Terms & Conditions

These Terms and Conditions (“Terms”) constitute a legally binding agreement between you (“User” or “Client”) and Black Knights (“Company”, “we”, “us”, or “our”), a technology company registered and operating from Gigiri, Nairobi, Kenya.

By accessing or using our website at blackknights.co.ke, engaging our services, or entering into any agreement with us, you acknowledge that you have read, understood, and agree to be bound by these Terms in their entirety. If you do not agree to any part of these Terms, you must not use our website or services.

These Terms apply to all visitors, users, clients, and any other individuals who access or use our services. They are supplemented by any additional agreements, statements of work, or data processing agreements entered into between you and Black Knights.

The following definitions apply throughout these Terms:

• "Services" means all AI-related technology services, software products, consulting, automation systems, data analytics, content generation, and any other deliverables provided by Black Knights.
• "User" or "Client" means any individual or legal entity that accesses the website or engages Black Knights for the provision of Services.
• "Content" means any text, data, images, code, outputs, reports, models, or other material produced, processed, or delivered in connection with the Services.
• "Personal Data" means any information relating to an identified or identifiable natural person, as defined under applicable data protection legislation including the Kenya Data Protection Act 2019 and the EU General Data Protection Regulation (GDPR).
• "Deliverables" means all work product, software, documentation, models, systems, and outputs specifically created for the Client under a Statement of Work or service agreement.
• "Intellectual Property" means patents, trademarks, copyrights, trade secrets, source code, algorithms, methodologies, and any other proprietary rights.
• "Confidential Information" means all non-public, proprietary, or sensitive information disclosed by either party in connection with the Services.
• "Data Processing Agreement" or "DPA" means a written contract governing the processing of Personal Data on behalf of the Client.
• "Incident" means any confirmed or suspected unauthorized access, disclosure, alteration, loss, or destruction of data.
• "Statement of Work" or "SOW" means a document specifying the scope, timeline, and commercial terms for a particular engagement.

Black Knights is an AI-focused technology company. Our core service lines include:

AI Software Development

We design and build bespoke AI-powered software applications, platforms, and integrations tailored to the specific operational needs of each client. This includes machine learning models, natural language processing systems, computer vision pipelines, and full-stack application development.

AI Marketing Automation

We engineer intelligent marketing systems that automate audience targeting, campaign personalization, lead scoring, email sequences, and performance analytics using AI-driven decisioning and real-time data processing.

AI Agents

We develop autonomous and semi-autonomous AI agents capable of executing multi-step workflows, interfacing with third-party systems, performing research and analysis, and acting as intelligent assistants within business processes.

AI Data Analytics

We build data pipelines, dashboards, and predictive analytics systems that surface actionable intelligence from structured and unstructured data sources, enabling data-driven strategic and operational decision-making.

AI Content Generation

We develop and deploy AI systems for generating high-quality, brand-consistent content at scale, including written copy, structured reports, product descriptions, and multimedia asset creation.

All Services are provided subject to a mutually agreed SOW. Black Knights reserves the right to decline any engagement that conflicts with our ethical standards, applicable law, or operational capacity.

As a User or Client, you agree to the following obligations:

• Provide accurate, complete, and current information when engaging our Services or communicating with us.
• Maintain the confidentiality of any access credentials, API keys, or system access provided in connection with our Services.
• Comply with all applicable local, national, and international laws and regulations, including data protection and privacy laws, in your use of our Services and any outputs thereof.
• Not use our Services for any unlawful, fraudulent, harmful, or deceptive purpose.
• Not reverse-engineer, decompile, or attempt to extract source code from any software we develop, except as expressly permitted by applicable law.
• Promptly notify us of any suspected security breach, unauthorized use, or vulnerability related to systems or services we have delivered.
• Ensure that any data you provide to us for processing is lawfully collected and that you have the necessary consents or legal bases to share it with us.
• Not introduce malware, viruses, or other harmful code into any system, environment, or repository maintained by Black Knights.
• Pay all invoices in accordance with the agreed payment schedule in the applicable SOW.

