Terms of Service

These Terms are designed for business customers. They do not remove any rights or liabilities that cannot legally be excluded under the laws of England and Wales.

1. Contracting entity and legal notices

"Porosi", "we", "us", and "our" mean Porosi Ltd, a private limited company registered in England and Wales under company number 17185812, with registered office at 27 Tenterden Drive, Canterbury, England, CT2 7BH. Porosi Ltd trades as Porosi.

Legal notices must be sent to [email protected] and, where formal service is required by law, to our registered office. General support questions should be sent to [email protected].

VAT numbers, tax details, and company billing details will be shown on invoices or order forms where applicable. You must keep your billing, tax, and contact information accurate and up to date.

2. Acceptance and order of precedence

By creating an account, clicking to accept, signing an order form, accessing the Services, inviting users, placing an Order, using an integration, or continuing to use the Services after these Terms are updated, you agree to these Terms.

If you use the Services on behalf of an organisation, you confirm that you have authority to bind that organisation. In that case, "you" and "your" refer to that organisation and its authorised users.

These Terms, any applicable order form, DPA, SLA, Privacy Policy, Cookie Policy, Documentation, and product-specific policy together form the agreement between you and Porosi. If there is a conflict, the following order applies unless a signed written agreement expressly says otherwise: (1) signed MSA or enterprise agreement; (2) signed order form; (3) signed DPA or Schedule A of these Terms for personal data processing; (4) these Terms; (5) Documentation and policies.

We may update these Terms from time to time. We will use reasonable efforts to give notice of material changes. Updated Terms apply from the effective date stated on the page. If you do not agree to updated Terms, you must stop using the Services before the effective date and cancel according to the cancellation process.

3. Definitions

• "Account" means a Porosi user, Supplier, Buyer, workspace, or organisation account.
• "Admin User" means a user with administrative permissions for a Supplier workspace or other organisation account.
• "Buyer" means an end-customer, buyer user, or buyer organisation invited or approved by a Supplier to view catalogues or place Orders through the Services.
• "Customer Data" means data submitted to, uploaded to, generated in, or processed through the Services by or on behalf of you, Suppliers, Buyers, and authorised users, including personal data, catalogues, product data, price lists, stock data, customer lists, delivery information, order data, notes, documents, invoices, and integration data.
• "Documentation" means usage instructions, help materials, API documentation, configuration notes, and product notices that we make available.
• "Order" means a purchase request, quote, draft, invoice-related record, or order workflow created through the Services between a Buyer and Supplier.
• "Private Demo Materials" means any non-public Porosi demo, private demo website, private demo video, recorded walkthrough, live walkthrough, screen share, prototype, screenshot, workflow explanation, product plan, roadmap, pricing discussion, technical or commercial explanation, sales material, configuration, customer example, or other information disclosed by Porosi on a confidential or limited-access basis.
• "Services" means Porosi's websites, web apps, mobile apps, APIs, supplier dashboard, buyer portal, ordering tools, stock and inventory tools, customer and account management, invoice and document tools, reporting, notifications, integrations, and related support or professional services.
• "Subscription" means a paid plan, trial plan, usage allowance, add-on, or enterprise package for the Services.
• "Supplier" means a business customer using Porosi to manage wholesale operations, catalogues, Buyers, Orders, invoices, stock, integrations, and related workflows.
• "Third-Party Service" means any external service, platform, processor, app store, payment provider, accounting platform, email provider, infrastructure provider, analytics provider, or other third party used with or linked from the Services.

4. Eligibility and business use

The Services are intended for business use only. You confirm that you are acting in the course of business and not as a consumer. If mandatory consumer protection laws apply despite this business-use restriction, those mandatory rights are not excluded.

You must be at least 18 years old, legally able to enter into contracts, and not barred from using the Services under applicable law. You must not use the Services for sanctioned, restricted, unlawful, unsafe, or deceptive business activity.

