeted commercial communications to their clients.

Clients can access different subscription plans based on their needs. These plans are detailed on the website. By subscribing to the service, you agree to the automatic renewal of your subscription on a monthly basis, unless canceled under the conditions described in these T&Cs.

KOMBO AI is committed to providing high levels of availability and customer support. If you encounter any technical issues or need help with the service, you can reach our support team via email at [email protected]. We aim to resolve any issues promptly.

4. Pricing, payments and termination

KOMBO AI offers various subscription plans, with pricing displayed on our website. Payments are processed monthly through Stripe, and you authorize us to charge your selected payment method on a recurring basis. 

You can cancel your subscription at any time with 30 days’ notice, and the service will continue until the end of the current billing cycle. No refunds will be provided for digital services, and payments already made are non-refundable. Should any pricing changes be introduced, you will be notified at least 30 days in advance, allowing you to cancel your subscription without penalties.

KOMBO AI may suspend or terminate your access to the service immediately in cases of non-payment, fraud, or breach of these T&Cs. Upon termination, all licenses granted under these T&Cs will be revoked.

5. Responsibility, exclusion of warranties and liability

You are responsible for maintaining the confidentiality of your account, including your login credentials and payment information. You agree not to use the services for unlawful activities, and any fraudulent use will result in account suspension.

KOMBO AI is not liable for any misuse or improper handling of the data or services we provide. You must ensure that your use of the services complies with all applicable laws and regulations.

KOMBO AI provides its services “as is” without any express or implied warranties of any kind. While we strive to provide reliable data, we cannot guarantee its absolute accuracy or completeness. KOMBO AI is not responsible for any damages arising from the use of the service. 

Similarly, KOMBO AI does not guarantee the absolute availability and continuity of the service’s operation. KOMBO AI will endeavor to provide sufficient advance notice of any interruptions to the service’s operation whenever possible. KOMBO AI excludes, to the fullest extent permitted by law, any liability for damages of any kind that may result from the lack of availability or continuity of the service’s operation, including, but not limited to, cases of force majeure, unforeseen circumstances, natural disasters, or similar situations. Likewise, regarding any disappointment in the utility that users may have attributed to the service.

KOMBO AI will not be liable for any indirect, incidental, or consequential damages, including loss of profits, data, or business opportunities, resulting from the use or inability to use our services. This includes but is not limited to losses resulting from system issues, delayed access, or breaches beyond our control.

6. Intellectual property and confidentiality

KOMBO AI owns all intellectual property rights to the software, features offered on our platform and brand and content of the website. In accordance with the provisions of the Intellectual and Industrial Property Law, the reproduction, distribution, duplication, copying, and public communication, including its availability in any form, of all or part of the contents of this website for commercial purposes and other forms of exploitation, in any format and by any technical means, are expressly prohibited without the authorization of KOMBO AI.

The user agrees to respect the Intellectual and Industrial Property rights owned by KOMBO AI. The user must refrain from removing, altering, bypassing, or tampering with any protection device or security system installed on the pages of KOMBO AI. For any other use of the service’s content, you need our prior written consent.

You are granted a limited, non-exclusive, non-transferable license to use our service solely for your personal or business use. Any unauthorized reproduction or distribution of our intellectual property is strictly prohibited.

Both parties agree to maintain the confidentiality of any sensitive information shared during the contractual relationship. This obligation remains in effect during and after the termination of the service, for as long as the confidential information is considered secret and confidential.

7. Prohibited Actions

You agree not to:

• Use the website or services for illegal or fraudulent purposes.
• Tamper with or attempt to hack the platform or its security.
• Modifying or reverse-engineering any part of our service.
• Accessing KOMBO AI through automated systems (e.g., bots).
• Use the service to send or transmit unsolicited emails (“spam”), chain letters, contests, “junk mail,” pyramid schemes, or other mass messages, whether commercial or not.
• Misuse the services, including unauthorized access to data or accounts.

Any breach of this agreement may result in immediate termination of your subscription without prior notice.

8. External links

KOMBO AI may contain links to third-party websites. We are not responsible for the content, availability, or legality of these external sites. The inclusion of such links does not imply any endorsement by KOMBO AI.

9. Age requirement

By using this service, you declare that you are of legal age and have the legal capacity necessary to be bound by this agreement and to use the Service in accordance with its terms and conditions, which you fully understand and acknowledge.

