Terms of Service

These Terms of Service ("Terms") constitute a legally binding agreement between you ("Client", "you", or "your") and IntegrityX AI Private Limited, a company incorporated under the laws of India, together with its subsidiaries and affiliates (collectively, "IntegrityX", "we", "us", or "our"). By accessing or using the IntegrityX platform ("Platform" or "Service") from any jurisdiction worldwide, you agree to be bound by these Terms.

These Terms apply globally. Where a specific jurisdiction imposes requirements that supplement or override any provision herein, the jurisdiction-specific provisions in Section 9 shall prevail to the extent of the inconsistency.

1. Definitions

2. Service Description

2.1 What IntegrityX Does

IntegrityX is an AI-powered forensic analysis platform that ingests, normalises, and analyses your financial and operational data to detect fraud, financial leakage, compliance violations, and operational risk. The Platform:

• Deploys 400+ specialised AI agents, each targeting specific anomaly patterns (duplicate payments, expense abuse, circular payments, vendor fraud, blanket PO overruns, dormancy exploitation, and hundreds more)
• Produces evidence-grade Findings with full Provenance — every Finding traces to the source file, page/sheet, row/paragraph, and verbatim excerpt
• Consolidates raw Findings through deduplication, aggregation, severity prioritisation, and AI-generated narrative summaries
• Employs Mixture-of-Experts (MoE) verification for high-severity Findings using multiple independent AI models
• Supports company-specific Policy Constraints extracted from your uploaded policy documents
• Delivers results through a progressive disclosure model tied to a transparent pricing framework

2.2 What IntegrityX Does Not Do

• Not Legal, Audit, or Tax Advice. Findings are analytical outputs generated by AI. They do not constitute legal advice, audit opinions, forensic certifications, tax advice, regulatory filings, or expert witness testimony. Findings are not prepared in accordance with any professional auditing standard (ISA, GAAS, IIA Standards, or equivalent). You must independently verify all Findings through qualified professionals before relying on them.
• Not a Licensed Investigation Service. IntegrityX is a technology platform provider, not a licensed private investigation firm, forensic accounting practice, or law enforcement agency.
• Not a Recovery Agent. IntegrityX identifies potential recoverable amounts. The actual recovery process — negotiations, legal proceedings, vendor adjustments — is exclusively your responsibility. IntegrityX does not act as a debt collector, litigation funder, or recovery agent.
• Not a Compliance Certificate. Use of the Platform does not certify compliance with any law, regulation, or standard, including SOX, FCPA, UK Bribery Act, EU Anti-Money Laundering Directives, Prevention of Corruption Act (India), Companies Act 2013 (India), IFRS, US GAAP, or any industry-specific regulatory framework.
• Not a Substitute for Internal Controls. The Platform supplements, but does not replace, your internal audit function, compliance programme, or system of internal controls.

2.3 Geographic Availability

The Platform is available globally. Certain features, pricing tiers, and data processing configurations may vary by geography. IntegrityX reserves the right to restrict access from jurisdictions subject to comprehensive international sanctions (see Section 25).

3. Eligibility and Account Registration

3.1 Eligibility

The Platform is available exclusively to business entities (corporations, partnerships, LLPs, trusts, government bodies, and other legal entities) and their authorised representatives. By creating an account, you represent and warrant that: (a) you are acting on behalf of a legal entity; (b) you have the authority to bind that entity to these Terms; (c) you are at least 18 years of age (or the age of legal majority in your jurisdiction); and (d) your use of the Platform does not violate any applicable law.

3.2 Account Security

You are responsible for maintaining the confidentiality of your account credentials and for all activity under your account. You must notify us immediately at security@integrityx.ai upon becoming aware of any unauthorised access. IntegrityX is not liable for losses arising from your failure to safeguard credentials.

3.3 Authorised Users

You may invite Authorised Users to access your Tenant. You are responsible for: (a) ensuring each Authorised User complies with these Terms; (b) assigning appropriate access levels; (c) promptly removing access for users whose authorisation is revoked; and (d) all actions taken by your Authorised Users. Authorised Users may include employees, contractors, and external advisers bound by confidentiality obligations at least as protective as those in Section 18.

3.4 Tenant Isolation

Each Client operates within a logically and physically isolated Tenant. There is no cross-tenant data access, shared analytics, or pooled model training.

4. Client Data Ownership and Licence

4.1 Your Data, Your Property

You retain all rights, title, and interest in and to your Client Data. Nothing in these Terms transfers ownership of Client Data to IntegrityX.

4.2 Licence Grant

By uploading Client Data, you grant IntegrityX a non-exclusive, non-transferable, non-sublicensable (except to Sub-Processors as described in Section 9), revocable, limited licence to store, process, analyse, transform, index, and transmit the data solely for the purpose of providing the Service. This licence terminates when your Client Data is deleted.

4.3 Data Accuracy

You are solely responsible for the accuracy, completeness, legality, and quality of Client Data. IntegrityX analyses data as provided and makes no representation about the accuracy of the underlying data. Inaccurate, incomplete, or deliberately falsified data will produce correspondingly inaccurate Findings. IntegrityX bears no liability for Findings that are incorrect due to deficiencies in Client Data.

4.4 Prohibited Data

You must not upload data that:

• You do not have the legal right, authority, or required consent to process
• Contains malware, viruses, or malicious code
• Violates any Applicable Data Protection Law
• Is subject to legal privilege unless you have determined that upload does not waive such privilege under applicable law
• Is classified as government secret or top-secret material under any national security classification scheme
• Constitutes "special category" or "sensitive" personal data (as defined under GDPR Article 9 or equivalent) unless: (i) processing is necessary for reasons of substantial public interest; (ii) you have obtained explicit consent; or (iii) another lawful basis applies

4.5 Data Portability

You may export your Client Data and Findings at any time during your active engagement. Exports are provided in machine-readable formats (CSV, JSON, PDF). No data egress or export fees are charged.

5. Data Processing and Isolation

5.1 Project-Level Isolation

Each Project operates in a fully isolated data environment:

• Relational Database: Dedicated schema with row-level security policies. Client Data from one Project is never queryable from another.
• Graph Database: Each Project receives its own dedicated graph database instance. There is no shared graph across Tenants or Projects. This prevents data leakage, model poisoning, and cross-contamination.
• Object Storage: Project-scoped storage buckets with bucket-level access controls.
• AI Processing: Each AI Agent invocation receives only data from the specific Project being analysed. No cross-project or cross-tenant data is included in any AI prompt or context window.

5.2 No Commingling

IntegrityX does not commingle, aggregate, pool, or cross-reference Client Data across Tenants for any purpose, including analytics, benchmarking, trend analysis, model improvement, or product development.

6. Cross-Border Data Transfers

6.1 Data Storage Location

Client Data is stored at rest in the Google Cloud Platform region configured for your Tenant. The default region is asia-south1 (Mumbai, India). Enterprise clients may request storage in alternative regions including us-central1 (Iowa), europe-west1 (Belgium), australia-southeast1 (Sydney), and asia-southeast1 (Singapore).

6.2 Transfer Mechanisms

Where Client Data is transferred across jurisdictions, IntegrityX ensures appropriate transfer mechanisms are in place:

• EU/EEA → Third Countries: Standard Contractual Clauses (SCCs) as approved by the European Commission (Decision (EU) 2021/914), supplemented by Transfer Impact Assessments where required.
• UK → Third Countries: International Data Transfer Agreement (IDTA) or UK Addendum to the EU SCCs, as approved by the UK ICO.
• Switzerland → Third Countries: Swiss nFADPA compliant transfer mechanisms.
• Asia-Pacific: Compliance with APEC CBPR where applicable, and country-specific mechanisms under the PDPA (Singapore), APPI (Japan), PIPL (China), and Privacy Act (Australia).
• Americas: EU-US Data Privacy Framework certification where applicable, and compliance with LGPD (Brazil) international transfer requirements.
• Africa: Compliance with POPIA (South Africa) Section 72 cross-border transfer provisions.

6.3 AI Provider Data Flows

The Platform makes API calls to third-party AI providers (Anthropic, Google AI, OpenAI). These calls are: (a) made under enterprise agreements that prohibit the providers from retaining, storing, training on, or sharing your data; (b) stateless — data is transmitted for inference and discarded upon completion; (c) encrypted in transit using TLS 1.2+; (d) subject to the provider's processing locations, which may include the US, EU, and other regions.

6.4 Supplementary Measures

IntegrityX implements supplementary technical and organisational measures including pseudonymisation prior to AI inference where feasible, end-to-end encryption, access logging, and jurisdictional routing controls that minimise unnecessary cross-border transfers.

7. Data Retention and Deletion

7.1 Active Engagement

Client Data is retained for the duration of your active engagement. Files moved to the bin (soft delete) are retained for 30 days and then permanently purged. You may restore soft-deleted files within the 30-day window.

7.2 Project Deletion

When you delete a Project, all associated data is deprovisioned and permanently deleted within 30 calendar days, including: all files in cloud storage, all relational database records, the dedicated graph database instance, all cached and derived data, and pipeline observability records.

7.3 Account Termination

Upon termination, all Client Data is permanently deleted within 60 calendar days, subject to: (a) any legal hold communicated in writing; (b) regulatory retention obligations applicable to IntegrityX; and (c) the 30-day data export period described in Section 27.3.

7.4 Backups

Infrastructure backups may retain encrypted copies for up to 90 calendar days after deletion. Backups are encrypted at rest (AES-256), not used for analysis or inference, subject to the same access controls, and permanently purged on their standard rotation schedule.

7.5 Deletion Certification

Upon written request following deletion, IntegrityX will provide a certificate of deletion confirming that Client Data has been permanently removed from all live systems.

8. Security

8.1 Technical Measures

• Encryption at rest: AES-256 for all stored Client Data, using Google-managed or customer-managed encryption keys (CMEK available for Enterprise tier)
• Encryption in transit: TLS 1.2+ for all data transmission
• Authentication: JWT-based with short-lived tokens, Google OAuth 2.0, and optional multi-factor authentication
• Authorisation: Role-based access control (RBAC) with principle of least privilege
• Network security: VPC isolation, firewall rules, Cloud Armor DDoS protection
• Application security: Input validation, parameterised queries, CSP headers, CORS restrictions, and regular dependency vulnerability scanning
• Monitoring: Real-time intrusion detection, anomaly alerting, and comprehensive audit logging

8.2 Organisational Measures

Background checks for personnel with access to Client Data, mandatory security awareness training, quarterly access reviews, incident response procedures, and a designated security team.

8.3 Vulnerability Management

IntegrityX maintains a vulnerability management programme including automated scanning, dependency auditing, and prompt patching. Critical vulnerabilities are addressed within 24 hours. Responsible disclosure: security@integrityx.ai.

9. Data Protection Laws — Jurisdiction-Specific Provisions

9.1 General Framework

IntegrityX processes Client Data in accordance with all Applicable Data Protection Laws. You are the Data Controller; IntegrityX acts as Data Processor, processing Personal Data solely on your documented instructions. You are responsible for ensuring a lawful basis for processing any Personal Data uploaded to the Platform.

9.2 European Union / EEA (GDPR)

• Processing in accordance with Regulation (EU) 2016/679
• Article 28 compliant DPA available and incorporated by reference
• Data Subject rights (access, rectification, erasure, portability, restriction, objection) facilitated through Platform tools and privacy@integrityx.ai
• DPIAs for high-risk processing available upon request
• Records of processing maintained per Article 30

9.3 United Kingdom (UK GDPR)

Compliance with the UK GDPR and Data Protection Act 2018. UK-specific IDTA addenda available upon request.

9.4 United States

• California (CCPA/CPRA): IntegrityX acts as a "Service Provider." Does not sell, share, or use Personal Information beyond providing the Service. Consumer rights (know, delete, correct, opt-out, limit use of sensitive PI) supported.
• Other States: Compliance with VCDPA (Virginia), CPA (Colorado), CTDPA (Connecticut), UCPA (Utah), TDPSA (Texas), OCPA (Oregon), Montana CDPA, and other state laws as enacted.
• Sector-specific: If your data includes HIPAA, GLBA, or SOX-regulated information, notify IntegrityX during onboarding.

9.5 India (DPDP Act)

Compliance with the Digital Personal Data Protection Act, 2023 and subordinate rules. Cross-border transfers per DPDP Act provisions including government-notified restricted jurisdiction lists.

9.6 Singapore (PDPA)

Compliance with the Personal Data Protection Act 2012 (as amended). Data intermediary agreement available upon request.

9.7 Brazil (LGPD)

Compliance with Lei Geral de Proteção de Dados (Law No. 13,709/2018). International transfers per mechanisms recognised by the ANPD.

9.8 South Africa (POPIA)

Compliance with the Protection of Personal Information Act, 2013. Cross-border transfers per Section 72 of POPIA.

9.9 Other Jurisdictions

For clients in Japan (APPI), Australia (Privacy Act), Canada (PIPEDA/CPPA), South Korea (PIPA), UAE (PDPL), Saudi Arabia (PDPL), Thailand (PDPA), Philippines (Data Privacy Act), Indonesia (PDP Law), and others: contact privacy@integrityx.ai to discuss jurisdiction-specific requirements before uploading data.

9.10 Sub-Processors

IntegrityX will notify you of material Sub-Processor changes at least 30 days before they take effect. If you object, you may terminate the affected Project without penalty within 30 days.

9.11 No Training on Client Data

IntegrityX does not use Client Data to train, fine-tune, distil, benchmark, or improve any AI model — proprietary, open-source, or third-party. Client Data is processed in isolated, stateless inference calls. Third-party providers are contractually prohibited from retaining or training on data submitted through IntegrityX's API calls. This prohibition is absolute and applies regardless of anonymisation or aggregation state.

10. Data Breach Notification

In the event of a Personal Data breach affecting your Client Data, IntegrityX will:

• Notify you without undue delay and within 72 hours of becoming aware (per GDPR Article 33)
• Provide: nature and scope, categories and number of Data Subjects/records affected, likely consequences, and measures taken or proposed
• Cooperate with your investigation and regulatory notifications
• Comply with shorter notification timeframes where required by local law (e.g., POPIA "as soon as reasonably possible")

11. AI and Automated Processing

11.1 Nature of AI Outputs

You acknowledge and agree that:

• AI outputs are probabilistic, not deterministic. The same input may produce slightly different results at different times
• AI outputs may contain errors, omissions, hallucinations, false positives, and false negatives
• Findings are analytical hypotheses requiring human review and verification before action
• Severity classifications, monetary estimates, and confidence scores are AI-generated assessments, not guarantees
• IntegrityX does not guarantee any specific detection rate, accuracy level, or comprehensiveness

11.2 Multi-Model Verification (MoE)

For HIGH and CRITICAL severity Findings, the Platform employs MoE verification: a "Maker" model generates the Finding, an independent "Checker" from a different provider evaluates it. Consensus increases confidence; disagreement triggers reclassification. MoE significantly reduces but does not eliminate error rates.

11.3 Automated Decision-Making

The Platform performs automated processing that may constitute "profiling" under certain regimes (e.g., GDPR Articles 22 and 4(4)). However: no automated decision produced by the Platform has direct legal or similarly significant effects on any natural person. Findings are presented to you for review — you decide what action to take. Where Applicable Data Protection Law grants Data Subjects rights regarding automated decision-making, you are responsible for compliance.

11.4 Human-in-the-Loop

The Platform is designed with a human-in-the-loop architecture. AI Agents identify and flag; your team verifies, validates, and acts. IntegrityX strongly recommends that no action — including recovery actions, disciplinary proceedings, vendor terminations, or regulatory filings — be taken without independent human verification by qualified personnel.

12. AI Governance and Ethics

12.1 Responsible AI Principles

• Transparency: Every Finding includes full Provenance — traceable to source data, the AI agent, and reasoning chain
• Accountability: All AI invocations are logged with timestamps, model identifiers, input/output hashes, and cost metrics via Pipeline Observability
• Fairness: AI Agents detect financial irregularities based on transactional patterns, not demographic characteristics. Protected characteristics are not used as analytical inputs
• Proportionality: Analysis scope is determined by your Engagement Scope and proportionate to investigation objectives
• Human Oversight: All Findings require human review. The Platform does not autonomously take any action affecting individuals, organisations, or financial systems

12.2 AI Regulatory Compliance

IntegrityX monitors evolving AI regulation globally, including the EU AI Act, proposed US federal AI legislation, the OECD AI Principles, and sector-specific guidance from financial regulators. Where the Platform falls within the scope of such regulation, IntegrityX will implement required conformity assessments and risk management measures.

12.3 Bias Monitoring

IntegrityX conducts periodic reviews of AI Agent outputs to identify systematic biases. If a bias is identified, the affected AI Agent is corrected or deactivated. Bias monitoring results available to Enterprise clients upon request.

