These Terms and Conditions ("Terms") govern the provision of consultancy services by Michael MacDonald, trading as Brains Before Bots ("Brains Before Bots", "I", "me", "my"), to clients engaging Shadow AI Governance services.

Important: I operate as a sole trader, not a limited company. This means I have personal unlimited liability for all contractual obligations. Please read these Terms carefully before engaging my services.

In these Terms, the following words have the following meanings:

"Client" means the business, organisation, or sole trader engaging my services for business purposes. These Terms are for business-to-business (B2B) engagements only. By engaging my services, you confirm that you are purchasing for trade, business, craft, or profession purposes and not as a consumer. If you are purchasing as a consumer (for personal, household, or family purposes), different terms may apply under UK consumer protection law. Please contact me at hello@brainsb4bots.com before proceeding if you are not purchasing for business purposes.

"Services" means the Shadow AI Governance consultancy services I provide, including:
- Shadow AI Audit (£500)
- Governance-Ready Pilot Blueprint (£3,500)
- Momentum Advisory Retainer (£2,500/month)

"Agreement" means the contract formed between the Client and me when the Client accepts a proposal or purchases services

"Deliverables" means the specific outputs defined in the service description or proposal

"Confidential Information" means all non-public information disclosed by either party

"Intellectual Property" means patents, rights to inventions, copyright and related rights, trademarks, business names, domain names, rights in get-up, goodwill, rights to sue for passing off, rights in designs, rights in computer software, database rights, rights to preserve confidentiality of information, and any other intellectual property rights

"Working Day" means Monday to Friday, excluding UK public holidays

References to "writing" or "written" include email. Headings are for convenience only and do not affect interpretation.

Duration: 2 weeks from initial discovery call

Deliverable: PDF audit report delivered via email

Limitations: This is an assessment service, not implementation. Recommendations provided do not constitute legal advice.

Duration: 4 weeks from project kickoff

Duration: Month-to-month, subject to 30 days' notice for termination

Engagement Expectations: Approximately 10-12 hours of advisory time per month on average, with flexibility for urgent needs

Retainer Fee: £2,500 per month, billed monthly in advance

An Agreement is formed when:
- The Client accepts a written proposal from me, or
- The Client pays for services (for fixed-price offerings like the Shadow AI Audit), or
- Both parties sign a Statement of Work

All proposals and quotations are valid for 30 days from the date of issue unless otherwise stated. Prices are subject to change after this period.

I reserve the right to decline any engagement at my discretion, particularly where:
- There is a conflict of interest with existing clients
- The requested services fall outside my areas of expertise
- I do not believe I can deliver value to the Client

Current service pricing:
- Shadow AI Audit: £500 (fixed price)
- Governance-Ready Pilot Blueprint: £3,500 (fixed price)
- Momentum Advisory Retainer: £2,500 per month

All prices are inclusive of all applicable taxes. As a sole trader currently pre-revenue, I am not VAT registered. If I become VAT registered in the future, I will provide 30 days' notice and VAT will be added to the stated fees.

Shadow AI Audit:
- Full payment required before service commencement
- Payment via bank transfer (BACS), Stripe payment link, or other methods agreed in writing
- Payment details will be provided on each invoice

Governance-Ready Pilot Blueprint:
- 50% deposit required to commence project
- 50% balance due upon completion of deliverables

Momentum Advisory Retainer:
- Billed monthly in advance on the 1st of each month
- Payment due within 7 days of invoice date
- First month pro-rated if engagement starts mid-month

Late payments will incur interest at 8% above the Bank of England base rate per annum (the statutory rate under the Late Payment of Commercial Debts (Interest) Act 1998), calculated daily from the due date until payment is received. Additionally, I may claim fixed compensation for debt recovery costs as permitted by law.

The quoted fees include normal business expenses (video calls, email, standard cloud tool usage). Any extraordinary expenses (e.g., travel to Client premises if requested) will be agreed in advance and billed at cost plus 10% administration fee.

For ongoing Retainer engagements, I may increase fees on 60 days' written notice. The Client may terminate the Retainer if they do not accept the increase.

The Client agrees to:
- Provide accurate and complete information necessary for service delivery
- Grant timely access to relevant personnel for interviews and workshops
- Respond to requests for feedback or approvals within agreed timelines (typically 5 Working Days)

The Client representative engaging my services warrants that they have authority to do so on behalf of their organization.

For the Shadow AI Audit and Governance-Ready Pilot Blueprint, I provide recommendations and frameworks. The Client is responsible for:
- Implementation of recommendations
- Ongoing compliance monitoring
- Adaptation of frameworks to their specific circumstances
- Legal review of any policies before formal adoption

My services constitute professional consultancy, not legal advice.

I retain all rights to:

Upon full payment, the Client receives a non-exclusive, perpetual license to use Deliverables created specifically for them, including:

Restrictions: The Client may not:

The Client retains all rights to information, documents, and materials they provide to me. The Client grants me a license to use these materials solely for delivering the Services.

I may use generalised learnings from Client engagements to improve my services and develop thought leadership content, provided that:

Both parties agree to:
- Keep all Confidential Information strictly confidential
- Use Confidential Information only for the purposes of the Agreement
- Not disclose Confidential Information to third parties without prior written consent
- Protect Confidential Information with the same degree of care as their own confidential information

Confidentiality obligations do not apply to information that:
- Is or becomes publicly available through no breach of this Agreement
- Was already known to the receiving party before disclosure
- Is independently developed without use of Confidential Information
- Must be disclosed by law or court order (with advance notice to the disclosing party where legally possible)

Upon termination or request, each party will return or destroy all Confidential Information belonging to the other party.

