Our terms of use

1.1 Scope

These Terms of Use govern the use of the KAIZUNO® Platform (hereinafter “Platform”) and apply from the moment you register or use the Platform.

1.2 Guiding principle

These Terms of Use shall be interpreted in accordance with the principle of good faith (Swiss Civil Code, Art. 2). Both parties commit to treating each other fairly, honestly and respectfully.

1.3 Acceptance

By registering for or using the Platform, you accept these Terms of Use. If you do not agree, please do not use the Platform.

1.4 Applicable version

The current version of these Terms of Use, as published on the Platform, shall apply at all times.

3.1 The Platform

The KAIZUNO® Platform is an AI-powered digital solution available at kaizuno.com and its associated subdomains that supports organisations with assessments, analyses and their development.

The Platform is designed for organisations and their employees. Its scope of features may include assessments, reports, inspirations, recommendations and other AI-powered functions — including the processing of external information sources.

It is based on a proprietary methodology integrated into the Platform. The specific scope of features may change and expand as the Platform evolves.

The Platform is provided as a web-based SaaS solution and operated on Amazon Web Services (AWS) in Switzerland (data storage) and the EU (AI processing).

User groups include organisation administrators, team leads and participants. The Platform does not support critical or important business functions within the meaning of regulatory outsourcing requirements.

3.2 Our commitment

We continuously work to improve and develop the Platform further.

3.3 Use of artificial intelligence

The Platform uses artificial intelligence as a core component. AI processing is performed via Anthropic Claude, provided through Amazon Web Services Bedrock in the EU region.

No user data is transmitted to the AI model provider or used for training AI models.

By using the Platform, you acknowledge that content is generated with AI support. For more details, please refer to Section 9 and Annex C.

3.4 Support

We provide support by email at data(at)kaizuno.com. We aim to respond to your enquiries promptly.

5.1 Registration

We provide you with a personal user account. When registering, you provide truthful, complete and up-to-date information.

5.2 Login credentials

The security of your login credentials is your responsibility. You are responsible for all activity under your account. Please do not share your login credentials with third parties.

5.3 User roles

The Platform offers various roles with different permissions — for example, for managing the organisation account, supervising teams or participating in assessments. The available roles and their permissions may change or be expanded as the Platform evolves.

Whoever manages access within your organisation also decides who is granted access — including external individuals such as consultants, coaches or partners. Responsibility for granting access lies with your organisation.

5.4 What data belongs on the Platform

The entry of confidential business information, trade secrets or particularly sensitive personal data is not intended. Should you enter such data nonetheless, you do so at your own risk. We assume no special security guarantee and no liability in this regard.

5.5 Suspension or deletion

In the event of violations of these Terms of Use or applicable law, we reserve the right to suspend or delete user accounts.

6.1 Your reports belong to you

The reports and analyses generated by the Platform belong to you. You may use them freely — in particular:

• Share them within your organisation and use them for decision-making
• Pass them on to partners, headquarters, parent organisations or networks
• Share them with external consultants, coaches, auditors or other professionals
• Use them for presentations, reports or strategic documents

The results are there for you — use them in whatever way makes sense for your organisation. This right continues to apply after the termination of your use.

6.2 Your input data belongs to you

Everything you enter into the Platform remains your property. We do not claim any rights to it.

6.3 What we may do with your data

In order to provide the Platform’s services to you, we process, store and analyse your content — in particular for the creation of assessment reports.

Additionally, we use aggregated data that does not allow conclusions about individual users or organisations to improve our own products and services — for example, to refine the assessment logic or the quality of AI results. We do not sell your personal data to third parties.

6.4 Deletion

This processing permission ends when you delete your account or your data. Your content will then be deleted in accordance with our Privacy Policy, subject to the grace period described in Section 13.1.

6.5 Your responsibility

You warrant that the content you enter is lawful and does not infringe the rights of third parties.

7.1 The KAIZUNO® trademark

KAIZUNO® is a registered European trademark (word and figurative mark). You may of course use the name and logo in connection with the Platform — for example, to refer to it or describe it.

What we cannot permit is the use of the trademark or logo in your own products, materials or profiles without our consent, as well as the registration of marks that may be confused with KAIZUNO®.

7.2 The methodology

The KAIZUNO® Platform is based on a proprietary methodology. It is protected by copyright.

Within the Platform, the methodology is available to you without restriction — you benefit from it with every assessment. What we protect is the methodology itself: it may not be used, reproduced or used as a basis for your own methods, training programmes or consulting services outside the Platform.

7.3 Software and technology

Behind the Platform are software, AI models, assessment logic, analytical processes and a designed user interface. All of this is protected by copyright.

