1. OPERATIONAL FRAMEWORK FOR TRACKING AND IDENTIFICATION
1.1. Deployment of First-Party Technologies
1.1.1. Infrastructure Definition: Awardee Pty Ltd ("the Provider") utilizes a proprietary suite of tracking technologies, including HTTP cookies, local storage objects, and sophisticated server-side identification protocols (collectively, "Trackers").
1.1.2. Orchestration Model: These Trackers are deployed to facilitate the Provider’s "First-Party Orchestration" model, ensuring seamless service delivery and Signal Correlation across the Awardee ecosystem.
1.1.3. Tracking Over Time and Persistence: The End-User acknowledges that Trackers are utilized to monitor the usage of the Service over time and across multiple discrete visits. This temporal tracking is essential to maintain session continuity, enable the Analytical Inference Engine to retain context from prior interactions , and facilitate accurate Signal Correlation within the Secure Orchestration Environment. All longitudinal data captured via this method is subject to the Cyclical Data Minimization purge protocols.
1.2. The Secure Orchestration Environment and S2S Identifiers
1.2.1. Departure from Legacy Tracking: In departure from conventional third-party cookie reliance—which is subject to deprecation by browser vendors—the Provider prioritizes the use of Attribution Synchronization via S2S Protocols.
1.2.2. Secure Storage: All high-fidelity Pseudonymized Identifiers, including but not limited to event_id, fbp, and fbc, are orchestrated and stored within the Australia-based Secure Orchestration Environment.
1.2.3. Circumvention of Client-Side Limitations: By moving the tracking logic server-side, the Provider mitigates the loss of data integrity associated with Intelligent Tracking Prevention (ITP) and similar browser-level blocks, ensuring a higher match rate for Signal Correlation.
1.2.4. Pseudonymization via Hashing: All PII captured through these Trackers is subject to local SHA-256 salting and hashing within the Secure Orchestration Environment prior to any server-to-server transmission.
1.2.5. CAPI Deduplication and Signal Redundancy Disclaimer: The Platform Subscriber acknowledges that the Provider utilizes a "Dual-Signal" architecture, firing both browser-side Trackers and server-side Attribution Synchronization (S2S) to maximize data integrity. The Platform Subscriber agrees that the final deduplication of these redundant signals is performed by the third-party Partner's proprietary logic. The Provider disclaims all liability for discrepancies in conversion reporting, over-attribution, or under-attribution caused by the Partner's failure to correctly reconcile the event_id or other Pseudonymized Identifiers transmitted via the S2S Protocol.
1.2.6. Signal Loss and Attribution Deterioration Acknowledgement: The Platform Subscriber acknowledges that modern operating system (OS) restrictions, Intelligent Tracking Prevention (ITP), and browser-level blocks can result in a significant deterioration of traditional attribution signals, often exceeding 60%. The Platform Subscriber agrees that Attribution Synchronization via S2S Protocols within the Secure Orchestration Environment constitutes the only viable technical defense against such signal loss. Consequently, the Provider shall not be liable for reduced campaign performance or "blind spots" in reporting caused by these external ecosystem restrictions, consistent with the Infrastructure Separation logic.
1.3. Attribution Synchronization and the Intermediary Redirect Protocol
1.3.1. Technical Continuity: The End-User and Platform Subscriber acknowledge that the Provider utilizes Attribution Synchronization to maintain session continuity.
1.3.2. Initial Capture: Upon a physical Access Point engagement, an initial anonymized signal is captured in the Host Browser with a unique Pseudonymized Identifier (event_id).
1.3.3. App-to-App Handoff: If the End-User elects to transition to a third-party application (e.g., via ig.me links to Instagram), the Provider utilizes the Intermediary Redirect Protocol to fire a secondary signal with a matching event_id within the destination environment.
1.3.4. Identity Merging: This protocol allows the third-party platform to merge the anonymous web session signals with the End-User’s existing social profile within the third-party’s own ecosystem, without the Provider ever accessing or transferring raw PII.
