RAISEOS BY KLUB.AI — TERMS AND CONDITIONS (WITH DPA AND AUP)

Parties and status

These Terms and Conditions (“Agreement”) are between RaiseOS by klub.ai (“RaiseOS”, “we”, “us”) and the customer identified in the ordering documents (“Customer”, “you”). RaiseOS is registered in the Dubai International Financial Centre (DIFC) with an AI Innovation License.

Definitions

• Affiliate: an entity controlling, controlled by or under common control with a party.
• Authorised Users: Customer’s employees, contractors or agents authorised to access the Service.
• Customer Content: data, files, prompts, knowledge sources and other content that Customer or its Authorised Users submit to, or request us to ingest into, the Service.
• Documentation: user guides, technical documents and policies we make available.
• Outputs: system- or model-generated recommendations, drafts or automations produced by the Service from Customer inputs and Customer requirements.
• Order/Programme Terms: the ordering document(s) that set pricing, term and commercial details.
• Service: the cloud-hosted Agentic AI SaaS provided by RaiseOS, including interfaces and features, but excluding Third-Party Services.
• Third-Party Services: third-party applications, integrations and platforms that interoperate with the Service at Customer’s request.

2A. Incorporated documents and hyperlinks

The following documents form part of these Terms by reference and are binding when you use the Service:

• Data Processing Addendum (embedded at Sections 18–28 below)
• Acceptable Use Policy (embedded at Section 29 below)
• Privacy Policy (privacy)
• Cookie Notice (cookies)
• Sub-processor Register (sub-processors)

Order of precedence

If there is a conflict, the following order applies: (a) Order/Programme Terms; (b) these Terms (including Sections 18–29); (c) the documents linked in Section 2A; (d) Documentation.

Subscription; grant of rights

Subject to the Agreement and timely payment of fees, RaiseOS grants Customer a non-exclusive, non-transferable, limited right for Authorised Users to access and use the Service and Documentation for Customer’s internal business purposes during the subscription term. Customer is responsible for its Authorised Users’ acts and omissions.

Service overview (Agentic AI SaaS)

1. Agentic capabilities. The Service produces recommendations and automations from Customer inputs, Customer Content and Customer requirements communicated to RaiseOS.
2. Collaboration and workflow. The Service provides workspaces, tasks, status tracking, comments and activity logs to support team execution in line with Customer requirements.
3. Connections. Where Customer requires connections with Third-Party Services (for example storage, email ingestion, APIs), RaiseOS will enable and operate such connections as instructed by Customer.
4. Customer control. Customer reviews Outputs and determines whether and how to act on them. Business validation and decision-making remain with Customer.

Customer responsibilities

1. Requirements and inputs. Customer will provide accurate, lawful requirements and inputs and ensure it has all necessary rights to Customer Content and any requested connections.
2. Security and access. Customer will protect credentials, implement role-based access and maintain endpoint protections for its environment.
3. Legal compliance. Customer will use the Service in accordance with applicable law, including data protection, export/sanctions, intellectual property and communications laws.
4. Prohibited conduct. See Section 29 (Acceptable Use Policy).

Third-Party Services

Third-Party Services are enabled and used at Customer’s request. Their terms and privacy practices apply. Customer authorises RaiseOS to exchange Customer Content with such services to the extent necessary to fulfil Customer requirements. RaiseOS is not responsible for Third-Party Services.

Intellectual property; Outputs; licence to process

RaiseOS and its licensors own all rights in and to the Service and Documentation. Customer owns Customer Content.

As between the parties, and subject to applicable law and any third-party or model-provider terms, RaiseOS assigns to Customer its rights in Outputs generated for Customer, excluding RaiseOS underlying intellectual property.

Customer grants RaiseOS a non-exclusive, worldwide licence to host, process, transmit, display and back up Customer Content and Outputs to provide, secure and improve the Service and to implement Customer requirements, in accordance with Sections 18–28 and the Privacy Policy.

Confidentiality

Each party will protect the other’s Confidential Information with at least reasonable care and use it only to perform the Agreement, except where disclosure is required by law or with written consent.

Data protection; roles; transfers

For Customer Content provided to meet Customer requirements, Customer is the controller and RaiseOS acts as processor, except for limited platform operations (for example security, telemetry, abuse prevention) where RaiseOS acts as controller. RaiseOS may engage sub-processors listed in the Sub-processor Register and will implement recognised transfer mechanisms as required by applicable law. Additional processing terms are set out in Sections 18–28 and in the Privacy Policy.

Security

RaiseOS maintains administrative, technical and physical measures proportionate to risk, including access controls, encryption in transit and at rest where applicable, monitoring, backup/disaster recovery and incident response. Customer governs Authorised User access and its endpoint security.

Service availability and maintenance

The Service may be temporarily unavailable for planned maintenance or due to emergencies. Customer is responsible for internet access, compatible devices and local protections.

Warranties; disclaimers

Except for express representations in the Agreement, the Service and Documentation are provided “as is” and “as available”. RaiseOS disclaims all warranties, whether express, implied or statutory, including merchantability, fitness for a particular purpose and non-infringement. Outputs may contain errors; Customer should validate Outputs before use.