Confidentiality obligations survive termination of the Agreement for 5 years.

Both parties will comply with UK GDPR and the Data Protection Act 2018 in relation to any personal data processed under this Agreement.

Where I process personal data on behalf of the Client, the Client is the data controller and I am the data processor. A separate Data Processing Agreement (DPA) will be executed if required.

I will process Client data in accordance with my Privacy Policy (available at www.brainsb4bots.com/privacy-policy) and applicable data protection laws.

This section applies when I process personal data on behalf of the Client during service delivery. This typically occurs during:

In these situations:
- The Client acts as the data controller (determines purposes and means of processing)
- I act as the data processor (processes data on behalf of the Client)
- UK GDPR Article 28 requires specific contractual terms between controller and processor

When acting as data processor, I will:

The Client authorises use of the following sub-processors for service delivery:

I will notify the Client at least 14 days before engaging any additional sub-processors, giving the Client opportunity to object on reasonable grounds. All sub-processors are bound by equivalent data protection obligations.

If I transfer Client personal data outside the UK (for example, using tools with US-based infrastructure), I will:

For clients requiring comprehensive Data Processing Agreement documentation, I will provide a standalone DPA upon request. This will include:

The provisions in this Section 9 constitute the minimum contractual terms required by UK GDPR Article 28 for controller-processor relationships. They form part of these Terms and Conditions for all applicable engagements.

If the Client is itself acting as a processor for its own clients (end controllers), the Client must ensure it has appropriate authorization from those end controllers to engage me as a sub-processor. The Client remains responsible for compliance with UK GDPR in its relationship with end controllers.

Important: As a sole trader, I have unlimited personal liability. Unlike a limited company, there is no legal separation between my business and personal assets. This means my liability for claims is not capped at a corporate asset level.

However, to make my services commercially viable while protecting both parties, the following liability limitations apply within the bounds permitted by law:

Nothing in these Terms excludes or limits my liability for:

Subject to clause 10.2, my total aggregate liability for all claims arising from or in connection with the Services, whether in contract, tort (including negligence), breach of statutory duty, or otherwise, shall not exceed:

I shall not be liable for:

The limitations in this clause reflect a reasonable allocation of risk between the parties, taking into account:

The Client acknowledges that:

Current Status: As a pre-revenue business, I do not currently hold professional indemnity insurance. I intend to obtain appropriate professional indemnity insurance before commencing paid client engagements.

For Prospective Clients: If you require evidence of insurance coverage before engaging my services, I will obtain appropriate coverage and provide certification before commencing work. This is particularly important for higher-value engagements (Pilot Blueprint and Retainer services).

Note: The limitation of liability provisions in Section 10 remain in effect regardless of insurance status, as they reflect the contractual allocation of risk between parties.

I warrant that:

The Client warrants that:

No Guarantees: I provide professional consultancy services based on my knowledge and experience. I do not guarantee:

Not Legal Advice: My Services constitute business consultancy, not legal advice. The Client should seek independent legal counsel for:

The Agreement continues until completion of Deliverables or earlier termination in accordance with these Terms.

The Retainer continues on a month-to-month basis until terminated by either party.

I may terminate immediately by written notice if:

On termination:

If termination occurs mid-project (Pilot Blueprint):

Neither party shall be liable for failure or delay in performing obligations due to circumstances beyond reasonable control, including but not limited to:

Cancellation: Either party may cancel on 30 days' notice. No refund for the current month, as billed in advance. Unused time does not roll over.

If a dispute arises, the parties will first attempt to resolve it through good faith negotiation. Either party may request a meeting (in person or via video call) to discuss the dispute.

If negotiation does not resolve the dispute within 30 days, the parties agree to attempt mediation before pursuing litigation. Mediation will be conducted by a mediator agreed by both parties, or failing agreement, appointed by the Centre for Effective Dispute Resolution (CEDR).

These Terms and any Agreement formed under them are governed by the laws of England and Wales.

The courts of England and Wales have exclusive jurisdiction to settle any dispute or claim arising from or in connection with these Terms or their subject matter.

These Terms, together with any proposal, Statement of Work, or order confirmation, constitute the entire agreement between the parties and supersede all previous agreements, understandings, and representations.

No variation of these Terms is valid unless in writing and signed by both parties. I may update these Terms for future engagements by posting updated Terms on my website with a new "Last Updated" date.

The Client may not assign or transfer their rights or obligations without my prior written consent. I may assign my rights and obligations with 30 days' notice to the Client (e.g., if I incorporate my business or transfer it to a successor).

Nothing in these Terms creates a partnership, joint venture, agency, or employment relationship between the parties.

If any provision of these Terms is held to be invalid or unenforceable, the remaining provisions will remain in full effect. The invalid provision will be replaced with a valid provision that achieves the original intent.

Failure to enforce any right under these Terms does not constitute a waiver of that right.

No third party has any right to enforce these Terms under the Contracts (Rights of Third Parties) Act 1999.

Notices must be in writing and sent to the addresses at the beginning of these Terms. Email constitutes valid written notice. Notices are deemed received:

The Client acknowledges that:

As a sole trader, my ability to provide Services depends on my personal availability. I will:

In the event of my death or incapacity:

If I incorporate my business or transfer it to a successor entity, I will provide 60 days' notice. The Client may choose to: