New

Now in Claude, ChatGPT, Cursor & more with our MCP server

Koji
Why KojiUse casesCompareFAQ
Back to Koji for Education
Trust centreGDPR / AVGData processingAI governanceSecurityAccessibilitySub-processorsTOMCookies

Last updated: May 2026

Terms of Service

These Terms of Service govern the use of Koji for Education by educational institutions. They are intended for review by university legal departments, procurement offices, and institutional administrators.

1. Definitions

In these Terms of Service, the following terms have the meanings set out below. Capitalised terms used but not defined in these Terms have the meanings given to them in the Data Processing Agreement.

  • "Service" means the Koji for Education platform, a software-as-a-service (SaaS) application accessible via web browser, including all features, updates, and documentation provided by Koji B.V. as part of the subscription.
  • "Koji" means Koji B.V., a company registered in the Netherlands, the provider of the Service.
  • "Institution" means the educational institution (university, university of applied sciences, or other accredited higher education institution) that enters into an agreement with Koji for access to the Service. The Institution is the contracting party. Individual users do not contract directly with Koji.
  • "Authorised Users" means all individuals who are granted access to the Service by the Institution, including but not limited to students, teaching staff, programme directors, quality assurance officers, and institutional administrators.
  • "Student Data" means all personal data relating to students that is processed through the Service, including evaluation responses, conversation transcripts, and any metadata associated with student participation.
  • "Conversations" means the individual AI-powered evaluation interactions conducted between the Service and a student. Conversations are the unit of measurement for pricing purposes.
  • "Reports" means the summaries, analyses, quality scores, and other outputs generated by the Service from Conversations and other evaluation data.
  • "Content" means all data, text, configuration, questions, prompts, and other materials uploaded to or created within the Service by the Institution or its Authorised Users.
  • "Intellectual Property" means all patents, copyrights, trademarks, trade secrets, database rights, design rights, know-how, and all other intellectual property rights, whether registered or unregistered, and all applications for and renewals or extensions of such rights.

2. Agreement scope

These Terms of Service, together with the Data Processing Agreement, the applicable Order Form, and any annexes referenced therein, constitute the entire agreement between Koji and the Institution regarding the use of the Service (the "Agreement").

The Agreement is entered into by an authorised representative of the Institution. By signing an Order Form or otherwise accepting these Terms, the Institution confirms that the person accepting has the authority to bind the Institution.

Individual Authorised Users (students, faculty, and staff) are bound by the terms of use of the Service through the Institution's own policies and regulations. Koji does not enter into separate agreements with individual Authorised Users. The Institution is responsible for ensuring that its Authorised Users are aware of and comply with the relevant terms governing the use of the Service.

These Terms apply to all use of the Service by the Institution and its Authorised Users. In the event of a conflict between these Terms and any purchase order, procurement terms, or other document issued by the Institution, these Terms prevail unless expressly agreed otherwise in writing by Koji.

3. Service description

Koji for Education is an AI-powered course evaluation platform designed for higher education institutions. The Service is provided as a SaaS application, accessed entirely via web browser. No software installation is required on the Institution's infrastructure.

The core capabilities of the Service include:

  • Adaptive conversations. AI-driven evaluation conversations with students that adapt in real time based on student responses, enabling deeper and more nuanced feedback than traditional questionnaire-based evaluations.
  • Quality scoring and summarisation. Automated analysis of conversation transcripts to produce structured summaries, quality indicators, and thematic analysis of student feedback.
  • Role-based reporting. Differentiated report views for programme directors, course coordinators, teaching staff, and quality assurance teams, each tailored to the information needs and access rights of the role.
  • Triangulation. The ability to combine conversational evaluation data with other data sources (such as traditional survey results or institutional metrics) to provide a more complete picture of educational quality.

The Service is provided "as is" with respect to AI-generated outputs. AI-generated summaries, quality scores, and reports are advisory in nature and are not intended as determinative assessments. The Institution acknowledges that AI outputs require human review and interpretation before being used as the basis for decisions.

4. Account and access

Upon execution of an Order Form, the Institution receives access to a fully isolated environment within the Service. Each Institution operates in its own dedicated environment. Data, configurations, and user accounts are strictly separated from those of other institutions.

