Terms of Service

AI.RESEARCH.MY — Operated by Basic Insight
Effective Date: 18 March 2026
Version: 1.0

PLEASE READ THESE TERMS OF SERVICE CAREFULLY BEFORE ACCESSING OR USING THE AI.RESEARCH.MY PLATFORM. THESE TERMS CONSTITUTE A LEGALLY BINDING AGREEMENT BETWEEN YOU (THE AUTHORISED USER OR THE ENTITY YOU REPRESENT) AND BASIC INSIGHT. BY ACCESSING, REGISTERING FOR, OR OTHERWISE USING THE PLATFORM, YOU REPRESENT THAT YOU HAVE READ, UNDERSTOOD, AND AGREE TO BE BOUND BY THESE TERMS IN THEIR ENTIRETY. IF YOU DO NOT AGREE, YOU MUST IMMEDIATELY CEASE ACCESS AND USE OF THE PLATFORM.

1. Definitions and Interpretation

1.1 Defined Terms

In these Terms of Service, the following words and expressions shall, unless the context otherwise requires, have the meanings ascribed to them below:

“Agreement” means these Terms of Service together with any Order Form, Subscription Agreement, Data Processing Addendum, Service Level Schedule, and any other addenda or schedules expressly incorporated by reference herein, as amended from time to time in accordance with Clause 25.7.
“AI Agent” means the artificial-intelligence-powered conversational software system deployed by Basic Insight within the Platform that receives natural-language instructions from Authorised Users and executes Tasks including database queries, file analysis, report generation, survey creation, and web-page retrieval, and returns outputs via the Messaging Interface.
“Authorised User” means any individual natural person who has been granted access credentials to the Platform by the Subscriber or by Basic Insight, and who accesses or uses the Platform on behalf of the Subscriber within the scope of the Subscriber’s Subscription.
“Basic Insight” means Basic Insight, a company incorporated and operating under the laws of Malaysia, with its principal place of business in Kuala Lumpur, Malaysia, being the developer, owner, and operator of the Platform.
“Bcrypt Authentication” means the cryptographic password-hashing mechanism employing the bcrypt adaptive hashing function used by the Platform to store and verify Authorised User credentials, as described in Clause 5.
“Confidential Information” has the meaning ascribed to it in Clause 15.1.
“Data Bridge API” means the application programming interface component of the Platform that enables Workspace Applications to submit parameterised read-only database queries to Project Databases and receive structured data responses in real time, as further described in Clause 13.
“Data Processing Addendum” or “DPA” means the supplementary data processing agreement between Basic Insight and a Subscriber that governs the processing of personal data in connection with the Platform, which may be required by applicable data protection legislation.
“Effective Date” means the earlier of: (a) the date the Subscriber electronically accepts these Terms; or (b) the date the Subscriber first accesses the Platform.
“Fees” means all subscription fees, usage fees, overage charges, professional services fees, and any other amounts payable by the Subscriber to Basic Insight pursuant to an Order Form or these Terms.
“Force Majeure Event” has the meaning ascribed to it in Clause 23.1.
“Generated Report” means any output produced by the AI Agent and stored in a Workspace, including but not limited to HTML documents, JavaScript files, Cascading Style Sheet files, interactive data visualisations, tabular summaries, statistical analyses, survey results dashboards, and other digital artefacts, as further described in Clause 9.
“Indemnitee” has the meaning ascribed to it in Clause 18.
“Indemnitor” has the meaning ascribed to it in Clause 18.
“Intellectual Property Rights” means all patents, utility models, rights to inventions, copyright and neighbouring rights, moral rights, trade marks and service marks, business names and domain names, rights in get-up and trade dress, goodwill and the right to sue for passing off, rights in designs, database rights, rights to use and protect the confidentiality of confidential information (including know-how and trade secrets), and all other intellectual property rights, in each case whether registered or unregistered and including all applications and rights to apply for and be granted, renewals or extensions of, and rights to claim priority from, such rights and all similar or equivalent rights or forms of protection which subsist or will subsist now or in the future in any part of the world.
“Messaging Interface” means the instant-messaging-style conversational interface through which Authorised Users interact with the AI Agent within the Platform.
“Multi-Tenant Architecture” means the technical design of the Platform whereby multiple Subscribers and their respective Authorised Users share the same underlying software infrastructure while maintaining logical separation of data, credentials, and configurations through Project-level isolation.
“Order Form” means a written or electronic ordering document executed by or on behalf of the Subscriber and Basic Insight that specifies, inter alia, the Subscription Plan, the number of Authorised Users, Token Limits, Fees, and any other commercially agreed terms.
“Output” means any response, analysis, recommendation, query result, Generated Report, visualisation, or other content produced by the AI Agent in response to a Prompt, whether or not stored in a Workspace.
“Platform” means the AI.RESEARCH.MY multi-tenant AI research platform operated by Basic Insight, accessible at ai.research.my and any associated subdomains, comprising the Messaging Interface, AI Agent, Workspace, Data Bridge API, administrative dashboard, and all related software, systems, and services.
“Project” means a discrete organisational unit within the Platform to which one or more Authorised Users are assigned, and which is configured with its own Project Database credentials, Token Limits, and Workspace directory structure.
“Project Database” means a relational or other database owned, operated, and maintained by the Subscriber (or a third party on the Subscriber’s behalf) to which the Platform is granted read-only access credentials by the Subscriber for purposes of executing AI Agent Tasks.
“Prompt” means any natural-language instruction, query, command, or message submitted by an Authorised User to the AI Agent via the Messaging Interface.
“Sensitive Data” means: (a) personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, genetic data, biometric data, health data, or data concerning sex life or sexual orientation; (b) financial account numbers, payment card data, or credentials; (c) government-issued identification numbers; (d) data subject to sector-specific confidentiality obligations under applicable law; or (e) data classified as secret or top-secret under any governmental security framework.
“Service Level Schedule” means any schedule attached to or incorporated into the Agreement that sets out applicable service availability commitments, if any, as described in Clause 17.
“Session” means a single continuous authenticated interaction between an Authorised User and the Platform, commencing upon successful login and terminating upon logout or session expiry.
“Subscriber” means the corporate entity, government body, academic institution, or other legal person that has entered into this Agreement with Basic Insight and on whose behalf Authorised Users access the Platform.
“Subscription Plan” means the tier of access and associated entitlements, including Token Limits and permitted number of Authorised Users, selected by the Subscriber and specified in an Order Form.
“Task” means a discrete unit of work executed by the AI Agent in response to a Prompt, including but not limited to: (a) executing a read-only SQL SELECT query against a Project Database; (b) parsing and analysing an Uploaded File; (c) generating a Generated Report; (d) creating or managing a survey instrument; (e) fetching and processing a publicly accessible web page; or (f) responding to a conversational query.
“Token” means a unit of computational resource consumption as defined by the underlying large language model infrastructure used by the AI Agent, broadly corresponding to a fragment of text (approximately 0.75 words on average), used as the basis for measuring and limiting AI Agent usage.
“Token Limit” means the maximum aggregate number of Tokens that may be consumed by a Subscriber or an individual Authorised User during a specified billing period, as set out in the applicable Order Form or Subscription Plan.
“Uploaded File” means any file, including files in Microsoft Excel format (.xlsx, .xls), Microsoft Word format (.docx, .doc), comma-separated values format (.csv), or other supported formats, that an Authorised User uploads to the Platform for analysis by the AI Agent.
“Workspace” means the isolated file-system directory and browser-accessible environment allocated to a Subscriber’s Project on the Platform’s servers, in which Generated Reports and other Workspace Content are stored and managed.
“Workspace Application” means an interactive HTML/JavaScript/CSS application generated by the AI Agent and hosted within the Workspace, which may utilise the Data Bridge API to query Project Databases dynamically.
“Workspace Content” means all files, directories, Generated Reports, Workspace Applications, and other digital artefacts stored within a Workspace, whether generated by the AI Agent or uploaded directly by Authorised Users.

1.2 Interpretation

In this Agreement, unless the context otherwise requires: (a) references to a “Clause” are to a clause of these Terms of Service; (b) the singular includes the plural and vice versa; (c) a reference to one gender includes all genders; (d) “including” and “includes” mean including or includes without limitation; (e) headings are for convenience only and shall not affect construction; (f) references to legislation include amendments and re-enactments; (g) references to “writing” include electronic communications to the extent permitted by applicable law; (h) references to “days” mean calendar days unless otherwise stated; and (i) where any ambiguity arises, the Agreement shall be construed neither for nor against either party by reason of its authorship.

2. Acceptance of Terms and Formation of Agreement

2.1 Binding Acceptance

This Agreement is formed and becomes legally binding upon the Subscriber upon the earliest of the following events: (a) the Subscriber clicking “I Agree,” “Accept,” or any equivalent acceptance mechanism presented during the Platform registration process; (b) the Subscriber executing an Order Form that expressly incorporates these Terms by reference; (c) an Authorised User accessing or using the Platform on behalf of the Subscriber; or (d) the Subscriber remitting payment of any Fees. Each of the foregoing shall constitute an unequivocal act of acceptance for the purposes of Section 7 of the Contracts Act 1950 (Malaysia) and, to the extent applicable, Section 9 of the Electronic Commerce Act 2006 (Malaysia) (“ECA 2006”), which recognises the legal validity of electronic offers and acceptances.

2.2 Authority to Bind

The individual accepting these Terms on behalf of a Subscriber represents and warrants that: (a) they have full legal authority to bind the Subscriber to this Agreement; (b) if accepting on behalf of a company or other legal entity, they have been duly authorised by the board of directors, governing body, or other appropriate authority of that entity; (c) acceptance does not violate any applicable law or any agreement to which the Subscriber is a party; and (d) the Subscriber is not a natural person acting in a purely consumer capacity. This Agreement is not intended for consumer use. In jurisdictions where certain consumer protection provisions cannot be lawfully excluded, such provisions shall apply notwithstanding anything to the contrary herein.

