Legal

Terms & Conditions

Last updated: 10 May 2026 Effective date: 10 May 2026 Version: 1.0

These Terms and Conditions ("Terms") govern your access to and use of the website at llm-machines.com and any related pages, content, downloads, demos, and contact channels operated by LLM Machine d.o.o. ("LLM Machine", "we", "us", or "our"), a limited liability company incorporated in the Republic of Croatia.

If you order hardware or subscribe to our managed service, those engagements are governed by a separate signed Master Service Agreement ("MSA"), Order Form, and — where personal data is processed on your behalf — a Data Processing Agreement ("DPA"). In the event of a conflict, the MSA prevails over these Terms.

By accessing the website or otherwise interacting with us, you acknowledge that you have read, understood, and agreed to these Terms. If you do not agree, please do not use the website.

1. Who we are

Legal name: LLM Machine d.o.o. Registered seat: Republic of Croatia Website: llm-machines.com General contact: hello@llm-machines.com Privacy contact: privacy@llm-machines.com Security and incident contact: security@llm-machines.com

LLM Machine designs, sells, deploys, and operates sovereign on-premise AI appliances and a managed service for European enterprises that need to run AI workloads — chat, retrieval-augmented generation, agents, and code assistance — entirely inside their own perimeter or inside an EU-based data centre operated under European law.

2. Definitions

"Appliance" means the GPU server hardware (built on enterprise-grade Supermicro components from certified partners) sold or supplied to the Customer, together with the pre-integrated software stack installed on it.

"Customer" means the legal entity that has signed an MSA and Order Form with us.

"End User" means an individual authorised by the Customer to use the Appliance (e.g. employees, contractors).

"Service" means the managed service provided under the monthly retainer, including support, updates, monitoring, and the activities described in our Day-1 Onboarding playbook.

"Software Stack" means the open-source components pre-integrated on the Appliance, including but not limited to LiteLLM, Open WebUI, AnythingLLM, Continue/Cline, OpenClaw, SGLang, and Microsoft Presidio, together with our certified configuration, integrations, and management layer.

"Deployment Modes" means the two physical configurations offered: (a) On-Premise, where the Appliance is installed at the Customer's own site or data centre; and (b) Hosted, where the Appliance is racked in our Croatian data centre while remaining the property of the Customer.

"Tier 1 / Tier 2 / Tier 3" has the meaning given in the Day-1 Onboarding playbook attached to the MSA.

3. Use of the website

You may use the website to learn about our offering, request a demo, contact us, and download materials we have made publicly available. You agree to use the website only for lawful purposes and in a manner that does not infringe the rights of, restrict, or inhibit anyone else's use of the website.

You must not:

  • attempt to gain unauthorised access to the website, the servers on which it is hosted, or any connected database;
  • introduce malicious code or attempt to disrupt the website's operation;
  • scrape, harvest, or extract data using automated means in a manner that exceeds reasonable use;
  • use the website or any materials downloaded from it to develop a product or service that competes with LLM Machine.

We reserve the right to suspend access to the website at any time, with or without notice, for maintenance, security, or any other operational reason.

4. Our offering

LLM Machine sells and operates AI appliances and an associated managed service. The commercial structure is summarised below; the binding details are contained in the MSA and Order Form for each Customer.

Hardware. We procure enterprise-grade Supermicro hardware from certified partners and supply it to the Customer. Title to the hardware passes to the Customer on full payment, in both Deployment Modes. For our first cohort of clients we drop-ship hardware at supplier cost (zero hardware margin); from a defined client number onward we apply a hardware margin disclosed in the Order Form. Quotes are produced individually based on production size; we do not publish a price list.

Software Stack. The Software Stack consists of open-source components, each governed by its own upstream licence (typically Apache 2.0, MIT, or similar permissive licences). A current list of components and their licences is available on request and is referenced in the MSA. We do not claim ownership of upstream open-source code; we do retain ownership of our configuration, packaging, integration layer, signed manifests, deployment automation, and the operational playbooks.

Service Retainer. The monthly service retainer covers the activities defined in the MSA, including remote support, software updates, monitoring, security patches, and the structured support tier model described in the Day-1 Onboarding playbook.

Deployment Modes. Both Deployment Modes keep the Customer as the legal owner of the hardware. Both encrypt all data at rest and in transit. The only difference is physical location of the Appliance. The Customer chooses the Deployment Mode in the Order Form.

5. Orders and engagement

The standard engagement path is:

  1. Discovery. We hold introductory calls to understand the use case, integrations, and constraints.
  2. Quote and Order Form. We issue a written quote and Order Form sized to the production deployment.
  3. MSA and DPA execution. Both documents are signed before any hardware ship date or any access to Customer data.
  4. Pre-flight. We complete the discovery questionnaire and pre-flight checklist set out in the Day-1 Onboarding playbook. Sign-off in writing is required before shipment.
  5. Deployment. We perform the phased deployment described in the Day-1 Onboarding playbook (hardware delivery, first boot and licensing, network and identity federation, inference and app stack, connector configuration, validation, training, handoff).
  6. 30-day check-in. A scheduled review of usage and adoption.