You use this technology with every click — but the technical building blocks themselves may not be examined, decompiled, extracted or used to build competing systems.

7.4 Published works

The methodology is also available in a book and an audiobook. These works are freely available for personal use — however, they may not be commercially reused or used as a basis for your own offerings.

7.5 Your usage licence

All content on the Platform — texts, graphics, logos, images and data — is protected, unless created by you.

Excluded are the reports and analyses that belong to you pursuant to Section 6. Upon registration, you receive a usage licence for the intended use of the Platform. This licence is valid for the duration of your use, is non-transferable and is tied to your user account.

10.1 What we cannot guarantee

Despite our best efforts, we cannot provide guarantees — neither for the uninterrupted availability of the Platform, the complete accuracy of AI-generated content, nor for the suitability of the results for any particular purpose (see also Section 9).

The Platform is a tool for self-reflection and development — not a substitute for professional expert advice or regulatory inspections. Decisions and actions you take on the basis of Platform results are your responsibility.

10.2 Limitation of liability

Our liability is limited to the usage fees paid by you in the preceding 12 months, but in any case no more than CHF 10’000. This limitation does not apply in cases of intent or gross negligence (Swiss Code of Obligations, Art. 100). Individual agreements remain reserved.

10.3 Indemnification

Should third-party claims arise against us as a result of your breach of these Terms of Use, you shall indemnify us — including reasonable legal and procedural costs.

10.4 External content

We occasionally link to third-party websites or services. We assume no responsibility for their content.

11.1 Our goal

We want the Platform to be available at all times. However, we cannot guarantee uninterrupted service.

11.2 Maintenance and development

We continuously develop and regularly maintain the Platform. Should we permanently discontinue the Platform, we will notify paying customers at least 90 days in advance and refund the unused portion on a pro-rata basis.

13.1 By you

You may terminate your account at any time. Before deletion, you may request an export of your data in a machine-readable format (JSON or CSV). We will provide the export within a reasonable timeframe.

After account deletion, we retain your data for a reasonable grace period — to protect against accidental deletion and to allow you to reactivate at a later time. After that, your data will be permanently deleted in accordance with our Privacy Policy.

13.2 By us

In the case of remediable breaches of these Terms of Use, we will first grant you a reasonable period to remedy the situation. In the case of serious or repeated violations, outstanding payments or abusive use, we may terminate access without prior notice.

13.3 Your reports after termination

Reports and analyses created during your use may continue to be used by you (see Section 6.1).

13.4 What continues to apply

Even after termination, the following continue to apply: the protection of intellectual property (Section 7), fair use (Section 8), liability provisions (Section 10) and applicable law (Section 16).

16.1 Applicable law

Swiss law applies exclusively. The application of the UN Convention on Contracts for the International Sale of Goods (CISG) is excluded.

16.2 Jurisdiction

The exclusive place of jurisdiction is Chur, Switzerland.

16.3 Amicable resolution

Before initiating court proceedings, both parties shall endeavour to reach an amicable resolution.

A1.1 Subject matter

This Data Processing Agreement within the meaning of Art. 28 GDPR and Art. 9 nDSG governs the processing of personal data by Anrok GmbH (Processor) on behalf of the organisation (Controller) in the context of using the KAIZUNO® Platform.

A1.2 Who is who

• Controller: The organisation that uses the Platform and whose organisation administrators manage the account.
• Processor: Anrok GmbH, Via Larisch 2, 7031 Laax, Switzerland.

A1.3 Duration

This DPA applies for the entire duration of Platform use and ends upon the complete deletion of all personal data after termination of the contract.

A2.1 Nature of processing

We process personal data exclusively for the provision of the KAIZUNO® Platform. This includes the storage and management of user accounts, the conduct and analysis of AI-powered assessments, the creation of assessment reports and analyses, and the technical operation and security of the Platform.

A2.2 Data subjects

Employees and members of the organisation, as well as third parties invited by the organisation (such as consultants, coaches or partners).

A2.3 Categories of personal data

Contact data (name, email address), account data (role, permissions), assessment data (self-assessments, responses), usage data (activities, timestamps) and billing data (via Stripe).

A3.1 Instruction-bound processing

We process personal data exclusively on the instructions of the Controller. These Terms of Use and this DPA constitute the documented instructions. Further instructions require written form.

A3.2 Confidentiality

All persons entrusted with the processing of personal data at our company have committed to confidentiality or are subject to a statutory obligation of secrecy.

A3.3 Technical and organisational measures

We implement appropriate technical and organisational measures to ensure a level of protection commensurate with the risk. These include encryption of personal data during transmission and storage according to industry standards, access control and authentication, regular security reviews within our capacities, and firewall protection.