2.3 Electronic Contracting

The parties acknowledge and agree that: (a) this Agreement satisfies any requirement under applicable law that a contract be in writing, including under Section 7 of the ECA 2006 (Malaysia), Section 4 of the Electronic Transactions Act (Singapore), Section 9 of the Electronic Transactions Act B.E. 2544 (Thailand), and Article 11 of the Electronic Information and Transactions Law No. 11 of 2008 as amended by Law No. 19 of 2016 (Indonesia) (“ITE Law”); (b) electronic records of this Agreement and of any notice or communication under it shall be treated as original written records; and (c) electronic signatures, click-wrap acceptances, and conduct constituting acceptance are legally valid and enforceable to the same extent as handwritten signatures under the UNCITRAL Model Law on Electronic Commerce (1996) as adopted or adapted in applicable jurisdictions.

2.4 Incorporation by Reference

The following documents are hereby incorporated into and form part of this Agreement: (a) the Privacy Policy published at ai.research.my/privacy-policy/; (b) any Order Form executed by the parties; (c) any Data Processing Addendum agreed between the parties; (d) any Service Level Schedule; and (e) any Acceptable Use Policy supplement published by Basic Insight. In the event of conflict between these Terms of Service and any Order Form, the Order Form shall prevail to the extent of the conflict unless the Order Form expressly states otherwise.

3. Eligibility and Account Registration

3.1 Eligibility Requirements

Access to and use of the Platform is restricted exclusively to entities and individuals who satisfy all of the following criteria:

The Subscriber must be a corporate body, government agency, academic institution, research organisation, or other legal entity duly incorporated, registered, or recognised under the laws of its jurisdiction of formation;
Authorised Users must be natural persons who are at least eighteen (18) years of age and are acting within the scope of their professional or institutional duties;
Neither the Subscriber nor any Authorised User may be subject to any sanctions, embargoes, or trade restrictions that would prohibit receipt of the Platform services under applicable export control laws, as further described in Clause 27;
The Subscriber must not be a competitor of Basic Insight accessing the Platform for competitive intelligence purposes without prior written consent;
The Subscriber must have a legitimate professional, commercial, governmental, or institutional purpose for accessing the Platform.

3.2 Registration Process

To register for the Platform, the Subscriber shall: (a) complete the registration or onboarding process as directed by Basic Insight; (b) provide accurate, current, and complete information as required, including legal entity name, registered address, jurisdiction of incorporation, primary contact details, and technical configuration information for Project Databases; (c) designate at least one individual as an account administrator; and (d) accept this Agreement in the manner specified in Clause 2.1. Basic Insight reserves the right to verify the identity, authority, and eligibility of any Subscriber and to decline or revoke registration at its sole discretion, without liability, where verification cannot be satisfactorily completed.

3.3 Accuracy of Information

The Subscriber undertakes to maintain the accuracy, currency, and completeness of all registration and account information throughout the term of this Agreement. The Subscriber shall promptly notify Basic Insight of any change to the Subscriber’s legal name, address, contact details, authorised signatories, or technical configuration. Provision of false, misleading, or fraudulent registration information constitutes a material breach of this Agreement and may constitute an offence under applicable law, including Section 416 of the Penal Code (Malaysia) and Section 3 of the Computer Crimes Act 1997 (Malaysia) (“CCA 1997”).

3.4 Institutional Use

Where the Subscriber is a government agency or statutory body, the Subscriber represents that entry into this Agreement has been authorised by the appropriate governmental authority and does not contravene any applicable public procurement regulations, government contracting requirements, or statutory restrictions. Where the Subscriber is an academic institution, the Subscriber represents that it has obtained all necessary institutional approvals, including any required ethics committee or research ethics board approvals, prior to processing research data through the Platform.

4. Description of the Service / Platform

4.1 Platform Overview

AI.RESEARCH.MY is a multi-tenant AI research platform operated by Basic Insight that enables Authorised Users to conduct advanced data analysis, generate interactive reports, administer surveys, and derive analytical insights from structured and unstructured data sources through a conversational AI interface. The Platform is designed for use by sophisticated institutional, commercial, and governmental users who require scalable AI-assisted research capabilities integrated with their existing data infrastructure.

4.2 Core Capabilities

Subject to the terms hereof and the applicable Subscription Plan, the Platform provides the following capabilities:

Conversational AI Interface: Authorised Users may interact with the AI Agent through the Messaging Interface using natural-language Prompts. The AI Agent processes Prompts and executes Tasks to produce Outputs.
Database Query Execution: The AI Agent is capable of formulating and executing read-only SQL SELECT queries against connected Project Databases in response to Prompts. The Platform enforces strict read-only access at the database credential level and does not execute data manipulation language (DML) statements (INSERT, UPDATE, DELETE) or data definition language (DDL) statements against Project Databases.
File Analysis: Authorised Users may upload files in supported formats, including Microsoft Excel (.xlsx, .xls), Microsoft Word (.docx, .doc), and comma-separated values (.csv) formats, for analysis, parsing, summarisation, and transformation by the AI Agent.
Interactive Report Generation: The AI Agent may generate Generated Reports as self-contained HTML, JavaScript, and CSS artefacts stored in the Workspace, accessible via web browser and optionally incorporating live data from Project Databases via the Data Bridge API.
Survey Creation and Management: The AI Agent may assist in the creation, deployment, and analysis of survey instruments within the Platform environment.
Web Page Retrieval: The AI Agent may fetch, parse, and summarise the content of publicly accessible web pages as part of a Task, subject to applicable rate limits and the Acceptable Use Policy in Clause 12.
Workspace Management: Authorised Users and administrators may create, rename, and delete directories within the Workspace, and manage Workspace Content.
Administrative Dashboard: Designated administrators may access an administrative dashboard for managing Authorised Users, Projects, Conversations, Token usage reporting, and Workspace Content.

4.3 Multi-Tenant Architecture

The Platform operates on a Multi-Tenant Architecture in which multiple Subscribers share underlying software infrastructure. Basic Insight employs Project-level logical isolation to ensure that each Subscriber’s data, credentials, Workspace Content, and conversational history are logically separated from those of other Subscribers. However, the Subscriber acknowledges that Multi-Tenant Architecture involves inherent architectural trade-offs and that, notwithstanding Basic Insight’s security measures, absolute isolation cannot be contractually guaranteed in respect of all conceivable threat vectors. The data security obligations of the parties are set out in Clause 16.

4.4 Platform Evolution

Basic Insight reserves the right to modify, enhance, deprecate, or discontinue any feature or component of the Platform at any time, subject to reasonable notice where practicable. Subscribers on paid Subscription Plans shall receive no less than thirty (30) days’ advance notice of any material reduction in core functionality, except where such modification is required by applicable law, court order, or to address a critical security vulnerability.

5. User Accounts, Authentication, and Security

5.1 Account Credentials

Each Authorised User is assigned a unique set of login credentials (username and password) for access to the Platform. The Subscriber is responsible for the security, integrity, and proper management of all credentials issued to its Authorised Users. Credentials may not be shared, transferred, or disclosed to any person who is not the designated Authorised User.

5.2 Authentication Mechanism

The Platform employs session-based authentication with password storage utilising the bcrypt adaptive hashing function. Bcrypt Authentication incorporates a cost factor (work factor) to resist brute-force and dictionary attacks and stores credentials in hashed form only; plaintext passwords are not retained by the Platform. Notwithstanding the foregoing, the Subscriber acknowledges that no authentication mechanism is unconditionally secure and that the Subscriber retains primary responsibility for enforcing sound credential hygiene within its organisation.

5.3 Subscriber Security Obligations

The Subscriber shall, and shall ensure that each Authorised User shall:

Select strong passwords consistent with current industry best practices and change them regularly or upon any suspected compromise;
Not disclose credentials to any unauthorised person;
Immediately notify Basic Insight in writing upon becoming aware or suspecting that any credentials have been compromised, disclosed to an unauthorised party, or are being used without authorisation;
Log out of the Platform at the end of each Session;
Not access the Platform from publicly shared, unmanaged, or otherwise insecure computing devices or network environments without appropriate compensating controls;
Not attempt to circumvent, bypass, or undermine any authentication or access-control mechanism of the Platform.

5.4 Account Activity Responsibility

The Subscriber is fully responsible and liable for all activities conducted through its account and the accounts of its Authorised Users, whether or not such activities were authorised by the Subscriber. In the event of any suspected unauthorised access or security breach, Basic Insight may, at its sole discretion, suspend access to any affected account pending investigation, without prior notice and without liability. Such suspension shall not prejudice any claim Basic Insight may have arising from the security incident.

5.5 Project Database Credentials

The Subscriber shall provide read-only database credentials for each Project Database that it wishes to connect to the Platform. The Subscriber represents and warrants that: (a) such credentials are genuine and authorised for use with the Platform; (b) the Subscriber has the legal right to grant the Platform access to the Project Database; (c) the credentials grant only read-only (SELECT) access and do not permit data modification; and (d) the Subscriber will revoke such credentials immediately upon termination of the applicable Project or this Agreement.

6. Subscription Plans, Fees, and Payment Terms

6.1 Subscription Plans

Access to the Platform is provided pursuant to a Subscription Plan agreed between the parties in an Order Form. Subscription Plans are structured for enterprise and institutional clients and are priced based on factors including, without limitation: (a) the number of Authorised Users; (b) the aggregate Token Limit per billing period; (c) the number of Projects and connected Project Databases; (d) the storage capacity allocated to Workspaces; (e) the level of administrative and technical support provided; and (f) any custom integrations or professional services.

6.2 Fees and Invoicing

Fees shall be as specified in the applicable Order Form. Unless otherwise agreed in an Order Form: (a) subscription fees are payable in advance on a monthly or annual basis as specified; (b) usage-based fees and overage charges are calculated and invoiced in arrears following the close of each billing period; (c) Basic Insight shall issue invoices to the billing contact designated by the Subscriber; (d) all amounts are expressed and payable in the currency specified in the Order Form (which may be Malaysian Ringgit, United States Dollars, Singapore Dollars, or such other currency as agreed); and (e) all amounts are exclusive of applicable taxes.