You are responsible for ensuring that your use of the Services complies with laws and regulations applicable to your business, goods, customers, staff, territory, tax position, food or product sector, and accounting obligations.

5. The Services

Porosi provides software tools that help Suppliers manage wholesale ordering workflows, product catalogues, customer accounts, pricing tiers, stock and inventory visibility, operational documents, invoices, notifications, reporting, and integrations.

We may improve, modify, replace, suspend, or discontinue features where reasonably necessary for security, performance, legal compliance, third-party dependency changes, or product development. We will use reasonable efforts to give advance notice of material changes that negatively affect core paid functionality.

We may provide support, configuration assistance, imports, onboarding, or professional services. Unless a separate written agreement says otherwise, professional services are provided on a reasonable-efforts basis and do not transfer Porosi IP to you.

6. Supplier and Buyer relationship

A) Porosi is not the seller of goods

Porosi provides software infrastructure. Porosi is not a Supplier, Buyer, broker, agent, reseller, distributor, merchant of record, carrier, or party to any contract for the sale or supply of goods between a Supplier and a Buyer unless a separate written agreement expressly says so.

B) Supplier responsibility

Suppliers are solely responsible for goods and services they offer or supply, including product descriptions, photos, pricing, discounts, units, pack sizes, substitutions, stock availability, allergens, ingredients, food safety, storage conditions, labelling, regulated-goods compliance, VAT and tax treatment, delivery, fulfilment, returns, refunds, recalls, complaints, buyer credit terms, and customer service.

C) Buyer responsibility

Buyers are responsible for reviewing Orders before submission, checking product information with the Supplier where necessary, complying with Supplier policies, keeping account details accurate, and ensuring that any person placing Orders has authority to do so.

D) Disputes

Supplier-Buyer disputes, including disputes about goods, quality, delivery, pricing, substitutions, returns, payments, credit, refunds, and account access, are between the relevant Supplier and Buyer. Porosi may help route information but is not responsible for resolving or paying claims arising from Supplier-Buyer transactions.

7. Accounts, admins, and access controls

• You must provide accurate account information and keep it updated.
• You are responsible for protecting credentials, API keys, devices, sessions, and admin permissions.
• You must promptly notify us of suspected unauthorised access, credential compromise, or security incidents affecting your account.
• Admin Users may invite, approve, suspend, remove, or manage users and permissions within their workspace.
• You are responsible for all activity under your Account, including activity by employees, contractors, invited Buyers, integrations, and authorised users.
• We may require authentication, multi-factor authentication, email verification, device checks, or additional security steps.

If an Admin User configures roles, approvals, pricing, delivery rules, Xero settings, invoice email settings, stock permissions, or customer access incorrectly, you remain responsible for the effects of that configuration unless caused by Porosi's breach of these Terms.

8. Acceptable use

You must not, and must not allow anyone else to:

• use the Services for unlawful, fraudulent, harmful, misleading, abusive, discriminatory, or deceptive activity;
• upload or transmit malware, harmful code, illegal content, infringing content, or content you do not have rights to use;
• attempt unauthorised access to any account, tenant, system, network, API, database, storage bucket, or integration;
• probe, scan, stress test, load test, penetration test, scrape, crawl, benchmark, or reverse engineer the Services except as expressly authorised in writing;
• interfere with service performance, security controls, rate limits, logging, monitoring, or isolation between tenants;
• misrepresent identity, authority, product information, prices, availability, tax treatment, delivery capability, or payment status;
• send spam, unsolicited communications, or unlawful marketing through the Services;
• use the Services to process special-category data, criminal-offence data, medical data, payment card numbers, or high-risk regulated data unless Porosi has expressly agreed in writing;
• copy, record, screenshot, download, reproduce, summarise, train on, disclose, distribute, forward, publish, upload, share, benchmark, reverse engineer, or create derivative work from any Private Demo Materials except as expressly permitted by Porosi in writing;
• use Private Demo Materials, non-public Porosi information, designs, workflows, product ideas, architecture, roadmap, pricing, data, know-how, or access to build, procure, brief, support, improve, or validate a competing product, service, procurement exercise, internal build, third-party build, or unfair competitive activity;
• copy, frame, resell, sublicense, rent, lease, timeshare, or provide the Services as a service bureau unless permitted in writing;
• remove proprietary notices, bypass technical limits, or use the Services to develop a competing product using non-public Porosi information.