1.3.5. Account Linking and Multimodal Synthesis: The End-User acknowledges that where they elect to perform an "Account Linking" action—authenticating their Awardee session with a third-party Partner account—the Analytical Inference Engine is authorized to synthesize data from both environments. This cross-environment synthesis is utilized strictly to generate high-fidelity personalized recommendations and Interaction Scores within the Secure Orchestration Environment. Such linked data remains subject to Cyclical Data Minimization and may be unlinked at any time via the OTP-Verified Privacy Management Portal.
1.3.6. Independently Linked Data Disclaimer: The End-User acknowledges that while the Provider utilizes Pseudonymized Identifiers to maintain "Zero PII Risk" within the Secure Orchestration Environment, third-party Partners may independently link these signals to other personal data they already hold within their own respective ecosystems. The End-User understands that such independent data reconciliation is governed solely by the Partner's privacy policy and is outside the technical and legal control of the Provider.
1.4. Liability and Platform Subscriber Responsibilities
1.4.1. Consent Prerequisite: The Platform Subscriber acknowledges that the activation of "Marketing & Audience Orchestration" Trackers is strictly contingent upon the End-User’s affirmative consent via the Provider’s Consent Manager.
1.4.2. Cross-Border Data Breaches: While the Provider implements robust security measures for the Secure Orchestration Environment, the Platform Subscriber agrees to indemnify the Provider against any claims arising from the Subscriber's unauthorized handling of data or breaches occurring within the Subscriber’s own third-party advertising accounts.
1.4.3. Regulatory Alignment: This clause is designed to comply with the Australian Privacy Act, GDPR, and CCPA/CPRA by ensuring "Privacy by Design" through Cyclical Data Minimization and advanced Pseudonymization.
1.4.4. Third-Party Analytics Control Disclaimer: The Platform Subscriber and End-User acknowledge that while the Provider orchestrates the delivery of technical signals, the Provider does not maintain "control" over the lifecycle, data-harvesting methods, or cookies set by external analytics software or third-party advertising scripts. Any third-party Trackers injected via Partner integrations are governed solely by the privacy policies of those external entities. The Provider disclaims all liability for the performance, security, or regulatory compliance of such external tracking technologies, consistent with the Infrastructure Separation logic.
1.5. Persistence and Purging
1.5.1. Cyclical Data Minimization: In accordance with the Provider’s data minimization policy, all behavioral signals and granular chat logs associated with these Trackers are subject to mandatory Cyclical Data Minimization (automated 30-day purge).
1.5.2. Statutory Compliance Archive: Consent Records, tied to the hashed identifier, will be retained in the Statutory Compliance Archive for a period of seven (7) years to satisfy audit requirements.
2. CLASSIFICATION AND SPECIFIC MODALITIES OF TRACKING TECHNOLOGIES
The Awardee Platform utilizes a tiered "Consent Manager" architecture (the "Accordion") to govern the activation of technical identifiers. The End-User’s granular selections within the Consent Manager shall strictly dictate the scope of data processing and Signal Correlation according to the following legal classifications:
2.1. Category I: Strictly Necessary Identifiers (Non-Excludable)
2.1.1. Essential Functionality: This category comprises trackers indispensable for the technical delivery of the Service, including system security, load balancing, and session persistence
2.1.2. Session and Contextual Logic: These include, but are not limited to, the session_id for maintaining dialogue continuity and the Access Point identifier (qr_id) for establishing the End-User’s precise physical Location.
2.1.3. AI State Retention: The End-User acknowledges that without these identifiers, the Analytical Inference Engine will be unable to retain context from prior queries or provide location-specific responses .
2.1.4. Operational Records: In the event the Analytical Inference Engine cannot resolve a query, the input is captured as an "Operational Record" for the Platform Subscriber’s manual review . These records are retained for service optimization and are explicitly excluded from marketing processing.
2.1.5. Non-Blocking Nature of Functional Trackers: The End-User acknowledges that selecting "Essentials Only" or opting out of "Personalized Experiences" within the Consent Manager does not block Trackers classified under Category I. These non-excludable identifiers are strictly utilized for technical security, load balancing, and the maintenance of the Secure Orchestration Environment. Any attempt by the End-User to manually block these functional identifiers via third-party browser extensions may result in a Major Failure of the Analytical Inference Engine or the inability to access Location-specific services.
2.2. Category II: Performance and Analytics ("Interaction Scoring")
2.2.1. Interaction Scoring: Subject to End-User consent, this category enables the Interaction Scoring engine to measure engagement depth, sentiment, and intent signals.
2.2.2. De-identification Protocols: Data processed under this category is Pseudonymized within the Secure Orchestration Environment . It is utilized to provide the Platform Subscriber with aggregated insights into product popularity and service efficacy.
2.2.3. Platform-Specific Limitation: Analytics data captured under this classification remains within the Awardee infrastructure and is not transmitted to external advertising third-parties.
2.2.4. Association of Partial Data and Interaction Continuity: The End-User acknowledges that the Provider may associate data captured via Trackers with other information provided during a session, such as a partially completed order or an unresolved inquiry. This association is performed within the Secure Orchestration Environment to ensure the delivery of relevant communications and to facilitate the recovery of interrupted interactions. Such associations are temporary and remain subject to the Cyclical Data Minimization automated 30-day purge.
2.3. Category III: Marketing and Audience Orchestration ("Attribution Synchronization")
2.3.1. S2S Integration: Activation of this category facilitates the "First-Party Orchestrator" model, utilizing the Secure Orchestration Environment to synchronize signals with third-party AdTech Partners via S2S Protocols .
2.3.2. Cryptographic Pseudonymization: All PII is subjected to local SHA-256 salting and hashing prior to transmission. This ensures the transmission of "Anonymous Audience Segments" rather than raw, reversible data .
2.3.3. Attribution Synchronization: This process involves an Intermediary Redirect Protocol ("Bridge Page") transition where session identifiers (e.g., event_id) are synced via API . This allows the Platform Subscriber’s Partners to identify high-intent visits and deliver relevant promotional material on external social media platforms .
2.3.4. Google Consent Mode v3: The platform strictly adheres to Google Consent Mode v3. If a "Personalized Experience" is declined, the system defaults to "Essentials Only," ensuring no behavioral signals are shared and any technical logs are redacted.
2.4. Allocation of Risk and Liability
2.4.1. Subscriber Warranty of Accuracy: The Platform Subscriber warrants that all Source Material provided for the purpose of these interactions is accurate and possesses the necessary Intellectual Property licenses.
2.4.2. Indemnification for Analytical Artifacts: The Platform Subscriber agrees to indemnify Awardee Pty Ltd against any third-party claims arising from Analytical Artifacts (hallucinations) or misinformation regarding health, safety, or allergens, where such information was derived from the Subscriber’s provided Source Material.
2.4.3. Metadata Liability: While the Platform provides automated metadata stripping (EXIF/GPS), the Platform Subscriber remains liable for ensuring that no sensitive PII or metadata is contained within images or files uploaded by their employees to the Source Material.
2.4.4. Right to be Forgotten: The End-User may trigger a total wipe of all PII and Pseudonymized Identifiers across the entire Awardee ecosystem via the OTP-Verified Privacy Management Portal.
2.4.5. Scope of Opt-Out and Attribution Persistence: The End-User acknowledges that consent preferences and opt-out selections are technically stored within the specific Host Browser or local storage of the device used at the time of the interaction. Consequently, these selections do not automatically persist across different browsers, devices, or incognito sessions. To ensure a consistent "Essentials Only" state across the entire Awardee Ecosystem, the End-User must repeat their preferred selections on each unique device or browser used to access an Access Point or help page.
3. GOOGLE CONSENT MODE V3 AND TECHNICAL REDACTION PROTOCOLS
3.1. Implementation of Consent Mode v3
3.1.1. Technical Framework: The Provider utilizes Google Consent Mode v3 as its primary technical framework for governing the communication of End-User consent states to third-party sub-processors.
3.1.2. Real-Time Adjustment: This framework ensures that the activation of data-gathering tags and pixels is dynamically adjusted in real-time based on the End-User's explicit selections within the "Accordion" Consent Manager.
3.2. The "Personalized Experience" Opt-In (Attribution Synchronization)
3.2.1. Authorization of Signal Synchronization: Upon the End-User's affirmative selection of the "Personalized Experience" category, the Provider is authorized to initiate Attribution Synchronization via the S2S Protocol.
3.2.2. Hashed Signal Transmission: The Platform shall synchronize SHA-256 hashed identifiers with Partners (specifically Meta and Google) to facilitate remarketing and audience measurement.
3.2.3. Transition Liability: The End-User and Platform Subscriber acknowledge that upon clicking through an Intermediary Redirect Protocol ("Bridge Page") to an external application, the Provider’s liability for data processing terminates as the session enters the third-party’s exclusive ecosystem.
3.3. The "Essentials Only" Mode (Non-Consent State)
3.3.1. Negative Signal Default: In the event an End-User declines the "Personalized Experience" or fails to provide affirmative consent, the Platform shall automatically default to "Essentials Only" mode.
3.3.2. Prohibition of Behavioral Sharing: In this state, the Provider strictly prohibits the transmission of behavioral signals, interest-based metadata, or Signal Correlation pings to third-party advertising platforms.
3.3.3. Technical Logging and Redaction: Any data transmitted for necessary technical logging or security purposes shall be strictly redacted to ensure no PII or fingerprintable identifiers are leaked to external vendors.
3.3.4. Technical Redaction of Security Logs: The End-User acknowledges that for the purposes of system integrity and DDoS prevention, certain technical logs are retained within the Secure Orchestration Environment regardless of the consent state. However, the Provider warrants that such logs are subject to a Strict Redaction Protocol, ensuring that network-level identifiers are truncated or hashed to prevent their use for Signal Correlation, audience profiling, or cross-site tracking. These redacted logs are utilized exclusively for security diagnostics and are automatically purged in accordance with the Cyclical Data Minimization schedule.
3.4. Allocation of Risk and "What-If" Contingencies
3.4.1. Misconfiguration Liability: The Provider maintains responsibility for the technical integrity of the Consent Mode v3 implementation within the Awardee infrastructure.
3.4.2. Subscriber Shadow-Script Liability: The Platform Subscriber assumes all liability for any "shadow" pixels or third-party scripts they may independently attempt to inject outside of the Provider’s sanctioned orchestration layer.
3.4.3. Cross-Border Data Breaches: The Platform Subscriber acknowledges that while the Secure Orchestration Environment resides in Australia, third-party platforms may process data in various jurisdictions . The Provider’s liability is limited to the provision of Standard Contractual Clauses (SCCs) and the secure transmission of hashed data only.
3.4.4. Critical Safety Override: Regardless of consent state, the Analytical Inference Engine remains governed by the Critical Safety Override. The Platform Subscriber (as Primary Publisher) remains solely liable for Analytical Artifacts (hallucinations) derived from their specific Source Material.
3.4.5. Cyclical Data Minimization: To minimize risk, the Provider implements an automated 30-day purge of all behavioral signals and detailed chat logs, maintaining only the hashed Consent Record within the Statutory Compliance Archive for seven (7) years .
4. WEBSITE AND ANALYTICAL INFERENCE ENGINE DISCLAIMER
4.1. Nature of Service and General Information Non-Reliance
4.1.1. Informational Purpose: The End-User and Platform Subscriber acknowledge and agree that all content, outputs, and responses generated by the Platform, including the Analytical Inference Engine, are provided for general informational purposes only.
4.1.2. Technical Status: Awardee Pty Ltd ("the Provider") operates strictly as a software-as-a-service (SaaS) technology provider and not as a professional services firm, consultancy, or medical practitioner.
4.1.3. Professional Advice Exclusion: No information provided via the Platform—whether sourced from Source Material or generated by the underlying Large Language Models (LLMs)—shall be construed as legal, financial, medical, health, or professional advice .
4.2. Exclusion of Professional Liability and Analytical Artifacts
4.2.1. Technical Limitations: The End-User and Platform Subscriber acknowledge the inherent technical limitations of generative technology, including the risk of Analytical Artifacts (hallucinations), wherein the system may generate factually incorrect or logically inconsistent information.
