Guardian Terms of Service

These Terms of Service ("Terms") constitute a legally binding agreement between the Client and AIGENT LABS - FZCO, a company incorporated in Dubai Silicon Oasis under the authority of IFZA/DIEZA (License No. 79365, Registration No. 77615), with its registered address at IFZA Business Park, Dubai Digital Park, Dubai Silicon Oasis, Dubai, United Arab Emirates ("the Company").

By completing the onboarding process - including, without limitation, providing an Acceptance Confirmation via WhatsApp (as defined in §2) - the Client agrees to be bound by these Terms in their entirety. The Client acknowledges that electronic acceptance, including acceptance via messaging platforms, constitutes valid acceptance and is enforceable under UAE Federal Decree-Law No. 46 of 2021 on Electronic Transactions and Trust Services.

For enquiries relating to these Terms, the Client may contact the Company at contact@aigent.ae or +971 54 434 1951.

In these Terms, unless the context otherwise requires, the following expressions shall have the meanings set out below:

• "Guardian Services" means the cybersecurity assessment, monitoring, vulnerability detection, reporting, and remediation advisory services described in §3, as provided by the Company under the AIGENT Guardian product.
• "Client" means the individual or entity that subscribes to the Guardian Services and accepts these Terms, including its duly authorised representatives and employees acting on its behalf in connection with the Services.
• "Company" means AIGENT LABS - FZCO (License No. 79365, Registration No. 77615), incorporated in Dubai Silicon Oasis under IFZA/DIEZA.
• "Commitment Period" means the initial period of twelve (12) consecutive calendar months commencing when the first Monthly Fee becomes due immediately after expiry of the Withdrawal Period, during which the Client is bound to maintain the subscription and pay all applicable Monthly Fees.
• "Withdrawal Period" means the period of seven (7) calendar days immediately following the date of the Client's Acceptance Confirmation, during which the Client may cancel the agreement without penalty in accordance with §6 and before any Monthly Fee becomes due.
• "Monthly Fee" means the recurring monthly subscription fee payable by the Client for the Guardian Services, as specified in §4.
• "Original Price" means AED 6,000 per month, being the standard list price for the Guardian Services.
• "Special Offer Price" means AED 3,500 per month, being the reduced promotional rate applicable to the Client's subscription as detailed in §4.
• "Acceptance Confirmation" means the electronic confirmation message sent by the Client via WhatsApp, consisting of the word "OK" followed by a two-digit verification code (e.g., "OK 54"), in response to the Company's onboarding communication, which constitutes the Client's acceptance of these Terms.
• "Assessment" means a systematic evaluation of the Client's external digital attack surface, including identification and classification of assets, services, and potential vulnerabilities.
• "Monitoring" means the ongoing, recurring observation and analysis of the Client's digital footprint to detect new exposures, changes, or emerging threats.
• "Remediation Advisory" means the provision of written guidance, recommendations, and prioritised action items to address identified vulnerabilities, which the Client may implement at its own discretion and responsibility.
• "Business Day" means any day other than Saturday, Sunday, or a public holiday in the United Arab Emirates.

The Client may withdraw from this agreement within seven (7) calendar days of the date of the Acceptance Confirmation (the "Withdrawal Period") by providing written notice to the Company at contact@aigent.ae or by sending the exact phrase "I change my mind and withdraw" from the same WhatsApp number used for onboarding.

No Monthly Fee is due during the Withdrawal Period. During that period, the Company may still perform and deliver the initial Assessment or onboarding assistance without charge as part of the onboarding process.

If the Client validly exercises the right of withdrawal within the Withdrawal Period, this agreement shall be cancelled with no commitment and no Monthly Fee shall become payable. If any payment has been collected in error before the withdrawal takes effect, it shall be refunded in full within fourteen (14) Business Days to the original payment method.

Upon expiry of the Withdrawal Period without the Client having exercised the right of withdrawal, the first Monthly Fee becomes immediately due and the Client shall be bound by the full twelve (12)-month Commitment Period and the terms and conditions set out herein.