6.3 Payment Terms

Invoices are due and payable within thirty (30) days of the invoice date unless a different payment period is specified in the Order Form. Payment shall be made by bank transfer, credit card, or such other payment method as Basic Insight may specify from time to time. The Subscriber shall bear all bank charges, currency conversion costs, and other transaction costs associated with remitting payment.

6.4 Late Payment

Without prejudice to any other right or remedy, if any amount due hereunder remains unpaid following the expiry of the payment period: (a) Basic Insight may charge interest on the overdue amount at the rate of one and a half percent (1.5%) per month, or the maximum rate permitted by applicable law if lower, compounded monthly from the due date until the date of actual payment; (b) Basic Insight may, upon not less than seven (7) days’ written notice, suspend the Subscriber’s access to the Platform until all outstanding amounts (including accrued interest) have been paid in full; and (c) Basic Insight may engage debt-collection agencies or initiate legal proceedings to recover the outstanding amounts, and the Subscriber shall indemnify Basic Insight for all reasonable costs of recovery including legal fees on a solicitor-client basis.

6.5 Taxes

The Subscriber is responsible for all taxes, levies, or duties imposed by any governmental authority on or in connection with the Fees, including any sales tax, service tax, goods and services tax (GST), value-added tax (VAT), withholding tax, or digital services tax applicable in the Subscriber’s jurisdiction. If Basic Insight is required by law to collect any such tax, it shall add the applicable amount to the invoice. Where the Subscriber is required by applicable law to withhold tax from any payment to Basic Insight, the Subscriber shall gross up the payment such that Basic Insight receives the full contracted amount after withholding. The Subscriber shall promptly provide Basic Insight with withholding tax certificates or other documentation evidencing any taxes withheld.

6.6 Fee Adjustments

Basic Insight reserves the right to adjust its standard Fees upon not less than sixty (60) days’ written notice prior to the start of the next renewal period. Fee adjustments shall not apply to the then-current committed subscription term. If the Subscriber objects to a Fee adjustment, it may elect not to renew by providing written notice in accordance with Clause 21.

6.7 Disputed Invoices

If the Subscriber reasonably and in good faith disputes any portion of an invoice, the Subscriber shall: (a) pay the undisputed portion by the applicable due date; (b) provide written notice of the disputed amount specifying in reasonable detail the basis for the dispute within fifteen (15) days of the invoice date; and (c) cooperate with Basic Insight in good faith to resolve the dispute. Disputed amounts shall not be subject to late-payment interest pending resolution, provided the dispute was raised in good faith and in a timely manner.

6.8 No Refunds

Except as expressly required by applicable mandatory law or as otherwise agreed in writing, all Fees paid are non-refundable. This includes Fees prepaid for subscription periods during which the Subscriber elects to terminate or reduce its Subscription Plan ahead of schedule. Basic Insight may, at its sole discretion, offer credits against future Fees as a goodwill gesture in circumstances it deems appropriate, but shall not be obligated to do so.

7. Token Usage, Limits, and Fair Use Policy

7.1 Token-Based Usage Model

The Platform measures AI Agent resource consumption using Tokens. Each Task executed by the AI Agent, including the processing of Prompts and the generation of Outputs, consumes a quantity of Tokens proportionate to the volume of text processed (both input and output) and the complexity of the underlying model operations. Token consumption rates vary by Task type, model configuration, and the length and complexity of Prompts and Outputs.

7.2 Token Limits

Each Subscription Plan includes a specified aggregate Token Limit per billing period, which may be allocated at the Subscriber level, the Project level, or the individual Authorised User level as configured in the Order Form or by the Subscriber’s administrator. Token Limits are enforced by the Platform’s administrative dashboard and usage-tracking systems. Where a Token Limit is approached or reached: (a) the Platform may warn Authorised Users and administrators of impending exhaustion; (b) upon exhaustion, the Platform may restrict or suspend further AI Agent operations until the next billing period or until the Subscriber purchases additional Token capacity; and (c) Basic Insight shall not be liable for any loss, inconvenience, or damage arising from the enforcement of Token Limits.

7.3 Token Overage

Where an Order Form provides for overage usage, Token consumption in excess of the applicable Token Limit shall be charged at the overage rate specified in the Order Form, calculated and invoiced in accordance with Clause 6.2. Where no overage provision exists, the Platform will suspend AI Agent operations upon exhaustion of the Token Limit.

7.4 Fair Use Policy

Notwithstanding the Token Limit, the Subscriber agrees not to use the Platform in a manner that:

Generates an abnormally high volume of automated Prompts without genuine human oversight or legitimate business purpose;
Deliberately submits excessively long or padded Prompts designed to consume disproportionate Token resources;
Artificially inflates Token consumption to test system limits or to disrupt Platform availability for other Subscribers;
Operates in a manner inconsistent with reasonable commercial or institutional use for the stated purpose of the Platform.

Basic Insight reserves the right to investigate usage patterns, contact the Subscriber, and take corrective action including throttling, temporary suspension, or termination where Fair Use Policy violations are identified.

7.5 Usage Reporting

Token usage data is made available to Subscriber administrators via the administrative dashboard in near-real time. Basic Insight shall retain Token usage records for a minimum of twelve (12) months for billing audit purposes. In the event of a billing dispute under Clause 6.7, Basic Insight’s usage records shall constitute prima facie evidence of actual Token consumption, subject to the Subscriber’s right to adduce contradictory evidence.

8. User Data, Data Ownership, and Intellectual Property

8.1 Subscriber Data Ownership

As between Basic Insight and the Subscriber, the Subscriber retains all right, title, and interest in and to: (a) all data stored in or accessible from Project Databases; (b) all Uploaded Files; (c) all proprietary business information, trade secrets, and confidential data of the Subscriber or its clients that are processed through the Platform; and (d) all data generated by or on behalf of the Subscriber in connection with its business operations. Nothing in this Agreement shall be construed as transferring ownership of Subscriber data to Basic Insight.

8.2 Licence to Process Subscriber Data

The Subscriber hereby grants to Basic Insight a non-exclusive, limited, revocable licence to access, process, transmit, and store Subscriber data (including data in Project Databases and Uploaded Files) solely to the extent necessary to: (a) provide the Platform and its features to the Subscriber and its Authorised Users; (b) perform administrative, maintenance, and support functions; (c) enforce this Agreement; and (d) comply with applicable law. Basic Insight shall not use Subscriber data for any other purpose, including training or fine-tuning AI models, developing competing products, or sharing with third parties, except as expressly permitted under this Agreement or required by applicable law.

8.3 Basic Insight Intellectual Property

Basic Insight retains all Intellectual Property Rights in and to the Platform, including its underlying software code, AI Agent architecture, algorithms, models, user interface designs, Data Bridge API, Workspace infrastructure, administrative systems, and all related documentation, enhancements, modifications, and derivative works. Nothing in this Agreement grants the Subscriber any Intellectual Property Rights in the Platform except the limited right to use the Platform in accordance with the applicable Subscription Plan. The Subscriber shall not, directly or indirectly, reverse engineer, decompile, disassemble, or attempt to derive the source code or underlying architecture of the Platform, except to the extent expressly permitted by applicable mandatory law.

8.4 Intellectual Property in Outputs

Subject to Clause 8.5, as between Basic Insight and the Subscriber, the Subscriber shall own all right, title, and interest in and to Outputs generated by the AI Agent in response to the Subscriber’s Prompts, to the extent such Outputs constitute independently copyrightable works under applicable law, including Chapter III of the Copyright Act 1987 (Malaysia) and the Berne Convention for the Protection of Literary and Artistic Works (as amended). The Subscriber acknowledges, however, that: (a) Outputs are generated by a machine process and their copyright status may vary by jurisdiction; (b) similar Outputs may be generated for other Subscribers whose Prompts yield similar results; and (c) Basic Insight makes no warranty as to the intellectual property status, originality, or freedom from third-party rights of any Output.

8.5 Licence Back to Basic Insight

The Subscriber grants to Basic Insight a non-exclusive, royalty-free, worldwide licence to retain, reproduce, and use anonymised, aggregated, and de-identified metadata derived from Subscriber usage of the Platform (including Token consumption patterns, feature usage statistics, and performance telemetry) for the purposes of improving Platform performance, capacity planning, and product development. Such metadata shall not contain any personally identifiable information, confidential data, or data that could reasonably be used to identify the Subscriber or its clients.

8.6 Third-Party Content

If the Subscriber or an Authorised User includes in any Prompt or Uploaded File any content that is subject to third-party Intellectual Property Rights, the Subscriber represents and warrants that it has obtained all necessary licences, consents, and authorisations for such inclusion and for the processing of such content by the Platform. The Subscriber shall indemnify Basic Insight in respect of any third-party intellectual property claims arising from the Subscriber’s or Authorised Users’ Prompts or Uploaded Files.

9. Workspace Content and Generated Reports

9.1 Nature of Workspace Content

The Workspace serves as a server-side file system environment in which Generated Reports and other Workspace Content are stored and made accessible via a web browser to Authorised Users. Generated Reports may take the form of self-contained HTML documents incorporating JavaScript and Cascading Style Sheet code, interactive data visualisations, survey dashboards, statistical summaries, or other digital artefacts produced by the AI Agent.

9.2 Workspace Applications and Live Data

Workspace Applications may utilise the Data Bridge API to query Project Databases dynamically and render live data within the browser-based interface. The Subscriber acknowledges that: (a) Workspace Applications are generated by an AI system and may contain errors in logic, presentation, or data representation; (b) Basic Insight does not independently verify the accuracy, completeness, or fitness for purpose of any Workspace Application; (c) the Subscriber is responsible for reviewing and testing all Workspace Applications prior to any operational or business-critical deployment; and (d) the accessibility of Workspace Applications to external users is the Subscriber’s responsibility, and the Subscriber shall implement appropriate access controls to restrict access as required.

9.3 Workspace Management

Authorised Users and administrators may create, rename, and delete directories and files within the Workspace. The Subscriber acknowledges that: (a) deletion of Workspace directories or files is irreversible; (b) Basic Insight does not guarantee the recovery of deleted Workspace Content; and (c) the Subscriber is responsible for maintaining its own backups of critical Workspace Content. Basic Insight’s backup policies are described in the Service Level Schedule, if any.