13. Policy Constraints

You may upload company policy documents to the Platform. The Platform uses AI to extract constraints (thresholds, approval limits, rules) with source page and verbatim excerpt. Extracted constraints are presented for your review before activation. You are responsible for verifying accuracy. Once activated, constraints modify AI Agent behaviour. IntegrityX is not responsible for Findings influenced by constraints you reviewed and approved but that do not accurately reflect your policies. Activating a new version supersedes the previous active version of the same policy type. Historical versions are retained for audit purposes.

14. Pricing and Fee Structure

14.1 Two-Component Model

1. Fixed Fee (One-Time Processing Fee): A one-time fee based on data volume tier and geographic pricing zone. Payable in two equal instalments: 50% upon Release Report, 50% upon Deep Dive.
2. Variable Fee (Gain-Share): A flat 10% on the Commercially Actionable Amount agreed via Tranche Review, triggered only after cumulative Recoverable Amount exceeds 8.5× the total Fixed Fee.

14.2 Pricing Tiers

For Projects exceeding 25M records, pricing is determined by mutual agreement. Price changes communicated with 30 days' notice. Active engagement pricing is locked at initiation.

14.3 What Is Never Charged

• Setup, onboarding, or implementation fees
• Findings you dismiss as false positives
• Per-user seat licences
• New AI agent releases or Platform updates
• Data egress, export, or download fees
• OCR processing within your tier's bundled allocation

15. Gain-Share Model and Tranche Agreement Process

15.1 When the Variable Fee Applies

The Variable Fee (10%) applies only after cumulative Recoverable Amount exceeds 8.5× the total Fixed Fee. Below this threshold, you retain 100% of any amount recovered. Example: if your Fixed Fee is $60,000, the threshold is $510,000. You must recover 8.5× your investment before any variable charge.

15.2 Three-Step Recoverable Amount Framework

1. Detected Leakage Amount: Gross AI-identified value. Not independently verified.
2. Client-Validated Amount: Your team confirms genuine leakages via checkbox agreement in the Tranche Review. You may decline any Finding without reason; declined Findings carry no fee.
3. Commercially Actionable Amount: The subset of Client-Validated Findings that both parties agree, in writing via the Tranche Review, are commercially viable to pursue (excluding items where recovery cost exceeds value). This is the amount on which the Variable Fee is calculated.

15.3 Tranche Agreement Mechanics

For each Tranche: (1) you review each Finding with full evidence and Provenance; (2) you check/uncheck findings; (3) you accept the Terms via mandatory checkbox; (4) you submit; (5) the agreed (Commercially Actionable) amount determines the 10% Variable Fee; (6) upon payment, the next Tranche unlocks. You are never obligated to agree to any Finding or Tranche.

16. Payment Terms

Invoices due within 15 calendar days. Payments in the currency of your pricing zone. Late payments accrue interest at the lower of 1.5%/month or the legal maximum. IntegrityX may suspend access after 30 days overdue (upon 10 days' notice). All fees exclusive of applicable taxes (GST, VAT, sales tax, withholding tax). Fixed Fees non-refundable once analysis commenced. Disputes must be raised within 15 days of invoice date.

17. Intellectual Property

17.1 Platform IP

IntegrityX retains all rights to the Platform, including AI agents, algorithms, models, code, architecture, documentation, and methodologies. You receive a limited, non-exclusive, non-transferable right to use the Service during your engagement.

17.2 Client Data and Findings

You own your Client Data. Findings are delivered to you and may be used without restriction for any lawful purpose. The underlying methodologies remain IntegrityX's IP.

17.3 Aggregate Insights

IntegrityX may generate aggregate, anonymised statistical insights about Platform usage (e.g., processing times, detection rates). Such insights never contain Client Data or identify any Client.

17.4 Open-Source Components

The Platform incorporates open-source components. List of components and licences available upon request.

18. Confidentiality

Each party agrees to maintain confidentiality using at least reasonable care. Permitted disclosures to employees/contractors/advisers with need-to-know under binding confidentiality obligations, and as required by law (with prompt notice to the Disclosing Party where legally permitted). Standard exclusions apply (public information, prior knowledge, independent development, third-party receipt without breach). Obligations survive termination for 5 years; trade secrets protected indefinitely.

19. Warranties and Disclaimers

19.1 IntegrityX Warranties

IntegrityX warrants that: the Platform will perform substantially per documentation; the Service will be provided with reasonable skill and care; IntegrityX will comply with Applicable Data Protection Laws; and to IntegrityX's knowledge, the Platform does not infringe third-party IP rights.

