Terms of Service

Please read these terms carefully before using BALAM AI services.

Effective: January 30, 2026 Last Updated: January 30, 2026

1. Agreement to Terms

These Terms of Service ("Terms") constitute a legally binding agreement between you ("you", "your", "User", or "Business User") and BALAM AI ("we", "us", "our", "BALAM", or "Company"), governing your access to and use of our AI-powered chat widget platform and related services (collectively, the "Services").

By accessing or using our Services, you agree to be bound by these Terms in accordance with the Electronic Commerce Act 2006 (Act 658) and the Contracts Act 1950 (Act 136) of Malaysia. This electronic agreement shall have the same legal force and effect as a written contract. If you are using the Services on behalf of an organisation, you represent and warrant that you have the authority to bind that organisation to these Terms.

1.1 Electronic Acceptance

By clicking "I Agree," "Sign Up," "Subscribe," or similar affirmative action, or by accessing or using the Services after these Terms have been made available to you, you execute these Terms electronically in accordance with:

  • The Electronic Commerce Act 2006 (Act 658) of Malaysia
  • The Electronic Signatures in Global and National Commerce Act (E-SIGN Act) of the United States
  • The eIDAS Regulation (EU No 910/2014) for EU users

Your electronic acceptance has the same legal force and effect as a handwritten signature. You may request a non-electronic copy of these Terms at any time.

1.2 Order of Precedence

In the event of a conflict between these Terms and any other agreement or policy referenced herein, the following order of precedence applies (highest to lowest):

  1. Any executed enterprise agreement or order form
  2. Data Processing Agreement (Section 9)
  3. These Terms of Service
  4. Privacy Policy

Important: If you do not agree to these Terms, you must not access or use our Services. Your continued use constitutes acceptance of these Terms and any updates thereto.

Bahasa Malaysia: Terma Perkhidmatan ini juga tersedia dalam Bahasa Malaysia atas permintaan. Sila hubungi kami untuk salinan terjemahan.

2. Definitions

For the purposes of these Terms:

  • "Account" means a registered BALAM AI business account.
  • "AI Assistant" means an AI-powered chatbot configured by a Business User, which generates responses using large language models and artificial intelligence.
  • "Automated Decision-Making" means any decision made solely by automated processing, including profiling, that produces legal effects or similarly significantly affects an individual.
  • "Beta Services" means any features, tools, or services designated as "beta," "preview," "early access," "experimental," "pilot," or similar.
  • "Business User" means an individual or entity that registers for an Account to use our Services.
  • "Confidential Information" means any non-public information disclosed by one party to the other, as further defined in Section 20.
  • "Content" means any data, text, audio, images, or other materials processed through the Services.
  • "Credits" means the service units used to measure and bill for AI-generated responses on the Platform.
  • "Customer Data" means all data you upload, input, or generate through the Services, including assistant configurations, uploaded documents, scraped website content, chat histories, and analytics data.
  • "Data Controller" means the natural or legal person which determines the purposes and means of the processing of personal data, as defined under applicable data protection laws including the PDPA and GDPR.
  • "Data Processor" means a natural or legal person which processes personal data on behalf of a Data Controller.
  • "End User" means any person who interacts with a chat widget embedded on a third-party website or through integrated messaging platforms.
  • "GDPR" means the General Data Protection Regulation (EU) 2016/679.
  • "PDPA" means the Malaysia Personal Data Protection Act 2010 (Act 709) and its amendments, including the Personal Data Protection (Amendment) Act 2024.
  • "Personal Data" means any information relating to an identified or identifiable natural person, as defined under the PDPA, GDPR, and other applicable data protection laws.
  • "Platform" means the BALAM AI web application, APIs, WebSocket services, and related infrastructure.
  • "Sensitive Personal Data" means personal data consisting of information as to physical or mental health, political opinions, religious beliefs, criminal offences, biometric data (including voice data), or any other personal data as defined under Section 4 of the PDPA.
  • "Widget" means the embeddable chat interface provided by BALAM AI, including the associated JavaScript code.

3. Description of Services

3.1 Platform Overview

BALAM AI provides a multi-tenant platform that enables Business Users to:

  • Create and customise AI-powered chat assistants using large language models
  • Embed chat widgets on their websites via JavaScript code
  • Process voice input and output for conversations (speech-to-text and text-to-speech)
  • Integrate with social media messaging platforms (WhatsApp, Messenger, Telegram, Instagram, TikTok)
  • Connect and process email accounts (Gmail, Outlook, IMAP, POP3)
  • Handle phone calls through VoIP/SIP technology
  • Upload documents and website content for retrieval-augmented generation (RAG)
  • Configure and invoke external tools and APIs through AI assistants
  • Access analytics, conversation history, and reporting through a dashboard

3.2 Service Infrastructure

Our Services are hosted on infrastructure located in Malaysia. Certain third-party services used in connection with our Platform may process data in other jurisdictions, as disclosed in our Privacy Policy.

4. AI-Powered Services

4.1 AI Disclosure and Model Identification

In compliance with the EU AI Act (Regulation 2024/1689), the California AI Transparency Act (SB 942), Malaysia's National Guidelines on AI Governance and Ethics (AIGE), and applicable transparency laws, we disclose that:

  • All interactions with BALAM AI assistants are generated by artificial intelligence systems, not human agents.
  • Our AI assistants utilise open-source large language models (LLMs) hosted locally on our infrastructure, including models from the Qwen, DeepSeek, and LLaMA families
  • Responses are generated based on user inputs, configured knowledge bases, and retrieval-augmented generation (RAG) using sentence-transformer embeddings
  • Our platform may employ a reflection system that evaluates and improves AI responses across multiple quality dimensions before delivery
  • Voice responses are synthetically produced using text-to-speech technology (Kokoro local engine and ElevenLabs cloud engine) and are artificially generated; they do not represent recordings of any natural person
  • Speech-to-text processing uses a cascading engine system (NVIDIA Parakeet, faster-whisper, Whisper) for transcription accuracy

4.2 Limitations of AI and Hallucination Risk

AI Disclaimer: AI-generated responses may contain errors, inaccuracies, outdated information, fabricated information ("hallucinations"), or incomplete information. AI assistants are not substitutes for professional advice.

Hallucination Risk: Large language models, including those used by BALAM AI, are known to generate outputs that appear factually correct but are partially or entirely fabricated. This phenomenon, known as "hallucination," is an inherent limitation of current AI technology that cannot be fully eliminated through guardrails or safety measures. Hallucinations may include fabricated facts, statistics, citations, references, quotations, names, dates, events, or entities. The risk of hallucination exists regardless of the AI model's general accuracy. Our retrieval-augmented generation (RAG) system reduces hallucination risk by grounding responses in uploaded knowledge bases, but does not eliminate it entirely.