9.4 Storage Limits

Workspace storage is subject to the limits specified in the applicable Subscription Plan. Basic Insight reserves the right to charge for storage usage in excess of the included allocation at rates specified in the Order Form. Where storage limits are exceeded, Basic Insight may notify the Subscriber and, if the excess is not resolved within a reasonable time, may restrict the creation of new Workspace Content.

9.5 No Sensitive Data in Generated Reports

The Subscriber shall ensure that Generated Reports and Workspace Applications do not contain or expose Sensitive Data unless appropriate technical and organisational security measures are in place and the Subscriber has obtained all necessary consents and authorisations under applicable data protection law.

10. Database Connectivity and Data Processing

10.1 Subscriber’s Own Project Databases

The Platform connects to Project Databases owned, operated, and maintained by the Subscriber or by third parties contracted by the Subscriber. Basic Insight does not host, manage, own, or otherwise control Project Databases. The Platform serves solely as an analytical interface, issuing read-only SELECT queries against Project Databases in response to Authorised User Prompts and returning query results for processing by the AI Agent.

10.2 Read-Only Access Enforcement

The Platform is architecturally designed to issue only read-only SQL SELECT statements against connected Project Databases. Database credentials provided by the Subscriber are restricted to read-only access, and the Platform does not execute INSERT, UPDATE, DELETE, DROP, ALTER, CREATE, TRUNCATE, or any other data manipulation or data definition statements. Notwithstanding the foregoing, the Subscriber is solely responsible for ensuring that the credentials it provides to the Platform are configured with the minimum necessary permissions and that appropriate database-level access controls are in place as a defence-in-depth measure.

10.3 Subscriber Data Responsibility

The Subscriber represents and warrants that:

It has the legal right to provide the Platform with access to each Project Database, including any rights required under data protection law, intellectual property law, or contractual obligations with third parties;
The data in Project Databases was collected and is processed in compliance with all applicable laws, including data protection laws in all jurisdictions relevant to the data subjects;
It has obtained all necessary consents, authorisations, or other legal bases required for the processing of personal data contained in Project Databases by the Platform;
It will not provide the Platform with access to Project Databases containing Sensitive Data unless it has fully assessed the data protection and security implications and implemented appropriate safeguards.

10.4 Query Accuracy Disclaimer

The SQL queries generated by the AI Agent are based on its interpretation of natural-language Prompts and its understanding of the database schema (to the extent schema information is made available). The AI Agent may generate queries that: (a) return incomplete, incorrect, or misleading results; (b) are based on incorrect assumptions about the database schema or data semantics; or (c) are computationally inefficient. The Subscriber is solely responsible for independently verifying the accuracy and completeness of all query results before relying on them for any business, operational, or regulatory purpose.

10.5 Network Security

The Subscriber is responsible for ensuring that network connectivity between the Platform and each Project Database is secured using appropriate encryption, VPN, firewall, or other network security measures. Basic Insight recommends, and the Subscriber is strongly encouraged to adopt, encrypted database connections (e.g., TLS/SSL) and IP-allowlisting to restrict database access to the Platform’s infrastructure. Basic Insight shall not be liable for any data breach or loss arising from insecure network configurations maintained by the Subscriber.

11. AI Agent Limitations and Disclaimers

11.1 Nature of AI-Generated Outputs

The AI Agent is a probabilistic language model that generates Outputs based on statistical patterns in training data and the specific context of each Prompt. The Subscriber expressly acknowledges and accepts that:

AI-generated Outputs are not infallible and may contain factual errors, logical inconsistencies, computational mistakes, hallucinations (plausible-sounding but factually incorrect statements), outdated information, or outputs that are inappropriate for specific use cases;
The AI Agent does not possess consciousness, understanding, professional judgment, or domain expertise in the manner of a qualified human professional;
The accuracy, completeness, relevance, and fitness for purpose of any Output depend heavily on the quality, clarity, and completeness of the Prompt submitted by the Authorised User;
The AI Agent’s interpretation of database schemas, data structures, and business logic may be incorrect or incomplete;
Outputs generated in response to similar Prompts at different times may differ due to the stochastic nature of language model inference.

11.2 Not Professional Advice

No Output, regardless of its form or content, constitutes professional advice of any kind, including but not limited to legal advice, financial advice, investment advice, medical or clinical advice, accounting advice, engineering advice, regulatory compliance advice, or scientific opinion. The Subscriber shall not represent to any third party that any Output constitutes professional advice. Where decisions of material consequence are to be made in reliance on AI Agent Outputs, the Subscriber is solely responsible for obtaining independent professional advice from appropriately qualified human experts. Basic Insight expressly disclaims all liability arising from the Subscriber’s or any Authorised User’s reliance on Outputs as professional advice.

11.3 Regulatory Compliance Responsibility

The Subscriber acknowledges that the Platform and its Outputs do not constitute or substitute for regulatory compliance assessments, legal opinions, audit reports, or similar professional determinations. The Subscriber retains sole responsibility for ensuring that its use of the Platform and any action taken in reliance on Outputs complies with all applicable laws, regulations, and professional standards in all relevant jurisdictions.

11.4 Human Oversight Requirement

Given the limitations of AI systems described in this Clause 11, the Subscriber undertakes to ensure that qualified human personnel review, validate, and exercise independent judgment with respect to all material Outputs prior to any reliance upon them for operational, strategic, regulatory, or third-party-facing purposes. The Subscriber shall not establish automated pipelines that route AI Agent Outputs directly to consequential decision-making processes without appropriate human oversight, except in use cases where the risk of error has been independently assessed and accepted by the Subscriber.

12. Acceptable Use Policy

12.1 Permitted Uses

The Platform may be used solely for lawful, legitimate commercial, institutional, governmental, or research purposes consistent with the Subscriber’s stated use case and the applicable Subscription Plan.

12.2 Prohibited Uses

The Subscriber shall not, and shall ensure that Authorised Users do not, use the Platform for any of the following purposes:

Unlawful Activities: Any activity that violates applicable law, including the Contracts Act 1950, the CCA 1997, the Communications and Multimedia Act 1998 (“CMA 1998”), the Computer Crimes Act 1997, the Penal Code (Malaysia), or their equivalents in other applicable jurisdictions;
Unauthorised Access: Attempting to gain unauthorised access to any part of the Platform, to other Subscribers’ data or Workspaces, or to any connected system or network, in violation of Section 3 of the CCA 1997 (Malaysia), Section 3 of the Computer Misuse Act (Singapore), or equivalent legislation;
System Interference: Transmitting viruses, malware, Trojan horses, worms, ransomware, or other harmful code; conducting denial-of-service or distributed denial-of-service attacks; or engaging in any activity intended to degrade Platform performance or availability, in violation of Section 5 of the CCA 1997 (Malaysia) and analogous provisions;
Data Exfiltration: Using the Platform to systematically extract, harvest, copy, or compile data from Project Databases or the Platform itself for purposes beyond the Subscriber’s legitimate business use, including for sale to third parties or for competitive intelligence purposes;
Harmful Content Generation: Using the AI Agent to generate content that is defamatory, obscene, pornographic (particularly child sexual abuse material, which is a serious criminal offence), hateful, inciting violence, or otherwise harmful, in violation of the CMA 1998, Section 233 of the Communications and Multimedia Act 1998, and applicable criminal law;
Fraud and Deception: Using Outputs to perpetrate fraud, impersonation, financial manipulation, or any form of deception directed at any person or entity;
Intellectual Property Infringement: Uploading, processing, or disseminating content that infringes the Intellectual Property Rights of any third party, in violation of the Copyright Act 1987 (Malaysia) and the Berne Convention;
Privacy Violations: Processing personal data in a manner that violates applicable data protection law, including the Personal Data Protection Act 2010 (Malaysia) (“PDPA 2010”), the Personal Data Protection Act 2012 (Singapore), the Personal Data Protection Act B.E. 2562 (Thailand), and the ITE Law (Indonesia);
Regulated Activities: Using Outputs to provide regulated financial, legal, medical, or other professional services without holding the applicable professional licences and regulatory approvals;
Sanctions Evasion: Using the Platform in a manner designed to circumvent sanctions, embargoes, or export controls;
Competitive Intelligence: Accessing the Platform for the purpose of developing competing products or services, benchmarking the Platform against competing products for commercial publication, or reverse engineering the Platform without prior written consent;
Automated Abuse: Operating bots, scrapers, or automated scripts that generate Prompts without genuine human oversight and for purposes not constituting bona fide business use;
Credential Sharing: Sharing, selling, sub-licensing, or otherwise making available access credentials to persons who are not designated Authorised Users;
Platform Integrity: Attempting to manipulate, circumvent, or exploit any aspect of the Token counting, billing, or authentication systems;
Web Scraping Abuse: Using the Platform’s web-page retrieval capability to access, aggregate, or republish third-party content in violation of the terms of service of the source websites, applicable copyright law, or applicable data protection law.

12.3 Consequences of Policy Violations

Without prejudice to any other remedy available under this Agreement or applicable law, Basic Insight may, in respect of any actual or suspected violation of this Clause 12: (a) immediately suspend or terminate the relevant Authorised User’s access; (b) suspend or terminate the Subscriber’s entire account; (c) preserve and disclose relevant data to law enforcement or regulatory authorities as required or permitted by applicable law; and (d) seek injunctive relief, damages, and any other available legal remedy.

13. API Usage and Rate Limiting

13.1 Data Bridge API

The Data Bridge API enables Workspace Applications to submit parameterised read-only SQL queries to Project Databases and receive structured JSON responses, enabling the construction of dynamic, data-driven Workspace Applications. API access is restricted to authenticated sessions and Project-level credentials. All Data Bridge API queries are subject to the read-only access restrictions described in Clause 10.2.

13.2 API Rate Limits

API calls to the Data Bridge API and other Platform API endpoints are subject to rate limits established by Basic Insight from time to time. Current rate limits are published in the Platform documentation. Rate limits may be set at the per-Authorised-User, per-Project, or per-Subscriber level. Basic Insight reserves the right to adjust rate limits in response to system load, security concerns, or fair use considerations, and will endeavour to notify Subscribers of material changes to rate limits with reasonable advance notice.