No order is binding on us until both parties have signed the Order Form and MSA.

6. Customer responsibilities

The Customer is responsible for:

  • providing accurate information in the discovery questionnaire and pre-flight checklist;
  • making the physical site, power, network, and identity-provider preconditions ready in accordance with our published specifications;
  • maintaining a designated IT contact and an authorised administrator;
  • managing End Users, including provisioning, deprovisioning, and access controls within the Customer's identity provider;
  • using the Appliance only for lawful purposes and in compliance with applicable laws (including the EU AI Act, GDPR, NIS2 transposition law, and the Data Act);
  • not deploying components classified as Tier 3 (Customer-built code, custom connectors, custom apps) in a manner that compromises the Tier 1 / Tier 2 components, and accepting the support boundary set out in the tier model;
  • ensuring End Users comply with the acceptable use restrictions set out in Section 7.

7. Acceptable use

The Customer and its End Users must not use the Appliance, the Software Stack, or any output produced by the system to:

  • engage in any practice prohibited under Article 5 of Regulation (EU) 2024/1689 (the EU AI Act), including but not limited to deploying AI systems that use subliminal techniques, exploit vulnerabilities of specific groups, perform untargeted scraping of facial images for facial-recognition databases, or social score natural persons;
  • generate or disseminate content depicting child sexual abuse material;
  • create non-consensual intimate imagery of real persons;
  • infringe intellectual property rights, including by reproducing copyrighted works without authorisation;
  • breach any applicable law concerning privacy, data protection, sanctions, or export controls;
  • compromise the security, integrity, or availability of any third-party system or network;
  • mislead End Users into believing they are interacting with a human when they are interacting with an AI system, except where such interaction is obvious from the context.

The Customer is responsible for the lawful classification of any AI system it deploys on the Appliance under the EU AI Act, and for any conformity-assessment, registration, transparency, and human-oversight obligations that apply where the deployed system is high-risk under Annex III of the AI Act. We provide the technical platform and reasonable assistance; we are not the provider of the deployed AI system in the sense of Article 3(3) of the AI Act unless explicitly stated in writing.

We may suspend the Service in the event of a material breach of this Section 7 that we cannot reasonably resolve through notice and a cure period.

8. AI-generated outputs

Outputs generated by the AI models running on the Appliance are produced by statistical models and may contain inaccuracies, omissions, or content that is offensive, biased, or otherwise problematic. Outputs are not legal, medical, financial, or professional advice. The Customer is solely responsible for reviewing outputs before relying on them and for the consequences of any decision taken on the basis of an output. Where the Customer deploys the Appliance in a workflow that affects End Users or third parties, the Customer must implement appropriate human oversight, transparency notices, and review procedures.

We do not warrant that outputs are accurate, complete, fit for any specific purpose, free of bias, or non-infringing.

9. Data, privacy, and security

Our processing of personal data is described in our Privacy Policy. Where we process personal data on behalf of the Customer in the course of providing the Service, we act as a processor within the meaning of Article 4(8) of the GDPR and that processing is governed by the DPA. The Customer remains the controller of its End User and business data.

We commit to:

  • hosting and processing all Customer data inside the European Economic Area;
  • never transferring Customer data to a third country without a lawful transfer mechanism under Articles 44–49 of the GDPR and a documented Transfer Impact Assessment;
  • implementing technical and organisational security measures aligned with Article 32 of the GDPR and Article 21 of the NIS2 Directive (as transposed in Croatia), including encryption at rest and in transit, multi-factor authentication, centralised logging, vulnerability management, and a documented incident-response runbook;
  • notifying the Customer without undue delay, and in any event within 24 hours of becoming aware, of any personal-data breach affecting the Customer's data, in line with our obligations under the GDPR and the NIS2 incident-notification regime.

10. Open-source components and licences

The Software Stack incorporates third-party open-source components, each governed by its own licence. The Customer's right to use those components flows from the upstream licences; nothing in these Terms or the MSA grants the Customer broader rights or warranties in respect of upstream components than the Customer would have under the relevant upstream licence. We provide a current Software Bill of Materials (SBOM) on request and on every minor release.

11. Fees and payment

Fees, payment terms, currency, and invoicing arrangements are set out in the Order Form. Unless agreed otherwise in writing, invoices are issued monthly in advance for the Service Retainer and on shipment for hardware. Fees are exclusive of VAT, which is added at the rate applicable at the date of invoice. Late payment may result in suspension of non-critical Service activities after due notice; we will not suspend security patches or incident response for unpaid invoices.