A3.4 Sub-processors

We use the following sub-processors:

All sub-processors are contractually bound to comply with equivalent security standards. The Controller consents to the use of these sub-processors. We will inform you of any changes (additions or replacements) at least 30 days in advance. The Controller may object within 14 days of notification.

A3.5 Assistance

We assist the Controller in fulfilling data subject rights (access, deletion, rectification, data portability), in complying with data breach notification obligations, and in conducting data protection impact assessments where relevant.

A3.6 Reporting data breaches

If we become aware of a breach of personal data protection, we will inform the Controller within 72 hours of becoming aware.

Before notification, we are entitled to conduct a reasonable investigation and initial risk assessment. The notification will contain the information available at the time regarding the nature of the breach, the categories of data affected, the likely consequences, and the measures taken or proposed.

A4.1 Lawfulness

The Controller is responsible for the lawfulness of data processing and ensures that a valid legal basis for processing exists.

A4.2 Instructions

Instructions shall be issued exclusively within the framework of applicable law. If, in our view, an instruction violates applicable data protection law, we will notify the Controller in a timely manner.

A4.3 Access management and content

In accordance with the Terms of Use (Section 5), the Controller is solely responsible for granting access rights, inviting external third parties, the nature and scope of data entered, and ensuring that no confidential business information or sensitive third-party data is entered.

A5.1 Deletion of personal data

When the Controller requests deletion or terminates the account, we retain personal data for a reasonable grace period to allow for accidental deletion or later reactivation.

After this period, we will delete all personal data in accordance with our Privacy Policy, unless statutory retention obligations or legitimate interests require otherwise — in particular the preservation of evidence in cases of suspected misuse or unlawful conduct.

A5.2 Data export

Before deletion, the Controller has the right to request an export of data in a machine-readable format (JSON or CSV). We will provide the export within a reasonable timeframe.

A5.3 Confirmation

Upon request, we will confirm the complete deletion of data in writing.

A6.1 Duty to demonstrate compliance

We will make available to the Controller, upon request, the information necessary to demonstrate compliance with the obligations under this DPA.

We may also fulfil this obligation by presenting a current self-assessment, security certificate or equivalent documentation.

A6.2 Audits

If the duty to demonstrate compliance under A6.1 cannot be fulfilled by other means, the Controller may have audits conducted by an independent auditor bound by confidentiality.

Audits are limited to one audit per 12 months, with at least 90 days’ advance notice, and are to be conducted during normal business hours.

The costs are borne by the Controller. The scope is limited to the processing activities relevant to the Controller. Statutory audit rights of supervisory authorities remain unaffected by these limitations.

B1.1 Infrastructure

The Platform is operated on Amazon Web Services (AWS). AWS is certified under ISO 27001, SOC 1/2/3 and PCI DSS Level 1. Data storage is located in Switzerland, AI processing in the EU (Frankfurt).

B1.2 Encryption

B1.3 Access Control

Password-protected user accounts with minimum requirements, role-based access model, administrative access restricted to authorised persons, developer access via secured connections with individual credentials, principle of least privilege.

B1.4 Network Security

Wordfence firewall for attack protection, brute-force detection and blocking, malware scanning, DDoS protection.

B1.5 Patch and Vulnerability Management

Regular updates of Platform software and plugins. Security updates are applied promptly. Wordfence scans for vulnerability detection.

B2.1 Reporting Security Incidents

Security incidents are reported to affected customers within 72 hours of becoming aware.

B2.2 Content of the Report

The report contains, to the extent available at the time: nature of the incident, affected systems and data categories, likely impact, and measures taken or planned.

B2.3 Cooperation

We cooperate in the analysis, root cause investigation and resolution of security incidents and document them.

B2.4 Contact

Security incidents can be reported at any time to: data(at)kaizuno.com

B3.1 Tenant Separation

Data from different organisations is logically separated. Users can only access data from their own organisation and, depending on their role, their team.

B3.2 Production and Test Environment

Production and test environments are separated.

B3.3 Malware Protection

Automated security scans, firewall protection and system integrity monitoring.

C1.1 Provider and Model

The Platform uses Anthropic Claude, provided via Amazon Web Services Bedrock (EU region Frankfurt).

C1.2 Purpose of AI

The AI supports various Platform functions — including the creation of assessment questions, the analysis of responses, the generation of reports and recommendations, and the processing of external information sources.

C1.3 Limitations of Results

AI-generated results may contain inaccuracies, errors or biases. They serve as impulses for self-reflection and do not replace professional expert advice, regulatory inspections or your own duty of care (see Section 9 of the Terms of Use).