13.3 API Abuse

The Subscriber shall not use the Data Bridge API in a manner that: (a) generates requests at a rate exceeding applicable rate limits; (b) is designed to circumvent rate-limiting measures; (c) places unreasonable load on Project Database infrastructure; (d) facilitates unauthorised access to Project Databases; or (e) exposes the Data Bridge API endpoint to public internet access without appropriate authentication controls. Basic Insight may throttle, suspend, or terminate API access for any Subscriber whose usage patterns are reasonably determined to constitute API abuse.

13.4 API Documentation and Changes

Basic Insight shall provide API documentation to Subscribers sufficient to enable the intended use of the Data Bridge API. Basic Insight reserves the right to modify, deprecate, or replace API endpoints upon reasonable notice. Subscribers are responsible for updating Workspace Applications to remain compatible with current API specifications.

14. Third-Party Services and Integrations

14.1 Third-Party Services Used by the Platform

The Platform incorporates or interfaces with third-party services and technologies, including, without limitation:

Email Services: Transactional email delivery services, currently provided by Twilio SendGrid, Inc. (“SendGrid”), for the delivery of account-related and system notification emails. SendGrid’s use of Subscriber and Authorised User email data is governed by SendGrid’s own terms of service and privacy policy;
Underlying AI Model Infrastructure: The AI Agent relies on large language model infrastructure provided by one or more third-party AI providers. The identity of such providers may change over time. Processing of Prompts and generation of Outputs may involve transmission of data to such third-party model providers;
Cloud Infrastructure Providers: The Platform is hosted on cloud infrastructure provided by third-party cloud service providers. The physical and logical security of the hosting environment is partially dependent on such providers’ security controls.

14.2 Third-Party Terms

The Subscriber’s use of the Platform may be subject to the terms of service, acceptable use policies, and privacy policies of relevant third-party service providers. Basic Insight shall provide the Subscriber with information about material third-party services upon request. The Subscriber acknowledges that Basic Insight cannot guarantee the continued availability or performance of any third-party service and that changes in third-party service terms or the discontinuation of third-party services may affect the availability or functionality of the Platform.

14.3 External Website Retrieval

Where the AI Agent retrieves and processes the content of external websites in response to Prompts, such retrieval is subject to the terms of service and applicable legal restrictions of the respective websites. The Subscriber is responsible for ensuring that its use of web-retrieval functionality complies with applicable law, including copyright law and the terms of service of the accessed websites. Basic Insight is not responsible for the accuracy, legality, or completeness of content retrieved from external websites.

14.4 No Endorsement

The inclusion of third-party services in the Platform does not constitute an endorsement of such services by Basic Insight. Basic Insight makes no representation or warranty with respect to the quality, security, legality, or fitness for purpose of any third-party service.

15. Confidentiality and Non-Disclosure

15.1 Definition of Confidential Information

“Confidential Information” means all non-public information disclosed by one party (the “Disclosing Party”) to the other party (the “Receiving Party”) in connection with this Agreement, whether disclosed orally, in writing, electronically, or in any other form, and whether or not marked as confidential, that: (a) is of a type that a reasonable person in the relevant industry would recognise as confidential or proprietary; or (b) has been designated as confidential by the Disclosing Party. Confidential Information includes, without limitation: in the case of the Subscriber, data stored in Project Databases, Workspace Content, Uploaded Files, business strategies and plans, customer and supplier information, financial information, and research methodologies; in the case of Basic Insight, Platform architecture, source code, algorithms, AI model configurations, pricing structures, and product roadmaps.

15.2 Confidentiality Obligations

Each party undertakes that it shall:

Hold the Disclosing Party’s Confidential Information in strict confidence;
Not disclose or permit the disclosure of any Confidential Information to any third party without the prior written consent of the Disclosing Party, except as permitted under Clause 15.3;
Use the Confidential Information solely for the purposes of performing its obligations or exercising its rights under this Agreement;
Implement reasonable technical and organisational measures to protect the Confidential Information from unauthorised access, use, or disclosure, applying no less than the same degree of care as it applies to its own confidential information of comparable sensitivity, and in any event no less than reasonable care.

15.3 Permitted Disclosures

The Receiving Party may disclose Confidential Information: (a) to its employees, officers, directors, agents, contractors, and advisers who have a need to know such information for the purposes of this Agreement and who are bound by confidentiality obligations no less protective than those in this Clause 15; (b) to the extent required by applicable law, court order, or regulatory authority, provided that the Receiving Party (to the extent lawfully permitted) promptly notifies the Disclosing Party and cooperates with the Disclosing Party in seeking a protective order or other appropriate relief; or (c) with the prior written consent of the Disclosing Party.

15.4 Exceptions

The confidentiality obligations in this Clause 15 do not apply to information that: (a) is or becomes publicly available other than as a result of a breach of this Agreement; (b) was already known to the Receiving Party prior to disclosure without restriction; (c) is independently developed by the Receiving Party without reference to the Disclosing Party’s Confidential Information; or (d) is received from a third party who is not under any confidentiality obligation in respect of such information.

15.5 Duration

The confidentiality obligations in this Clause 15 shall survive the termination or expiry of this Agreement for a period of five (5) years, except in respect of trade secrets and Sensitive Data, in respect of which the obligations shall survive indefinitely.

16. Data Security Obligations

16.1 Basic Insight Security Obligations

Basic Insight shall implement and maintain technical and organisational security measures appropriate to the nature of the data processed and the risks involved, including:

Bcrypt-based password hashing for all Authorised User credentials;
Multi-tenant logical isolation ensuring that each Subscriber’s data, credentials, and Workspace Content are not accessible to other Subscribers;
Encryption of data in transit using industry-standard protocols (e.g., TLS 1.2 or higher);
Access controls limiting Platform administrator access to authorised Basic Insight personnel with a legitimate operational need;
Regular security assessments and vulnerability management;
Incident response procedures for identifying, containing, and notifying affected parties of security incidents.

16.2 Subscriber Security Obligations

The Subscriber shall implement and maintain technical and organisational security measures sufficient to:

Secure the credentials of Authorised Users as described in Clause 5.3;
Restrict access to Project Databases to appropriately authorised personnel and systems, including by means of network-level controls and least-privilege access principles;
Ensure that Project Database credentials provided to the Platform are read-only and scoped to the minimum necessary database objects;
Secure the internal network environment from which Authorised Users access the Platform;
Comply with all applicable data protection and information security laws and standards relevant to the data processed through the Platform.

16.3 Security Incident Notification

Each party shall notify the other party without undue delay, and in any event within seventy-two (72) hours, upon becoming aware of any security incident that: (a) results in or is reasonably likely to result in unauthorised access to, disclosure of, or loss of the other party’s Confidential Information; or (b) may constitute a notifiable personal data breach under applicable data protection law. Notification shall include, to the extent then known, a description of the incident, the categories and approximate volume of data affected, and the measures taken or proposed to address the incident.

16.4 No Absolute Security Guarantee

The Subscriber acknowledges that no information security measure is completely impenetrable and that Basic Insight does not warrant that the Platform or any data processed thereon will be free from all security vulnerabilities, breaches, or losses. Basic Insight’s liability in respect of security incidents is limited as set out in Clause 19.

17. Service Level and Availability

17.1 Beta and Development Status

The Platform, or certain features thereof, may be provided in beta, preview, or pre-release form. During any such period: (a) no service level agreement (“SLA”) or availability commitment applies unless expressly stated in a separate written Service Level Schedule executed by the parties; (b) the Platform may be subject to more frequent maintenance windows, interruptions, and feature changes than a generally available production service; and (c) data generated during a beta period may be subject to deletion upon the conclusion of the beta period, with advance notice where practicable.

17.2 General Availability

Where the Platform or a specific feature has reached general availability status, Basic Insight shall use commercially reasonable efforts to ensure that the Platform is available twenty-four (24) hours per day, seven (7) days per week, subject to: (a) scheduled maintenance windows (for which Basic Insight shall endeavour to provide at least forty-eight (48) hours’ advance notice); (b) unscheduled emergency maintenance; (c) Force Majeure Events; and (d) factors outside Basic Insight’s reasonable control, including third-party service outages and network disruptions.

17.3 Service Level Agreement

Specific availability commitments and service level credits, if any, are set out in a Service Level Schedule attached to or incorporated into the applicable Order Form. In the absence of a Service Level Schedule, no specific availability percentage is warranted and no service level credits shall accrue. The Subscriber’s sole remedy for service unavailability, in all cases, is the service level credits (if any) specified in the applicable Service Level Schedule, subject to the limitation of liability provisions in Clause 19.

17.4 Maintenance Notifications

Basic Insight shall notify Subscribers of planned maintenance activities via email or platform notification to the designated account administrator. Emergency maintenance required to address critical security vulnerabilities or system integrity issues may be performed without prior notice.

18. Indemnification

18.1 Indemnification by Subscriber

The Subscriber (as “Indemnitor”) shall indemnify, defend (at Basic Insight’s option), and hold harmless Basic Insight and its officers, directors, employees, agents, subcontractors, and successors (each, an “Indemnitee”) from and against any and all claims, demands, actions, proceedings, losses, damages, costs, expenses, and liabilities (including reasonable legal fees) arising out of or in connection with:

Any breach by the Subscriber or any Authorised User of this Agreement;
Any violation by the Subscriber or any Authorised User of any applicable law or regulation;
Any third-party claim arising from the Subscriber’s or Authorised User’s use of the Platform, including claims arising from the content of Prompts, Uploaded Files, or Generated Reports;
Any claim that the Subscriber’s data or content infringes the Intellectual Property Rights of any third party;
The Subscriber’s reliance on any Output as professional advice;
Any data breach arising from the Subscriber’s failure to comply with its security obligations under Clause 16.2;
Any claim arising from the Subscriber’s provision to the Platform of access to a Project Database that the Subscriber was not authorised to share or that contained data processed in violation of applicable data protection law.

