Terms of Service

Terms of Service

Terms and conditions governing how you access and use Difinity's AI governance platform.

Terms of Service

Difinity.ai Pty Ltd

Effective Date: 1 March 2026 | Last Updated: 1 March 2026

IMPORTANT: PLEASE READ THESE TERMS OF SERVICE CAREFULLY BEFORE USING THE DIFINITY PLATFORM. BY ACCESSING OR USING OUR SERVICES, YOU AGREE TO BE BOUND BY THESE TERMS. IF YOU DO NOT AGREE TO ALL OF THESE TERMS, DO NOT USE OUR SERVICES.

1. Definitions and Interpretation

1.1 Definitions

In these Terms of Service ("Terms"), the following terms have the meanings set out below:

"Affiliates" means any entity that directly or indirectly controls, is controlled by, or is under common control with Difinity.ai Pty Ltd, where "control" means the ownership of more than fifty per cent (50%) of the voting equity interests.

"Authorised Users" means the individuals authorised by the Customer to access and use the Platform under the Customer's account.

"Customer" or "You" means the legal entity or individual who accepts these Terms and uses the Services.

"Customer Data" means all data, including personal data, that is submitted to, processed by, or generated through the Platform by or on behalf of the Customer.

"Difinity", "We", "Us", or "Our" means Difinity.ai Pty Ltd (ABN 82 686 692 759), a company incorporated in Australia, with its registered office in Sydney, NSW, Australia.

"Difinity Flow" means the runtime enforcement gateway component of the Platform that intercepts, scans, enforces policies against, and logs AI interactions before they reach LLM providers.

"Difinity Hub" means the centralised governance console component of the Platform used for policy creation, user management, audit trail review, and incident management.

"DPA" means the Data Processing Agreement between Difinity and the Customer, which governs the processing of personal data on behalf of the Customer.

"Enterprise Agreement" means a separately negotiated written agreement between Difinity and the Customer that supplements or replaces these Terms.

"LLM Provider" means a third-party large language model provider integrated with the Platform, including OpenAI, Anthropic, Google, xAI (Grok), and DeepSeek.

"Platform" means the Difinity enterprise AI governance platform, including Difinity Hub, Difinity Flow, and all associated features, modules, APIs, and interfaces.

"Services" means the Platform, the Site, documentation, support, professional services, and any other services provided by Difinity under these Terms.

"Site" means the website located at https://difinity.ai and any subdomains.

"Subscription Term" means the period during which the Customer has the right to access and use the Platform, as specified in the applicable Order Form or Enterprise Agreement.

1.2 Interpretation

In these Terms: (a) headings are for convenience only and do not affect interpretation; (b) references to "including" or "includes" are not limiting; (c) words in the singular include the plural and vice versa; (d) a reference to any legislation includes subordinate legislation and any amendment, re-enactment, or replacement; and (e) if there is any inconsistency between these Terms and an Enterprise Agreement, the Enterprise Agreement prevails to the extent of the inconsistency.

2. Acceptance of Terms

By accessing or using the Services, creating an account, or clicking "I Accept" (or a similar mechanism), you represent and warrant that: (a) you have the legal capacity and authority to enter into a binding agreement; (b) if you are accepting on behalf of an organisation, you have the authority to bind that organisation to these Terms; and (c) you have read, understood, and agree to be bound by these Terms and our Privacy Policy.

If you do not agree to these Terms, you must not access or use the Services.

3. Description of Services

3.1 Platform Overview

Difinity provides an enterprise AI governance platform that delivers runtime compliance enforcement for regulated industries. The Platform provides a unified governance layer between your applications and LLM providers, intercepting, scanning, enforcing, and logging every AI interaction in real time. Key capabilities include Difinity Hub (governance console), Difinity Flow (runtime enforcement gateway), PII Detection and Redaction, Secure Chat, Prompt Registry, LLM Analysis, Cost Dashboard, Audit Trail, Content Filtration, and Intelligent Routing.