Security testing: For controlled security or performance testing, contact [email protected] for written authorisation, scope, timing, and safety rules before testing.

9. Customer Data

A) Ownership

As between you and Porosi, you retain ownership of Customer Data. Porosi does not claim ownership of Customer Data.

B) Licence to process Customer Data

You grant Porosi a worldwide, non-exclusive, limited licence to host, store, copy, back up, transmit, display, transform, analyse, and otherwise process Customer Data as necessary to provide, secure, support, maintain, improve, and develop the Services, comply with law, enforce these Terms, prevent abuse, and as otherwise described in our Privacy Policy or DPA.

C) Product images and catalogue suggestions

Product images uploaded by Supplier users or administrators through product management may be stored, processed, transformed, matched to product names and units, used to improve Porosi product data, and offered as catalogue image options or product image suggestions to other Suppliers. Porosi reviews reusable image options before making them available outside the uploading Supplier account.

You are responsible for ensuring you have the rights, permission, and authority needed to upload each product image and allow Porosi to use it as described in these Terms. Contact [email protected] or [email protected] if a product image should be reviewed, corrected, or removed.

D) Your data responsibilities

• You are responsible for the accuracy, quality, legality, permissions, and integrity of Customer Data.
• You must have all rights, consents, notices, and lawful bases needed to submit Customer Data to Porosi and allow Porosi to process it.
• You are responsible for configuring roles, permissions, visibility, product availability, customer account links, pricing tiers, and integration settings.
• You should maintain independent exports or backups of critical business records, accounting records, and statutory records.

E) Aggregated and de-identified data

We may create and use aggregated, anonymised, or de-identified data that does not identify you, your users, Suppliers, Buyers, or individuals, including to improve products, analytics, forecasting, benchmarking, security, and reliability.

F) Data export and deletion

During an active Subscription, you may export available Customer Data using product features or reasonable support channels. After termination, we may retain Customer Data for a reasonable period to allow export, comply with law, resolve disputes, prevent abuse, maintain backups, and enforce agreements. We may delete or de-identify Customer Data after that period unless a separate agreement states a different retention period.

10. Data protection, privacy, and cookies

Our Privacy Policy explains how we handle personal data when we act as controller. Our Cookie Policy explains how we use cookies and similar technologies. Where Porosi processes personal data on behalf of a Supplier as processor, Schedule A forms a data processing addendum and is incorporated into these Terms.

You must not submit personal data to the Services unless you have provided required notices, obtained required consents, identified an appropriate lawful basis, and complied with applicable data protection, marketing, employment, and privacy laws.

If you ask us to process personal data in a way that Porosi reasonably believes infringes applicable data protection law, we may decline the instruction and may suspend the relevant processing until the issue is resolved.

11. Integrations, accounting, payments, API, and mobile apps

A) Third-Party Services

The Services may integrate with Third-Party Services such as Xero, QuickBooks, payment processors, email providers, hosting providers, analytics providers, app stores, and notification services. Third-Party Services are governed by their own terms and privacy policies. Porosi is not responsible for Third-Party Services, including their acts, omissions, downtime, data handling, pricing, API changes, security, or availability.

B) Accounting and Xero

Porosi may create, sync, receive, or display invoices, contacts, order references, tax rates, stock information, COGS journals, accounting statuses, and related metadata. Porosi does not provide accounting, tax, audit, bookkeeping, legal, or financial advice. You are responsible for reviewing, approving, reconciling, filing, retaining, and correcting accounting records, invoices, tax treatment, Xero settings, nominal codes, account mappings, and journal entries.