18.2 Indemnification by Basic Insight

Subject to Clause 18.3, Basic Insight (as “Indemnitor”) shall indemnify, defend (at the Subscriber’s option), and hold harmless the Subscriber and its officers, directors, and employees (each, an “Indemnitee”) from and against any and all claims, demands, actions, proceedings, losses, damages, costs, expenses, and liabilities (including reasonable legal fees) arising out of any bona fide third-party claim that the Platform (excluding Subscriber data, Prompts, Outputs, and Workspace Content) infringes any registered Intellectual Property Right of a third party in the jurisdictions in which the Platform is offered.

18.3 IP Indemnity Exclusions

Basic Insight’s indemnification obligation under Clause 18.2 shall not apply where the alleged infringement arises from: (a) modification of the Platform by the Subscriber or any third party other than Basic Insight; (b) combination of the Platform with third-party products or services not approved by Basic Insight; (c) the Subscriber’s continued use of a version of the Platform after Basic Insight has provided a non-infringing update; or (d) the Subscriber’s use of the Platform in a manner not permitted under this Agreement.

18.4 Indemnification Procedure

As a condition of receiving indemnification, the Indemnitee shall: (a) promptly notify the Indemnitor in writing of any claim for which indemnification is sought, and in any event within fifteen (15) business days of becoming aware of such claim (failure to give timely notice shall not relieve the Indemnitor of its obligations except to the extent the Indemnitor is materially prejudiced by such failure); (b) grant the Indemnitor sole control of the defence and settlement of the claim (provided that any settlement that imposes obligations on the Indemnitee requires the Indemnitee’s prior written consent, not to be unreasonably withheld); and (c) provide the Indemnitor with reasonable cooperation and information in connection with the defence.

19. Limitation of Liability

19.1 Exclusion of Consequential Damages

TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, NEITHER PARTY SHALL BE LIABLE TO THE OTHER FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, PUNITIVE, OR EXEMPLARY DAMAGES ARISING OUT OF OR IN CONNECTION WITH THIS AGREEMENT OR THE USE OF OR INABILITY TO USE THE PLATFORM, INCLUDING BUT NOT LIMITED TO: LOSS OF REVENUE, LOSS OF PROFITS, LOSS OF ANTICIPATED SAVINGS, LOSS OF BUSINESS OR CONTRACTS, LOSS OF DATA, BUSINESS INTERRUPTION, LOSS OF GOODWILL, OR COST OF PROCURING SUBSTITUTE SERVICES, EVEN IF THE PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES AND REGARDLESS OF THE THEORY OF LIABILITY (CONTRACT, TORT INCLUDING NEGLIGENCE, STRICT LIABILITY, OR OTHERWISE).

19.2 Aggregate Liability Cap

TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, EACH PARTY’S TOTAL AGGREGATE LIABILITY TO THE OTHER PARTY ARISING OUT OF OR IN CONNECTION WITH THIS AGREEMENT, WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE), BREACH OF STATUTORY DUTY, OR OTHERWISE, SHALL NOT EXCEED THE GREATER OF: (A) THE TOTAL FEES PAID OR PAYABLE BY THE SUBSCRIBER TO BASIC INSIGHT IN THE TWELVE (12) CALENDAR MONTHS IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO THE CLAIM; OR (B) MALAYSIAN RINGGIT FIVE THOUSAND (MYR 5,000).

19.3 Exceptions to Liability Cap

Notwithstanding Clause 19.2, nothing in this Agreement shall limit or exclude either party’s liability for: (a) death or personal injury caused by its negligence; (b) fraud or fraudulent misrepresentation; (c) any liability that cannot be excluded or limited under applicable mandatory law; or (d) the Subscriber’s indemnification obligations in Clause 18.1 to the extent arising from the Subscriber’s wilful misconduct, gross negligence, or criminal acts.

19.4 Basis of the Bargain

The parties acknowledge that the limitations of liability in this Clause 19 reflect a reasonable allocation of risk between sophisticated commercial parties and form an essential basis of the bargain between them. In the absence of such limitations, the Fees would necessarily be substantially higher.

19.5 AI Output Liability

Without limiting the foregoing, Basic Insight shall have no liability whatsoever to the Subscriber or any third party for any loss, damage, or consequence arising from: (a) any error, inaccuracy, or omission in any Output; (b) any decision made by the Subscriber or any third party in reliance on any Output; or (c) any action or omission that constitutes reliance on any Output as professional advice.

20. Warranties and Disclaimers

20.1 Mutual Warranties

Each party represents and warrants to the other that: (a) it has full legal capacity and authority to enter into and perform its obligations under this Agreement; (b) this Agreement constitutes a legal, valid, and binding obligation of such party, enforceable against it in accordance with its terms; and (c) entry into and performance of this Agreement does not violate any applicable law, regulation, or agreement binding upon it.

20.2 Basic Insight Warranties

Basic Insight warrants that: (a) it will provide the Platform using reasonable care and skill; (b) the Platform, at the time of delivery to the Subscriber, will not knowingly contain malicious code intentionally introduced by Basic Insight; and (c) Basic Insight has the right to grant to the Subscriber the licences and access rights provided under this Agreement.

20.3 Disclaimer of Warranties

EXCEPT AS EXPRESSLY SET OUT IN CLAUSE 20.2, THE PLATFORM, ALL OUTPUTS, ALL GENERATED REPORTS, ALL WORKSPACE CONTENT, AND ALL OTHER MATERIALS AND SERVICES PROVIDED UNDER THIS AGREEMENT ARE PROVIDED “AS IS” AND “AS AVAILABLE,” WITHOUT ANY WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO:

ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT;
ANY WARRANTY THAT THE PLATFORM WILL MEET THE SUBSCRIBER’S REQUIREMENTS OR EXPECTATIONS;
ANY WARRANTY OF ACCURACY, COMPLETENESS, RELIABILITY, CURRENCY, OR FREEDOM FROM ERROR IN RESPECT OF ANY OUTPUT OR GENERATED REPORT;
ANY WARRANTY THAT THE PLATFORM WILL OPERATE WITHOUT INTERRUPTION, DELAY, OR ERROR;
ANY WARRANTY THAT THE AI AGENT’S DATABASE QUERIES WILL RETURN CORRECT OR COMPLETE RESULTS;
ANY WARRANTY THAT THE PLATFORM IS FREE FROM SECURITY VULNERABILITIES OR THAT DATA PROCESSED THEREON WILL NEVER BE SUBJECT TO UNAUTHORISED ACCESS.

20.4 No Warranty of AI Outputs

Basic Insight expressly disclaims all warranties of accuracy, completeness, or fitness for purpose in respect of any Output generated by the AI Agent. The AI Agent is a probabilistic system whose Outputs depend on training data, model architecture, and contextual factors beyond Basic Insight’s complete control. The Subscriber accepts sole responsibility for validating Outputs against authoritative sources before any operational reliance.

21. Term, Suspension, and Termination

21.1 Term

This Agreement commences on the Effective Date and continues for the initial subscription term specified in the applicable Order Form (the “Initial Term”). Unless otherwise specified, following the expiry of the Initial Term, this Agreement shall automatically renew for successive periods equal to the Initial Term (each a “Renewal Term”) unless either party provides written notice of non-renewal to the other party not less than thirty (30) days prior to the end of the then-current term.

21.2 Suspension by Basic Insight

Basic Insight may, without prejudice to its other rights, immediately suspend the Subscriber’s access to the Platform (in whole or in part) if:

The Subscriber fails to pay any undisputed amount due under this Agreement within ten (10) days of written notice of non-payment;
Basic Insight reasonably believes that the Subscriber’s or any Authorised User’s use of the Platform poses an immediate security risk to the Platform or to other Subscribers;
The Subscriber or any Authorised User is in material breach of the Acceptable Use Policy (Clause 12);
Required to do so by applicable law, court order, or regulatory authority;
The Subscriber exceeds its Token Limit and no overage arrangement is in place.

Basic Insight will endeavour to provide advance notice of suspension except in emergency circumstances. Suspension does not relieve the Subscriber of its obligation to pay Fees accrued prior to the suspension.

21.3 Termination for Cause

Either party may terminate this Agreement with immediate effect by written notice to the other party if: (a) the other party commits a material breach of this Agreement that is either incapable of remedy or (if capable of remedy) is not remedied within thirty (30) days of written notice specifying the breach and requiring its remedy; (b) the other party becomes insolvent, enters into administration, receivership, voluntary arrangement, or any analogous insolvency proceeding; or (c) the other party ceases or threatens to cease carrying on business.

21.4 Termination for Convenience

Subject to any minimum committed term agreed in the applicable Order Form, either party may terminate this Agreement without cause upon not less than sixty (60) days’ written notice to the other party. Termination for convenience by the Subscriber shall not entitle the Subscriber to a refund of any prepaid Fees except as expressly required by applicable mandatory law.

21.5 Termination by Basic Insight

Basic Insight may terminate this Agreement immediately by written notice if the Subscriber provides false registration information, engages in fraudulent conduct, or uses the Platform in a manner that violates applicable law or regulation.

22. Effects of Termination

22.1 Cessation of Rights

Upon termination or expiry of this Agreement for any reason: (a) all licences and access rights granted to the Subscriber and its Authorised Users under this Agreement shall immediately terminate; (b) the Subscriber and all Authorised Users shall immediately cease accessing and using the Platform; and (c) any outstanding unpaid Fees shall become immediately due and payable.

22.2 Data Export

For a period of thirty (30) calendar days following the effective date of termination or expiry (“Data Export Period”), the Subscriber may request that Basic Insight provide a copy of Workspace Content in a reasonably accessible format. Basic Insight shall use reasonable efforts to facilitate such export. Subscriber acknowledges that Workspace Content may include dynamically generated HTML/JS/CSS artefacts and that the format of export may be limited to the formats in which such content exists on the Platform’s file system.

22.3 Workspace Deletion

Upon the expiry of the Data Export Period, Basic Insight may permanently and irreversibly delete all Workspace Content, conversation history, Authorised User accounts, and other data associated with the Subscriber’s account from the Platform’s systems, including any backups. The Subscriber acknowledges that such deletion may be irreversible and that Basic Insight shall have no liability in respect of data deleted following the expiry of the Data Export Period.