3.2 Integration Levels

The Platform supports three integration levels: Full Routing (all AI traffic flows through Difinity Flow for enforcement and logging), Audit-Only (AI traffic is monitored and logged without active enforcement), and Verify-Only (specific requests are validated against policies without full routing). The applicable integration level is determined by the Customer's configuration.

3.3 Supported LLM Providers

The Platform currently supports integration with OpenAI, Anthropic, Google (Gemini), xAI (Grok), and DeepSeek. Difinity may add or remove supported providers at its discretion. The Customer is responsible for maintaining valid API credentials and subscriptions with their chosen LLM providers.

3.4 Compliance Frameworks

The Platform is designed to support compliance with the EU AI Act, ISO/IEC 42001:2023, NIST AI Risk Management Framework, OECD AI Principles, the Australian AI Ethics Framework, the Singapore FEAT framework, and the proposed Canadian Artificial Intelligence and Data Act (AIDA). Difinity does not guarantee regulatory compliance, as compliance depends on the Customer's specific use cases, configurations, and organisational context.

4. Account Registration and Security

4.1 Account Creation

To access the Platform, you must create an account and provide accurate, complete, and current registration information. You agree to update your information promptly if it changes.

4.2 Account Security

You are responsible for maintaining the confidentiality of your account credentials and for all activities that occur under your account. You must immediately notify Difinity at legal@difinity.ai if you become aware of any unauthorised use of your account or any other breach of security. Difinity is not liable for any loss or damage arising from your failure to protect your account credentials.

4.3 Authorised Users

The Customer is responsible for ensuring that all Authorised Users comply with these Terms. The Customer is liable for the acts and omissions of its Authorised Users as if they were the Customer's own.

5. Subscription, Fees, and Payment

5.1 Subscription Plans

Difinity offers two primary subscription models: (a) Usage-Based Subscription (SaaS), a fully managed cloud infrastructure with metered per-request billing and a transparent markup on underlying AI usage costs; and (b) Private Cloud / On-Premises License (Enterprise), for regulated enterprises requiring full data sovereignty, with dedicated deployment within the customer's infrastructure, custom compliance frameworks, and dedicated support and SLAs. Specific pricing, payment terms, and usage limits are set out in the applicable Order Form or Enterprise Agreement.

5.2 Fees and Payment

Fees are as specified in the applicable Order Form or Enterprise Agreement. All fees are quoted exclusive of applicable taxes unless otherwise stated. You agree to pay all fees when due. If you fail to make any payment when due, Difinity reserves the right to suspend or terminate your access to the Services upon fourteen (14) days' written notice.

5.3 Taxes

You are responsible for all taxes, duties, levies, and other governmental charges imposed on the Services (excluding taxes based on Difinity's net income). Where Difinity is required to collect or remit taxes, those taxes will be invoiced to you and payable as part of the applicable fees.

5.4 No Minimum Commitment

Unless otherwise specified in an Enterprise Agreement, the Usage-Based Subscription has no minimum commitment. You may start small and scale as AI adoption grows.

6. Acceptable Use Policy

You agree to use the Services only for lawful purposes and in accordance with these Terms. You must not, and must not permit any Authorised User or third party to:

(a) use the Services in violation of any applicable law, regulation, or industry standard, including the EU AI Act, GDPR, HIPAA, PCI DSS, SOX, BSA, or any other applicable regulatory framework;

(b) use the Services to process, store, or transmit any data that infringes the intellectual property rights or privacy rights of any third party;

(c) attempt to gain unauthorised access to the Platform, other accounts, systems, or networks connected to the Platform;

(d) interfere with or disrupt the integrity or performance of the Services;

(e) reverse engineer, decompile, disassemble, or otherwise attempt to discover the source code, object code, or underlying algorithms of the Platform, except to the extent permitted by applicable law;

(f) use the Services to develop a competing product or service;

(g) use the Services to transmit any malicious code, viruses, or harmful content;

(h) use the Platform to circumvent or disable any compliance controls, safety measures, or governance policies;

(i) sublicense, resell, or redistribute the Services without Difinity's prior written consent; or

(j) use the Services in any manner that could damage, disable, or impair the Services or interfere with any other party's use.