If you are contracting the service on behalf of a company, you acknowledge that you have the proper authorization and representation to do so on behalf of the organization.

10. Right of withdrawal

You may exercise their right of withdrawal in accordance with Article 103(a) of Royal Legislative Decree 1/2007, provided that the service has not been fully executed. To exercise this right, the user must notify us in writing at [email protected] within a maximum of 14 days from the date of the acceptance of the present T&Cs. If the service provision has already begun, KOMBO AI may retain a proportional amount corresponding to the services already provided.

11. Modification of Terms

KOMBO AI reserves the right to modify these T&Cs at any time. Any changes will be communicated via email or prominently on our website. Your continued use of the service after such modifications will be considered your acceptance of the revised terms.

12. Security

KOMBO AI uses industry-standard encryption protocols to protect your data during transmission. However, we cannot guarantee absolute security and encourage users to take appropriate measures to safeguard their accounts.

13. Dispute Resolution

In the event of a dispute, the parties agree to submit to the exclusive jurisdiction of the courts of Barcelona, Spain, unless otherwise dictated by applicable law.

14. Severability

If any clause in these T&Cs is found to be invalid or unenforceable, the remaining provisions will remain in full effect.

15. Contact information

If you have any questions about these T&Cs, please contact us at [email protected].

By proceeding to use our services or by clicking “Agree,” you acknowledge that you have read, understood, and accepted these T&Cs.

KOMBOAI as Data Processor – Data Processing Addendum (DPA)

1. Purpose of the data processing:
Considering that the parties have a service provision agreement involving access to personal data
under the control of the client by said provider, this contract fulfils the requirement of article 28.3
of the General Data Protection Regulation (EU 2016/679), that provides that the processing of
personal data by a data processor shall be governed by a contract or other legal act.
By means of these clauses PROVIDER KOMBOAI TECHNOLOGIES, S.L. holder of CIF/NIF no.
B70709753, hereinafter, the data processor, is empowered to process on account of the CLIENT,
hereinafter, the data controller, the personal data necessary to render the services for analysis
and improvement of methodologies for attracting and managing potential customers, including
recording/access to recordings of calls between sales representatives and customers, which shall
involve access to and the processing of the personal data in keeping with the needs of the service
rendered (collection, structuring, storage, consultation, comparison).
2. Identification of the information affected:
In order to render the services arising from the performance of this engagement, Data Controller
shall place at the disposal of the Data Processor the information described below:

Identification data of employees and customers/potential customers.
3. Duration:
The duration of this agreement shall be the same as that of the underlying service provision
agreement.
4. Obligations of the data processor.
The data processor and all its personnel undertake to:
a. Use the personal data processed or collected for inclusion solely for the purpose of this
engagement. Under no circumstance may the data be used for its own purposes.
b. Process the data in keeping with the instructions of the data controller. Immediately inform
the data controller in the event the data processor deems that any of the instructions
infringes any data protection law.
c. When so required by the law on data protection, to keep a record of the categories of
processing activities carried out on account of the controller that contains the requirements of
the current data protection law.
d. Not to disclose the data to third persons unless the latter are expressly authorised by the data
controller in a legally admissible scenario.
e. Not to subcontract any of the services that falling within the purpose of this contract that may
entail the processing of personal data, except such ancillary services as may be necessary for
proper performance of the services.
Should it be necessary to subcontract any processing activity, the controller must be
previously informed in writing with 1 month's notice, indicating the processing to be
subcontracted and clearly and unequivocally identifying the subcontractor and its contact
details. The subcontracting may be carried out if the controller does not object within the
timeframe indicated.
The subcontractor, who will also act in the capacity of a data processor, must likewise comply
with the obligations contained herein for the data processor and the instructions provided by
the controller. It is the initial processor’s responsibility to regulate the new relation such that
the new processor is subject to the same conditions and formal requisites as the former as it
relates to the appropriate processing of the personal data and the guarantee of the affected