22.4 Project Database Credentials

Upon termination, Basic Insight shall promptly and securely delete or return all Project Database credentials held in connection with the Subscriber’s Projects. The Subscriber is strongly advised to revoke and rotate all database credentials previously provided to the Platform immediately upon termination.

22.5 Survival

The following provisions shall survive the termination or expiry of this Agreement: Clause 1 (Definitions), Clause 8 (Data Ownership and IP), Clause 15 (Confidentiality), Clause 18 (Indemnification), Clause 19 (Limitation of Liability), Clause 20.3–20.4 (Disclaimers), Clause 22 (Effects of Termination), Clause 24 (Dispute Resolution), and Clause 25 (General Provisions).

23. Force Majeure

23.1 Definition

A “Force Majeure Event” means any event or circumstance beyond the reasonable control of the affected party that prevents or delays the performance of that party’s obligations under this Agreement, including but not limited to: acts of God; earthquake; flood; fire; storm; epidemic; pandemic; public health emergency; acts of war; terrorism; civil unrest; government action; sanctions; embargoes; regulatory orders; cyberattacks or distributed denial-of-service attacks of a scale and sophistication beyond reasonable mitigation; nationwide or regional telecommunications or internet outages; or failures of third-party service providers that are outside the affected party’s reasonable control.

23.2 Effect of Force Majeure

If a party is prevented from, or delayed in, performing any of its obligations under this Agreement by reason of a Force Majeure Event: (a) that party’s obligations shall be suspended for the duration of the Force Majeure Event; (b) the affected party shall promptly notify the other party in writing, specifying the nature of the Force Majeure Event, the obligations affected, and the anticipated duration; (c) the affected party shall use all reasonable endeavours to minimise the impact of the Force Majeure Event and to resume performance as soon as practicable; and (d) the other party’s corresponding obligations (including payment obligations for services actually withheld) shall be suspended pro rata. Force Majeure does not excuse the Subscriber’s obligation to pay Fees for services actually received prior to the Force Majeure Event.

23.3 Extended Force Majeure

If a Force Majeure Event continues for a period exceeding ninety (90) consecutive days, either party may terminate this Agreement on thirty (30) days’ written notice without liability to the other party, save for payment of all amounts already due.

24. Dispute Resolution

24.1 Governing Law

This Agreement and any non-contractual obligations arising out of or in connection with it shall be governed by and construed in accordance with the laws of Malaysia, without regard to its conflict-of-laws principles. The parties expressly agree that the United Nations Convention on Contracts for the International Sale of Goods (CISG) shall not apply to this Agreement.

24.2 Amicable Resolution

In the event of any dispute, controversy, or claim arising out of or relating to this Agreement, or the breach, termination, or invalidity thereof (“Dispute”), the parties shall first endeavour to resolve the Dispute amicably through good-faith negotiations between senior representatives of each party. Either party may initiate the amicable resolution process by providing written notice to the other party specifying the nature of the Dispute in reasonable detail. The parties shall have thirty (30) days from the date of such notice (or such extended period as they may agree in writing) to attempt to resolve the Dispute through negotiation.

24.3 Arbitration

If the Dispute is not resolved through amicable negotiation within the period specified in Clause 24.2, either party may submit the Dispute to binding arbitration administered by the Asian International Arbitration Centre (“AIAC”), located in Kuala Lumpur, Malaysia, in accordance with the AIAC Arbitration Rules in force at the time of submission. The arbitration shall be conducted as follows:

The seat of arbitration shall be Kuala Lumpur, Malaysia;
The language of arbitration shall be English;
The number of arbitrators shall be one (1) where the aggregate amount in dispute is less than Malaysian Ringgit Five Hundred Thousand (MYR 500,000), and three (3) in all other cases;
The arbitral award shall be final and binding on the parties and may be enforced in any court of competent jurisdiction;
The parties agree to maintain the confidentiality of all arbitral proceedings, submissions, and awards, subject to any disclosure required by applicable law or for the purposes of enforcement.

24.4 Interim Relief

Nothing in this Clause 24 shall prevent either party from seeking urgent injunctive, conservatory, or other interim relief from a court of competent jurisdiction pending the constitution of an arbitral tribunal or the conclusion of arbitral proceedings. For such purposes, the parties irrevocably submit to the non-exclusive jurisdiction of the courts of Malaysia.

24.5 No Class Proceedings

To the fullest extent permitted by applicable law, the Subscriber waives any right to participate in any class action, collective, or representative arbitration or legal proceeding against Basic Insight, whether in arbitration or in court.

25. General Provisions

25.1 Entire Agreement

This Agreement, together with the documents incorporated by reference in Clause 2.4, constitutes the entire agreement between the parties with respect to its subject matter and supersedes all prior and contemporaneous agreements, representations, warranties, understandings, proposals, and negotiations, whether written or oral, between the parties in relation to such subject matter.

25.2 Severability

If any provision of this Agreement is found by a court or arbitral tribunal of competent jurisdiction to be invalid, illegal, or unenforceable, that provision shall be deemed modified to the minimum extent necessary to make it valid, legal, and enforceable. If such modification is not possible, the relevant provision shall be deemed deleted. The modification or deletion of any provision shall not affect the validity and enforceability of the remaining provisions of this Agreement.

25.3 Waiver

No failure or delay by either party in exercising any right or remedy under this Agreement shall operate as a waiver of that right or remedy, nor shall any single or partial exercise of any right or remedy preclude any further or other exercise of that right or remedy or the exercise of any other right or remedy. Any waiver of any right or remedy under this Agreement must be in writing and signed by the party granting the waiver.

25.4 Assignment

The Subscriber may not assign, transfer, sub-licence, delegate, charge, or otherwise encumber any of its rights or obligations under this Agreement without the prior written consent of Basic Insight, which shall not be unreasonably withheld in the case of an assignment to a successor entity in connection with a bona fide merger, acquisition, or corporate restructuring, provided that the assignee assumes all of the Subscriber’s obligations under this Agreement. Basic Insight may assign this Agreement, in whole or in part, to any affiliate, successor entity, or acquirer of all or substantially all of the assets of Basic Insight’s business relating to the Platform, upon written notice to the Subscriber.

25.5 Notices

All notices, demands, consents, approvals, and other communications required or permitted under this Agreement shall be in writing and shall be deemed duly given: (a) if delivered personally, upon delivery; (b) if sent by prepaid courier or registered post, upon the earlier of actual receipt or three (3) business days after dispatch; (c) if sent by email, upon transmission provided the sender receives a delivery receipt or does not receive a delivery failure notification within twenty-four (24) hours. Notices to Basic Insight shall be addressed to its principal place of business in Kuala Lumpur, Malaysia, with a copy by email to legal@ai.research.my (or such other address as Basic Insight may notify from time to time). Notices to the Subscriber shall be sent to the address specified in the Subscriber’s account registration or the applicable Order Form.

25.6 Relationship of the Parties

The parties are independent contractors. Nothing in this Agreement shall be construed to create a partnership, joint venture, agency, employment, or fiduciary relationship between the parties. Neither party shall have the authority to bind the other party to any obligation or commitment without the other party’s prior written consent.

25.7 Amendments

Basic Insight reserves the right to amend these Terms of Service from time to time. Basic Insight shall provide not less than thirty (30) days’ advance written notice of any material amendment to Subscribers. If the Subscriber does not object to the proposed amendment within twenty (20) days of the notice, the amendment shall be deemed accepted. If the Subscriber objects to a material amendment, the Subscriber may terminate this Agreement effective at the end of the then-current subscription term by providing written notice within the twenty (20)-day objection window. Amendments to pricing are governed by Clause 6.6. Notwithstanding the foregoing, Basic Insight may make non-material changes, including typographical corrections, clarifications, and additions to examples, without prior notice.

25.8 Third-Party Rights

This Agreement is for the benefit of the parties only, and is not intended to confer any benefit on or be enforceable by any third party except as expressly stated. The Contracts (Rights of Third Parties) Act or any analogous legislation in the applicable jurisdiction shall not apply to this Agreement.

25.9 Counterparts

This Agreement (including any Order Form or addendum) may be executed in counterparts, each of which shall be deemed an original, and all of which, taken together, shall constitute one and the same instrument. Electronic signatures and click-wrap acceptances shall be treated as valid execution of counterparts.

26. Jurisdiction-Specific Provisions

26.1 Malaysia

For Subscribers and Authorised Users located in Malaysia or whose data is processed primarily in Malaysia:

Contracts Act 1950 (Malaysia): This Agreement is governed by the Contracts Act 1950 (Revised 1974) and shall be construed accordingly. The parties confirm that this Agreement satisfies the requirements of a valid contract under Section 10 of the Contracts Act 1950, including free consent, lawful consideration, and lawful object.
Electronic Commerce Act 2006 (Malaysia) (“ECA 2006”): The parties acknowledge that this Agreement is an electronic contract within the meaning of the ECA 2006 and that electronic messages forming or evidencing this Agreement have legal effect as provided in Section 7 of the ECA 2006.
Communications and Multimedia Act 1998 (“CMA 1998”): The Subscriber acknowledges that use of the Platform is subject to the CMA 1998, including provisions relating to content standards and network security. Any content that violates the standards prescribed under the CMA 1998 or the Content Code issued by the Communications and Multimedia Content Forum of Malaysia is strictly prohibited.
Computer Crimes Act 1997 (“CCA 1997”): Unauthorised access to the Platform or to connected databases constitutes an offence under Section 3 (Unauthorised Access to Computer Material) and Section 5 (Wrongful Communication) of the CCA 1997 and may result in criminal prosecution. Basic Insight will cooperate with Malaysian law enforcement authorities in respect of any suspected CCA 1997 violations.
Personal Data Protection Act 2010 (“PDPA 2010”): Where the Subscriber is a data user within the meaning of the PDPA 2010, the Subscriber acknowledges its obligations as a data user in respect of personal data processed through the Platform and confirms that any personal data shared with or processed by the Platform is handled in accordance with the seven (7) Personal Data Protection Principles set out in Part II of the PDPA 2010.