Difinity reserves the right to suspend or terminate access to the Services immediately if it reasonably determines that a violation of this Acceptable Use Policy has occurred.

7. Intellectual Property

7.1 Difinity's Intellectual Property

The Platform, Site, documentation, and all related intellectual property rights (including patents, copyrights, trademarks, trade secrets, and know-how) are and remain the exclusive property of Difinity and its licensors. These Terms do not grant you any right, title, or interest in the Platform or any related intellectual property, except for the limited right to use the Services in accordance with these Terms.

7.2 Customer Data Ownership

As between Difinity and the Customer, the Customer retains all rights, title, and interest in and to Customer Data. The Customer grants Difinity a limited, non-exclusive, worldwide licence to process Customer Data solely for the purpose of providing the Services and as otherwise permitted by the DPA.

7.3 Aggregated and Anonymised Data

Difinity may generate aggregated and anonymised data derived from the use of the Platform that does not identify the Customer or any individual ("Aggregated Data"). Difinity owns all rights in Aggregated Data and may use it for any lawful purpose, including improving the Services, conducting research, and publishing benchmarks.

7.4 Feedback

If you provide Difinity with feedback, suggestions, or recommendations regarding the Services ("Feedback"), you grant Difinity an irrevocable, non-exclusive, royalty-free, worldwide licence to use, modify, and incorporate Feedback into the Services without obligation or compensation.

8. Data Processing and Privacy

8.1 Privacy Policy

Difinity processes personal data in accordance with its Privacy Policy, available at https://difinity.ai/privacy. The Privacy Policy is incorporated into these Terms by reference.

8.2 Data Processing Agreement

Where Difinity processes personal data on behalf of the Customer (acting as a data processor), the parties will enter into a DPA that complies with the requirements of the EU GDPR (Article 28), the UK GDPR, and any other applicable data protection legislation. The DPA governs the nature, purpose, and duration of processing, the categories of personal data and data subjects, and the rights and obligations of the parties. In the event of any conflict between these Terms and the DPA, the DPA prevails with respect to data protection matters.

8.3 PII Protection

Difinity's PII Detection and Redaction features operate as configured by the Customer. When enabled, PII is automatically detected and redacted before data is transmitted to external LLM providers. Difinity does not store unredacted PII after the redaction process is complete. The Customer is responsible for configuring PII handling settings appropriate to its regulatory requirements and risk tolerance.

8.4 Sub-processors

Difinity may engage sub-processors to assist in the provision of the Services. A current list of sub-processors is available upon request. Difinity will notify the Customer of any intended changes to sub-processors and provide the Customer with an opportunity to object as set out in the DPA.

8.5 Data Localisation

The Platform is deployed across AWS Sydney (ap-southeast-2) and AWS Frankfurt (eu-central-1). Customer Data is processed and stored within the region corresponding to the Customer's deployment, unless otherwise agreed in writing. Enterprise customers may request data residency controls as part of their Enterprise Agreement.

9. Confidentiality

9.1 Definition

"Confidential Information" means any non-public information disclosed by one party ("Disclosing Party") to the other party ("Receiving Party") that is designated as confidential or that a reasonable person would understand to be confidential, including business plans, technical data, financial information, customer lists, pricing, and the terms of any Order Form or Enterprise Agreement.

9.2 Obligations

The Receiving Party agrees to: (a) hold Confidential Information in strict confidence; (b) not disclose Confidential Information to any third party except as permitted by these Terms; (c) use Confidential Information only for the purposes of performing obligations or exercising rights under these Terms; and (d) protect Confidential Information using at least the same degree of care it uses to protect its own confidential information, but in no event less than reasonable care.

9.3 Exceptions

Confidential Information does not include information that: (a) is or becomes publicly available through no fault of the Receiving Party; (b) was lawfully known to the Receiving Party prior to disclosure; (c) is lawfully received from a third party without restriction; or (d) is independently developed without reference to the Disclosing Party's Confidential Information.