You acknowledge and agree that:

  • AI responses are generated automatically and may contain errors, hallucinations, or inaccurate information
  • AI assistants should not be relied upon for medical, legal, financial, tax, or other professional advice
  • We do not guarantee the accuracy, completeness, suitability, or reliability of AI-generated content
  • You must independently verify all AI-generated content before relying on it for any purpose, including business decisions, professional advice, factual claims, legal submissions, financial decisions, or healthcare matters
  • AI systems have inherent limitations including potential bias, and may produce inappropriate responses despite guardrails
  • You are responsible for reviewing and customising AI behaviour through assistant instructions and guardrails
  • Business Users must clearly disclose hallucination risk to their End Users

4.3 Automated Decision-Making and Human Oversight

Our AI assistants provide automated responses for informational and customer service purposes. In accordance with GDPR Article 22, Malaysia PDPA, POPIA Section 71, PIPL Article 24, and the Colorado AI Act:

  • AI-generated responses are not intended to produce decisions with legal effects or similarly significant impact on individuals without human oversight
  • Business Users must not use our AI assistants as the sole basis for decisions that produce legal or similarly significant effects on individuals (including but not limited to employment screening, insurance claims, credit assessments, or healthcare decisions) without implementing appropriate human oversight and review
  • End Users have the right to request human review of any AI-generated response that significantly affects their rights or interests
  • End Users have the right to express their point of view and contest any automated determination

Human Oversight Mechanisms provided by BALAM AI:

  • Dashboard Review: Full access to all AI-generated conversations for review and audit
  • Configurable Guardrails: System-level instructions to constrain AI behaviour within defined boundaries
  • Reflection System: Automated quality evaluation of AI responses before delivery when enabled
  • Chat History Access: All AI-generated messages are logged and accessible for quality assurance
  • Kill Switch: Business Users may disable any AI assistant immediately through the dashboard
  • Tool Execution Audit: All external tool invocations are logged for review and accountability

4.4 Third-Party AI Models and Open-Source Licenses

Our platform utilises open-source AI language models. While we implement quality controls, content filtering, guardrails, and safety measures, we do not control the underlying training data or inherent capabilities of these models.

Our AI models are subject to the following open-source licences:

  • Qwen models (Alibaba Cloud): Apache License 2.0 -- permits commercial use with attribution
  • DeepSeek models (DeepSeek AI): MIT License -- permits commercial use without restriction
  • LLaMA models (Meta Platforms, Inc.): Llama Community License Agreement -- permits commercial use subject to certain restrictions including a 700 million monthly active user threshold and geographic/use-case limitations
  • Sentence-Transformers: Apache License 2.0

BALAM AI complies with all attribution and notice requirements of these licences. All inference occurs on our hosted infrastructure; model weights are not redistributed to end users. A current list of material third-party components and their licence types is available upon request.

4.5 No Training on User Data

Important: BALAM AI does NOT use your conversations, chat messages, uploaded documents, voice recordings, email content, or any other user-provided data to train, fine-tune, retrain, or improve any AI language model.

Our AI models are pre-trained open-source models deployed without modification to their weights. If this practice changes in the future, we will provide at least thirty (30) days' notice and obtain your explicit consent before using any user data for model training purposes.

4.6 AI Content Labelling and Provenance

In compliance with EU AI Act Article 50 and the California AI Transparency Act (SB 942):

  • All content generated by our AI assistants is programmatically identified as AI-generated
  • Synthetic voice outputs are marked as artificially generated
  • AI-generated email responses include an AI-generated content disclaimer in the email signature where configured
  • We are monitoring the development of the C2PA Content Credentials standard and will implement machine-readable content provenance markers as required by applicable law
  • Business Users must not remove, alter, or obscure AI disclosure indicators or content provenance markers
  • Business Users must inform their End Users that they are interacting with an AI system

4.7 EU AI Act Risk Classification

Under the EU AI Act (Regulation 2024/1689), BALAM AI's conversational AI assistants are classified as Limited Risk AI systems, subject to the transparency obligations of Article 50. Business Users who deploy BALAM AI assistants for purposes within the High-Risk categories of Annex III (including employment, credit scoring, law enforcement, education, or access to essential services) assume responsibility for complying with all High-Risk AI system requirements, including conformity assessment, registration, risk management, and human oversight obligations.

4.8 AI Safety and Testing

BALAM AI implements the following safety measures:

  • Multi-Layer Safety Architecture: Input validation, system prompt guardrails, output content filtering, and rate limiting
  • Reflection System: When enabled, responses are evaluated across accuracy, completeness, clarity, relevance, tone, engagement, and actionability dimensions
  • Adversarial Testing: Internal testing against prompt injection, jailbreaking attempts, and harmful content generation
  • Incident Monitoring: Continuous monitoring of AI outputs for safety incidents
  • SSRF Protection: Private IP blocking prevents AI-connected tools from accessing internal network resources

These measures reduce but cannot eliminate all AI risks. Users may report AI safety concerns to admin@ibalam.ai.

4.9 AI Model Updates

We may update, replace, or modify AI models to improve performance, safety, accuracy, or compliance. For material changes (switching model families, major version upgrades, or changes to model capabilities), we will provide at least fourteen (14) days' advance notice via email and dashboard notification. Minor updates (security patches, quantisation changes, prompt engineering improvements) may be deployed without advance notice but will be documented in a changelog accessible through the dashboard.

5. Account Registration and Eligibility

5.1 Eligibility

In accordance with the Contracts Act 1950 (Act 136) and the Age of Majority Act 1971 of Malaysia, you represent and warrant that:

  • You are at least eighteen (18) years of age
  • You have the legal capacity to enter into binding contracts
  • Your use of the Services does not violate any applicable law or regulation
  • If representing an organisation, you have authority to bind that organisation to these Terms

5.2 Account Creation

To use certain features of our Services, you must create an Account. You agree to:

  • Provide accurate, current, and complete registration information
  • Maintain and promptly update your Account information
  • Maintain the security of your password and Account credentials
  • Accept responsibility for all activities under your Account
  • Notify us immediately of any unauthorised access or security breach
  • Not share your Account credentials, API keys, or access tokens with unauthorised parties

5.3 Account Security

You are solely responsible for maintaining the confidentiality of your Account credentials. Our Platform enforces single-session JWT authentication and automatic token rotation for enhanced security. We will not be liable for any loss or damage arising from your failure to protect your Account.

