AI & Automation Services Contract

Document ID: WBL-CTR-AI-[ID]-v1.0 Contract Date: [DATE] Project Name: [PROJECT NAME]

Parties

Service Provider:

Webility ("Agency") [Legal Business Name, Registered Address, Country] Email: legal@webility.local

Client:

[CLIENT LEGAL NAME] ("Client") [Registered Address, Represented by: Name, Title, Email]

Preamble

This Contract governs the Agency's engagement to design, build, integrate, and/or configure AI-powered systems and business automation workflows for the Client. Given the nature of AI technology, this Contract contains provisions beyond those of a standard software development agreement. Both Parties are advised to read it in full.

AI systems are probabilistic, not deterministic. They produce outputs that are influenced by training data, model parameters, and the quality of inputs — none of which are entirely within the Agency's control. This Contract clearly defines the Agency's scope, responsibilities, and limitations to protect both Parties.

1. Project Scope

1.1 Project Description

[Detailed description: what AI/automation system is being built, what business problem it solves, which departments/processes it touches, and what the expected outcome is]

1.2 Services Included

Phase 1 — Discovery & System Design

• Process mapping workshop(s): document current state workflows
• Stakeholder interviews: [X] sessions
• Requirements and edge case definition
• Technology and platform audit
• System architecture document (data flows, integration points, technology stack)
• AI qualification / classification ruleset (co-designed with Client)
• Data mapping: what data goes where, for what purpose

Phase 2 — Development & Integration

• Automation workflow build: [n8n / Make / Custom]
• AI model integration and prompt engineering
• Integration with [list all systems: CRM, ERP, email, Slack, etc.]
• Data enrichment integration: [Apollo / Clearbit / other — if included]
• Error handling and fallback logic for every workflow node
• Human escalation paths for uncertain or high-stakes AI decisions
• Audit logging of all system actions (timestamp, actor, outcome)
• Human override / control panel: [Retool / custom dashboard / other]
• Admin settings interface for Client-side rule management

Phase 3 — Testing & Validation

• Unit testing of every workflow node
• End-to-end integration testing with test data
• Edge case and failure mode testing (including adversarial inputs)
• Prompt injection resistance testing
• AI output accuracy validation against agreed test dataset
• Load and performance testing (where applicable)
• User acceptance testing with [X] Client team members

Phase 4 — Training & Handover

• Team training: [X] sessions, [X] hours total
• Session recordings provided
• Administrator guide: how to update rules, add users, manage the system
• Runbook: troubleshooting guide for common failure scenarios
• Credentials and access handover via secure transfer

Phase 5 — Post-Launch Monitoring

• [30]-day active monitoring period after go-live
• Daily review of automation logs for errors or unexpected behavior
• Minimum [2] optimization cycles based on real-world performance
• Bug fixes at no charge during monitoring period
• 30-Day Performance Report

1.3 Specific Deliverables

1.4 Technology Stack

1.5 Exclusions

Not included unless added by signed written amendment:

• Changes to the system scope after Phase 2 development is complete
• Ongoing maintenance, monitoring, or optimization after the 30-day monitoring period
• Third-party platform licensing fees (automation platform, AI API costs, database, etc.)
• Legal compliance review or advice — including AI regulatory compliance (EU AI Act, etc.)
• Physical hardware, on-premise server installation, or network infrastructure
• Custom mobile application development
• Security penetration testing or formal security audit (quotable separately)
• Training beyond [X] hours in Phase 4
• Any integration or system not explicitly listed in Section 1.2

2. Timeline

No phase begins without written sign-off from the Client on the preceding phase.

Client delay, prolonged inaction (30-day abandonment rule), and force majeure provisions apply as per the equivalent sections of this Contract.

3. Performance Criteria

Before the project is considered complete and before the final payment is due, the system must meet the following minimum performance standards in the testing environment:

If performance targets are not met in Phase 3, the Agency will continue optimizing at no additional cost until targets are achieved, or the Parties agree in writing to revised targets. This obligation does not extend indefinitely — if targets cannot be achieved due to technical limitations inherent to the third-party AI models or platforms selected (outside the Agency's control), the Parties will negotiate in good faith.

4. Fees & Payment

4.1 Total Contract Fee

Total Fee: [CURRENCY] [AMOUNT] (exclusive of applicable taxes and third-party costs)

4.2 Payment Schedule

4.3 Ongoing Third-Party Costs (Client Responsibility)

After handover, the following ongoing costs are the Client's sole responsibility:

The Agency is not responsible for the Client's operational costs of running the system after handover. If usage grows significantly beyond what was anticipated in the design, the system may require scaling — quotable separately.

