FundOS — Terms & Conditions (DIFC • AI Innovation Licence)

Effective Date: 01-Oct-2025 • Version: 1.0
Contacts: legal@klub.ai • privacy@klub.ai • security@klub.ai
Address: IH-00-01-03-OF-05, Level 3, DIFC Innovation One, Dubai AI Campus, DIFC, UAE

1. Definitions

Key terms used in these T&Cs include Applicable Law, Autonomous System, Controller, Processor, Personal Data, Customer Content, Documentation, DPA, Outputs, Sub-processor, and others as defined under the DIFC Data Protection Law 2020 (“DIFC DPL 2020”).

2. Access and Use

Customer receives a limited, non-transferable right to access and use FundOS for internal business purposes. Customer is responsible for user accounts, credentials, and compliance with Applicable Law. Use of third-party data sources or APIs is subject to their terms.

3. Provider Responsibilities

Provider shall provide the Services substantially in accordance with the Documentation and maintain the security measures described in the Security Overview and Annex A.

4. Product Specific – AI & Advisory

FundOS is a decision-support platform. Provider does not make AI decisions with legal or similar significant effects unless expressly agreed. Outputs are generated based on inputs, configuration, and model behaviour, and may contain probabilistic variations. Provider will maintain Reg-10 AI notices and relevant explainability disclosures.

5. Customer Responsibilities

Ensure lawful basis and authority to use Customer Content.
Prohibit unlawful or infringing data submission.
Maintain human oversight of Outputs and their application.
Ensure lawful sourcing and handling of data used for AI workflows.
Conduct DPIAs and provide notices where automated decisioning applies.

6. Fees and Taxes

Fees are set in the applicable Order. Fees exclude taxes; Customer is responsible for applicable tax obligations.

7. Confidentiality

Each party shall protect the other’s Confidential Information using at least reasonable care. Disclosure is permitted only as required by law or with written consent.

8. Intellectual Property

Provider retains ownership of FundOS and associated IP. Customer owns its Customer Content. Subject to Applicable Law, Provider assigns to Customer its rights in Outputs generated from Customer Content for internal use.

9. Data Protection

Provider acts as Processor under DIFC DPL 2020. The Data Processing Addendum (DPA) in Annex A forms part of these Terms. Provider may use Sub-processors listed in the Sub-processor Register and remains responsible for their performance. Security controls align with DIFC Reg-10 requirements.

10. Warranties and Disclaimers

Except as expressly stated, FundOS is provided “as is.” Provider disclaims all implied warranties including merchantability, fitness, and non-infringement. Outputs are probabilistic and should be validated by Customer.

11. Indemnities

Provider shall defend Customer against third-party IP infringement claims; Customer shall defend Provider against claims arising from Customer Content or misuse of the Services.

12. Liability

Neither party is liable for indirect or consequential loss. Liability is capped at Fees paid or payable in the preceding 12 months, except for fraud, wilful misconduct, death/personal injury, or IP indemnity obligations.

13. Term and Termination

Either party may terminate for material breach (after 30 days’ notice) or insolvency. Upon termination, Provider will delete or return Customer Content in accordance with Annex A.

14–17. Compliance, Force Majeure & Miscellaneous

Parties shall comply with export controls, sanctions, and anti-corruption laws. DIFC law governs, with exclusive jurisdiction of DIFC Courts. Notices may be sent via email to the contacts above.

ANNEX A — DATA PROCESSING ADDENDUM (DIFC)

Processor processes Personal Data as necessary to deliver FundOS. Categories include identifiers, contact details, financial metadata, and system logs. Processor maintains AI testing logs and summaries as required by DIFC Reg-10 for accountability. Security measures include encryption, access control, backups, and AI-specific safeguards (prompt-injection, bias, and drift monitoring).

Sub-processors are listed in the Sub-processor Register. Personal Data breaches will be reported without undue delay. Upon termination, data will be deleted or returned unless retention is legally required.

References

Privacy Policy (privacy)
Cookie Notice (cookies)
Security Overview (security)
Sub-processor Register (sub-processors)