Indemnities

By RaiseOS. RaiseOS will defend Customer against third-party claims alleging that the unmodified Service (excluding Customer Content, Outputs and Third-Party Services) infringes intellectual property rights, and will pay final damages and costs awarded or agreed in settlement, subject to exclusions (including combinations not supplied by RaiseOS, modifications not made by RaiseOS, non-current versions and use in breach of the Agreement).

By Customer. Customer will defend RaiseOS against claims arising from Customer Content, Customer requirements or Customer’s use of the Service in breach of the Agreement or law, or combinations with Third-Party Services at Customer’s request, and will pay final damages and costs awarded or agreed in settlement.

Procedure. The indemnified party must promptly notify the claim, grant sole control of defence and settlement and provide reasonable assistance.

Limitation of liability

To the maximum extent permitted by law, neither party is liable for indirect, incidental, special, consequential or punitive damages, or for lost profits, revenues, goodwill or data. Each party’s aggregate liability arising out of or related to the Agreement in any 12-month period will not exceed the fees paid or payable by Customer for that period.

Fees; taxes

Fees and payment terms are set out in the Order/Programme Terms. Fees are exclusive of taxes.

Regulatory position

RaiseOS operates as a technology provider and is DIFC-registered with an AI Innovation License. Any steps that require regulated permissions, product-specific approvals or regulatory filings are handled by Customer and its chosen partners.

Suspension; termination; changes; governing law

1. 18.1 Suspension and termination. RaiseOS may suspend access for non-payment, security risk or material breach. Either party may terminate for material breach not cured within 30 days of written notice. On termination or expiry, RaiseOS will provide a reasonable export window.
2. 18.2 Changes. We may update these Terms for legal, technical or business reasons. For material changes we will notify you in product or by email before the effective date. Continued use after the effective date constitutes acceptance. Effective date and version are shown at the top of this page.
3. 18.3 Governing law and forum. DIFC law governs; DIFC courts have exclusive jurisdiction unless otherwise agreed in a local addendum.
4. 18.4 Export control and sanctions; anti-bribery. Customer will comply with applicable export/sanctions laws. Each party will comply with applicable anti-bribery and anti-corruption laws and maintain adequate procedures.
5. 18.5 Assignment; force majeure; notices; severability; waiver; entire agreement; claims period. Neither party may assign except to an Affiliate or in a change of control. Neither party is liable for force majeure. Legal notices: legal@klub.ai. Privacy requests: privacy@klub.ai. If any term is invalid, the remainder remains in effect. A waiver must be in writing. This Agreement is the entire agreement and supersedes prior discussions. Any claim must be brought within twelve (12) months after accrual.

SECTIONS 18–28: DATA PROCESSING ADDENDUM

Parties and roles

Customer acts as controller for Customer Content provided to meet Customer requirements; RaiseOS acts as processor, except for limited platform operations (security, telemetry, abuse prevention) where RaiseOS acts as controller.

Subject matter and duration

Processing personal data to deliver the Service as per Customer requirements for the term of the Agreement and any orderly wind-down.

Nature and purpose

Host, store, transmit and process Customer Content to generate Outputs; operate, secure, support and improve the Service; operate connections and workflows requested by Customer; provide support and service analytics.

Categories and data subjects

Business contact data, role metadata, telemetry; individuals reflected in Customer Content (for example employees, contractors, business contacts).

Processor obligations

Process strictly on documented Customer requirements and the Agreement; ensure personnel confidentiality; implement the measures described in Section 11; assist with data-subject rights, DPIAs (where applicable) and security obligations; restrict access to authorised personnel with need-to-know.

Sub-processing

RaiseOS may engage sub-processors listed in the Sub-processor Register, impose equivalent protections and remain responsible for their performance. RaiseOS will provide advance notice of material changes with a 30-day objection window; objections should be sent to privacy@klub.ai.

International transfers

Use recognised transfer tools required by applicable law (for example adequacy or contractual clauses) and document assessments where needed.

Personal data breach

Notify Customer without undue delay upon becoming aware of a personal data breach and provide updates as investigation proceeds.

Audit and information

On reasonable notice (not more than annually unless required by law or following a breach), provide relevant information (for example summaries of independent assessments) or facilitate a proportionate audit that protects confidentiality and platform integrity.

Return and deletion

Within 30 days after termination or expiry, delete or return Customer personal data (at Customer’s choice), except where retention is legally required. Deletions are logged.

Precedence and law

This DPA governs privacy matters; governing law and forum follow Section 18.3.

SECTION 29: ACCEPTABLE USE POLICY

29.1 Security and integrity

Do not introduce malicious code; do not probe, scan, overload or attempt to circumvent security or rate limits; protect credentials and tokens.

29.2 Lawful use

Do not violate law or third-party rights. Ensure your requirements and inputs are accurate and lawful.

29.3 Content and conduct

Do not upload or generate unlawful or clearly harmful content. Do not spam, harvest or scrape the Service without written permission. Do not resell or frame the Service contrary to contract.

29.4 Connections and automations

Use only the connections and automations you require; ensure you have rights to any data you request us to exchange; respect API rate limits and fair-use thresholds.

29.5 Enforcement

RaiseOS may restrict, suspend or terminate access to protect users and the platform, including immediate action for urgent risk.