C) Payments

If payments are enabled, a third-party payment processor may process payments and sensitive payment information. Porosi generally does not store full card numbers. Payment processors may impose fees, reserves, disputes, chargebacks, onboarding checks, prohibited-business rules, and settlement delays.

D) API

API keys, webhooks, and tokens must be kept secure. We may impose or change rate limits, quotas, authentication requirements, endpoint behaviour, or access restrictions to protect the Services. You are responsible for your API clients, integrations, credentials, errors, retries, duplicated requests, and downstream systems.

E) Mobile apps and app stores

Mobile apps may be distributed through third-party app stores. App store terms, device settings, operating system permissions, connectivity, and store review processes may affect availability and functionality. App stores are not responsible for providing support for the Services unless their own terms say otherwise.

F) Notifications and communications

The Services may send emails, push notifications, in-app notifications, SMS messages, or integration messages. Delivery is not guaranteed. You are responsible for communication preferences, lawful marketing permissions, recipient accuracy, and ensuring messages generated through your workspace are appropriate and lawful.

G) Automation and AI-assisted features

If Porosi provides AI-assisted, OCR, parsing, forecasting, recommendation, or automation features, outputs may be incomplete, inaccurate, delayed, or unsuitable for a particular use. You must review and approve outputs before relying on them for Orders, stock, pricing, fulfilment, invoices, accounting, legal obligations, or customer communications.

12. Fees, taxes, billing, and renewals

A) Fees and plans

Fees, plan features, usage limits, add-ons, implementation services, and billing intervals are described on our pricing page, in the checkout flow, or in an order form. Fees are payable in advance unless agreed otherwise in writing.

B) Renewals and cancellation

Subscriptions renew automatically for the same billing interval unless cancelled before the renewal date or unless an order form says otherwise. Cancellation takes effect at the end of the current billing period unless required by law or agreed in writing.

C) Payment authorisation

You authorise Porosi and its payment processors to charge your payment method for recurring fees, usage charges, add-ons, implementation fees, taxes, and other amounts due. You must keep payment information valid and promptly update failed or expired payment methods.

D) Taxes

Fees are exclusive of VAT, sales tax, withholding tax, duties, levies, and other government charges unless stated otherwise. You are responsible for taxes arising from your purchase and use of the Services, excluding taxes based on Porosi's net income.

E) Late payment, disputes, and suspension

If payment is overdue, we may suspend or restrict access after reasonable notice unless immediate action is needed to prevent loss or abuse. You must raise billing disputes promptly and in good faith. Undisputed overdue amounts may accrue reasonable recovery costs and interest where permitted by law.

F) Refunds and price changes

Fees are non-refundable except where required by law or expressly agreed in writing. We may change prices or plan packaging with notice. Price changes apply at renewal unless an order form states otherwise.

G) Trials and beta features

Trials, previews, beta features, early-access features, and free features may be changed, limited, suspended, or discontinued at any time. They are provided as-is, without SLA, warranty, or commitment, and should not be used for critical production workflows unless you accept that risk.

13. Availability, support, maintenance, and backups

We aim to operate reliable Services, but we do not guarantee uninterrupted or error-free availability unless a signed SLA expressly says so. Maintenance, updates, security work, outages, incidents, infrastructure providers, internet failures, app stores, integrations, and third-party APIs may affect the Services.

Support is provided through the channels and hours we make available. Support does not include legal, tax, accounting, food safety, regulatory, or business advice.

We maintain backup and recovery processes designed to support service continuity, but backups are not a substitute for your own exports, statutory records, accounting records, or business continuity planning.

14. Security and incidents

We use reasonable administrative, technical, and organisational measures designed to protect the Services and Customer Data. No system is perfectly secure, and we do not guarantee that unauthorised access, data loss, malware, or security incidents will never occur.