19.2 Disclaimer

EXCEPT FOR THE EXPRESS WARRANTIES ABOVE, THE PLATFORM IS PROVIDED "AS IS" AND "AS AVAILABLE." TO THE MAXIMUM EXTENT PERMITTED BY LAW, IntegrityX DISCLAIMS ALL OTHER WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, INCLUDING WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. IntegrityX DOES NOT WARRANT THAT THE PLATFORM WILL BE UNINTERRUPTED, ERROR-FREE, SECURE, OR FREE OF HARMFUL COMPONENTS. IntegrityX DOES NOT WARRANT THE ACCURACY OF ANY FINDING.

19.3 Consumer Protection Savings

Nothing in these Terms excludes or limits any warranty that cannot be excluded under applicable consumer protection legislation (e.g., Australian Consumer Law, UK Consumer Rights Act 2015). The disclaimer applies to the maximum extent permitted.

20. Limitation of Liability

20.1 Liability Cap

IntegrityX's total aggregate liability shall not exceed the greater of: (a) total fees paid in the 12 months preceding the claim; or (b) the total Fixed Fee for the applicable Project.

20.2 Exclusion of Consequential Damages

NEITHER PARTY SHALL BE LIABLE FOR INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES, INCLUDING LOSS OF PROFITS, REVENUE, DATA, GOODWILL, OR BUSINESS INTERRUPTION, REGARDLESS OF CAUSE OR THEORY OF LIABILITY.

20.3 Carve-Outs

These limits do not apply to: (a) breaches of confidentiality; (b) your payment obligations; (c) indemnification obligations; (d) wilful misconduct, fraud, or gross negligence; (e) data breaches caused by IntegrityX's negligence; (f) liability that cannot be limited by law (e.g., death/personal injury from negligence).

20.4 AI-Specific Liability Limitations

IntegrityX is specifically not liable for: false positive Findings leading to unmeritorious actions; false negatives; decisions made without independent verification; incorrectly approved Policy Constraints; third-party AI provider issues; inaccurate Findings from inaccurate data; inherent AI limitations including hallucinations; or reputational harm to individuals where you acted without verification.

20.5 Jurisdictional Savings

Some jurisdictions prohibit certain limitations. In such jurisdictions, these limits apply to the maximum extent permitted by law.

21. Indemnification

21.1 Your Indemnification

You indemnify IntegrityX against third-party claims arising from: use in violation of these Terms; upload of data you lack rights to process; violation of Data Subject rights; actions taken based on Findings without independent verification; and breach of Acceptable Use.

21.2 IntegrityX's Indemnification

IntegrityX indemnifies you against third-party claims arising from: material breach of confidentiality; data breaches caused by IntegrityX's negligence; and Platform IP infringement (excluding claims arising from Client Data or third-party combinations).

21.3 Procedure

Prompt written notice, sole control of defence and settlement to indemnifying party, reasonable cooperation. No settlement admitting fault without prior written consent of the indemnified party.

22. Service Levels and Support

IntegrityX targets 99.5% monthly uptime (commercially reasonable target, not SLA). Enterprise clients may negotiate binding SLAs with service credits. Exclusions: scheduled maintenance (24h notice), force majeure, your connectivity, third-party outages. Standard support via support@integrityx.ai (IST business hours). Security incidents: security@integrityx.ai (monitored 24/7).

23. Acceptable Use

You agree not to:

• Use the Platform for any unlawful purpose
• Reverse-engineer, decompile, or disassemble the Platform or any AI Agent
• Interfere with or disrupt the Platform's infrastructure
• Use the Platform to develop a competing product or for competitive benchmarking
• Share credentials with unauthorised third parties
• Upload falsified data to generate misleading Findings
• Use Findings to harass, threaten, defame, extort, or discriminate
• Circumvent payment gates, access controls, or rate limits
• Scrape, crawl, or programmatically extract Platform data
• Use the Platform in connection with WMD, human trafficking, terrorism, or child exploitation
• Resell or sublicence access without prior written consent

Flagrant violations may result in immediate suspension without notice.

24. Anti-Corruption, Anti-Bribery, and Sanctions Compliance

Each party shall comply with all applicable anti-corruption laws including the US FCPA, UK Bribery Act 2010, Prevention of Corruption Act 1988 (India), PMLA 2002 (India), and OECD Anti-Bribery Convention implementing legislation. Neither party shall offer or accept bribes. Each party represents it is not located in, organised under the laws of, or controlled by any person in a comprehensively sanctioned jurisdiction (UN, OFAC, EU, UK OFSI). IntegrityX may suspend access and report suspicions of money laundering or terrorist financing as required by law.