4.2.2. Limitation of Liability: To the maximum extent permitted by the Australian Consumer Law (ACL), the Provider disclaims all liability for any loss, damage, or injury arising from:
(a) Any inaccuracies, omissions, or Analytical Artifacts contained within generated outputs.
(b) The reliance on said outputs for any decision-making process by any End-User.
(c) Any failure of the system to reflect real-time updates to the Source Material, such as pricing or availability.
4.3. Health, Safety, and Allergen Verification (The "Critical Safety Override")
4.3.1. Strict Non-Reliance: The Analytical Inference Engine is not a qualified safety or medical diagnostic tool .
4.3.2. Mandatory Manual Verification Requirement: In all scenarios involving health-critical or safety-critical information—including food allergens, dietary requirements, or emergency procedures—the End-User is strictly required to verify the accuracy of the information with a human representative of the Location.
4.3.3. Immutable Safety Gate: The Provider implements the Critical Safety Override, utilizing a hardware-level prompt hierarchy designed to ensure Platform Subscriber-appended data cannot override safety refusals for emergency, medical, or high-risk queries.
4.4. Allocation of Risk and Subscriber Indemnity
4.4.1. Subscriber as Primary Publisher: As the Primary Publisher for location-specific information, the Platform Subscriber remains the final authority and publisher of all Source Material.
4.4.2. Indemnity for Inaccurate Data: The Platform Subscriber shall indemnify, defend, and hold harmless the Provider against any third-party claims or legal costs arising from:
(a) Inaccurate, misleading, or deceptive information provided by the Platform Subscriber or their Partners within the Source Material.
(b) Any failure by the Platform Subscriber to Execute Content Certification and audit the system's responses.
4.4.3. Financial Ceiling: Any liability found on the part of the Provider in relation to AI outputs shall be limited to the total fees paid by the Platform Subscriber in the twelve (12) months preceding the claim, in accordance with the Master Terms.
5. ANALYTICAL INFERENCE ENGINE ACCURACY, RELIABILITY, AND LIMITATION OF LIABILITY
5.1. Nature of AI-Generated Content and Non-Binding Status
5.1.1. Synthesis Framework: The End-User and Platform Subscriber acknowledge and agree that the Platform utilizes the Analytical Inference Engine to synthesize Source Material provided by the Platform Subscriber and its Partners .
5.1.2. Provision Standard: All outputs, responses, or summaries generated by the Analytical Inference Engine are provided on an "as-is" and "as-available" basis for general informational purposes only.
5.1.3. Processing Scope: The Analytical Inference Engine operates by processing Source Material, including but not limited to menus, price lists, and operational documentation, to provide automated question-and-answer services.
5.2. Disclaimer of Accuracy and the Risk of "Analytical Artifacts"
5.2.1. Inherent Limitations: While the Provider employs commercially reasonable efforts to ensure high-fidelity outputs, the Platform Subscriber expressly acknowledges that responses may be subject to Analytical Artifacts (hallucinations)—the generation of information that appears plausible but is fundamentally incorrect.
5.2.2. Performance Disclaimer: The Provider makes no representation or warranty that the Analytical Inference Engine will meet specific performance criteria or be free from errors or technical discrepancies.
5.2.3. Independent Decision-Making: The Provider and its Partners shall not be held liable for any commercial, legal, or personal decisions made in reliance on content produced by the Analytical Inference Engine.
5.3. Safety-Critical Information and "Manual Verification Protocol"
5.3.1. Strict Non-Reliance for Safety: End-Users are strictly prohibited from relying on the Analytical Inference Engine for health-critical, safety-critical, or emergency-related information.
5.3.2. Allergen and Dietary Warning: Specific queries regarding food allergens or dietary requirements must be verified directly with on-site human staff via the Manual Verification Protocol.
5.3.3. Statutory Protection: To the maximum extent permitted by the Australian Consumer Law (ACL), the Provider disclaims all liability for physical harm or medical incidents resulting from a failure to perform human-in-the-loop verification.