You are responsible for using strong passwords, limiting admin access, removing departed users, protecting devices, protecting API keys, configuring MFA where available, reviewing logs and exports, and promptly reporting suspected incidents.

If we become aware of a confirmed personal data breach affecting Customer Data for which you are controller and Porosi is processor, we will notify you without undue delay as described in Schedule A.

15. Intellectual property

A) Porosi IP

Porosi and its licensors own all rights in the Services, software, source code, object code, APIs, designs, user interfaces, workflows, databases, templates, Documentation, trademarks, logos, know-how, and improvements. Except as expressly permitted, you may not copy, modify, adapt, translate, distribute, sell, sublicense, or create derivative works from the Services.

B) Licence to use the Services

Subject to these Terms and payment of applicable fees, Porosi grants you a limited, non-exclusive, non-transferable, revocable licence during the Subscription term to access and use the Services for your internal business operations and, for Buyers, to place Orders with Suppliers you are authorised to buy from.

C) Feedback

If you provide ideas, suggestions, requests, comments, or feedback, you grant Porosi a perpetual, irrevocable, worldwide, royalty-free licence to use, modify, commercialise, and incorporate it without restriction or obligation to you.

D) Private demos and non-public product materials

Private Demo Materials remain Porosi IP and confidential information. Access to a private demo website, private demo video, recorded walkthrough, live walkthrough, prototype, screen share, or non-public sales material does not grant you any licence, ownership, option, assignment, implied right, or permission other than the limited right to view the material personally for the specific evaluation purpose approved by Porosi in writing.

You must not copy, record, screenshot, download, reproduce, summarise, disclose, distribute, publish, upload, share, forward, train a model on, create derivative work from, reverse engineer, benchmark, or otherwise use Private Demo Materials except as expressly authorised by Porosi in writing. This restriction applies to sharing inside your own organisation as well as external sharing with affiliates, advisers, consultants, contractors, suppliers, investors, competitors, agencies, software developers, product teams, procurement teams, or any other third party.

You must not use Private Demo Materials or any non-public Porosi information to build, design, specify, procure, brief, validate, improve, fund, support, or compete with any product, service, system, workflow, feature, user interface, architecture, integration, app, automation, or business process that competes with, substitutes for, or unfairly benefits from Porosi.

16. Confidentiality

Each party may receive confidential information from the other, including non-public product, technical, commercial, pricing, security, customer, financial, and operational information. Each party must protect the other's confidential information using at least reasonable care and may use it only to perform or receive the Services.

Private Demo Materials are confidential whether or not they are marked confidential, watermarked, password protected, token protected, sent by private link, shown in a meeting, or disclosed through a private demo website. Private Demo Materials may be viewed only by the intended recipient or other person expressly approved by Porosi in writing, and only for the approved evaluation purpose.

You must not disclose Private Demo Materials internally or externally without Porosi's prior written consent. That means you must not forward a private demo link, invite other staff to view it, share it with affiliates, advisers, consultants, contractors, investors, software developers, product teams, procurement teams, competitors, agencies, vendors, or any third party, or discuss the non-public content with anyone who has not been expressly authorised by Porosi.

You must not use Private Demo Materials to compete unfairly with Porosi, to support competitive intelligence, to compare or benchmark non-public Porosi workflows, to create requirements for another supplier, to brief an internal or external development team, to train or prompt an AI system, to develop similar functionality, or to avoid paying for or licensing the Services.

Confidentiality obligations do not apply to information that is publicly available without breach, already known without restriction, independently developed without use of confidential information, lawfully received from a third party, or required to be disclosed by law, court, regulator, insurer, auditor, professional adviser, or stock exchange requirement. Where legally permitted, the receiving party must give reasonable notice before compelled disclosure.