5.4 Protection of Minors

Our Services are intended for Business Users aged 18 and over. Business Users must not knowingly configure AI assistants to target or interact with children under 13 (or the applicable age of digital consent in their jurisdiction). If you deploy AI assistants that may interact with minors, you are responsible for implementing age-appropriate safeguards, content filters, and parental consent mechanisms as required by COPPA (US), UK Age Appropriate Design Code, and applicable child protection laws.

6. Acceptable Use Policy

6.1 Permitted Uses

You may use our Services only for lawful purposes and in accordance with these Terms. You agree to use the Services:

  • In compliance with all applicable local, state, national, and international laws and regulations
  • In a manner that does not infringe the rights of others
  • In accordance with your organisation's policies (if applicable)
  • In compliance with the terms and policies of any third-party platforms you integrate with

6.2 Prohibited Uses

You agree NOT to use our Services to:

  1. Illegal Activities: Engage in any activity that violates any applicable law, regulation, or these Terms, including but not limited to the Malaysian Communications and Multimedia Act 1998, the Computer Crimes Act 1997, the Anti-Money Laundering, Anti-Terrorism Financing and Proceeds of Unlawful Activities Act 2001, and the Cybersecurity Act 2024.
  2. Harmful Content: Generate, transmit, or store content that:
    • Is defamatory, obscene, pornographic, or offensive
    • Promotes violence, discrimination, or hatred against any individual or group
    • Contains malware, viruses, or harmful code
    • Infringes intellectual property rights of others
    • Constitutes child sexual exploitation material
  3. Deceptive Practices:
    • Impersonate any person or entity
    • Misrepresent the nature of the AI assistant (e.g., claiming it is human when it is an AI)
    • Remove, alter, or obscure AI disclosure indicators
    • Engage in phishing, fraud, or deceptive schemes
    • Generate deepfakes or synthetic media intended to deceive
  4. Exploitative AI Practices (Prohibited under EU AI Act Article 5):
    • Deploy subliminal techniques to materially distort a person's behaviour
    • Exploit vulnerabilities of specific groups (age, disability, social or economic situation)
    • Use the Services for social scoring or evaluating individuals based on social behaviour
    • Infer emotions in workplace or educational institution settings
  5. High-Risk Decisions Without Safeguards:
    • Make automated decisions with legal effects without human oversight
    • Use AI responses as the sole basis for employment, credit, insurance, or healthcare decisions
    • Deploy AI in contexts that produce legally binding determinations on individuals without human-in-the-loop review
  6. System Abuse and AI Integrity:
    • Attempt to gain unauthorised access to our systems or networks
    • Interfere with or disrupt the Services or servers
    • Circumvent rate limits, security measures, or access controls
    • Reverse engineer, decompile, or disassemble any part of the Services
    • Use automated systems to overwhelm the Services (denial-of-service)
    • Attempt to circumvent, disable, or override AI safety guardrails, content filters, or system instructions through prompt injection, adversarial prompts, or jailbreaking techniques
    • Input specially crafted prompts designed to extract system instructions, internal configuration, or confidential information from AI assistants
    • Embed malicious instructions in documents uploaded for RAG processing
  7. Data Misuse:
    • Collect personal data of End Users without proper consent and lawful basis
    • Process Sensitive Personal Data (including biometric voice data) without explicit consent
    • Use the Services to build competitive products or services
    • Scrape, harvest, or mine data from our Platform
    • Transfer personal data in violation of applicable cross-border data transfer laws
  8. Spam and Unsolicited Communications:
    • Send unsolicited messages, spam, or bulk communications in violation of the CMA Section 233A, CAN-SPAM Act, or CASL
    • Harass, abuse, or harm other users

6.3 End User Compliance

You are responsible for ensuring that your End Users comply with this Acceptable Use Policy. You must include appropriate terms of use in your own agreements with End Users that are no less restrictive than these Terms. You shall promptly investigate and address any End User violations brought to your attention.

Violation Consequences: We reserve the right to suspend or terminate Accounts that violate this Acceptable Use Policy, with or without notice, and to report illegal activities to appropriate authorities including the Malaysian Communications and Multimedia Commission (MCMC), the Personal Data Protection Commissioner, and law enforcement agencies.

7. Content Standards

7.1 Compliance with Malaysian Communications and Multimedia Act

Our AI systems are designed to comply with the Communications and Multimedia Act 1998 (Sections 211 and 233, as amended in 2025). AI-generated responses will not knowingly produce content that is indecent, obscene, false, menacing, or grossly offensive. We implement content filtering, guardrails, and moderation systems to prevent the generation of prohibited content.

7.2 Content Moderation

We reserve the right to:

  • Monitor and review Content processed through our Services for compliance purposes
  • Remove or restrict access to Content that violates these Terms or applicable laws
  • Suspend services in compliance with directives from the MCMC or other regulatory authorities
  • Implement content filtering and safety measures on AI outputs
  • Maintain logs of AI-generated content for compliance and audit purposes

7.3 User Responsibility

You are responsible for:

  • Configuring appropriate guardrails and instructions for your AI assistants
  • Reviewing AI-generated content for accuracy and appropriateness
  • Ensuring your use of AI-generated content complies with applicable content standards and laws
  • Implementing your own content moderation where required by your industry or jurisdiction

8. Data Responsibilities

8.1 Data Controller and Processor Roles

Depending on the context:

  • For Business Users (Dashboard Users): BALAM AI acts as the Data Controller for your account information and is responsible for processing your data in accordance with our Privacy Policy.
  • For End Users (Chat Widget Users): The Business User that embeds our widget is the Data Controller, and BALAM AI acts as the Data Processor on their behalf. This relationship is governed by the Data Processing Agreement in Section 9.

8.2 Business User Responsibilities

As a Business User embedding our Widget or using our integrations, you are responsible for:

  • Privacy Notices: Providing appropriate privacy notices to End Users about the Widget and data collection, in compliance with applicable data protection laws including the PDPA, GDPR, CCPA/CPRA, LGPD, and other applicable regulations
  • Consent: Obtaining all necessary consents from End Users as required by applicable law, including explicit consent for Sensitive Personal Data processing (PDPA Section 40, GDPR Article 9)
  • AI Disclosure: Informing End Users that they are interacting with an AI system, not a human (EU AI Act Article 50, California AI Transparency Act)
  • Lawful Basis: Ensuring you have a lawful basis for processing End User data through our Services
  • Data Protection Impact Assessment: Conducting a DPIA where required (GDPR Article 35), and algorithmic impact assessments where required (Colorado AI Act, EU AI Act)
  • Assistant Configuration: Ensuring your AI assistants do not request or process Sensitive Personal Data inappropriately
  • Allowed Origins: Configuring allowed hosts/origins to prevent unauthorised Widget usage
  • Data Accuracy: Ensuring information provided to train or configure assistants is accurate and does not infringe third-party rights
  • Bilingual Notices: Where required by the PDPA, providing privacy notices in both Bahasa Malaysia and English
  • Widget Consent: In jurisdictions requiring prior consent for third-party scripts (including the EU, UK, and Brazil), obtaining appropriate user consent before loading the Widget
  • Bias Testing: If deploying AI assistants in contexts where bias may cause harm (employment, credit, insurance, healthcare, housing, education, or legal services), conducting bias testing and implementing additional safeguards as required by applicable anti-discrimination laws