5. Client Responsibilities

5.1 During the Project

• Assign a dedicated technical contact with authority to make decisions on system configuration
• Provide access to all existing systems, APIs, databases, and data schemas listed in Section 1.2
• Make relevant subject-matter experts available for Phase 1 interviews (up to [X] people)
• Provide representative test data (anonymized or synthetic where possible) for Phase 3
• Participate in User Acceptance Testing with [X] designated team members
• Review and approve Architecture Document before Phase 2 begins
• Promptly communicate any changes to existing systems that may affect integration

5.2 After Handover

• Maintain all required software subscriptions (automation platform, AI API, database, etc.)
• Monitor system logs and error reports using the provided control panel
• Notify the Agency promptly of any unexpected system behavior during the 30-day monitoring period
• Implement human review processes for high-stakes AI outputs before acting on them
• Keep all API keys and access credentials secure; rotate credentials if a breach is suspected
• Do not share API keys or system access with unauthorized parties
• Notify the Agency before making changes to integrated systems that could break the automation

5.3 Data Quality Responsibility

The accuracy and quality of the system's outputs depends heavily on the quality of data inputs. The Client acknowledges that:

(a) Garbage-in, garbage-out: if input data is inaccurate, incomplete, or inconsistent, AI outputs will reflect those deficiencies; (b) The Client is responsible for maintaining data quality in source systems integrated with the automation; (c) Changes to the Client's data structures or schemas after Phase 2 may break integrations and require a paid Change Order to remediate.

6. Data, Privacy & Security

6.1 Data Handling Principles

The Agency applies the following principles to data handled under this Contract:

• Minimum exposure: Only data required for the automation is processed
• No cross-client use: Client data is not used to train or configure AI systems for other clients
• Anonymization during development: Representative or synthetic data is used in development and testing where feasible; production data is only used in production with Client consent
• Documented data flows: All data movement is documented in the System Architecture Document

6.2 Personal Data Processing

If this automation processes personal data of individuals:

(a) The Client is the data controller; the Agency acts as a data processor for the duration of the project (b) The Agency will process personal data only in accordance with the Client's documented instructions (c) The Parties will execute a Data Processing Agreement (DPA) as a Schedule to this Contract if required under GDPR, PIPEDA, or other applicable law (d) Upon project completion, the Agency will return or destroy all personal data in its possession as instructed by the Client

6.3 Third-Party AI Data Processing

Data submitted to third-party AI APIs (e.g., Anthropic Claude API, OpenAI API) is processed by those providers under their own enterprise API terms. The Agency will:

• Use only API-level access (not consumer interfaces), which includes enterprise data privacy commitments
• Disclose the specific AI providers used in this project in the System Architecture Document
• Not submit identifiable sensitive personal data to AI APIs unless explicitly approved by the Client and technically required

The Client acknowledges that data sent to AI APIs is subject to the API provider's data processing terms and accepts responsibility for ensuring such processing is compliant with applicable law.

6.4 Regulatory Compliance — Client Responsibility

The Client is solely responsible for:

(a) Determining which AI regulations apply to their use of the delivered system (EU AI Act, Canada AIDA when in force, sector-specific AI rules in healthcare, finance, etc.) (b) Ensuring the system is deployed in compliance with those regulations (c) Implementing required transparency, explainability, or human oversight obligations (d) Disclosing to end users that they are interacting with an AI system, where legally required (e) Obtaining any required regulatory approvals before deployment in regulated sectors

The Agency provides technical implementation, not legal compliance advice. Clients in regulated industries must engage qualified legal counsel before deploying this system.

6.5 Security Controls

7. Intellectual Property

7.1 Transfer Upon Full Payment

Upon full payment, the Agency assigns to the Client:

• Custom automation workflow configurations (n8n / Make JSON exports)
• Custom system prompts and AI agent configurations
• Custom-coded integration scripts and functions
• All documentation produced under this Contract
• Fine-tuned model weights (if applicable, subject to third-party model provider's terms)

7.2 What Is Not Transferred

7.3 No IP Transfer Without Full Payment

If any amount is outstanding at the time of project close, no IP transfer occurs. The Client may not use, operate, or deploy the system in a production environment until all amounts are settled.