Confidentiality obligations for Private Demo Materials, trade secrets, source code, product architecture, roadmap, pricing strategy, customer information, security information, and other highly sensitive non-public Porosi information survive for as long as the information remains non-public or protectable. Other confidentiality obligations survive for five years after termination.

You agree that unauthorised copying, disclosure, sharing, competitive use, or misuse of Private Demo Materials may cause serious and irreparable harm to Porosi. Porosi may suspend or revoke access immediately and may seek legal action, injunctive relief, specific performance, damages, account of profits, recovery of legal costs, and any other remedy available at law or in equity, without limiting any other right or remedy under these Terms.

17. Disclaimers

To the maximum extent permitted by law, the Services are provided on an "as is" and "as available" basis. Porosi disclaims all warranties, conditions, representations, and guarantees, whether express, implied, statutory, or otherwise, including implied warranties of merchantability, satisfactory quality, fitness for a particular purpose, non-infringement, accuracy, uninterrupted availability, and any warranties arising from course of dealing or usage of trade.

Porosi does not warrant that the Services will meet your requirements, be uninterrupted, secure, error-free, free of harmful components, compatible with all systems, or that data, outputs, reports, forecasts, invoices, stock values, accounting syncs, AI-assisted outputs, notifications, or integrations will be accurate, complete, timely, or suitable for your intended use.

Porosi is not responsible for goods sold by Suppliers, Supplier-Buyer contracts, food safety, allergens, product quality, product legality, delivery, returns, refunds, tax filings, accounting decisions, statutory records, or Third-Party Services.

18. Limitation of liability

A) Excluded damages

To the maximum extent permitted by law, Porosi will not be liable for indirect, incidental, special, consequential, exemplary, or punitive damages; loss of profits, revenue, business, goodwill, anticipated savings, opportunity, reputation, contracts, or data; business interruption; procurement of substitute services; or losses arising from Supplier-Buyer disputes, even if advised of the possibility of such losses.

B) Liability cap

To the maximum extent permitted by law, Porosi's total aggregate liability arising out of or related to the Services, these Terms, any Subscription, or any non-contractual claim will not exceed the amounts paid or payable by you to Porosi for the Services in the 12 months immediately preceding the event giving rise to the claim.

C) Exceptions

Nothing in these Terms limits or excludes liability that cannot be limited or excluded under applicable law, including liability for death or personal injury caused by negligence, fraud, fraudulent misrepresentation, wilful misconduct where it cannot be excluded, or any mandatory statutory liability.

D) Reasonableness

The parties agree that these limits are reasonable having regard to the nature of the Services, the fees, the availability of insurance, the ability to negotiate enterprise terms, and the fact that Suppliers remain responsible for their own goods, customers, records, backups, accounting, and regulated obligations.

19. Indemnity

You will indemnify, defend, and hold harmless Porosi, its directors, officers, employees, contractors, affiliates, and licensors from and against claims, damages, liabilities, losses, penalties, fines, costs, and expenses, including reasonable legal fees, arising out of or related to:

• your Customer Data, including allegations that it infringes rights, was unlawfully collected, or was processed without required notices, consents, or lawful bases;
• your goods, product information, allergen or ingredient information, pricing, stock data, fulfilment, delivery, returns, refunds, recalls, tax treatment, or customer service;
• Supplier-Buyer disputes or contracts;
• your breach of these Terms, Documentation, law, or third-party rights;
• your unauthorised access, copying, recording, disclosure, sharing, competitive use, or misuse of Private Demo Materials or other Porosi confidential information;
• your integrations, API clients, credentials, devices, systems, or downstream processing;
• your unauthorised, negligent, fraudulent, or wilful acts or omissions.

Porosi will give reasonable notice of indemnified claims, allow you to control the defence where appropriate, and provide reasonable cooperation at your cost. You may not settle a claim in a way that admits fault by Porosi, imposes obligations on Porosi, or affects Porosi's rights without our prior written consent.