5.4. Allocation of Liability and Subscriber "Content Certification"
5.4.1. Primary Publisher Status: The Platform Subscriber acknowledges that it is the "Primary Publisher" of the Source Material; the Provider acts solely as a "Technical Host" and Neutral Pipe .
5.4.2. Mandatory Content Audit: It is a fundamental condition of the Service that the Platform Subscriber must Execute Content Certification for all data provided to the system.
5.4.3. Indemnity for Misinformation: The Platform Subscriber agrees to indemnify the Provider against any third-party claims or legal costs arising from inaccurate Source Material or erroneous safety information provided by the Subscriber or their Partners .
5.4.4. Critical Safety Override: The Provider implements the Critical Safety Override to override Source Material when safety-critical keywords are detected; however, these guardrails do not alleviate the Platform Subscriber of primary liability .
5.5. Cyclical Data Minimization and Temporal Accuracy
5.5.1. Cyclical Data Minimization: To ensure privacy compliance, all specific behavioral signals and chat logs are subject to mandatory Cyclical Data Minimization (automated 30-day purge) .
5.5.2. Operational Records: Where the system cannot provide an answer, the query may be stored as an "Operational Record" to allow the Platform Subscriber to manually review and update the Source Material .
6. EXTERNAL PLATFORM TRANSITION AND THE "INTERMEDIARY REDIRECT PROTOCOL"
6.1. Technical Nature of the App-to-App Handoff
6.1.1. Redirector Logic: The Platform utilizes a specialized Intermediary Redirect Protocol to facilitate a seamless transition from the Host Browser environment to external third-party applications, including Instagram (via the ig.me protocol), Facebook, and Google.
6.1.2. Attribution Continuity: This transition involves an "App-to-App" handoff designed to maintain Signal Correlation and session continuity within the destination In-App Browser (IAB) environment .
6.1.3. Synchronization Model: The End-User acknowledges that this process requires an Attribution Synchronization model, where Pseudonymized Identifiers (such as event_id) are synchronized via S2S Protocols to recognize the user within the destination application.
6.1.4. Host Browser UI Interference: The End-User and Platform Subscriber acknowledge that the successful execution of the Intermediary Redirect Protocol is subject to the technical configuration of the Host Browser. Certain browser features—including automated cache clearing, UI-level tab management, and "Private" browsing modes—may interfere with the handoff, resulting in a loss of session continuity or Attribution Synchronization. The Provider is not responsible for transition failures or data gaps caused by these client-side UI behaviors, as they occur outside the control of the Secure Orchestration Environment.
6.2. The "Bridge Page" Consent and Double-Gate Verification
6.2.1. Compliance Gating: To ensure compliance with the Australian Privacy Act, GDPR, and CCPA/CPRA, the Provider implements a mandatory Intermediary Redirect Protocol interface (the "Bridge Page") prior to any external redirect.
6.2.2. Affirmative Authorization: By providing affirmative consent on the Bridge Page, the End-User expressly authorizes:
(a) The termination of their active session within the Awardee-controlled Secure Orchestration Environment.
(b) The transmission of SHA-256 hashed identifiers and session signals to the Partner for the purpose of personalized service and remarketing .
6.2.3. Negative Signal Handling: If the End-User declines the transition, they shall remain within the Host Browser environment, and no Attribution Synchronization to third-party marketing APIs shall occur.
6.3. Limitation of Liability for Third-Party Environments
6.3.1. Cessation of Provider Control: Upon the successful execution of the redirect via the Intermediary Redirect Protocol, Awardee Pty Ltd ceases to be the "Data Controller" or "Data Processor" of the active session.
6.3.2. Disclaimer of External Practices: The Provider expressly disclaims all responsibility for the privacy practices, content, data security, or behavioral tracking protocols employed by third-party platforms.
6.3.3. Independent Terms: The End-User acknowledges that interactions within the destination application are governed solely by the terms of service of that third-party platform provider.
6.4. Allocation of Risk and Subscriber Liability Shift
6.4.1. Subscriber Responsibility: Where the Platform Subscriber directs an End-User to a specific third-party destination (e.g., social media profile), the Subscriber assumes full liability for the content and legality of that destination.