Ownership of Deliverables

Upon full payment of all fees due under the applicable SOW, Black Knights assigns to the Client all right, title, and interest in the Deliverables specifically created for that Client, including any copyrights therein, to the extent permitted by law.

Pre-existing Intellectual Property

Each party retains full ownership of its pre-existing intellectual property. Black Knights retains all rights to its proprietary frameworks, libraries, tools, methodologies, AI architectures, reusable components, and know-how that existed prior to the engagement or that are developed independently of any specific Client project (“Background IP”).

License to Background IP

Where Deliverables incorporate Black Knights Background IP, we grant the Client a non-exclusive, perpetual, royalty-free license to use that Background IP solely as embedded within and necessary for the use of the Deliverables.

Client Content

You retain all rights to your own data, content, trademarks, and other materials provided to us. You grant Black Knights a limited license to use such materials solely for the purpose of delivering the Services.

No Implied Licenses

Nothing in these Terms grants either party any rights in the other's intellectual property beyond those expressly stated herein.

Black Knights is committed to maintaining the highest standards of information security. We treat data security not as a compliance checkbox but as a foundational engineering principle embedded in every system we build and operate.

Encryption Standards

All data processed by or transmitted through our systems is protected using industry-standard encryption:

• Data in transit is encrypted using TLS 1.2 or higher (TLS 1.3 preferred) across all network communications.
• Data at rest is encrypted using AES-256 or equivalent standards on all storage systems, databases, and backups.
• Cryptographic keys are managed through dedicated key management services with regular rotation schedules.
• End-to-end encryption is applied where technically feasible for sensitive client data flows.

Access Controls and Authentication

• Role-based access control (RBAC) is enforced across all internal systems — personnel access only the data necessary for their role.
• Multi-factor authentication (MFA) is mandatory for all team members accessing client data or production environments.
• Access to client data and production systems is logged, monitored, and periodically reviewed.
• Privileged access management (PAM) controls are applied to all administrative accounts.
• Former employees and contractors have access revoked immediately upon departure.

Security Audits and Penetration Testing

• We conduct regular internal security reviews and vulnerability assessments of our infrastructure and codebases.
• Third-party penetration tests are performed at least annually by qualified independent security firms.
• Critical and high-severity vulnerabilities identified in security assessments are remediated within defined SLA windows.
• Our development practices follow the OWASP Top 10 guidelines and secure software development lifecycle (SSDLC) principles.

Incident Response Procedures

Black Knights maintains a documented incident response plan that includes the following phases:

• Detection and identification — continuous monitoring systems alert the security team to anomalous activity.
• Containment — affected systems are isolated to prevent lateral movement or further data exposure.
• Eradication — root cause analysis is conducted and the vulnerability or threat is eliminated.
• Recovery — systems are restored from clean backups and validated before returning to service.
• Post-incident review — a detailed review is conducted to prevent recurrence and update controls.

Data Breach Notification

In the event of a confirmed personal data breach, Black Knights will:

• Notify affected Clients without undue delay and, where we act as a data processor, within 72 hours of becoming aware of the breach, in accordance with GDPR Article 33.
• Provide a written notification that includes: the nature of the breach, categories and approximate number of data subjects affected, categories and approximate number of records involved, likely consequences, and measures taken or proposed to address the breach.
• Cooperate fully with any regulatory investigation and assist Clients in fulfilling their own notification obligations to supervisory authorities and data subjects.
• Maintain records of all Incidents and breaches as required by applicable law.

Black Knights is committed to full compliance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) where applicable, as well as the Kenya Data Protection Act 2019. We integrate data protection principles into our operations and engineering practices by default.

Data Controller and Data Processor Roles

Depending on the nature of the engagement:

• Where we collect and process Personal Data for our own purposes (e.g., website analytics, contact form submissions), Black Knights acts as the Data Controller.
• Where we process Personal Data on behalf of a Client pursuant to a service engagement, Black Knights acts as a Data Processor and will enter into a Data Processing Agreement (DPA) with the Client.
• Where we jointly determine the purposes and means of processing with a Client, we will enter into a Joint Controller agreement specifying each party's responsibilities.