Authentication is provided through SAML-based Single Sign-On (SSO) integration. The Service is compatible with SURFconext and other SAML 2.0 identity providers commonly used in higher education. The Institution is responsible for configuring and maintaining its SSO integration.

User provisioning and de-provisioning are managed by the Institution. Koji does not create, manage, or delete individual user accounts. The Institution determines which individuals receive access to the Service and at what access level.

The Institution is responsible for establishing and communicating appropriate use policies to its Authorised Users. This includes informing students about the nature of the evaluation process, the use of AI in processing their responses, and their rights under applicable data protection legislation.

5. Permitted use

The Institution may use the Service for the following purposes:

  • Course evaluation and educational quality assurance, including formative and summative evaluation of courses, programmes, and teaching.
  • Educational research, provided that appropriate ethics approval has been obtained from the relevant institutional review board or ethics committee.
  • Preparation of evidence for accreditation processes, including but not limited to NVAO accreditation, internal quality audits, and programme reviews.
  • Institutional quality improvement activities related to education and the student experience.

The Institution may not use the Service for any of the following purposes:

  • Grading or assessing individual student academic performance.
  • Making admission or enrolment decisions about individual students.
  • Making employment, promotion, or disciplinary decisions about individual faculty members or teaching staff, unless the Institution has independently verified the underlying data and the decision process includes adequate procedural safeguards.
  • Any purpose that conflicts with the Data Processing Agreement or applicable data protection legislation.
  • Reselling, sublicensing, or providing access to the Service to third parties outside the Institution without the prior written consent of Koji.

6. AI and generated content

The Service uses large language models (LLMs) to power adaptive conversations, generate summaries, produce quality scores, and create reports. The LLM infrastructure is controlled by the Institution through its own enterprise accounts with the relevant AI provider. Koji facilitates the integration but does not host or operate the LLM models directly.

Koji does not use Student Data, Conversations, or any other Institution data to train, fine-tune, or otherwise improve AI models. This commitment is formalised in the Data Processing Agreement.

Koji does not guarantee the accuracy, completeness, or reliability of AI-generated content. AI outputs, including summaries, quality scores, thematic analyses, and reports, are produced through automated processes and may contain errors, omissions, or misinterpretations.

The Institution is responsible for reviewing all AI-generated outputs before relying on them for decision-making. AI outputs are intended as advisory tools to support human judgment, not as replacements for professional assessment.

All generated summaries and reports are traceable to their source conversation transcripts. The Service maintains links between outputs and the underlying data from which they were derived, enabling the Institution to verify and audit AI-generated content.

7. Intellectual property

Koji retains all Intellectual Property rights in the Service, including but not limited to the software, algorithms, user interface design, system architecture, technical documentation, and any improvements or modifications to the Service.

The Institution retains all rights to its data, including Student Data, evaluation configurations, Content uploaded to the Service, and Reports generated from Institution data. Nothing in these Terms transfers ownership of Institution data to Koji.

No transfer of Intellectual Property occurs in either direction under these Terms. The Institution receives a limited, non-exclusive, non-transferable licence to use the Service for the duration of the Agreement, solely for the permitted purposes described in Section 5.

Koji does not claim any ownership rights or licence over Content uploaded by the Institution or AI-generated outputs derived from Institution data. The Institution may export, copy, and use its data and Reports without restriction, subject to applicable data protection legislation.

8. Data processing

The processing of personal data in connection with the Service is governed by a separate Data Processing Agreement (DPA) between Koji (as processor) and the Institution (as controller). The DPA forms an integral part of the Agreement.

In its role as processor, Koji processes personal data solely on the documented instructions of the Institution. Koji does not determine the purposes or means of processing personal data. The full terms of the data processing arrangement are set out in the DPA, available at /edu/compliance/data-processing.

The DPA is aligned with the SURF Model Verwerkersovereenkomst v4.0, the standard data processing agreement template used in Dutch higher education. Institutions that have adopted the SURF model as their standard can expect a high degree of compatibility.

In the event of any conflict between these Terms of Service and the DPA with respect to data protection matters, the provisions of the DPA prevail.

9. Security

Koji implements appropriate technical and organisational measures to protect the confidentiality, integrity, and availability of Institution data. A detailed description of these measures is maintained at /edu/compliance/security.