26.2 Singapore

For Subscribers and Authorised Users located in Singapore or whose data is processed primarily in Singapore:

Electronic Transactions Act (Cap. 88) (“ETA”): This Agreement satisfies the requirements of an electronic contract under the ETA and has the same legal effect as a paper-based contract. Electronic records and electronic signatures associated with this Agreement are legally valid under Part II of the ETA.
Computer Misuse Act (Cap. 50A) (“CMA-SG”): Any unauthorised access to the Platform or connected systems by or through Authorised Users located in Singapore may constitute an offence under the CMA-SG. The Subscriber shall ensure that all Authorised Users in Singapore comply with the CMA-SG.
Personal Data Protection Act 2012 (“PDPA-SG”): Subscribers processing personal data of Singapore residents through the Platform must comply with the PDPA-SG, including its data protection obligations and the mandatory data breach notification obligation under Part VI of the PDPA-SG.

26.3 Thailand

For Subscribers and Authorised Users located in Thailand or whose data is processed primarily in Thailand:

Computer Crime Act B.E. 2550 (2007) (“CCA-TH”): The Subscriber shall ensure that Authorised Users in Thailand do not engage in any conduct constituting an offence under the CCA-TH, including unauthorised access to computer systems and dissemination of false or harmful data. Basic Insight will cooperate with Thai authorities in respect of any such violations.
Electronic Transactions Act B.E. 2544 (2001) (“ETA-TH”): This Agreement constitutes a valid electronic transaction under the ETA-TH, and electronic data messages associated with this Agreement have the legal effect of written documents as provided in Section 7 of the ETA-TH.
Personal Data Protection Act B.E. 2562 (2019) (“PDPA-TH”): Subscribers processing personal data of Thai data subjects through the Platform must comply with the PDPA-TH, including obtaining valid consent or establishing an alternative lawful basis for processing, and must comply with the data subject rights provisions of the PDPA-TH.

26.4 Indonesia

For Subscribers and Authorised Users located in Indonesia or whose data is processed primarily in Indonesia:

Electronic Information and Transactions Law (ITE Law): The Subscriber acknowledges that use of the Platform is subject to Law No. 11 of 2008 on Electronic Information and Transactions as amended by Law No. 19 of 2016 and the Constitutional Court Decision No. 76/PUU-XV/2017. The Subscriber shall not use the Platform to distribute, transmit, or make accessible electronic information or documents that are prohibited under the ITE Law, including content that violates decency, gambling, defamation, extortion, or falsehoods that result in consumer losses.
Government Regulation No. 71 of 2019 on Electronic System and Transaction Implementation: Where applicable, the Subscriber must comply with data localisation and electronic system registration obligations under Government Regulation No. 71 of 2019 and its implementing regulations.
Personal Data Protection Law (Law No. 27 of 2022): Subscribers processing personal data of Indonesian data subjects must comply with Indonesia’s Personal Data Protection Law, including its consent, transparency, and data subject rights obligations.

26.5 European Union

For Subscribers and Authorised Users located in the European Union or whose data processing activities are subject to EU law:

Digital Services Act (Regulation (EU) 2022/2065) (“DSA”): The Subscriber acknowledges that certain provisions of the DSA may apply to its use of the Platform and that Basic Insight complies with the DSA to the extent applicable as an online intermediary.
General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”): Where the Subscriber or any data subject whose data is processed through the Platform is located in the EU/EEA, the Subscriber (as data controller) and Basic Insight (as data processor) shall enter into a Data Processing Addendum compliant with Article 28 of the GDPR. Basic Insight will process personal data only on the documented instructions of the Subscriber. Where data is transferred outside the EU/EEA, the parties shall implement appropriate transfer mechanisms including Standard Contractual Clauses adopted pursuant to Commission Implementing Decision (EU) 2021/914.
Consumer Rights Directive (2011/83/EU): This Agreement is intended solely for business-to-business use. Where any provision of applicable EU consumer protection law cannot be lawfully excluded in respect of any individual who qualifies as a consumer, such provision shall apply notwithstanding the business-to-business character of this Agreement.
AI Act (Regulation (EU) 2024/1689): To the extent that the AI Act applies to the Platform or the AI Agent, Basic Insight shall comply with applicable obligations thereunder. The Subscriber, as a deployer of the AI system within the meaning of the AI Act, acknowledges its own obligations as a deployer under applicable provisions of the AI Act.

26.6 California (United States)

For Subscribers and Authorised Users located in California or whose use of the Platform involves the personal information of California residents:

California Consumer Privacy Act / California Privacy Rights Act (“CCPA/CPRA”): To the extent that the CCPA/CPRA applies to personal information processed through the Platform, the Subscriber (as a “business” within the meaning of the CCPA/CPRA) acknowledges that Basic Insight acts as a “service provider” and shall process personal information only for the business purposes specified in this Agreement and any applicable Data Processing Addendum. Basic Insight shall not sell, share, or retain personal information for purposes other than performing the Platform services. The parties shall execute appropriate service provider contractual provisions as required by the CCPA/CPRA upon request.
The Subscriber shall implement appropriate mechanisms to receive and respond to consumer requests relating to personal information processed through the Platform in accordance with its obligations under the CCPA/CPRA.

26.7 UNCITRAL and International Standards

The parties acknowledge the applicability of the UNCITRAL Model Law on Electronic Commerce (1996) in jurisdictions that have adopted it, as a framework for the recognition of the legal validity of electronic contracts, records, and signatures. The parties shall cooperate in good faith to comply with applicable international standards for electronic contracting, data protection, and information security to the extent relevant to their respective operations.

27. Export Controls and Sanctions Compliance

27.1 Export Control Laws

The Platform, its underlying technology, and the AI Agent may be subject to export control laws and regulations, including the Export Administration Regulations (“EAR”) administered by the United States Department of Commerce Bureau of Industry and Security, the International Traffic in Arms Regulations (“ITAR”), and the Strategic Trade Act 2010 (Malaysia) and its subsidiary legislation. The Subscriber represents and warrants that:

It is not located in, incorporated in, or acting on behalf of any person or entity in any country subject to a comprehensive trade embargo or export restriction imposed by applicable export control authorities;
It is not listed on any applicable denied parties list, including the United States Consolidated Screening List, the United Nations Security Council Consolidated Sanctions List, the EU Consolidated Financial Sanctions List, or the Office of Foreign Assets Control (“OFAC”) Specially Designated Nationals and Blocked Persons List;
It will not use the Platform or any Output in connection with any end use that is prohibited under applicable export control laws, including nuclear, chemical, biological, or radiological weapons development programs;
It will obtain all required export licences, authorisations, and approvals prior to transferring or re-exporting any technology, data, or software obtained through the Platform to any restricted party or destination.

27.2 Sanctions Compliance

Neither party shall take any action that would cause the other party to violate any applicable economic sanctions laws or regulations, including those administered by OFAC, the European Union, His Majesty’s Treasury (United Kingdom), or any other applicable sanctions authority. Basic Insight reserves the right to immediately terminate or suspend this Agreement without liability if the Subscriber is or becomes subject to applicable sanctions or if continued performance would violate applicable sanctions law.

27.3 Subscriber Certification

By accepting this Agreement, the Subscriber certifies that neither it nor any Authorised User is subject to any sanctions that would prohibit it from receiving the Platform services and that it will promptly notify Basic Insight if this certification becomes inaccurate at any time during the term of this Agreement.

28. Open Source and Third-Party Software Notices

28.1 Open Source Components

The Platform incorporates certain open-source software components licensed under various open-source licences, including but not limited to the MIT Licence, Apache Licence Version 2.0, BSD Licence, and GNU Lesser General Public Licence (LGPL). The Subscriber’s use of the Platform does not grant the Subscriber any rights in the underlying open-source components beyond those necessary for use of the Platform as a whole. The Subscriber acknowledges that open-source licences applicable to incorporated components are available upon written request to Basic Insight.

28.2 Compliance with Open Source Licences

Basic Insight represents that, to the best of its knowledge and belief, the Platform complies with the applicable open-source licences governing incorporated open-source components. Where any open-source licence requires the provision of source code or other materials to end users, Basic Insight shall fulfil such obligations in accordance with the applicable licence terms. The Subscriber shall not take any action that would cause the Platform to be subject to open-source licence obligations beyond those currently applicable.

28.3 Third-Party Software

The Platform may also incorporate proprietary third-party software components licenced to Basic Insight. The Subscriber’s right to use such components is limited to use within the Platform as provided under this Agreement and does not include any right to use such components independently or to reverse engineer, decompile, or disassemble them.

28.4 Intellectual Property in Underlying Models

The AI Agent relies on large language model technology developed by third parties. Such technology is subject to the Intellectual Property Rights and licence terms of the respective model developers. The Subscriber shall not attempt to extract, reproduce, or replicate the underlying model weights, parameters, or architecture through any means, including through adversarial probing, membership inference attacks, or model extraction attacks.

29. Contact Information

29.1 General Enquiries

For general enquiries regarding the Platform, the Subscriber may contact Basic Insight through the contact form available at ai.research.my/contact/ or by email at the address published on the Platform website.

29.2 Legal Notices

All legal notices, demands, and formal communications required under this Agreement shall be addressed to:

Basic Insight
Kuala Lumpur, Malaysia
Email: legal@ai.research.my
Website: ai.research.my

29.3 Data Protection Enquiries

For enquiries relating to personal data processing, data subject rights, or the Data Processing Addendum, the Subscriber may contact Basic Insight’s data protection contact at: privacy@ai.research.my.

29.4 Security Reports

The Subscriber is encouraged to report any suspected security vulnerabilities in the Platform to Basic Insight via the responsible disclosure process described at ai.research.my/security/. Basic Insight shall acknowledge security reports promptly and shall endeavour to respond within a commercially reasonable timeframe.

29.5 Abuse Reports

Reports of suspected Acceptable Use Policy violations, including abuse of the Platform by third parties, may be submitted to Basic Insight at abuse@ai.research.my.

These Terms of Service were last updated on 18 March 2026. By accessing or using the AI.RESEARCH.MY Platform, the Subscriber and its Authorised Users confirm their acceptance of these Terms in their entirety.