Data Processing Agreements

A Data Processing Agreement is available upon request and will be executed for all engagements involving the processing of Personal Data on behalf of Clients. The DPA will specify: the subject matter and duration of processing; the nature and purpose of processing; the type of Personal Data and categories of data subjects; and the obligations and rights of each party.

Data Subject Rights

We respect and facilitate the exercise of the following data subject rights under the GDPR and applicable law:

• Right of access — individuals may request confirmation of whether their data is processed and obtain a copy.
• Right to rectification — individuals may request correction of inaccurate or incomplete data.
• Right to erasure — individuals may request deletion of their Personal Data where no legitimate basis for retention exists.
• Right to restriction of processing — individuals may request that processing be restricted in certain circumstances.
• Right to data portability — individuals may receive their data in a structured, machine-readable format.
• Right to object — individuals may object to processing based on legitimate interests or for direct marketing.
• Rights related to automated decision-making — individuals may not be subject to solely automated decisions that produce significant legal effects without human review.

Requests should be submitted to hello@blackknights.co.ke. We will respond within 30 days.

Privacy by Design and Default

• Data protection considerations are embedded at the earliest stage of system design, not retrofitted after development.
• By default, only Personal Data that is necessary for the specified purpose is processed — privacy-protective settings are the default.
• We conduct Data Protection Impact Assessments (DPIAs) for high-risk processing activities prior to commencement.

Data Minimization

We collect and process only the minimum amount of Personal Data necessary to deliver the agreed Services. Clients are encouraged to anonymize or pseudonymize data prior to provision where the full dataset is not required.

Purpose Limitation

Personal Data collected for one specified purpose will not be used for any other purpose without obtaining a new lawful basis or the explicit consent of the data subject. We do not sell, rent, or trade Personal Data.

International Data Transfers

Where Personal Data is transferred outside the European Economic Area or Kenya, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission or equivalent mechanisms recognized under applicable law.

In addition to the security controls described in Section 6, Black Knights maintains the following technical and organizational measures (TOMs):

Technical Measures

• Network segmentation and firewall policies to restrict unauthorized access between systems.
• Intrusion detection and prevention systems (IDS/IPS) monitoring all production environments.
• Automated vulnerability scanning of infrastructure and application dependencies.
• Secure development environments isolated from production data.
• Database activity monitoring and anomaly detection.
• Comprehensive audit logging with tamper-evident storage.
• Regular automated backups with tested recovery procedures.
• Web Application Firewall (WAF) protection on all client-facing systems.

Organizational Measures

• Mandatory data protection and security training for all personnel on joining and annually thereafter.
• Formal information security policy reviewed and updated at least annually.
• Confidentiality and non-disclosure obligations in all employment and contractor agreements.
• Vendor and sub-processor due diligence to ensure equivalent security standards.
• Clear data retention schedules with automated deletion of data beyond its retention period.
• Designated personnel responsible for data protection oversight.
• Documented procedures for handling data subject rights requests and regulatory inquiries.

Both parties acknowledge that, in the course of an engagement, each may disclose Confidential Information to the other. The receiving party agrees to:

• Hold all Confidential Information in strict confidence and protect it with at least the same degree of care as it protects its own confidential information, and no less than reasonable care.
• Use Confidential Information solely for the purposes of fulfilling obligations or exercising rights under these Terms.
• Restrict disclosure of Confidential Information to those employees, contractors, or advisers who have a need to know and who are bound by equivalent confidentiality obligations.
• Promptly notify the disclosing party upon becoming aware of any unauthorized disclosure or use of Confidential Information.
• Not copy, reproduce, or reverse-engineer any Confidential Information beyond what is necessary for the permitted purpose.

These obligations do not apply to information that: (a) is or becomes publicly available through no fault of the receiving party; (b) was known to the receiving party prior to disclosure; (c) is independently developed by the receiving party without use of Confidential Information; or (d) is required to be disclosed by law or regulatory authority, provided that the disclosing party is given prompt written notice where permitted.