The key security measures include:

  • Environment isolation. Each Institution operates in a fully isolated environment. Data, configurations, application instances, and access controls are strictly separated between institutions.
  • Encryption at rest. All data stored by the Service is encrypted using AES-256 encryption.
  • Encryption in transit. All data transmitted between the Institution and the Service is encrypted using TLS 1.3.
  • Penetration testing. Koji conducts independent penetration testing of the Service at least annually. Results and remediation plans are available to Institutions upon request under a non-disclosure agreement.

Koji maintains an incident response procedure for security incidents. In the event of a personal data breach, Koji will notify the Institution without undue delay, in accordance with the timeframes specified in the DPA.

10. Availability and support

Koji targets an uptime of 99.5% for the Service, calculated on a monthly basis. This target excludes periods of scheduled maintenance and events of force majeure.

Scheduled maintenance is performed during low-usage periods where possible. The Institution will be notified at least 48 hours in advance of any scheduled maintenance that may affect the availability of the Service.

Support is available via email. The Institution may designate up to three primary support contacts who may submit support requests on behalf of the Institution.

For critical incidents (defined as incidents that render the Service wholly unavailable or that involve a suspected personal data breach), Koji targets an initial response time of four (4) hours during business hours (Monday to Friday, 09:00 to 17:00 CET/CEST, excluding Dutch public holidays).

11. Fees and payment

The fees for the Service are based on a per-conversation pricing model. The specific pricing applicable to the Institution is set out in the Order Form.

Invoicing is performed monthly or per academic term, as agreed between the parties in the Order Form. All invoices are denominated in euros unless otherwise agreed.

Payment is due within thirty (30) days of the invoice date. Late payments may be subject to statutory interest as provided under Dutch law.

Koji may adjust the pricing for the Service with at least ninety (90) days written notice prior to the start of a new academic year. Price adjustments do not apply retroactively and take effect only at the start of the next contractual period.

12. Term and termination

The initial term of the Agreement is as specified in the Order Form. Initial terms are typically aligned with the academic year or with a defined pilot period.

Unless either party provides written notice of non-renewal at least ninety (90) days before the end of the then-current term, the Agreement automatically renews for successive twelve-month terms on the same conditions, subject to any price adjustments notified in accordance with Section 11.

Either party may terminate the Agreement for material breach by providing thirty (30) days written notice to the other party, specifying the nature of the breach. The breaching party has the opportunity to cure the breach within that thirty-day notice period. If the breach is not cured within the notice period, the Agreement terminates at the end of the notice period.

Upon termination or expiry of the Agreement, regardless of the reason:

  • Koji will provide the Institution with a complete export of all Institution data in a standard, machine-readable format.
  • All Institution data will be deleted from the Service within thirty (30) days of the effective date of termination, in accordance with the data deletion procedures specified in the DPA.
  • The Institution's access to the Service will cease on the effective date of termination.
  • Provisions that by their nature are intended to survive termination (including but not limited to Sections 7, 8, 13, 14, 15, and 17) will survive.

13. Limitation of liability

To the maximum extent permitted by applicable law, the total aggregate liability of Koji to the Institution under or in connection with the Agreement, whether in contract, tort (including negligence), breach of statutory duty, or otherwise, shall not exceed the total fees paid by the Institution to Koji in the twelve (12) months immediately preceding the event giving rise to the claim.

Neither party shall be liable to the other for any indirect, consequential, incidental, special, or punitive damages, including but not limited to loss of profits, loss of data, loss of business opportunity, or loss of goodwill, arising out of or in connection with the Agreement, even if the party has been advised of the possibility of such damages.

The limitations set out in this Section 13 do not apply to:

  • Liability arising from a breach of data protection obligations under the DPA or applicable data protection legislation.
  • Liability arising from wilful misconduct or gross negligence.
  • Liability arising from fraud or fraudulent misrepresentation.
  • Indemnification obligations under Section 14.

14. Indemnification

Each party (the "Indemnifying Party") shall indemnify, defend, and hold harmless the other party (the "Indemnified Party") from and against any third-party claims, damages, losses, costs, and expenses (including reasonable legal fees) arising from or related to the Indemnifying Party's breach of these Terms.