8.3 BALAM AI Responsibilities

We commit to:

  • Processing data in accordance with our Privacy Policy and applicable data protection laws
  • Implementing appropriate technical and organisational security measures (including encryption, access controls, and monitoring)
  • Acting as a Data Processor on behalf of Business Users for End User data
  • Notifying Business Users of data breaches in accordance with applicable law
  • Appointing and maintaining a Data Protection Officer (DPO) as required under the PDPA
  • Maintaining records of processing activities
  • Assisting Business Users in fulfilling data subject rights requests

9. Data Processing Agreement

This Section constitutes a Data Processing Agreement ("DPA") between you (the Business User, acting as Data Controller) and BALAM AI (acting as Data Processor), in compliance with GDPR Article 28, Malaysia PDPA, and other applicable data protection laws.

9.1 Scope of Processing

  • Subject Matter: Processing of End User personal data through the BALAM AI Platform
  • Duration: For the term of your Account plus any legally required retention period
  • Nature and Purpose: AI-powered conversational services, analytics, and related platform features
  • Types of Personal Data: Chat messages, user identifiers, voice data (temporary), device information, interaction data, and any personal data End Users voluntarily provide
  • Categories of Data Subjects: End Users who interact with your AI assistants

9.2 Processor Obligations

BALAM AI shall:

  • Process Personal Data only on your documented instructions, except where required by applicable law
  • Ensure persons authorised to process Personal Data are bound by confidentiality obligations
  • Implement appropriate technical and organisational security measures, including encryption at rest and in transit
  • Not engage sub-processors without your prior general or specific written authorisation
  • Assist you in responding to data subject requests (within applicable timelines: 21 days under PDPA, 30 days under GDPR, 45 days under CCPA)
  • Assist you with Data Protection Impact Assessments and prior consultations with supervisory authorities
  • Notify you without undue delay upon becoming aware of a Personal Data breach
  • At your choice, delete or return all Personal Data upon termination of the Services, and delete existing copies unless storage is required by applicable law
  • Make available all information necessary to demonstrate compliance and allow for audits
  • Not use Customer Data, End User Content, or any Personal Data to train, retrain, fine-tune, or otherwise improve any AI model, machine learning system, or neural network

9.3 Sub-Processors

We use the following categories of sub-processors in connection with our Services:

  • Cloud Infrastructure: Server hosting and data storage providers
  • AI Processing: Locally hosted LLM models; LangSmith for optional observability
  • Voice Services: ElevenLabs (cloud text-to-speech, where enabled)
  • Payment Processing: Stripe (payment handling)
  • Social Media Platforms: Meta (WhatsApp, Messenger, Instagram), Telegram, TikTok
  • Email Providers: Google (Gmail), Microsoft (Outlook) via OAuth integration

9.4 Sub-Processor Changes

We will provide at least thirty (30) days' prior written notice before engaging any new sub-processor or replacing an existing one. The notice will identify the new sub-processor and describe the processing to be performed. You may object to a new sub-processor within fifteen (15) days of receiving notice by contacting us at admin@ibalam.ai. If we cannot reasonably accommodate your objection, either party may terminate the affected Services without penalty. A current list of sub-processors is maintained and available upon request.

9.5 International Data Transfer Mechanisms

Where Personal Data is transferred outside Malaysia or the European Economic Area, we ensure appropriate safeguards through:

  • EU Standard Contractual Clauses (SCCs) for EU data transfers
  • ASEAN Model Contractual Clauses or equivalent protections for ASEAN data transfers
  • Transfer Impact Assessments as required by the PDPA Section 129
  • Explicit consent where applicable
  • Contractual data protection clauses with all sub-processors

9.6 CCPA/CPRA Service Provider Terms

To the extent BALAM AI processes Personal Data of California residents on your behalf, BALAM AI acts as a "Service Provider" under the CCPA/CPRA and certifies that it:

  • Will not sell or share Personal Data
  • Will not retain, use, or disclose Personal Data outside the direct business relationship
  • Will notify you if unable to meet CCPA obligations
  • Will cooperate with consumer rights requests

9.7 Audit Rights

Upon reasonable written request (no more than once per twelve-month period), and at your expense, you or your appointed independent third-party auditor may audit BALAM AI's compliance with this DPA and applicable data protection obligations. Audit requests must be submitted with at least thirty (30) days' prior notice. Audits shall be conducted during normal business hours and shall not unreasonably interfere with operations. The auditor must execute a confidentiality agreement before commencing. BALAM AI may satisfy audit obligations by providing current SOC 2 reports, ISO 27001 certifications, or equivalent third-party audit reports where available.

10. Social Media Integrations

10.1 Third-Party Platforms

Our Services integrate with third-party social media platforms. By using these integrations, you agree to comply with the terms and policies of each respective platform:

  • WhatsApp: Usage must comply with Meta's Business Terms, WhatsApp Business Policy, and Commerce Policy. AI-generated responses must be identified as automated. As of January 15, 2026, Meta prohibits general-purpose AI chatbots on WhatsApp. BALAM AI's WhatsApp integration is intended solely for business-specific, domain-limited AI assistants where AI functionality is incidental or ancillary to a specific business service (e.g., customer support, order tracking, appointment scheduling). You must not use BALAM AI's WhatsApp integration to provide a general-purpose AI assistant.
  • Facebook Messenger: Integration must comply with Meta Platform Terms and Messenger Platform Policy. You must comply with Meta's data handling requirements.
  • Instagram: Integration must comply with Meta Platform Terms and Instagram Messaging API requirements.
  • Telegram: Bot usage must comply with Telegram's Terms of Service and Bot Platform Developer Terms. You are responsible for providing an accessible privacy policy through the Telegram bot that details what data is collected, how it is stored, and for what purpose.
  • TikTok: Integration is subject to TikTok Developer Terms of Service. TikTok integration is not available for users in the United States, European Economic Area, or United Kingdom due to platform restrictions. All TikTok authentication data is treated as TikTok's Confidential Information.