Confidentiality obligations survive the termination of any engagement for a period of five (5) years, except where the Confidential Information constitutes a trade secret, in which case obligations continue indefinitely.

To the maximum extent permitted by applicable law:

• Black Knights' total aggregate liability to the Client arising out of or in connection with these Terms or the Services — whether in contract, tort (including negligence), breach of statutory duty, or otherwise — shall not exceed the total fees paid by the Client to Black Knights in the three (3) months immediately preceding the event giving rise to the claim.
• Black Knights shall not be liable for any indirect, consequential, incidental, special, exemplary, or punitive damages, including loss of profit, loss of revenue, loss of data, loss of goodwill, or business interruption, even if advised of the possibility of such damages.
• Nothing in these Terms excludes or limits liability for: (a) death or personal injury caused by negligence; (b) fraud or fraudulent misrepresentation; (c) any liability that cannot lawfully be excluded or limited under applicable law.

The Client acknowledges that the fees charged by Black Knights reflect the allocation of risk set out in this section and that Black Knights would not enter into the engagement without these limitations.

Client Indemnification of Black Knights

The Client agrees to indemnify, defend, and hold harmless Black Knights and its officers, employees, contractors, and affiliates from and against any claims, liabilities, damages, losses, and expenses (including reasonable legal fees) arising out of or related to:

• The Client's breach of these Terms or any applicable law or regulation.
• The Client's use of the Services or Deliverables in a manner not permitted by these Terms.
• Any claim that data or content provided by the Client to Black Knights infringes the intellectual property rights or privacy rights of any third party.
• The Client's fraud, wilful misconduct, or gross negligence.

Black Knights Indemnification of Client

Black Knights agrees to indemnify, defend, and hold harmless the Client from and against any claims arising out of a third party's allegation that the Deliverables, as delivered by Black Knights and used in accordance with these Terms, infringe such third party's intellectual property rights, provided that the Client: (a) promptly notifies Black Knights in writing of the claim; (b) grants Black Knights sole control of the defense and settlement; and (c) provides reasonable cooperation and assistance.

Termination for Convenience

Either party may terminate an engagement by providing written notice in accordance with the notice period specified in the applicable SOW. Where no notice period is specified, thirty (30) days written notice is required.

Termination for Cause

Either party may terminate an engagement immediately upon written notice if:

• The other party commits a material breach of these Terms and, where the breach is capable of remedy, fails to remedy it within fourteen (14) days of receiving written notice specifying the breach.
• The other party becomes insolvent, makes an assignment for the benefit of creditors, or is subject to insolvency proceedings.
• The other party engages in any fraudulent or illegal conduct.

Effect of Termination

• All outstanding fees for Services delivered up to the date of termination become immediately due and payable.
• Upon termination, Black Knights will provide the Client with all Deliverables completed and paid for up to the termination date.
• Within thirty (30) days of termination, Black Knights will, at the Client's election, return or securely delete all Client data and Confidential Information in our possession, providing written certification of deletion upon request.
• Provisions of these Terms that by their nature should survive termination (including confidentiality, intellectual property, limitation of liability, indemnification, and governing law) shall continue in full force and effect.

These Terms and any dispute or claim arising out of or in connection with them (including non-contractual disputes or claims) shall be governed by and construed in accordance with the laws of the Republic of Kenya, without regard to its conflict of law principles.

Subject to the dispute resolution process in Section 14, each party irrevocably submits to the exclusive jurisdiction of the courts located in Nairobi, Kenya to settle any dispute or claim arising out of or in connection with these Terms.

Negotiation

In the event of any dispute, controversy, or claim arising out of or relating to these Terms or the Services, the parties shall first attempt to resolve the matter through good-faith negotiation between senior representatives of each party. Either party may initiate this process by delivering written notice to the other describing the nature of the dispute. The parties shall negotiate for a period of not less than thirty (30) days from the date of such notice (“Negotiation Period”).