20. Suspension and termination

A) Suspension

We may suspend or restrict access immediately if we reasonably believe your use creates security, legal, operational, payment, fraud, data protection, third-party, or service-integrity risk. Where reasonable, we will notify you and work to restore access once the issue is resolved.

B) Termination by you

You may cancel according to the cancellation process in the Services, order form, or by contacting support where self-serve cancellation is unavailable. Cancellation does not relieve you of fees already incurred.

C) Termination by Porosi

We may terminate if you materially breach these Terms, fail to pay undisputed overdue fees, become insolvent, cease business, use the Services unlawfully, or create risk that cannot reasonably be mitigated. Where reasonable, we will provide notice and an opportunity to cure.

D) Effect of termination

• Your right to access and use the Services ends.
• You remain responsible for unpaid fees and obligations accrued before termination.
• You should export Customer Data before termination or during any available post-termination export window.
• Porosi may delete, retain, or de-identify Customer Data as described in these Terms, the Privacy Policy, Schedule A, and applicable law.
• Sections intended to survive continue after termination, including payment, Customer Data, data protection, confidentiality, IP, disclaimers, limitation of liability, indemnity, dispute resolution, and general legal provisions.

21. General legal terms

A) Governing law and courts

These Terms and any dispute or non-contractual obligation arising out of or related to them or the Services are governed by the laws of England and Wales. The courts of England and Wales have exclusive jurisdiction, except where mandatory law requires otherwise.

B) Informal resolution

Before filing a claim, each party will use reasonable efforts to resolve the dispute informally by contacting [email protected] and providing enough information to understand and investigate the issue.

C) Force majeure

Neither party is liable for delay or failure to perform caused by events beyond reasonable control, including internet or hosting failures, utility outages, cyberattacks, labour disputes, supply-chain failures, natural disasters, war, terrorism, civil unrest, epidemic, government action, app store action, or third-party platform failures. Payment obligations are not excused by force majeure.

D) Assignment

You may not assign or transfer these Terms without our prior written consent, except to a successor in connection with a merger, reorganisation, or sale of substantially all assets, provided the successor is not a competitor and assumes all obligations. Porosi may assign these Terms to an affiliate or successor as part of a merger, reorganisation, financing, corporate transaction, or sale of assets.

E) Severability, waiver, and entire agreement

If any provision is unenforceable, the remaining provisions continue in effect and the unenforceable provision will be interpreted or replaced to best achieve its lawful commercial purpose. Failure to enforce a provision is not a waiver. These Terms and incorporated documents are the entire agreement for the Services unless a signed written agreement states otherwise.

F) No partnership or agency

These Terms do not create a partnership, franchise, joint venture, fiduciary relationship, employment relationship, agency, or exclusive relationship between you and Porosi.

G) Export, sanctions, and anti-corruption

You must comply with applicable export control, sanctions, anti-bribery, anti-corruption, anti-money-laundering, and trade laws. You must not use the Services for sanctioned persons, countries, goods, or transactions.

H) Third-party rights

Except for Porosi's indemnified parties and licensors, no person other than you and Porosi has rights to enforce these Terms under the Contracts (Rights of Third Parties) Act 1999.

Schedule A: Data Processing Addendum

This Schedule A applies where Porosi processes personal data on behalf of a Supplier as processor under UK GDPR or EU GDPR. If you and Porosi sign a separate DPA, that signed DPA controls.

1. Roles

For Customer Data submitted by a Supplier about its Buyers, staff, contacts, accounts, delivery recipients, and order users, the Supplier is normally controller and Porosi is normally processor. Porosi may act as controller for account administration, billing, security, abuse prevention, marketing, analytics, legal compliance, and service management.