C2.1 What Data is Transmitted to the AI

Assessment responses, organisational context (industry, size, type of organisation) and general information you enter into the Platform. Depending on the function, the Platform may also retrieve and process information from external sources.

C2.2 Anonymisation

Personal data (name, email) is not transmitted to the AI model. The AI processes assessment content and organisational context, not personally identifiable information.

C2.3 No Training with Customer Data

AWS Bedrock does not store prompts or responses. Input data is not used for training AI models. No user data is transmitted to the AI model provider (Anthropic).

C2.4 Processing Location

AI processing: EU (Frankfurt, AWS Bedrock). Data storage: Switzerland (AWS).

C4.1 Classification as an AI System

The KAIZUNO® Platform is an AI system within the meaning of the AI Act. It is designed for operation with varying degrees of autonomy, operates according to defined objectives (assessment, analysis, report generation), infers from input data how to generate outputs, and produces content, recommendations and analyses.

The system has no self-learning capability. Improvements to methodology, assessment logic and processing workflows are made exclusively through human development decisions. Customer data is not used for training AI models.

C4.2 No Prohibited Practices (Art. 5 AI Act)

The Platform does not employ techniques aimed at manipulating the decision-making ability of individuals or exploiting vulnerabilities. There is no social scoring, no facial recognition, no emotion recognition in the workplace, and no biometric categorisation.

The Platform provides feedback, inspiration and analyses to support organisational development. Users retain full decision-making freedom at all times.

C4.3 No High-Risk Classification (Art. 6 AI Act)

The Platform is not a safety component of a harmonised EU product and does not fall under the harmonisation legislation listed in Annex I of the AI Act. It is not attributable to any of the high-risk application areas listed in Annex III — in particular not biometrics, critical infrastructure, education, employment/human resources management, or essential services.

By way of clarification: The Platform analyses topics such as leadership quality, team dynamics and organisational development at an aggregate level. It does not make decisions regarding recruitment, selection, promotion, dismissal or performance assessment of individual persons. There is no profiling within the meaning of Art. 4 No. 4 GDPR.

The Platform is intended to improve the results of previously completed human activities (refining assessment inputs into organisational analyses), to identify patterns and deviations, and to perform preparatory tasks for assessments — without replacing human judgement.

C4.4 Limited-Risk System — Transparency Obligations (Art. 50 AI Act)

The Platform is classified as a limited-risk system. It is intended for direct interaction with natural persons and generates AI-produced text content (reports, analyses, recommendations).

The resulting transparency obligations are fulfilled: AI-generated content is labelled as such (see Section 9 of the Terms of Use).

The Platform does not generate deepfakes or manipulated image, audio or video content. It does not perform emotion recognition or biometric categorisation.

The Platform may generate text drafts that can be used by the organisation as a basis for external communication (e.g. reports). Responsibility for review, approval and publication lies exclusively with the using organisation.

C4.5 Role of Anrok GmbH

Anrok GmbH developed the Platform and markets it under the KAIZUNO® brand. It bears the associated obligations as provider, in particular compliance with the transparency requirements under Art. 50 AI Act.

C4.6 General-Purpose AI Models (Art. 51 ff. AI Act)

The Platform uses general-purpose AI models (GPAI), provided through Amazon Web Services Bedrock.

The obligations under Art. 53 ff. AI Act for GPAI models apply to the respective model providers. Anthropic Claude is currently deployed.

The selection of models is at the discretion of Anrok GmbH; a change of model provider is possible provided the data protection and security requirements described in these Terms of Use are met.

The models currently in use are documented in the technical documentation at kaizuno.com.

D1.1 Target Availability

We aim for a Platform availability of 97% per calendar month, measured by the reachability of the web application.

Excluded are planned maintenance windows, disruptions to third-party services used (e.g. cloud infrastructure, CDN) and force majeure events as defined in Section 12 of the Terms of Use.

D1.2 Maintenance Windows

Planned maintenance is generally announced at least 48 hours in advance. Security-critical updates may be applied without prior notice.

D2.1 Availability

Support by email at data(at)kaizuno.com.

Support hours: business days (Monday–Friday), 09:00–17:00 CET, excluding Swiss public holidays.

D2.2 Response Time

We aim to provide an initial response within 2 business days.

D3.1 Data Backups

Daily backup of the database and relevant files. Backups are stored encrypted and overwritten by rotation after a maximum of 90 days.

D3.2 Recovery Targets

In the event of a system failure, we aim for the following targets:

These are target values, not guaranteed commitments. Actual recovery time depends on the nature of the incident.