Arbitration

If a dispute is not resolved through negotiation within the Negotiation Period, either party may refer the dispute to binding arbitration administered by the Nairobi Centre for International Arbitration (NCIA) in accordance with its then-current arbitration rules. The following shall apply:

• The seat of arbitration shall be Nairobi, Kenya.
• The language of the arbitration shall be English.
• The number of arbitrators shall be one (1) unless the parties agree otherwise or the dispute exceeds KES 10,000,000 in value, in which case three (3) arbitrators shall be appointed.
• The arbitral award shall be final and binding on both parties.

Injunctive Relief

Notwithstanding the above, either party may seek urgent injunctive or other equitable relief from a court of competent jurisdiction in Nairobi to prevent irreparable harm, particularly in cases of actual or threatened breach of confidentiality or intellectual property rights, pending the outcome of arbitration.

Neither party shall be liable to the other for any delay or failure to perform its obligations under these Terms to the extent that such delay or failure is caused by a Force Majeure Event. A “Force Majeure Event” means any event beyond the reasonable control of the affected party, including but not limited to:

• Acts of God, floods, earthquakes, storms, or other natural disasters.
• Epidemics, pandemics, or public health emergencies declared by a competent authority.
• Acts of war, terrorism, civil unrest, riots, or government-imposed sanctions.
• Widespread failures of internet infrastructure, power grids, or telecommunications networks beyond the party's control.
• Acts or regulations of any governmental or regulatory authority.

The party affected by a Force Majeure Event shall: (a) notify the other party promptly in writing upon becoming aware of the event; (b) use commercially reasonable efforts to mitigate the impact and resume performance as soon as practicable; and (c) keep the other party regularly informed of the status.

If a Force Majeure Event continues for more than sixty (60) consecutive days, either party may terminate the affected engagement upon written notice without liability, save for payment for Services delivered prior to the Force Majeure Event.

Black Knights reserves the right to modify these Terms at any time. When we make material changes, we will:

• Update the “Effective date” at the top of this page.
• Notify active Clients by email to the address on file at least fourteen (14) days before the changes take effect.
• Post a prominent notice on our website for a period of no less than thirty (30) days.

Your continued use of our website or Services after the effective date of revised Terms constitutes your acceptance of those changes. If you do not agree to the revised Terms, you must cease use of our Services and notify us in writing.

For changes required by law or regulation, the revised Terms shall take effect immediately upon posting, with notice provided as soon as practicable.

If any provision of these Terms is held by a court or arbitral tribunal of competent jurisdiction to be invalid, illegal, or unenforceable, that provision shall be modified to the minimum extent necessary to make it valid, legal, and enforceable. If such modification is not possible, the affected provision shall be severed from these Terms, and the remaining provisions shall continue in full force and effect.

The invalidity or unenforceability of any provision shall not affect the validity or enforceability of any other provision of these Terms. The parties acknowledge that they would have agreed to the remaining provisions even in the absence of the severed provision.

Entire Agreement

These Terms, together with any applicable SOW, DPA, and any other written agreements executed between the parties, constitute the entire agreement between the parties with respect to the subject matter herein and supersede all prior negotiations, representations, warranties, and understandings.

Waiver

No failure or delay by either party in exercising any right or remedy under these Terms shall constitute a waiver of that right or remedy. A waiver must be in writing and signed by the waiving party to be effective.

Assignment

The Client may not assign or transfer any rights or obligations under these Terms without the prior written consent of Black Knights. Black Knights may assign these Terms or any rights hereunder to an affiliate or successor entity upon written notice to the Client.

Notices

All formal notices under these Terms must be in writing and delivered by email to the addresses specified in the applicable SOW, or in the absence of an SOW, to hello@blackknights.co.ke. Notices are deemed received on the next business day after sending, provided no delivery failure notification is received.

Relationship of Parties

The parties are independent contractors. Nothing in these Terms creates a partnership, joint venture, agency, employment, or fiduciary relationship between the parties.

If you have any questions, concerns, or requests regarding these Terms, data protection, or the exercise of any rights described herein, please contact us:

These Terms were last reviewed and updated on March 4, 2026. Black Knights reserves the right to update this page at any time in accordance with Section 16.