persons’ rights. In the event of a breach by the subprocessor, the initial processor shall
continue to be fully liable to the controller as regards compliance with the obligations.
f. Abide by its duty of confidentiality with regard to the personal data it has gained access to by
virtue hereof, including subsequent to termination of its purpose.
g. Ensure that the persons authorised to process the personal data undertake, expressly and in
writing, to respect its confidentiality and to comply with the relevant security measures, which
they must be duly informed of.
h. Maintain at the disposal of the controller supporting documentation evidencing compliance
with the obligation set forth in the preceding paragraph.
i. Ensure that the persons authorised to process the personal data know their roles and
obligations in relation to the processing of same, in accordance with the requirements of the
Regulation or, if applicable, have received specification training in the matter.
j. When the affected parties exercise their rights to access, rectify, delete, oppose and other
rights contained in the data protection law vis-à-vis the data processor, the latter must
immediately inform the controller and under no circumstance later than the business day
following receipt of the request, together with any relevant information for complying with
the request.
k. In the event the Data processor becomes aware of any infringement of data security which
constitutes a risk for the rights and freedoms of natural persons, it shall notify the data
controller without undue delay and within a 72-hours deadline, together with all the relevant
information for documenting and reporting the incident.
l. Support the data controller in prior consultations with the controlling authority when
applicable.
m. Place all the necessary information at the disposal of the controller to demonstrate
compliance with its obligations, including the performance of audits or inspections carried out
by the controller or other auditor authorised by same.
n. Implement the necessary security measures in accordance with the nature, scope, context and
purposes of the processing so as to:
a) Guarantee the confidentiality, integrity, availability and ongoing resilience of the
processing systems and services.
b) Restore the availability and access to personal data swiftly in the event of a physical or
technical incident.
c) Verify, evaluate and assess on a regular basis the effectiveness of the technical and
organizational measures introduced to ensure the security of the processing.
d) When the processing requires it, to pseudonymise and encrypt the personal data.
o. Destination of the data: Upon termination of this contract, the data processor, in accordance
with the instructions of the Data Controller, must delete or return all the personal data in its
possession stored on paper or digital copies or, if applicable, transfer it to another processes
designated by the Data Controller. Any of the two options signifies that the Processor will not
have in its possession personal data held by the Data Controller unless the processor must
store it, duly blocked, while any liabilities may arise from the rendering of the service.
5. Obligations of the data controller.
The data controller shall:
a. Deliver to the processor the necessary data to render the service as described herein.
b. Carry out the relevant prior consultations.
c. Ensure, prior to and throughout the processing, due compliance by the processor with the law
on personal data.
d. Supervise the processing, including the performance of inspections and audits.

6. Liabilities.
The Data Controller shall be released from any liability arising from a breach on the part of the Data
processor of the conditions contained herein, the latter also being considered a data controller
which shall be liable for any infringements committed personally before the Data Protection
Authorities together with any civil or criminal claims the affected parties may file before the
ordinary jurisdiction as a result of the breach, holding the Data Controller harmless from all and any
liability.
7. Affidavit of compliance with Regulation 2016/679 by the Data Processor
Pursuant to article 28.1 of the Data Protection Regulation that stipulates that only data processors
offering adequate guarantees be chosen to apply the appropriate technical and organizational
measures, such that the processing complies with the requisites of this Regulation and guarantees
the protection of the rights of the interested party, the Data Processor affirms:
a. That in the course of its activity it complies with the obligations and principles contained in the
General Data Protection Regulation (EU 2016/679).
b. That it keeps a log of the data processing activities performed under its responsibility.
c. That it has conducted the appropriate risk analysis to determine the technical and
organizational security measures to be applied to conform to the Regulation.
d. That it has adopted the necessary security measures to guarantee:
1. Physical control of the facilities where the Controller’s data is processed.
2. Access to its IT systems is obtained by means of individual username and passwords.
3. It has restricted access to the Controller’s data solely to those users who require it.
4. It has backup copies, where appropriate, of the Controller’s personal data that are
processed.
5. In the event of managing media or documents with the Controller’s personal data, the
latter are duly guarded under lock and key or by means of equivalent lockdown devices.
6. It has perimeter protection systems and antivirus protection for its IT systems.
7. It keeps a log of security incidents.
8. It has put in place mechanisms and procedures to report security breaches.
e. It undertakes to abide by the duty of confidentiality, including subsequent to termination of
the relation, and to guarantee that the persons authorised to process the data also undertake
to comply with the security measures.
f. That it proactively conducts regular verification of compliance with the obligations and
technical and organizational security measures that ensure compliance with the
Regulation.
8. Information on data protection
Both parties recognize that they have been informed of the purposes of the treatment of the
personal data provided in this contract and those derived from the execution of the same, of the
possibility of sending commercial information based on the legitimate interest of both parties by
electronic means, as well as how to exercise their rights and other obligations of the data protection regulations.