2. Processing details

3. Processor obligations

• Porosi will process personal data only on documented instructions from the controller, including these Terms, order forms, Documentation, product settings, and lawful user actions, unless required by law.
• Porosi will ensure personnel authorised to process personal data are bound by confidentiality obligations.
• Porosi will implement appropriate technical and organisational measures designed to protect personal data, taking account of processing nature, risk, cost, and available technology.
• Porosi will assist the controller, taking account of processing nature and available information, with data subject requests, security obligations, breach notifications, data protection impact assessments, and regulator consultations where required by applicable data protection law.
• Porosi will notify the controller without undue delay after becoming aware of a confirmed personal data breach affecting Customer Data processed by Porosi as processor.
• Porosi will delete or return personal data at the end of processing on reasonable written request, unless retention is required or permitted by law, backup processes, dispute resolution, fraud prevention, or legitimate business records.
• Porosi will make available information reasonably necessary to demonstrate compliance with this Schedule and allow audits as described below.

4. Subprocessors

You authorise Porosi to use subprocessors for hosting, storage, database, email, analytics, monitoring, support, payments, security, app distribution, notifications, accounting integrations, and other service operations. Porosi remains responsible for subprocessors' processor obligations to the extent required by applicable data protection law.

Porosi will require subprocessors to protect personal data under obligations materially equivalent to this Schedule where they process personal data as subprocessors. We will provide current subprocessor information on request or through a published list when available. You may object to a new subprocessor on reasonable data protection grounds; if the objection cannot be resolved, your sole remedy is to stop using the affected Services and terminate the affected Subscription.

5. International transfers

Porosi and its subprocessors may process personal data in the United Kingdom, European Economic Area, United States, and other locations where service providers operate. Where legally required, Porosi will use appropriate transfer safeguards such as adequacy regulations, standard contractual clauses, the UK International Data Transfer Addendum, or other lawful transfer mechanisms.

6. Security measures

Porosi's technical and organisational measures may include access controls, least-privilege permissions, authentication controls, encryption in transit, backup processes, monitoring, logging, vulnerability management, tenant isolation controls, incident response processes, secure development practices, and personnel confidentiality controls. Measures may evolve over time provided they do not materially reduce overall protection.

7. Audits

On reasonable written request, Porosi will provide information reasonably necessary to demonstrate compliance with this Schedule. Audits must be limited to once per year unless required by a regulator or confirmed breach, conducted during business hours, subject to confidentiality, and must not compromise security, other customers, trade secrets, or service operations. Porosi may satisfy audit requests through security summaries, policies, certifications, questionnaires, or third-party reports where available.

8. Controller obligations

You are responsible for lawful bases, notices, consents, data accuracy, data minimisation, retention choices, responding to data subjects where you are controller, and ensuring your instructions are lawful. You must not instruct Porosi to process personal data unlawfully.

Schedule B: Product-specific responsibility rules

1. Food, allergens, regulated goods, and product data

Suppliers remain solely responsible for food safety, allergens, ingredients, labelling, warnings, substitutions, regulated goods, product quality, storage, temperature control, suitability, recall obligations, and all product information shown to Buyers. Porosi does not verify product information and does not provide food safety or regulatory advice.

2. Stock, inventory, and fulfilment

Stock, inventory, buy-list, suggested purchase, incoming, committed, projected, and fulfilment information depends on data entered by users, integrations, and operational workflows. You must review and correct inventory records before relying on them for purchasing, fulfilment, accounting, or customer commitments.

3. Orders, invoices, and accounting sync

Orders and invoices may be drafts, estimates, operational records, or integration outputs until reviewed and approved by the responsible Supplier. You are responsible for final invoice approval, tax treatment, statutory records, Xero or accounting approval, journal review, and reconciliation.

4. Buyer communications

Suppliers are responsible for the content, timing, recipients, and lawfulness of communications sent to Buyers through or because of the Services, including order updates, invoices, payment reminders, marketing, and operational notifications.

Contact

• Legal: [email protected]
• Privacy: [email protected]
• General: [email protected]
• Registered company: Porosi Ltd, company number 17185812, registered in England and Wales.