Upon expiry of the initial twelve (12)-month Commitment Period, this agreement shall automatically renew on a month-to-month basis on the same terms and conditions (including the then-applicable Monthly Fee), unless either Party provides written notice of non-renewal.

The Company shall use reasonable efforts to send the Client a renewal reminder approximately thirty (30) days before expiry of the initial Commitment Period. Either Party may cancel a renewed (month-to-month) agreement by providing not less than thirty (30) days' written notice to the other Party. Such cancellation shall take effect at the end of the then-current monthly billing period following the expiry of the thirty (30)-day notice period.

The Client shall, throughout the term of this agreement:

• Accurate Information. Provide and maintain accurate, complete, and up-to-date contact information, business details, and technical information reasonably required for the performance of the Guardian Services.
• Credential Security. Maintain the confidentiality and security of all credentials, access tokens, and authentication details associated with the Client's account and systems. The Company shall not be liable for any loss arising from the Client's failure to secure its credentials.
• Designated Point of Contact. Designate a primary point of contact who is authorised to communicate with the Company on operational and technical matters relating to the Guardian Services.
• Cooperation & Access. Cooperate with reasonable requests from the Company for access, information, or authorisation necessary to perform the Guardian Services effectively, including providing timely responses to queries and granting necessary permissions for assessments.
• Advisory Nature of Services. Acknowledge and accept that the Guardian Services are advisory in nature and do not replace the Client's own security obligations, internal security policies, or compliance responsibilities. The Client remains solely responsible for the security of its own systems, data, and infrastructure.

All rights, title, and interest in and to the AIGENT Guardian intellectual property - including, without limitation, the platform, software, tools, scanning engines, methodologies, frameworks, report templates, dashboards, and all associated documentation - are and shall remain the exclusive property of the Company. Nothing in these Terms transfers or assigns any intellectual property rights to the Client.

During the term of the Client's active subscription, the Company grants the Client a limited, non-exclusive, non-transferable, revocable licence to access and use the reports, dashboards, and deliverables generated by the Guardian Services solely for the Client's internal business and security purposes. The Client shall not copy, modify, distribute, sublicence, reverse-engineer, or create derivative works of any Company intellectual property.

The Client retains all rights, title, and interest in and to its own data, including data provided to the Company for the purposes of performing the Guardian Services. The Company shall not use Client data for any purpose other than the performance and improvement of the Guardian Services, except with the Client's prior written consent.

Each Party (the "Receiving Party") agrees to hold in confidence all non-public, proprietary, or sensitive information disclosed by the other Party (the "Disclosing Party") in connection with these Terms and the Guardian Services ("Confidential Information"). Confidential Information shall be used solely for the purposes contemplated by these Terms and shall not be disclosed to any third party without the prior written consent of the Disclosing Party, except as required by law or regulation.

The Client expressly acknowledges that all security findings, vulnerability reports, assessment results, and remediation advisories produced by the Guardian Services are strictly confidential. The Client shall not disclose such information to any third party without the Company's prior written consent, except to the Client's own employees, officers, or professional advisers on a need-to-know basis, provided that such recipients are bound by obligations of confidentiality no less restrictive than those contained herein.

The obligations of confidentiality set out in this §11 shall survive the termination or expiry of this agreement for a period of two (2) years.

The Company processes personal data in connection with the Guardian Services in accordance with the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data ("PDPL") and all applicable data protection legislation. The Company's processing of personal data is further described in the Company's Privacy Policy, available at /privacy.

The Company shall implement and maintain appropriate technical and organisational measures to protect personal data against unauthorised or unlawful processing and against accidental loss, destruction, or damage.

In the event of a data breach affecting Client data, the Company shall notify the Client without undue delay and in any event within forty-eight (48) hours of becoming aware of the breach, providing sufficient detail of the nature of the breach, the data affected, and the measures taken or proposed to address the breach.

To the maximum extent permitted by applicable law, neither Party shall be liable to the other Party for any indirect, special, incidental, consequential, exemplary, or punitive damages, or for any loss of profit, loss of revenue, loss of data, loss of business opportunity, or business interruption, howsoever arising, whether in contract, tort (including negligence), strict liability, or otherwise, even if the Party has been advised of the possibility of such damages.

