# Terms and Pilot Agreement — Template

**DRAFT TEMPLATE — for discussion only. Not legal advice. Must be reviewed and adapted by qualified legal counsel before execution.**

---

*This template sets out the proposed terms for a time-boxed, non-production evaluation pilot of the ReguShield AI platform. It contains placeholders and must be completed, reviewed, and adapted to the specific facts of the engagement and the applicable law before it is used or signed.*

---

## 1. Parties

This Terms and Pilot Agreement (the **"Agreement"**) is entered into between:

- **[CUSTOMER LEGAL NAME]**, of [CUSTOMER ADDRESS] (the **"Customer"**); and
- **ReguShield AI** [INSERT LEGAL ENTITY NAME / NUMBER / ADDRESS] (**"ReguShield AI"**),

each a **"Party"** and together the **"Parties"**.

**Effective Date:** [EFFECTIVE DATE]

---

## 2. Definitions

- **"Platform"** means the ReguShield AI compliance decision-support software made available to the Customer for the Pilot.
- **"Pilot"** means the time-boxed evaluation of the Platform under this Agreement.
- **"Customer Data"** means data uploaded or provided by the Customer to the Platform.
- **"DPA"** means the Data Processing Agreement between the Parties (`10-DPA-Template.md`).
- **"Documentation"** means the pilot-kit documents and materials provided by ReguShield AI, including the Pilot Support Service Description (`07-Pilot-SLA.md`) and the Decision-Support Disclaimer (`09-Decision-Support-Disclaimer.md`).

---

## 3. Pilot Licence Grant

Subject to this Agreement, ReguShield AI grants the Customer a **limited, non-exclusive, non-transferable, non-sublicensable, revocable** licence to access and use the Platform **solely for the Customer's internal evaluation** during the Pilot Term.

The licence is for **evaluation in a non-production environment only**. The Customer must **not**:

- use the Platform, or any output of the Platform, in live production, regulatory, or operational decision-making;
- resell, sublicense, rent, or make the Platform available to any third party;
- reverse-engineer, decompile, or attempt to derive source code, except to the extent this restriction is prohibited by law; or
- use the Platform in breach of applicable law or these terms.

---

## 4. Pilot Term

The Pilot begins on the Effective Date and continues for approximately **four (4) weeks**, ending on **[PILOT END DATE]** (the **"Pilot Term"**), unless extended by written agreement or terminated earlier in accordance with Section 12. The Platform may be disabled at the end of the Pilot Term.

---

## 5. Customer Responsibilities

The Customer shall:

1. provide only **Customer Data that it is lawfully entitled to provide and process**, and ensure it has a valid legal basis and any required notices/consents for the data it uploads;
2. **not upload special-category personal data** (Article 9 GDPR) or criminal-offence data (Article 10 GDPR) without a lawful basis and prior written notice to ReguShield AI — the Platform is not designed for such data by default;
3. ensure that only **authorised personnel** access and use the Platform, and keep account credentials secure;
4. use the Platform in accordance with this Agreement, the Documentation, and applicable law;
5. retain responsibility for **all compliance, legal, and regulatory decisions**, including STR filing, CDD completion, and supervisory submissions (see Section 8); and
6. provide reasonable cooperation and feedback to support the evaluation.

---

## 6. ReguShield AI Responsibilities

ReguShield AI shall:

1. make the Platform available to the Customer for the Pilot Term on a **best-effort, non-production** basis as described in the Pilot Support Service Description (`07-Pilot-SLA.md`);
2. provide pilot support via **hello@regushield.ai** during business hours on a best-effort basis;
3. process Customer Data as a processor in accordance with the **DPA**; and
4. apply the technical and organisational security measures described in the Security Whitepaper (EU-region Supabase hosting, AES-256 at rest, RLS tenant isolation that fails closed).

ReguShield AI does **not** currently hold ISO 27001 or SOC 2 certification (these are on the roadmap and are not represented as held).

---

## 7. Confidentiality (Mutual)

Each Party (the **"Receiving Party"**) shall keep confidential all non-public information disclosed by the other Party (the **"Disclosing Party"**) that is marked or reasonably understood to be confidential (**"Confidential Information"**), use it only to perform this Agreement, and protect it with at least reasonable care. Confidential Information does not include information that is or becomes public through no fault of the Receiving Party, was lawfully known before disclosure, is independently developed, or is rightfully received from a third party without restriction. A Party may disclose Confidential Information to the extent required by law or regulator, giving reasonable prior notice where lawful. These obligations survive termination for [CONFIDENTIALITY SURVIVAL PERIOD]. Customer Data is also governed by the DPA.