9.4 Compelled Disclosure

The Receiving Party may disclose Confidential Information to the extent required by law, regulation, or court order, provided that the Receiving Party gives the Disclosing Party prompt written notice (to the extent permitted by law) and cooperates with any effort by the Disclosing Party to obtain protective treatment.

10. Representations and Warranties

10.1 Mutual Representations

Each party represents and warrants that: (a) it has the legal power and authority to enter into and perform its obligations under these Terms; (b) the execution and performance of these Terms does not conflict with any other agreement to which it is a party; and (c) it will comply with all applicable laws and regulations in the performance of its obligations.

10.2 Difinity's Warranties

Difinity warrants that: (a) the Platform will perform materially in accordance with the applicable documentation during the Subscription Term; (b) the Services will be provided with reasonable care and skill; and (c) it will implement and maintain commercially reasonable security measures to protect Customer Data.

10.3 Disclaimer

EXCEPT AS EXPRESSLY SET OUT IN THESE TERMS, THE SERVICES ARE PROVIDED "AS IS" AND "AS AVAILABLE." DIFINITY DISCLAIMS ALL WARRANTIES, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE, INCLUDING WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT. DIFINITY DOES NOT WARRANT THAT THE SERVICES WILL BE UNINTERRUPTED, ERROR-FREE, OR SECURE, OR THAT ALL DEFECTS WILL BE CORRECTED.

DIFINITY DOES NOT GUARANTEE REGULATORY COMPLIANCE. The Platform is a tool designed to support your compliance efforts. Regulatory compliance depends on your specific use cases, configurations, organisational context, and the advice of qualified legal and compliance professionals. Difinity does not provide legal advice.

11. Limitation of Liability

11.1 Exclusion of Consequential Damages

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL EITHER PARTY BE LIABLE TO THE OTHER FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, PUNITIVE, OR EXEMPLARY DAMAGES, INCLUDING DAMAGES FOR LOSS OF PROFITS, REVENUE, GOODWILL, DATA, OR BUSINESS OPPORTUNITY, ARISING OUT OF OR IN CONNECTION WITH THESE TERMS OR THE USE OF THE SERVICES, REGARDLESS OF THE THEORY OF LIABILITY (CONTRACT, TORT, NEGLIGENCE, STRICT LIABILITY, OR OTHERWISE) AND EVEN IF THE PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

11.2 Cap on Liability

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, EACH PARTY'S TOTAL AGGREGATE LIABILITY ARISING OUT OF OR IN CONNECTION WITH THESE TERMS SHALL NOT EXCEED THE GREATER OF: (A) THE TOTAL FEES PAID OR PAYABLE BY THE CUSTOMER TO DIFINITY IN THE TWELVE (12) MONTHS PRECEDING THE EVENT GIVING RISE TO THE CLAIM; OR (B) ONE HUNDRED AUSTRALIAN DOLLARS (AUD $100).

11.3 Exclusions from Cap

The limitations in Sections 11.1 and 11.2 do not apply to: (a) either party's breach of confidentiality obligations; (b) either party's indemnification obligations; (c) the Customer's payment obligations; (d) liability arising from wilful misconduct or fraud; or (e) liability that cannot be excluded or limited under applicable law, including liability under the Australian Consumer Law (Schedule 2 of the Competition and Consumer Act 2010 (Cth)), the UK Consumer Rights Act 2015, or the EU Consumer Rights Directive.

11.4 Consumer Protection

Nothing in these Terms excludes or limits any rights you may have under applicable consumer protection legislation that cannot be lawfully excluded or limited. If the Australian Consumer Law applies, our liability for a failure to comply with a consumer guarantee is limited (to the extent permitted by law) to re-supplying the Services or paying the cost of having the Services re-supplied.

12. Indemnification

12.1 Difinity's Indemnification

Difinity will defend, indemnify, and hold harmless the Customer and its officers, directors, and employees from and against any third-party claim that the Platform, as provided by Difinity and used in accordance with these Terms, infringes a valid patent, copyright, or trademark of a third party, and will pay any damages finally awarded or settlement amounts agreed to. This obligation does not apply to claims arising from: (a) modifications to the Platform not made or authorised by Difinity; (b) combination of the Platform with materials not provided by Difinity; (c) use of the Platform other than in accordance with these Terms or the documentation; or (d) Customer Data.