Koji shall indemnify the Institution against any third-party claims that the Service, as provided by Koji and used by the Institution in accordance with these Terms, infringes the Intellectual Property rights of any third party. If the Service becomes, or in Koji's reasonable opinion is likely to become, the subject of an infringement claim, Koji may at its option and expense: (a) obtain the right for the Institution to continue using the Service; (b) modify the Service to make it non-infringing; or (c) replace the Service with a functionally equivalent non-infringing alternative. If none of these options is commercially reasonable, Koji may terminate the Agreement and refund any prepaid fees for the unused portion of the term.

The Institution shall indemnify Koji against any third-party claims arising from the Institution's use of the Service in breach of these Terms, including claims arising from Content uploaded by the Institution or its Authorised Users.

The Indemnified Party shall: (a) promptly notify the Indemnifying Party in writing of any claim; (b) grant the Indemnifying Party sole control of the defence and settlement of the claim; and (c) provide reasonable cooperation at the Indemnifying Party's expense.

15. Confidentiality

Each party undertakes to keep confidential all information received from the other party that is designated as confidential or that a reasonable person would understand to be confidential given the nature of the information and the circumstances of disclosure ("Confidential Information").

Confidential Information does not include information that:

  • Is or becomes publicly available through no fault of the receiving party.
  • Was already known to the receiving party at the time of disclosure, without an obligation of confidentiality.
  • Is independently developed by the receiving party without reference to the disclosing party's Confidential Information.
  • Is lawfully received from a third party without restriction on disclosure.
  • Is required to be disclosed by law, regulation, or order of a court or competent authority, provided that the receiving party gives the disclosing party reasonable prior notice of such required disclosure where legally permitted.

The confidentiality obligations under this Section survive the termination or expiry of the Agreement for a period of three (3) years.

16. Modifications to these Terms

Koji may update these Terms of Service from time to time. Changes will be communicated to the Institution at least thirty (30) days before they take effect.

Material changes (defined as changes that substantively affect the rights or obligations of the Institution) will be notified in writing to the Institution's designated contact person.

Continued use of the Service after the expiry of the notice period constitutes acceptance of the updated Terms. If the Institution does not accept a material change, it may terminate the Agreement by providing written notice to Koji before the change takes effect. In such case, the Agreement terminates on the date the change would have taken effect, and the Institution is entitled to a pro-rata refund of any prepaid fees for the unused portion of the term.

17. Governing law and disputes

The Agreement is governed by and construed in accordance with the laws of the Netherlands, without regard to its conflict of laws principles.

The parties agree to attempt to resolve any dispute arising out of or in connection with the Agreement through good-faith negotiation. Either party may initiate the negotiation process by providing written notice to the other party describing the nature of the dispute.

If the dispute is not resolved through negotiation within sixty (60) days of the initial notice, either party may submit the dispute to the exclusive jurisdiction of the competent court in Amsterdam, the Netherlands.

18. General provisions

Entire agreement. The Agreement (comprising these Terms, the DPA, the Order Form, and any annexes) constitutes the entire agreement between the parties regarding its subject matter. It supersedes all prior or contemporaneous agreements, representations, and understandings, whether written or oral.

Severability. If any provision of these Terms is held to be invalid, illegal, or unenforceable by a court of competent jurisdiction, the remaining provisions shall continue in full force and effect. The invalid provision shall be replaced by a valid provision that achieves, to the extent possible, the economic and legal intent of the original provision.

No waiver. The failure of either party to enforce any right or provision of these Terms shall not constitute a waiver of that right or provision. Any waiver must be in writing and signed by the waiving party.

Assignment. Koji may assign the Agreement to a successor entity in connection with a merger, acquisition, or sale of all or substantially all of its assets, provided that Koji gives the Institution reasonable prior notice. The Institution may not assign the Agreement without the prior written consent of Koji, which shall not be unreasonably withheld.

Force majeure. Neither party shall be liable for any failure or delay in performing its obligations under the Agreement (other than payment obligations) to the extent that such failure or delay is caused by events beyond the reasonable control of the affected party, including but not limited to natural disasters, acts of government, epidemics, war, terrorism, labour disputes, power failures, internet outages, and failures of third-party service providers. The affected party shall promptly notify the other party and use reasonable efforts to mitigate the impact of the force majeure event.

Notices. All notices under the Agreement shall be in writing and sent to the contact details specified in the Order Form. Notices may be sent by email, provided that delivery is confirmed. Changes to contact details must be communicated in writing.

19. Contact

For questions about these Terms of Service, please contact:

Koji B.V.
Email: legal@koji.so