6.4.2. Indemnity for Handoff: The Platform Subscriber shall indemnify the Provider against any claims arising from data breaches or privacy violations that occur once the data has been successfully synchronized via the S2S Protocol to the Subscriber's designated third-party account.
6.4.3. AdTech Compliance: The Platform Subscriber warrants that their use of synchronized data within third-party Ads Managers complies with all self-serve advertising terms and regional data protection laws.
6.5. Technical Fallback and Attribution Disclosure
6.5.1. Signal Fallback: The End-User acknowledges that in instances where standard cookies are blocked, third-party platforms may utilize technical signals for attribution maintenance.
6.5.2. Match Rate Disclaimer: The Provider provides no guarantee of the "match rate" (typically ranging between 34% and 51%) achieved by third-party platforms and shall not be liable for failures in Attribution Synchronization due to external technical constraints .
7. LIMITATION OF LIABILITY AND SUB-PROCESSOR EXPOSURE
7.1. General Limitation of Liability
7.1.1. Financial Ceiling: To the maximum extent permitted by the Australian Consumer Law (ACL) and relevant global consumer protection statutes, the total aggregate liability of Awardee Pty Ltd ("the Provider") for all claims arising out of or in connection with these Terms shall be strictly limited to the total fees paid by the Platform Subscriber to the Provider during the twelve (12) month period immediately preceding the event giving rise to the claim .
7.1.2. Exclusion of Consequential Loss: The Provider expressly excludes all liability for any indirect, incidental, special, or consequential damages, including but not limited to loss of profits, loss of goodwill, loss of business opportunity, or any other intangible losses .
7.2. Third-Party Sub-Processor Liability and "Neutral Pipe" Status
7.2.1. Infrastructure Dependency: The Platform Subscriber acknowledges that the Platform utilizes a Secure Orchestration Environment and Analytical Inference Engine involving critical third-party sub-processors, including OpenAI (for LLM generation), Supabase (for Australian-region data residency), and Stripe (for financial orchestration).
7.2.2. Technical Intermediary Status: The Provider operates strictly as a Technical Host and "First-Party Orchestrator". Consequently, the Provider shall not be held liable for:
(a) Any service outages, data breaches, or technical failures originating within the infrastructure of a third-party sub-processor, provided the Provider has exercised commercially reasonable due diligence.
(b) The inaccuracy of Analytical Artifacts produced by third-party LLMs, which are provided on an "as-is" basis.
(c) Any unauthorized access to the Secure Orchestration Environment resulting from unforeseeable vulnerabilities in a sub-processor’s security protocols.
7.2.3. Pass-Through Protections: To the extent permitted by law, any limitations of liability enjoyed by the Provider’s sub-processors are hereby incorporated by reference and apply to the Platform Subscriber’s use of the Platform.
7.3. Allocation of Risk and Liability Shift (The "Primary Publisher" Rule)
7.3.1. Mandatory Certification Barrier: The legal responsibility for the accuracy and Intellectual Property (IP) status of all content shifts entirely to the Platform Subscriber upon Content Certification of the Source Material.
7.3.2. Indemnity for Source Material: The Platform Subscriber shall indemnify the Provider against any third-party claims arising from:
(a) Unauthorized use of licensed images, logos, or commercially sensitive data uploaded by the Subscriber's staff.
(b) Safety-critical misinformation (e.g., erroneous allergen data) derived from the Source Material.
7.3.3. Metadata Negligence: The Platform Subscriber assumes all liability for the failure to scrub sensitive metadata (EXIF/GPS) from images prior to upload, notwithstanding the Provider’s deployment of Technical Redundancy guardrails .
7.4. Statutory Guarantees and "Major Failure" Exceptions
7.4.1. ACL Acknowledgment: Nothing in this Section purports to exclude, restrict, or modify any Consumer Guarantee implied by the Australian Consumer Law that cannot be lawfully excluded .
7.4.2. Major Failure Remedy: In the event of a "Major Failure" (as defined under the ACL) that cannot be rectified within a 72-hour threshold, the Provider’s liability shall be limited, at the Provider's election, to the re-supply of the services or the payment of the cost of having the services supplied again.