12.2 Customer's Indemnification

The Customer will defend, indemnify, and hold harmless Difinity and its officers, directors, and employees from and against any third-party claim arising from: (a) the Customer's breach of these Terms; (b) the Customer's violation of applicable law; (c) Customer Data, including any claim that Customer Data infringes the rights of a third party; or (d) the Customer's use of the Services in combination with services or products not provided by Difinity.

12.3 Indemnification Procedure

The indemnified party must: (a) promptly notify the indemnifying party in writing of the claim; (b) grant the indemnifying party sole control of the defence and settlement of the claim; and (c) provide reasonable cooperation at the indemnifying party's expense. The indemnifying party must not settle any claim that imposes obligations on the indemnified party without the indemnified party's prior written consent.

13. Term and Termination

13.1 Term

These Terms commence on the date you first access or use the Services and continue until terminated in accordance with this Section. The Subscription Term is as specified in the applicable Order Form or Enterprise Agreement.

13.2 Termination for Convenience

Either party may terminate these Terms (or the applicable Subscription Term) by providing thirty (30) days' written notice to the other party, unless a different notice period is specified in the applicable Enterprise Agreement.

13.3 Termination for Cause

Either party may terminate these Terms immediately upon written notice if: (a) the other party commits a material breach and fails to cure such breach within thirty (30) days of receiving written notice; (b) the other party becomes insolvent, files for bankruptcy, makes an assignment for the benefit of creditors, or undergoes any analogous proceeding; or (c) the other party ceases to carry on business.

13.4 Effect of Termination

Upon termination: (a) the Customer's right to access and use the Services immediately ceases; (b) Difinity will, upon written request received within thirty (30) days of termination, make Customer Data available for export in a standard machine-readable format; (c) after the thirty (30) day export period, Difinity will delete Customer Data from its systems in accordance with its data retention policies, except where retention is required by applicable law; (d) each party will return or destroy the other party's Confidential Information; and (e) the Customer will pay any outstanding fees for Services rendered prior to termination.

13.5 Survival

The following sections survive termination: Definitions and Interpretation (Section 1), Intellectual Property (Section 7), Confidentiality (Section 9), Disclaimer (Section 10.3), Limitation of Liability (Section 11), Indemnification (Section 12), Effect of Termination (Section 13.4), Governing Law and Dispute Resolution (Section 15), and any other provisions that by their nature should survive.

14. Force Majeure

Neither party will be liable for any failure or delay in performing its obligations (other than payment obligations) to the extent caused by circumstances beyond its reasonable control, including acts of God, natural disasters, pandemics, war, terrorism, riots, government actions, power failures, internet disruptions, or failures of third-party infrastructure providers ("Force Majeure Event"). The affected party must promptly notify the other party and use commercially reasonable efforts to mitigate the impact. If a Force Majeure Event continues for more than ninety (90) days, either party may terminate the affected Services upon written notice.

15. Governing Law and Dispute Resolution

15.1 Governing Law

These Terms are governed by and construed in accordance with the laws of New South Wales, Australia, without regard to its conflict-of-laws principles.

15.2 Dispute Resolution

The parties agree to attempt to resolve any dispute arising out of or in connection with these Terms through good-faith negotiation for a period of thirty (30) days. If the dispute is not resolved through negotiation, either party may submit the dispute to mediation administered by the Australian Disputes Centre in accordance with its Mediation Rules. If mediation fails to resolve the dispute within sixty (60) days of the mediation request, either party may commence proceedings in the courts of New South Wales, Australia.

