Skip to main content
BOOK YOUR FREE WORKSHOP

Terms and Conditions

Gysho Ltd. – Terms and Conditions

Effective Date: 15 May 2025
Last Reviewed: 15 May 2025
Version: 2025.2.0

Executive Summary

These Terms and Conditions (“T&Cs”) govern the relationship between Gysho Ltd. (“Gysho”, “we”, “us”, “our”) and the client (“you”, “your”, “client”) for the provision of advisory, consulting, and AI-powered software services, including both Gysho-hosted (SaaS) and client-hosted deployments.


These T&Cs are aligned with UK law and best practices, and are cross-referenced with Gysho’s internal policies, which are available upon request.

1. Introduction

By engaging Gysho’s services, you agree to these T&Cs. These T&Cs apply to all Gysho products and services, including advisory, consulting, AI adoption, and software development, whether deployed in Gysho-managed UK Azure environments or in client-managed environments.

2. Scope of Services

  • Services include advisory, consulting, AI adoption support, SaaS platforms (e.g., MarqtAI, Basewise, SalesAI), and custom AI solution development.
  • The specific scope, deliverables, and service levels are defined in individual contracts or agreements.

3. Policy References

Gysho maintains the following internal policies, which govern specific aspects of our service delivery and compliance:

  • Business Continuity Plan (aligned with ISO 22301, NCSC Cloud Security Principles)
  • Incident Response Management Process (aligned with NIST SP800-61, ISO 27001, GDPR)
  • Software Development LifeCycle Policy (aligned with GDPR, SOC2, DevSecOps)
  • Data Protection Policy (aligned with UK GDPR, DPA 2018, ICO guidance)

These policies are available upon request and are incorporated by reference into these T&Cs.

4. Shared Responsibility Model

  • Gysho-Hosted (SaaS): Gysho is responsible for infrastructure, application availability, backup, recovery, and compliance within defined SLAs. Clients are responsible for user access management and data input.
  • Client-Hosted: Clients are responsible for infrastructure, backup, recovery, compliance, and incident response in their own environments. Gysho provides application updates and support on a best-effort basis, as agreed in the contract.

5. Service Levels & Recovery Objectives (SLA/RTO/RPO)

Service Type: Business-Critical

  • RTO (Max Downtime): ≤ 4 hours
  • RPO (Max Data Loss): ≤ 1 hour
  • Notes: SLA-backed (SaaS); client-defined (self-hosted)

Service Type: Important

  • RTO: ≤ 24 hours
  • RPO: ≤ 12 hours
  • Notes: Standard support

Service Type: Supporting

  • RTO: ≤ 72 hours
  • RPO: Best effort
  • Notes: No guarantee

Gysho-Hosted: SLAs apply as agreed and default as above.
Client-Hosted: Clients define/manage their own RTO/RPO; Gysho recommends best practices but assumes no liability unless contractually agreed.

6. Fees and Payment

  • Fees are specified in individual contracts.
  • Invoices are issued digitally; payment terms are 14 days from invoice date.
  • Late payments may result in suspension or termination of services.

7. Client Responsibilities

  • Provide necessary information and cooperation.
  • Ensure compliance with all applicable laws and regulations.
  • For client-hosted environments, implement and maintain required security, backup, and compliance controls.

8. Intellectual Property

  • All IP in Gysho’s services, software, and AI-generated outputs remains with Gysho unless otherwise agreed.
  • Clients may use outputs as specified in the contract; reverse engineering and sublicensing are prohibited without written consent.
  • Client data remains the property of the client.

9. Data Protection & Privacy

  • Gysho processes personal data in accordance with its Data Protection Policy, UK GDPR, DPA 2018, and ICO guidance.
  • For Gysho-hosted services, Gysho acts as data controller or processor as appropriate; for client-hosted, the client is the data controller.
  • Data residency: All production personal data is stored in client-specified Azure regions unless otherwise agreed.
  • Data subject rights are supported in accordance with applicable law.
  • Automated decision-making: Data subjects are informed of AI use, logic, and rights to contest decisions.