10.2 Platform Messaging Restrictions

WhatsApp and Messenger enforce a 24-hour messaging window. Businesses may send free-form messages only within 24 hours of a customer's last message. Outside this window, only Meta-approved template messages may be sent. You are responsible for understanding and complying with platform-specific messaging windows, obtaining Meta template approval for business-initiated messages, and bearing all per-message costs charged by Meta for template messages. BALAM AI is not liable for message delivery failures caused by platform messaging window restrictions.

10.3 Platform Data Handling

When integrating with social media platforms, data processing is governed by both our Privacy Policy and the respective platform's privacy policy. You acknowledge that:

  • Social media platforms may independently process user data according to their own policies
  • BALAM AI processes only the data necessary to deliver AI assistant services
  • Encrypted tokens and credentials for social media integrations are stored using Fernet encryption
  • You must obtain necessary permissions and approvals from each platform before integration
  • WhatsApp requires explicit opt-in consent from users before any business-initiated messages; pre-checked boxes and prior SMS consent do not constitute valid WhatsApp opt-in
  • In compliance with Meta Platform requirements, BALAM AI implements a data deletion callback endpoint for Meta-initiated data deletion requests
  • Incoming webhook events are verified using platform-specific HMAC signature verification to ensure data integrity

10.4 Third-Party Platform Dependencies

We do not guarantee uninterrupted access to social media integrations. Third-party providers may modify their APIs, terms, pricing, or availability without notice to BALAM AI. We are not liable for loss or damage arising from third-party platform changes, outages, or policy enforcement actions. In the event a third-party integration becomes permanently unavailable, we will use commercially reasonable efforts to notify you and assist with data export, but are under no obligation to replace the affected integration.

11. Email Integration

11.1 Email Processing

Our email integration features allow you to connect email accounts (Gmail, Outlook, IMAP, POP3) to process incoming emails through AI assistants. By using this feature:

  • You authorise BALAM AI to access your email data solely through authorised OAuth protocols or configured IMAP/POP3 connections
  • We request only the minimum permissions necessary to provide our AI assistant services
  • Email data is processed in accordance with the applicable provider's terms (Google API Services User Data Policy, Microsoft Platform Terms)
  • Email data is not transferred, sold, or shared with third parties except as necessary to provide the Service
  • You may revoke access at any time through your email provider's security settings or your BALAM AI dashboard

11.2 Anti-Spam Compliance

You agree to comply with all applicable anti-spam laws when using our email integration, including:

  • Malaysia Communications and Multimedia Act 1998, Sections 233 and 233A
  • United States CAN-SPAM Act (if sending to US recipients)
  • Canada's Anti-Spam Legislation (CASL) (if sending to Canadian recipients)
  • Any other applicable anti-spam regulations in the jurisdictions of your email recipients

11.3 Google Restricted Scope Compliance

Our Gmail integration uses restricted API scopes and complies with Google's API Services User Data Policy, including the Limited Use requirements. Specifically:

  • We limit use of Google user data to providing or improving user-facing features that are prominent in our application's user interface
  • We do not transfer Google user data to third parties except as necessary to provide or improve user-facing features, as required by law, or with explicit user consent
  • We do not use or transfer Google user data for serving advertisements, including retargeting, personalised, or interest-based advertising
  • We do not use Google user data to train generalised artificial intelligence or machine learning models
  • We do not allow humans to read Google user data unless we have obtained the user's affirmative agreement, it is necessary for security purposes, or it is required by applicable law

We maintain compliance with Google's Cloud Application Security Assessment (CASA) program for restricted scope access.

11.4 Microsoft Outlook Integration

Our Outlook integration uses Microsoft Graph API with delegated permissions. You acknowledge that your organisation's Microsoft Entra ID administrator may need to grant consent for the permissions required by our application. We request only the minimum permissions necessary to read and process emails. You may revoke access at any time through Microsoft's application consent management or your BALAM AI dashboard.

12. Voice and Telephony Services

12.1 Voice Data Processing

Our Services include speech-to-text (STT) and text-to-speech (TTS) capabilities. By enabling voice features:

  • You consent to the temporary processing of voice audio for transcription purposes
  • Audio data is processed in real-time and is not permanently stored as voiceprint biometric templates; only the text transcription is retained
  • Voice data constitutes Sensitive Personal Data (biometric data) under the PDPA as amended in 2024, and may constitute biometric data under GDPR Article 9
  • Explicit consent is required before any voice data collection or processing
  • Text-to-speech features generate synthetic audio responses that do not use or replicate any individual's biometric voice data
  • You may disable voice features at any time to withdraw consent

12.2 VoIP/SIP Services

Our AI assistant may handle phone calls through VoIP/SIP technology. By using telephony features:

  • Calls may be recorded and/or processed by AI for service delivery purposes
  • A clear pre-call notification will be provided that the call may be processed by AI
  • By continuing a call after the notification, you consent to such processing
  • You may request that the call not be recorded at any time
  • All call recordings are encrypted and stored in compliance with the Communications and Multimedia Act 1998, Section 234, and the PDPA

12.3 Biometric Data Compliance

If our Services process voice data of users in jurisdictions with biometric data laws (including but not limited to Illinois BIPA, Texas CUBI), you are responsible for:

  • Obtaining all required written or electronic consents before enabling voice features
  • Disclosing the purpose, storage period, and destruction policy for voice data
  • Ensuring compliance with applicable biometric data protection laws in your jurisdiction

13. Widget Embedding

13.1 Widget Installation

Our Services involve embedding JavaScript code ("Widget Code") on third-party websites. By installing our Widget Code, you acknowledge and agree that:

  • The Widget Code will load resources from BALAM AI servers
  • End User interactions will be transmitted to our servers for AI processing via secure WebSocket connections (WSS)
  • The Widget operates within an isolated Shadow DOM environment for CSS isolation, but this does not constitute a security sandbox
  • You are responsible for disclosing the Widget's presence to your website visitors
  • Analytics data (including session metrics, device information, and interaction data) will be collected through the Widget

13.2 Widget Compliance Obligations

By embedding the Widget, you agree to:

  • Include disclosure of the BALAM AI Widget in your website's privacy policy and cookie notice
  • Obtain appropriate user consent before loading the Widget in jurisdictions that require prior consent for third-party scripts (including the EU, UK, and Brazil under the ePrivacy Directive, GDPR, and LGPD)
  • Ensure that users are informed that their interactions with the Widget are processed by BALAM AI in accordance with our Privacy Policy
  • Not modify, reverse engineer, or interfere with the Widget's functionality
  • Configure allowed hosts/origins (maximum 5 per assistant) to prevent unauthorised Widget deployment

14. External Tools and API Execution

14.1 External Tool Configuration

Our platform allows Business Users to configure external tools and API integrations that AI assistants may invoke during conversations. You acknowledge and agree that:

  • Data Flows: When external tools are triggered, conversation data and user queries may be transmitted to third-party API endpoints configured by you. You are solely responsible for the selection, configuration, and security of these endpoints.
  • Liability: BALAM AI is not responsible for the availability, accuracy, security, or data handling practices of third-party tools and APIs you configure. You are solely liable for any data processing performed by external tools.
  • Authentication: You are responsible for securely configuring API credentials for external tools. Credentials are stored using Fernet encryption.
  • Execution Limits: External tool calls are subject to execution limits (timeout, concurrency caps) to protect platform stability.
  • Data Protection: You must ensure that any external tool processing personal data complies with applicable data protection laws, and that appropriate Data Processing Agreements are in place between you and the third-party tool provider.
  • Sandboxing: While we implement security measures including SSRF protection (private IP blocking), timeout enforcement, and response size limits, external tool execution does not run in a fully isolated sandbox environment.
  • AI-Directed Execution: External tools may be invoked by AI assistant decisions based on conversation context. Business Users should carefully review tool configurations, restrict tool permissions to the minimum necessary, and monitor tool invocation logs.
  • End User Disclosure: You must inform End Users that their queries may be processed by third-party tools and APIs.

15. Fees, Credits, and Payment

15.1 Pricing

All prices are displayed in Malaysian Ringgit (MYR). Prices are exclusive of applicable Service Tax (SST) at the prevailing rate unless stated otherwise. SST will be itemised separately on your invoice in compliance with the Service Tax Act 2018.

For international users: Your payment processor or bank may apply currency conversion fees or use an exchange rate that differs from the prevailing market rate. BALAM AI is not responsible for additional charges imposed by your financial institution for currency conversion.

15.2 Credit System

BALAM AI uses a credit-based billing system:

  • One (1) credit is consumed for approximately every one hundred and sixty (160) words generated by the AI assistant
  • Credits are deducted based on the formula: credits = ceiling(word_count / 160)
  • Your current credit balance, consumption history, and detailed usage logs are available at all times through your account dashboard
  • Credits are internal service units and do not constitute virtual currency, e-money, or stored-value instruments
  • Credits have no cash value and cannot be transferred, sold, or exchanged outside the Platform

15.3 Credit Exhaustion

When your credit balance reaches zero: (a) AI assistant responses will be suspended until credits are replenished; (b) your Account, dashboard, and historical data remain accessible; (c) integrations will stop processing new AI responses; (d) you may purchase additional credits or upgrade your subscription at any time. No overage charges will be incurred without your explicit authorisation.

15.4 Subscription Plans

We offer the following subscription tiers: Trial, Normal, Unlimited, and Contact (enterprise). Plan details, credit allocations, and feature availability are specified on our pricing page. Enterprise plans are subject to individual agreements negotiated between the parties; in the event of a conflict, the enterprise agreement shall prevail.

15.5 Payment Processing

All payment transactions are processed securely through Stripe, a PCI DSS Level 1 certified payment processor. BALAM AI does not store, process, or transmit your credit card information. Your payment data is handled directly by Stripe in accordance with the Payment Card Industry Data Security Standard (PCI DSS v4.0.1). Our use of Stripe is governed by the Stripe Services Agreement.

15.6 Pre-Purchase Disclosures

Before collecting your payment information, we will clearly and conspicuously disclose: (a) that your subscription will automatically renew; (b) the amount you will be charged at each renewal; (c) the billing frequency; (d) the date or conditions under which charges will begin; (e) the method for cancelling the subscription; and (f) that cancellation must be completed before the renewal date to avoid being charged for the next billing period.

15.7 Payment Terms

  • Fees are due as specified in your subscription plan
  • All fees are exclusive of applicable taxes (SST) unless stated otherwise
  • Late payments may incur interest at the maximum rate permitted by Malaysian law
  • We reserve the right to suspend Services for overdue payments
  • Checkout sessions expire after thirty (30) minutes

15.8 Failed Payment and Grace Period

If a scheduled payment fails: (a) we will notify you by email within twenty-four (24) hours; (b) payment will be retried up to three (3) times over fourteen (14) days; (c) during the retry period, your subscription will be in a "past due" status with continued access to the Services; (d) if payment remains unsuccessful after all retries, your subscription may be suspended; (e) you are responsible for ensuring your payment method is current and valid.

15.9 Price Changes

We may adjust subscription prices from time to time. If we increase the price of your subscription plan, we will notify you at least thirty (30) days before the new price takes effect. You may cancel before the effective date without penalty. For annual subscriptions, price increases will not take effect until your next annual renewal date. Price changes do not apply retroactively.

15.10 Billing Transparency

Each invoice will itemise: (a) subscription fee, (b) credit allocation, (c) additional credit purchases (if any), (d) applicable Service Tax, and (e) total amount in MYR. Invoices comply with Malaysian tax regulations and e-invoicing requirements where applicable.

15.11 Tax Treatment

  • Malaysia: Prices are exclusive of SST as required by the Service Tax Act 2018
  • European Union: VAT may apply at the rate applicable in your member state for digital services
  • United States: Applicable state and local sales taxes may apply depending on your location
  • Other Jurisdictions: You are responsible for any taxes, duties, or levies applicable under the laws of your jurisdiction, to the extent not collected by us or our payment processor

15.12 Fair Subscription Practices

We commit to: (a) no deceptive design patterns ("dark patterns") to mislead or coerce you into subscribing; (b) the cancellation process will be equally prominent and accessible as the subscription process; (c) pre-selected checkboxes for automatic renewal or add-ons will not be used; (d) price comparisons and discount claims will be truthful and verifiable.

16. Subscription Renewal and Cancellation

16.1 Automatic Renewal

Your subscription will automatically renew at the end of each billing period (monthly or annually) at the then-current rate unless you cancel before the renewal date. Before your first payment is processed, you will be presented with a clear disclosure of the automatic renewal terms, including the renewal price, billing frequency, and cancellation instructions. You must provide express, affirmative consent to the automatic renewal feature. This consent will be recorded and retained for a minimum of three (3) years.

16.2 Pre-Renewal Notice

For annual subscriptions, we will send you a reminder email at least thirty (30) days before your renewal date, disclosing the renewal amount and instructions for cancellation. This complies with the California Automatic Renewal Law (CARL), EU Consumer Rights Directive, and Malaysian consumer law best practices.

16.3 Cancellation

You may cancel your subscription at any time through your account dashboard using a clearly labelled cancellation button. The cancellation process is designed to be at least as simple as the process used to subscribe. You will not be required to contact a live representative, make a phone call, or take any additional steps beyond those available through the same medium in which you subscribed.