15.3 Jurisdictional Carve-Outs

Notwithstanding Section 15.1: (a) if you are a consumer in the European Union, nothing in these Terms deprives you of the protection afforded by the mandatory provisions of the law of your country of habitual residence, or of your right to bring proceedings in the courts of that country, in accordance with Regulation (EU) No 1215/2012 and the Rome I Regulation (EC) No 593/2008; (b) if you are a consumer in the United Kingdom, nothing in these Terms affects your rights under the Consumer Rights Act 2015 or your right to bring proceedings in the courts of England and Wales, Scotland, or Northern Ireland; (c) if you are located in the United States, the parties agree that any litigation arising out of these Terms shall be brought exclusively in the federal or state courts located in New South Wales, Australia, except where prohibited by applicable law; (d) if you are located in Canada, mandatory provisions of applicable provincial and federal consumer protection legislation are not affected by these Terms; and (e) if you are located in the UAE, DIFC, ADGM, or KSA, any dispute arising from these Terms may be subject to the jurisdiction of the relevant courts or dispute resolution bodies in those jurisdictions, to the extent required by applicable local law.

15.4 Injunctive Relief

Nothing in this Section prevents either party from seeking injunctive or other equitable relief from any court of competent jurisdiction to prevent the actual or threatened infringement, misappropriation, or violation of intellectual property rights or Confidential Information.

16. General Provisions

16.1 Entire Agreement

These Terms, together with the Privacy Policy, DPA, and any applicable Order Form or Enterprise Agreement, constitute the entire agreement between the parties with respect to the subject matter hereof and supersede all prior or contemporaneous understandings, proposals, negotiations, representations, or communications, whether written or oral.

16.2 Amendments

Difinity may modify these Terms from time to time. We will provide notice of material changes by posting the updated Terms on our Site or by direct communication. Your continued use of the Services after the effective date of any modification constitutes acceptance of the modified Terms. If you do not agree to the modified Terms, you must cease using the Services and notify us in writing.

16.3 Assignment

You may not assign or transfer these Terms, or any rights or obligations hereunder, without Difinity's prior written consent. Difinity may assign these Terms in connection with a merger, acquisition, reorganisation, or sale of all or substantially all of its assets. Any purported assignment in violation of this Section is void.

16.4 Severability

If any provision of these Terms is held to be invalid, illegal, or unenforceable by a court of competent jurisdiction, the remaining provisions will continue in full force and effect. The invalid, illegal, or unenforceable provision will be modified to the minimum extent necessary to make it valid, legal, and enforceable while preserving the parties' original intent.

16.5 Waiver

The failure of either party to exercise or enforce any right or provision of these Terms does not constitute a waiver of that right or provision. Any waiver must be in writing and signed by the waiving party.

16.6 Notices

All notices under these Terms must be in writing and addressed to: (a) if to Difinity, at legal@difinity.ai or Difinity.ai Pty Ltd, Sydney, NSW, Australia; and (b) if to the Customer, at the email address associated with the Customer's account or as otherwise specified in the applicable Enterprise Agreement. Notices are deemed delivered when sent by email (upon confirmed receipt) or three (3) business days after being sent by registered mail.

16.7 No Third-Party Beneficiaries

These Terms do not create any rights for any third party, except to the extent expressly provided in the indemnification provisions.

16.8 Relationship of the Parties

The relationship between Difinity and the Customer is that of independent contractors. Nothing in these Terms creates a partnership, joint venture, agency, or employment relationship.

16.9 Export Compliance

You agree to comply with all applicable export control and sanctions laws and regulations in connection with your use of the Services. You represent and warrant that you are not located in, organised under the laws of, or a resident of any country or territory subject to comprehensive sanctions, and that you are not designated on any sanctions list maintained by the United Nations, the European Union, the United Kingdom, the United States, Australia, or any other applicable jurisdiction.

16.10 Accessibility

Difinity is committed to making the Services accessible to all users. If you have accessibility requirements or encounter barriers to accessibility, please contact us at legal@difinity.ai.

17. Contact Information

For questions about these Terms of Service, please contact us:

Legal Enquiries: legal@difinity.ai Privacy Enquiries: privacy@difinity.ai General Enquiries: hello@difinity.ai Postal Address: Difinity.ai Pty Ltd, Sydney, NSW, Australia

© 2026 Difinity.ai Pty Ltd. All rights reserved.