8. AI-Specific Warranties & Disclaimers

8.1 What the Agency Warrants

The Agency warrants that the system will: (a) Function materially as described in the System Architecture Document; (b) Execute automations as designed within the agreed performance criteria (Section 3); (c) Not contain intentionally malicious code introduced by the Agency.

8.2 Critical Disclaimers

THE CLIENT ACKNOWLEDGES AND ACCEPTS THE FOLLOWING:

(a) No accuracy guarantee: AI outputs are probabilistic. The Agency does not guarantee that the AI system will produce accurate, correct, or unbiased outputs 100% of the time. AI models can produce errors, "hallucinate" plausible-sounding but incorrect information, reflect biases present in training data, and perform inconsistently across different input types. Performance targets in Section 3 are tested thresholds, not operational guarantees.

(b) No guarantee of AI model availability: Third-party AI APIs (OpenAI, Anthropic, Google, etc.) may be temporarily unavailable, change their pricing, deprecate model versions, alter output behavior through model updates, or terminate their services. The Agency is not responsible for any such changes. Model version pinning will be implemented where technically possible, but providers may force updates.

(c) Human review required for high-stakes decisions: The delivered system is a decision-support tool. For any decision that could materially affect a person's legal rights, financial standing, health, or safety, the Client must implement human review before acting on AI outputs. Sole reliance on AI outputs for high-stakes decisions without human oversight is prohibited and releases the Agency from any resulting liability.

(d) No legal compliance opinion: The system is built to the Client's stated requirements. The Agency does not confirm that the system, as deployed by the Client, complies with any specific legal framework (EU AI Act, GDPR automated decision-making provisions, sector regulations, etc.).

(e) Prompt injection risk: Systems that process free-form user inputs (e.g., customer chatbots) are inherently susceptible to prompt injection attacks. The Agency will implement reasonable mitigations during development, but cannot guarantee that all injection attempts will be blocked. The Client accepts this residual risk.

(f) Performance degradation over time: AI system performance may degrade over time as real-world inputs diverge from the test dataset, as third-party AI models are updated, or as the Client's business data changes. Ongoing monitoring and optimization (available through an Automation Retainer) is recommended.

(g) Data bias: AI outputs may reflect biases present in historical data used for configuration or testing. The Client is responsible for auditing system outputs for bias and taking corrective action, particularly for systems that affect individuals in consequential ways.

(h) Platform dependency risk: If a third-party platform integrated into the system (CRM, email, communication tool) changes its API, discontinues a feature, or becomes unavailable, the automation may break. Such issues are outside the scope of this Contract and require a paid Change Order.

9. Limitation of Liability

THE AGENCY'S TOTAL LIABILITY UNDER THIS CONTRACT SHALL NOT EXCEED THE TOTAL FEES PAID BY THE CLIENT IN THE THREE (3) MONTHS PRIOR TO THE CLAIM. THE AGENCY IS NOT LIABLE FOR ANY CONSEQUENTIAL, INDIRECT, OR PUNITIVE DAMAGES, INCLUDING — WITHOUT LIMITATION — LOSSES ARISING FROM INACCURATE AI OUTPUTS, AUTOMATED BUSINESS DECISIONS, THIRD-PARTY API FAILURES, OR DATA BREACHES CAUSED BY THIRD-PARTY PLATFORM VULNERABILITIES.

10. Indemnification, Confidentiality, Termination, Dispute Resolution, Force Majeure, Governing Law & General Provisions

These sections apply equivalently as described in Sections 8–16 of the Web Design & Development Contract (WBL-CTR-WEB-v1.0), with the following additions:

Abandonment (AI-specific): If the Client's data structures, business processes, or third-party systems change materially during development in a way not communicated to the Agency, and this causes significant rework, the Agency may issue a Change Order for the additional time required.

Governing Law: [Province/State, Country]

Signatures

Webility LLC

Signature: ___________________________ Date: _______________ Name / Title: ___________________________

[CLIENT LEGAL NAME]

Signature: ___________________________ Date: _______________ Name / Title: ___________________________

Schedule A — Data Processing Agreement (if required)

Attach a DPA as Schedule A when this Contract involves processing of personal data subject to GDPR, PIPEDA, or equivalent law.

Contact privacy@webility.local for a standard DPA template.

Webility — WBL-CTR-AI-[ID]-v1.0 | This Contract contains important AI-specific limitations. Read fully before signing.