25. Export Controls

You shall not access or use the Platform in violation of any applicable export control or trade sanctions law. You represent you are not located in an embargoed country, not on any restricted party list, and will not use the Platform for prohibited purposes including WMD development.

26. Audit Rights

26.1 Your Audit Right

Upon 30 days' notice, you may audit IntegrityX's compliance with data protection and security obligations, once per 12 months (and once post-termination), during business hours, by you or a mutually agreed independent auditor.

26.2 Recovery Reporting Audit

IntegrityX may audit your recovery reporting (Section 15.4) once per 12 months upon 30 days' notice. If a material underreporting (more than 10%) is found, you bear the audit cost and promptly pay the shortfall plus interest.

27. Termination

27.1 By You

Terminate at any time by deleting all Projects, notifying legal@integrityx.ai, and settling outstanding obligations. Termination does not relieve obligations for commenced analysis phases or agreed Tranches.

27.2 By IntegrityX

Suspension or termination if: (a) material breach uncured within 15 days; (b) undisputed fees 30+ days overdue; (c) material security or legal risk; (d) insolvency or bankruptcy; (e) IntegrityX ceases to offer the Service (with 90 days' notice); (f) continuation would violate applicable law.

27.3 Effect

Upon termination: access revoked; 30-day data export period; all data deleted within 60 days; all licences terminate; accrued obligations survive. Surviving sections: 1, 4.1, 7, 9, 10, 15.4, 16, 17, 18, 19.2, 20, 21, 26, 27.3–27.4, 28, 29.

28. Governing Law and Dispute Resolution

28.1 Governing Law

• India-domiciled Clients: Laws of the Republic of India
• EU/UK-domiciled Clients: Laws of England and Wales (without depriving you of mandatory protections of your home jurisdiction)
• US-domiciled Clients: Laws of the State of Delaware
• All other Clients: Laws of the Republic of Singapore

28.2 Arbitration

• India: Arbitration and Conciliation Act, 1996. Seat: Bengaluru, Karnataka.
• EU/UK: LCIA Rules. Seat: London.
• US: AAA/ICDR Rules. Seat: New York.
• All others: SIAC Rules. Seat: Singapore.

In all cases: sole arbitrator (mutually agreed or institution-appointed), English language, final and binding, judgment enforceable in any competent court.

28.3 Injunctive Relief

Either party may seek interim injunctive relief in any competent court to prevent irreparable harm pending arbitration.

28.4 Class Action Waiver

TO THE MAXIMUM EXTENT PERMITTED BY LAW, ALL CLAIMS MUST BE BROUGHT IN INDIVIDUAL CAPACITY, NOT AS A CLASS, COLLECTIVE, OR REPRESENTATIVE ACTION. This does not apply in jurisdictions where class action waivers are prohibited.

28.5 Statute of Limitations

Claims must be commenced within 2 years of the claimant knowing or reasonably having known the facts giving rise to the claim, unless a different period is mandated by applicable law.

29. General Provisions

• Entire Agreement. These Terms plus any Engagement Scope, DPA, or Order Form constitute the entire agreement and supersede all prior agreements.
• Severability. Invalid provisions modified to minimum extent necessary or severed; remainder unaffected.
• Waiver. No failure to exercise a right constitutes waiver. Waivers must be written and signed.
• Assignment. You may not assign without IntegrityX's consent. IntegrityX may assign in connection with merger, acquisition, or asset sale.
• Force Majeure. Neither party liable for failures beyond reasonable control (natural disasters, pandemics, war, government actions, cyberattacks on external infrastructure). If >90 days, either party may terminate without liability.
• Notices. Written, to the email on file (you) or legal@integrityx.ai (IntegrityX). Email deemed received on delivery confirmation.
• No Third-Party Beneficiaries. Data Subjects' rights arise under Applicable Data Protection Law, not these Terms.
• Independent Contractors. No employment, agency, partnership, or joint venture.
• Language. English prevails in case of conflict with any translation.
• Counterparts. Ancillary agreements may be executed electronically.

30. Contact and Notices

IntegrityX AI Private Limited
Registered Office: Bengaluru, Karnataka, India
Website: integrityx.ai