---

## 8. Decision-Support / No Legal Advice

The Customer acknowledges and agrees that:

- ReguShield AI provides **compliance decision-support and intelligence only**. It is **not legal advice**, **not a regulatory determination**, and **not a substitute for a qualified compliance officer**.
- AI-generated and deterministic outputs (risk scores, narratives, regulatory mappings, recommended actions) **support, and do not replace, human judgement**, and must be independently reviewed and validated by the Customer's authorised personnel before being relied upon.
- **STRs, CDD, and supervisory/regulatory filings** must be reviewed and submitted only by the Customer's **authorised personnel**; ReguShield AI does not submit any report to any authority.
- Certain regulatory feeds, deadlines, and copilot responses are **simulated** unless a live provider has been explicitly enabled, and must not be treated as authoritative.

This Section is to be read together with the full Decision-Support Disclaimer (`09-Decision-Support-Disclaimer.md`), which is incorporated by reference.

---

## 9. Intellectual Property

- As between the Parties, ReguShield AI owns all right, title, and interest in and to the **Platform, Documentation, and all related intellectual property**, including any improvements and derivatives. No rights are granted except the limited licence in Section 3.
- As between the Parties, the Customer owns its **Customer Data**. The Customer grants ReguShield AI a limited licence to process Customer Data solely to provide the Platform and perform this Agreement and the DPA.
- The Customer may provide feedback; ReguShield AI may use such **feedback** to improve its products without obligation, provided it does not identify the Customer or disclose Customer Confidential Information.

---

## 10. Disclaimer of Warranties

The Pilot and the Platform are provided **"AS IS"** and **"AS AVAILABLE"**, for evaluation only. **To the maximum extent permitted by applicable law**, ReguShield AI disclaims all warranties, whether express, implied, or statutory, including any implied warranties of merchantability, fitness for a particular purpose, accuracy, and non-infringement. ReguShield AI does not warrant that the Platform will be uninterrupted, error-free, secure, or that any output is accurate, complete, or suitable for any regulatory or compliance purpose. The Pilot is a **non-production evaluation environment** and is not offered with any production service level (see `07-Pilot-SLA.md`).

---

## 11. Limitation of Liability

**To the maximum extent permitted by applicable law:**

- Neither Party is liable for any **indirect, incidental, special, consequential, or punitive damages**, or for any loss of profits, revenue, data, goodwill, or business, arising out of or in connection with this Agreement, even if advised of the possibility.
- ReguShield AI's **total aggregate liability** arising out of or in connection with this Agreement shall not exceed **[LIABILITY CAP — e.g. the fees paid for the Pilot, or, for a no-fee pilot, a nominal capped amount such as EUR [AMOUNT]]**.
- Nothing in this Agreement excludes or limits liability that **cannot be excluded or limited under applicable law** (for example, liability for death or personal injury caused by negligence, fraud, or fraudulent misrepresentation).
- Given that the Pilot is a free or low-cost evaluation provided "as is", the Customer acknowledges that this allocation of risk is reasonable and reflected in the nature of the Pilot.

---

## 12. Data Protection

The processing of personal data under this Agreement is governed by the **DPA** (`10-DPA-Template.md`), which forms part of this Agreement. In case of conflict regarding the processing of personal data, the DPA prevails.

---

## 13. Termination

- Either Party may terminate this Agreement **for convenience** on [NOTICE PERIOD — e.g. 7 days'] written notice.
- Either Party may terminate **immediately** on written notice if the other Party materially breaches this Agreement and fails to cure within [CURE PERIOD] of notice (or immediately where the breach is incapable of cure).
- On termination or expiry: the licence in Section 3 ends, the Customer must cease using the Platform, and Customer Data is handled in accordance with the DPA (return or deletion).
- Sections that by their nature should survive (including confidentiality, IP, disclaimers, limitation of liability, data protection, and governing law) survive termination.

---

## 14. General

- **Entire agreement:** this Agreement, together with the DPA and the incorporated Documentation, is the entire agreement between the Parties regarding the Pilot and supersedes prior discussions.
- **Assignment:** the Customer may not assign this Agreement without ReguShield AI's prior written consent.
- **Variation:** any variation must be in writing and signed by both Parties.
- **Severability:** if any provision is held unenforceable, the remainder continues in effect.
- **No waiver:** failure to enforce a provision is not a waiver.
- **Notices:** notices to ReguShield AI may be sent to **hello@regushield.ai**; notices to the Customer to [CUSTOMER NOTICE CONTACT].

---

## 15. Governing Law and Jurisdiction

This Agreement is governed by the laws of **[JURISDICTION]**, and the Parties submit to the exclusive jurisdiction of the courts of **[JURISDICTION]**, save where mandatory law provides otherwise.

---

## 16. Signatures

| Customer — [CUSTOMER LEGAL NAME] | ReguShield AI |
|---|---|
| Name: ___________________________ | Name: ___________________________ |
| Title: __________________________ | Title: __________________________ |
| Date: [EFFECTIVE DATE] | Date: [EFFECTIVE DATE] |
| Signature: ______________________ | Signature: ______________________ |

---

**DRAFT TEMPLATE — for discussion only. Not legal advice. Must be reviewed and adapted by qualified legal counsel before execution.**

*Contact: hello@regushield.ai*