Each Party's total aggregate liability arising out of or in connection with these Terms shall not exceed the greater of: (a) the total fees actually paid by the Client to the Company in the twelve (12) months immediately preceding the event giving rise to the claim; or (b) AED 100,000 (one hundred thousand UAE Dirhams).

The Client expressly acknowledges and agrees that the Guardian Services do not guarantee the prevention, detection, or elimination of all security vulnerabilities, threats, or incidents. The Company shall not be liable for any security breach, data loss, or cyberattack affecting the Client's systems, except to the extent directly caused by the Company's gross negligence or wilful misconduct.

The Company warrants that it shall perform the Guardian Services with reasonable skill, care, and diligence in accordance with generally accepted industry standards for cybersecurity services.

EXCEPT AS EXPRESSLY SET OUT IN THESE TERMS, THE GUARDIAN SERVICES ARE PROVIDED "AS IS" AND "AS AVAILABLE." THE COMPANY DISCLAIMS ALL IMPLIED WARRANTIES, INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT.

Without limiting the foregoing, the Company does not warrant: (a) that the Guardian Services will detect all vulnerabilities, threats, or security weaknesses; (b) that the Guardian Services will operate without interruption or error; (c) that the Guardian Services will prevent all security incidents or breaches; or (d) that the remediation advisory provided will be suitable for the Client's specific technical environment without adaptation.

Neither Party shall be liable for any delay or failure in the performance of its obligations under these Terms to the extent that such delay or failure is caused by circumstances beyond its reasonable control, including but not limited to: acts of God, natural disasters, epidemics or pandemics, war, armed conflict, terrorism, civil unrest, sanctions, government actions, changes in law or regulation, utility or telecommunications failures, internet outages, cyberattacks against infrastructure providers, or any other event that could not reasonably have been foreseen or prevented (a "Force Majeure Event").

The affected Party shall notify the other Party promptly in writing and use commercially reasonable efforts to mitigate the impact of the Force Majeure Event.

If a Force Majeure Event continues for a period of sixty (60) or more consecutive days, either Party may terminate this agreement by providing written notice to the other Party, without liability for such termination. Fees paid for the period of non-performance due to the Force Majeure Event shall be credited or refunded on a pro rata basis.

All formal notices, requests, demands, and other communications required or permitted under these Terms shall be in writing and delivered by email to the registered email addresses of the respective Parties. Notices to the Company shall be sent to contact@aigent.ae. Notices to the Client shall be sent to the email address provided during onboarding or as subsequently updated in writing.

An email notice shall be deemed effective when sent during Business Hours (09:00 to 18:00 UAE time on a Business Day), provided that no delivery failure or bounce-back notification is received by the sender within two (2) hours of sending. Notices sent outside of Business Hours shall be deemed received at the commencement of the next Business Day.

Either Party may update its notice details by providing written notice to the other Party in accordance with this §17.

The Client acknowledges and agrees that acceptance of these Terms via the Acceptance Confirmation - i.e., the transmission of a WhatsApp message containing the word "OK" followed by a two-digit verification code (e.g., "OK 54") in response to the Company's onboarding communication - constitutes valid electronic acceptance of these Terms.

For the purposes of verifiability and enforceability, the Company records and retains the following data at the time of acceptance:

• the Client's phone number from which the Acceptance Confirmation was sent;
• the full content of the Acceptance Confirmation message;
• the timestamp (date and time, including time zone) of the Acceptance Confirmation;
• the two-digit verification code contained in the Acceptance Confirmation; and
• the linked onboarding record and Client account details.

If the Client sends a valid withdrawal notice during the Withdrawal Period, the Company may also retain the Client's withdrawal message, timestamp, source number, and linked onboarding record as evidence of cancellation. This electronic acceptance or withdrawal record is equivalent to a handwritten signature for the purposes of these Terms and is enforceable under UAE Federal Decree-Law No. 46 of 2021 on Electronic Transactions and Trust Services. The Client waives any objection to the validity, admissibility, or enforceability of these Terms on the basis that acceptance or withdrawal was provided electronically.