  • Downgrades: Scheduled for the end of your current billing period
  • Upgrades: Take effect immediately with prorated billing
  • Full Cancellation: Takes effect at the end of your current billing period

16.4 Cancellation Confirmation

Upon successful cancellation, we will send you a written confirmation via email within twenty-four (24) hours, including: (a) confirmation that your cancellation has been processed; (b) the effective date of cancellation; (c) a summary of remaining access or credits until the effective date; and (d) instructions for reactivation.

16.5 Free Trial

Our Trial plan does not require payment information and includes a limited credit allocation for evaluation. At the end of the trial period, your account will remain on the Trial plan. Your account will NOT automatically convert to a paid subscription. To upgrade, you must affirmatively select a subscription plan and provide payment information. If future trial offers require payment information at signup, we will clearly disclose the trial duration, the charge amount, and send a reminder at least three (3) days before the trial ends.

16.6 Credit Expiry and Rollover

  • Monthly Subscriptions: Credits are allocated at the start of each billing period. Unused credits from a billing period do not carry over and expire at the end of each monthly cycle.
  • Annual Subscriptions: Credits are refreshed monthly. Unused credits from one monthly refresh do not accumulate; the balance is reset at each monthly refresh.
  • Add-on Credits: Purchased add-on credits are added to your current balance and expire at the end of your current subscription period.
  • Upon account cancellation, you may request a refund for the MYR value of unused purchased add-on credits within thirty (30) days of cancellation. Plan-included credits are non-refundable.
  • Promotional or bonus credits are non-refundable and expire as specified at the time of issuance.

17. Consumer Rights

17.1 Malaysian Consumer Protection Act 1999

Nothing in these Terms shall exclude or limit any rights you have under the Consumer Protection Act 1999 (Act 599) of Malaysia, including but not limited to:

  • Right to Cancel: You may cancel your subscription at any time and receive a pro-rata refund for unused services
  • Refund Processing: Refunds will be processed within fourteen (14) days of your cancellation request, to your original payment method
  • Service Guarantees: Services will be carried out with reasonable care and skill, and be fit for the purpose communicated
  • Unfair Terms: Any contract term that causes a significant imbalance in the parties' rights and obligations to the detriment of the consumer is void and unenforceable

17.2 Pro-Rata Refund Calculation

Pro-rata refunds are calculated based on the number of remaining full days in your current billing period relative to the total days in the billing period, multiplied by the subscription fee paid. Credits consumed during the billing period are not factored into the refund calculation; the refund is time-based only.

17.3 Service Defect Refunds

If the Service is materially defective or unavailable for a continuous period exceeding seventy-two (72) hours, you are entitled to a full refund for the affected billing period.

17.4 EU Consumer Rights

If you are a consumer in the European Union, you have a fourteen (14) day withdrawal right for digital services purchased online, in accordance with the EU Consumer Rights Directive. A clearly visible cancellation function is available on your account dashboard. You acknowledge that by commencing use of the Services during this period, you may waive this right where permitted by law and subject to your explicit consent.

17.5 Invoice Disputes and Chargebacks

If you believe you have been billed incorrectly, you must notify us within sixty (60) days of the charge date by emailing admin@ibalam.ai. We will acknowledge your dispute within five (5) business days and provide a resolution within fifteen (15) business days. Your access to the Services will not be suspended while a billing dispute is under review. We encourage you to contact us before initiating a chargeback. Nothing in this section limits your statutory rights.

17.6 Dispute Resolution for Consumers

Malaysian consumers may file claims with the Tribunal for Consumer Claims (TTPM) for disputes involving amounts up to RM50,000.

18. Intellectual Property Rights

18.1 BALAM AI Ownership

We retain all rights, title, and interest in and to:

  • The Platform, Services, and underlying technology
  • All software, code, designs, and documentation
  • The BALAM AI name, logo, and trademarks (protected under the Trademarks Act 2019)
  • Any improvements or modifications to the Services

18.2 User Content

You retain ownership of content you upload to configure your assistants. You grant BALAM AI a non-exclusive, worldwide licence to use, process, and display your Content solely for the purpose of providing the Services. You represent and warrant that your submitted content does not infringe any third party's intellectual property rights.

18.3 AI-Generated Content and Intellectual Property

Under Malaysian copyright law (Copyright Act 1987) and similar laws in many jurisdictions, AI-generated content without significant human creative input may not qualify for copyright protection. You acknowledge that:

  • Content generated by our AI assistants is provided for your business use
  • BALAM AI does not claim copyright in AI-generated outputs
  • The AI models used were trained by their respective developers on large datasets that may include copyrighted material; there is an inherent risk that outputs may resemble copyrighted material
  • You are responsible for reviewing, modifying, and verifying AI outputs before publication or commercial use
  • You are responsible for ensuring AI-generated content does not infringe third-party rights
  • BALAM AI does not provide indemnification for intellectual property claims arising from AI-generated content

18.4 End User Content

Chat messages and other content from End Users belong to you (the Business User) as the Data Controller. We process such content on your behalf as a Data Processor in accordance with Section 9.

18.5 Feedback

Any feedback, suggestions, or ideas you provide about the Services may be used by us without obligation or compensation to you.

18.6 Notice and Take-Down

We maintain notice and take-down procedures for intellectual property infringement claims. If you believe content on our Platform infringes your intellectual property rights, please contact us at admin@ibalam.ai with details of the alleged infringement.

19. Data Ownership and Portability

19.1 Customer Data Ownership

All Customer Data remains your property. BALAM AI acquires no ownership rights in Customer Data.

19.2 Data Export

You may export your Customer Data at any time through the Platform dashboard in machine-readable format (JSON, CSV). Upon request, we will provide a complete export of your Customer Data within thirty (30) days.

19.3 Data Portability (EU Data Act)

For customers in the EU/EEA, in compliance with the EU Data Act (Regulation 2023/2854) and GDPR Article 20: (a) you may request transfer of your Customer Data to another service provider; (b) data will be provided in a structured, commonly used, and machine-readable format; (c) no additional charges apply for data export or switching.

19.4 Post-Termination Data Retrieval

Following termination, you may request export of your Customer Data for a period of thirty (30) days. After this period, we will securely delete your Customer Data unless retention is required by law.

20. Confidentiality

20.1 Definition

"Confidential Information" means any non-public information disclosed by one party ("Discloser") to the other ("Recipient"), whether oral, written, or electronic, including business plans, technical data, product plans, customer lists, pricing, security configurations, API keys, and financial information. Confidential Information does not include information that: (a) is or becomes publicly available through no fault of the Recipient; (b) was known to the Recipient prior to disclosure; (c) is independently developed without use of Confidential Information; or (d) is disclosed with the Discloser's prior written approval.

