Legal and compliance
Terms of Use
Last updated: July 8, 2026
These terms govern use of I.S.A.A.C. They are a product-ready working draft for the SaaS, not a substitute for legal review. Before accepting public payments, have these terms reviewed for your company, jurisdiction, tax treatment, refund policy, and consumer protection obligations.
The service
I.S.A.A.C helps users convert CSV files into dashboards, filters, CSV grid editing views, exports, and AI assisted explanations. The service may include web app access, agent API access, saved datasets, billing, referrals, and future integrations.
Accounts and responsibility
Users are responsible for maintaining accurate account information, protecting credentials and API tokens, and ensuring that every uploaded file is lawful for them to process. Organization owners are responsible for users, agents, and automations operating under their account.
Consent before access
Users must agree to these Terms, the Privacy Policy, acceptable use rules, and AI/CSV data processing notice before creating an account or entering the dashboard. If a user does not agree, they must not use I.S.A.A.C. Continued use after an updated notice is published may require renewed acceptance.
Malaysia and international compliance posture
I.S.A.A.C is designed for commercial SaaS use in Malaysia and international markets. The operator should comply with Malaysia PDPA obligations for personal data, consumer/payment rules that apply to the final legal entity, tax and service tax registration obligations if thresholds are met, payment gateway rules, app marketplace policies, anti-spam rules for emails, and applicable overseas data protection laws when serving users outside Malaysia.
Acceptable use
Users must only upload data they are authorized to process. The app must not be used to process illegal content, malware, stolen data, credentials, payment card numbers, data that violates another party's rights, or data requiring regulatory controls the service has not agreed to provide.
CSV and AI data authority
Users confirm that they own, control, or have permission to upload each CSV file. Users should remove personal, confidential, regulated, or highly sensitive data unless they have the right controls and authority to process it. The service may parse rows, infer column types, generate summaries, create filters, save datasets when requested, and send compact context to the configured AI provider when AI features are used.
Plans, billing, and refunds
Free, Pro, and Premium plans have different limits for saved datasets, rows, AI usage, agent API usage, ads, and feature availability. Stripe is intended for recurring card subscriptions. HitPay or another local gateway is intended for Malaysian FPX, DuitNow, and Touch 'n Go style one-time monthly access payments. Paid access is activated only after server-side payment confirmation from the payment provider. Refund, cancellation, tax, and invoice rules must be finalized before launch.
Agent API and tokens
Agent API tokens allow external tools such as scripts, automations, and AI agents to call I.S.A.A.C. Users must store tokens securely, rotate them if exposed, and revoke tokens that are no longer needed. Usage may be rate limited, logged, suspended, or blocked if it threatens reliability or security.
Rewards, referrals, and fair use
Upload credits, free-tier rewards, referral discounts, and promotional access are subject to abuse prevention. Automated farming, duplicate accounts, fake referrals, payment abuse, or attempts to bypass quota limits may lead to removal of credits, suspension, or account termination.
No professional advice
Dashboards and AI responses are informational. They are not legal, financial, medical, tax, or professional advice. Users are responsible for validating outputs before making decisions.
AI limitations
AI responses can be incomplete or incorrect. I.S.A.A.C should explain data and suggest next steps, but final decisions remain the user's responsibility.
Account security
Users are responsible for keeping login credentials and API tokens confidential. Operators should rotate secrets if compromise is suspected. Users must promptly report suspected unauthorized access.
Service changes and availability
Features, limits, models, payment methods, and integrations may change over time. The operator should make reasonable efforts to maintain availability, but no service can be guaranteed to be uninterrupted.
Termination
Access may be suspended for abuse, security risk, excessive API usage, or violation of these terms.
Governing law and final review
The intended production governing law is Malaysia unless the final company structure chooses otherwise. These terms are a strong product draft, but the production company should have qualified counsel finalize liability limits, dispute terms, consumer cancellation rights, tax wording, and marketplace-required clauses before launch.