10. Security & Compliance

  • Gysho implements robust technical and organisational measures (e.g., 2FA, encryption, audit logs) for Gysho-hosted services.
  • Clients are responsible for equivalent controls in client-hosted environments.
  • Gysho’s SDLC Policy ensures secure development, testing, and deployment.

11. Incident Response & Breach Notification

  • Gysho maintains an Incident Response Management Process for security and data incidents.
  • For Gysho-hosted services, Gysho will notify clients of business-critical incidents within 2 hours and comply with GDPR breach notification requirements (within 72 hours).
  • For client-hosted, clients are responsible for their own incident response, with Gysho providing application-level support as agreed.

12. Backup, Recovery, and High Availability

  • Gysho maintains regular backups, high availability, and recovery drills for Gysho-hosted services.
  • Clients are responsible for backup and recovery in client-hosted environments.

13. Amendments and Modifications

  • Amendments must be in writing and agreed by both parties.
  • Changes may impact costs, terms, and should be specified in contract annexes.

14. Confidentiality

  • Both parties agree to maintain the confidentiality of all non-public information.
  • Confidentiality obligations survive termination.

15. Limitation of Liability and Indemnification

  • Gysho is not liable for indirect, incidental, or consequential damages except as stated in a separate agreement.
  • Liability is limited to the total fees paid by the client.
  • Clients indemnify Gysho against claims arising from their use of the services, except in cases of Gysho’s gross negligence or willful misconduct.

16. Force Majeure

  • Neither party is liable for failure to perform due to causes beyond reasonable control (e.g., natural disasters, war, pandemics, outages).

17. Termination

  • Either party may terminate with written notice as specified in the contract.
  • Upon termination, Gysho will return or securely delete client data as agreed.

18. Audit Rights

The client may, upon reasonable prior written notice and no more than once per calendar year (unless required by law or following a material security incident), request evidence from Gysho demonstrating compliance with these Terms and Conditions and referenced internal policies (including, but not limited to, data protection, security, and business continuity).

Such evidence may include relevant certifications, audit summaries, or policy documentation. Any audit or review shall be conducted in a manner that does not unreasonably disrupt Gysho’s business operations or compromise the confidentiality of other clients’ information.

Audits may only be performed if they are in accordance with Gysho’s agreements with its suppliers and service providers (including, but not limited to, Microsoft Azure). Gysho is not required to comply with audit requests that would breach such agreements or supplier-imposed restrictions.

19. Subcontracting and Assignment

Gysho may engage subcontractors or assign its rights and obligations under these Terms and Conditions only with the client’s explicit agreement, either in advance (as specified in the contract) or at the time subcontracting is proposed.

Gysho remains responsible for the performance of its obligations and will ensure that any subcontractors are bound by terms no less protective than those set out herein.

The client may not assign or transfer its rights or obligations under these Terms and Conditions without Gysho’s prior written consent, such consent not to be unreasonably withheld.

20. Scheduled Maintenance

Gysho may perform scheduled maintenance on its systems and services from time to time. Where possible, Gysho will provide the client with at least 48 hours’ advance notice of any scheduled maintenance expected to impact service availability.

Scheduled maintenance windows will not count towards downtime for the purposes of SLA calculations, provided that such maintenance is performed within the notified window and does not exceed four (4) hours per maintenance event.

21. Governing Law and Jurisdiction

  • These T&Cs are governed by UK law; disputes are subject to UK courts.

22. Survival of Obligations

  • Obligations which by their nature should survive termination (e.g., confidentiality, indemnification, IP) remain in effect.

23. Acknowledgment

  • The client acknowledges they have read, understood, and agree to these T&Cs and referenced policies.

24. Definitions

  • “Gysho-hosted”: Services managed by Gysho in its Azure environments.
  • “Client-hosted”: Services deployed in client-managed environments.
  • “Business-Critical”, “Important”, “Supporting”: As defined in Gysho’s Business Continuity Plan.
  • “Personal Data”, “Data Controller”, “Data Processor”, “Data Subject”: As defined in UK GDPR.

25. Related Policies

  • Business Continuity Plan
  • Incident Response Management Process
  • Software Development LifeCycle Policy
  • Data Protection Policy

Access: All policies are available upon request.