12. Term, termination, and switching

The term, renewal, and termination provisions are set out in the MSA and Order Form. In addition, and consistent with our obligations under Regulation (EU) 2023/2854 (the Data Act), Chapter VIII:

  • the Customer may at any time exercise its right to switch to another data-processing service provider, subject to a maximum transition period of 30 days following written notice (or such shorter period as the Customer reasonably specifies), with a maximum mandatory transition period of six months;
  • on termination, we will provide reasonable switching assistance and a structured export of the Customer's data and configuration in machine-readable form;
  • as of 12 January 2027, no switching charges will be applied to outgoing data transfers, in line with Article 29(1) of the Data Act. Until that date, any reduced switching charges are disclosed in the Order Form;
  • the Customer's right to receive its data in a portable form is in addition to its rights under Article 20 of the GDPR.

On termination, the Customer retains ownership of the hardware in both Deployment Modes. For Hosted deployments, the Customer arranges collection of the Appliance, or pays a documented decommissioning and shipping fee.

13. Warranties

We warrant that:

  • the Service will be performed with reasonable care and skill, in line with industry practice for managed AI infrastructure;
  • the Software Stack, as integrated by us, will materially conform to the description in the Order Form and the Day-1 Onboarding playbook for the duration of the Service term;
  • hardware sold under the Order Form is covered by the manufacturer warranty as published by the relevant supplier; we pass through that warranty to the Customer to the maximum extent permitted by the supplier's terms.

Except as expressly stated in these Terms, the MSA, or the Order Form, and to the maximum extent permitted by law, all other warranties (express, implied, statutory, or otherwise), including warranties of merchantability, fitness for a particular purpose, non-infringement, and accuracy of AI-generated outputs, are disclaimed.

14. Limitation of liability

To the maximum extent permitted by applicable law:

  • neither party shall be liable for indirect, incidental, special, consequential, or punitive damages, or for loss of profits, revenue, goodwill, anticipated savings, or business opportunity;
  • our aggregate liability arising out of or in connection with these Terms, the MSA, or the Order Form, whether in contract, tort (including negligence), under statute, or otherwise, shall not exceed the total fees paid by the Customer to us under the relevant Order Form in the 12 months immediately preceding the event giving rise to the claim.

Nothing in these Terms limits or excludes liability for: (a) death or personal injury caused by negligence; (b) fraud or fraudulent misrepresentation; (c) wilful misconduct; or (d) any other liability that cannot lawfully be limited or excluded.

15. Indemnification

Each party shall indemnify the other against third-party claims arising from its breach of Section 7 (Acceptable use), its breach of confidentiality obligations, or its infringement of third-party intellectual-property rights, subject to the indemnified party promptly notifying the indemnifying party in writing, granting reasonable cooperation, and not making any admission or settlement without prior written consent.

16. Confidentiality

Each party will treat the other's confidential information (including pricing, technical configurations, deployment details, security measures, and business plans) as confidential, will not disclose it to third parties without consent except to professional advisers or authorities under legal compulsion, and will not use it for any purpose other than performance of the engagement. The obligation survives termination for a period of five (5) years.

17. Force majeure

Neither party is liable for failure to perform any obligation (other than payment) caused by circumstances beyond its reasonable control, including natural disasters, war, terrorism, civil unrest, government action, prolonged power or telecommunications outages, or large-scale cyberattacks affecting national infrastructure.

18. Compliance with laws

Each party shall comply with all applicable laws in performing its obligations, including without limitation:

  • EU AI Act — Regulation (EU) 2024/1689;
  • GDPR — Regulation (EU) 2016/679 and Croatian implementing law;
  • NIS2 — Directive (EU) 2022/2555 as transposed in the Republic of Croatia;
  • Data Act — Regulation (EU) 2023/2854;
  • applicable export-control and sanctions regimes (including EU sanctions and, where relevant, US Export Administration Regulations covering hardware components).

The Customer warrants that it is not subject to applicable EU or UN sanctions and will not export or re-export the Appliance to a sanctioned destination or person.

19. Changes to these Terms

We may update these Terms from time to time. The "Last updated" date at the top of this document reflects the date of the most recent change. Material changes will be communicated to active Customers in writing. Continued use of the website after a change constitutes acceptance of the updated Terms.

20. Governing law and jurisdiction

These Terms are governed by the laws of the Republic of Croatia, without regard to conflict-of-laws principles. The competent court in Zagreb, Croatia, has exclusive jurisdiction over any dispute arising out of or in connection with these Terms, subject to mandatory consumer-protection rules where applicable.

EU customers retain all mandatory rights under EU consumer-protection law where they apply.

21. Contact

Questions about these Terms can be sent to:

LLM Machine d.o.o. Email (general): hello@llm-machines.com Email (privacy): privacy@llm-machines.com Email (security): security@llm-machines.com Website: llm-machines.com

These Terms are intended for business-to-business use. They do not constitute legal advice and should be reviewed by qualified Croatian counsel before publication.