20.2 Obligations

The Recipient shall: (a) use Confidential Information solely for performing under these Terms; (b) protect Confidential Information with at least the same degree of care used for its own confidential information, but no less than reasonable care; (c) not disclose Confidential Information to third parties except to employees, contractors, and agents who need to know and are bound by confidentiality obligations at least as protective.

20.3 Compelled Disclosure

If legally compelled to disclose Confidential Information, the Recipient shall provide prompt notice (to the extent legally permitted) and cooperate with the Discloser's efforts to seek protective measures.

20.4 Duration

Confidentiality obligations survive termination for three (3) years, except for trade secrets, which remain protected as long as they qualify as trade secrets under applicable law.

21. Service Availability and SLA

21.1 Uptime Commitment

BALAM AI commits to a monthly uptime of 99.5% for core Platform services (web application, API, WebSocket), measured as the percentage of minutes in a calendar month during which core services are operational.

21.2 Uptime Exclusions

The following are excluded from uptime calculations: (a) scheduled maintenance with at least 48 hours' prior notice; (b) emergency maintenance for security or data integrity; (c) factors outside our reasonable control (Section 30.6); (d) downtime caused by your equipment, software, or network; (e) third-party platform outages.

21.3 Service Credits

If BALAM AI fails to meet the Uptime Commitment in any calendar month, you may request service credits: 99.0%–99.4% = 5% credit; 95.0%–98.9% = 10% credit; below 95.0% = 25% credit of that month's subscription fee. Service credits must be requested within 30 days and are your sole remedy for uptime failures.

21.4 Scheduled Maintenance

Scheduled maintenance will be performed during off-peak hours when possible. We will provide at least forty-eight (48) hours' email notice for maintenance expected to exceed thirty (30) minutes. Emergency maintenance for critical security issues may be performed without prior notice.

21.5 Support

Technical support is provided according to your service level. Contact us at admin@ibalam.ai for assistance.

21.6 Modifications

We reserve the right to modify, suspend, or discontinue any part of the Services at any time. We will provide reasonable notice of material changes when practicable.

22. API Usage and Rate Limits

22.1 API Access

Access to BALAM AI APIs is governed by these Terms and your subscription plan. API access is granted via API keys authenticated using PBKDF2 hashing. You are responsible for maintaining the confidentiality of your API keys.

22.2 Rate Limits

API usage is subject to rate limits which may be adjusted per subscription tier:

  • Chat API: 20 requests per minute, 5 requests per second burst
  • Analytics API: 60 requests per minute
  • Assistant Management API: 30 requests per minute
  • Authentication API: 5 requests per minute

Exceeding rate limits will result in HTTP 429 responses. Persistent abuse may result in temporary or permanent API access suspension. Third-party platform integrations are additionally subject to the rate limits imposed by Meta, Telegram, TikTok, Google, and Microsoft.

22.3 Prohibited API Usage

You shall not: (a) use the API to build a competing product; (b) circumvent or attempt to circumvent rate limits; (c) use automated tools to scrape, harvest, or benchmark the API without written consent; (d) redistribute API access to third parties without authorisation.

22.4 API Changes

We may modify, deprecate, or discontinue API endpoints with at least thirty (30) days' notice for non-breaking changes and ninety (90) days' notice for breaking changes.

22.5 OAuth and Credential Management

For integrations requiring OAuth 2.0 authentication (Gmail, Outlook): (a) we implement OAuth 2.0 with PKCE where supported; (b) tokens are automatically refreshed before expiration; (c) you may revoke OAuth access at any time; (d) upon revocation, we will cease accessing the connected service and delete stored tokens; (e) all credentials are encrypted using Fernet encryption at rest; (f) in the event of a credential compromise, we will notify affected users and invalidate compromised tokens immediately.

23. Beta and Preview Services

23.1 Definition

"Beta Services" means any features, tools, or services designated as "beta," "preview," "early access," "experimental," or similar.

23.2 As-Is Provision

BETA SERVICES ARE PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTY OF ANY KIND. BALAM AI MAKES NO REPRESENTATIONS REGARDING THE RELIABILITY, AVAILABILITY, SUITABILITY, OR ACCURACY OF BETA SERVICES.

23.3 No SLA

Beta Services are excluded from all Service Level Agreements, uptime commitments, and support obligations.

23.4 Discontinuation

BALAM AI may modify, suspend, or discontinue any Beta Service at any time without notice or liability. Beta Services may never be made generally available.

24. Disclaimer of Warranties

IMPORTANT DISCLAIMER

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, INCLUDING THE CONSUMER PROTECTION ACT 1999:

THE SERVICES ARE PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO:

  • IMPLIED WARRANTIES OF MERCHANTABILITY
  • FITNESS FOR A PARTICULAR PURPOSE
  • NON-INFRINGEMENT
  • ACCURACY OR RELIABILITY OF AI-GENERATED CONTENT

WE DO NOT WARRANT THAT: the Services will meet your requirements; the Services will be uninterrupted, timely, secure, or error-free; AI-generated responses will be accurate, complete, or suitable for any purpose; any defects will be corrected; or third-party integrations will remain available.

You acknowledge that AI systems have inherent limitations and may produce incorrect, biased, or inappropriate responses. You are responsible for reviewing and validating AI-generated content before relying on it.

Nothing in this section excludes or limits liability that cannot be excluded or limited by law, including under the Consumer Protection Act 1999.

25. Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW:

25.1 Exclusion of Damages

IN NO EVENT SHALL BALAM AI, ITS DIRECTORS, EMPLOYEES, PARTNERS, AGENTS, OR AFFILIATES BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING WITHOUT LIMITATION: loss of profits, revenue, or business opportunities; loss of data or goodwill; service interruption; cost of substitute services; damages arising from AI-generated content; or damages arising from third-party platform changes.

25.2 Liability Cap

OUR TOTAL LIABILITY SHALL NOT EXCEED THE GREATER OF: the amount you paid to BALAM AI in the twelve (12) months preceding the claim, or one hundred Malaysian Ringgit (RM 100). For Beta Services, total liability shall not exceed RM 50.

25.3 Exceptions

These limitations do not apply to: liability that cannot be excluded by law; fraud or gross negligence; liability under the Consumer Protection Act 1999; data breach liabilities under mandatory data protection laws; or death or personal injury caused by negligence.

26. Indemnification

You agree to indemnify, defend, and hold harmless BALAM AI and its officers, directors, employees, agents, and affiliates from and against any claims, damages, losses, liabilities, costs, and expenses (including reasonable legal fees) arising out of or relating to:

  • Your use of the Services
  • Your violation of these Terms
  • Your violation of any third-party rights, including intellectual property or privacy rights
  • Your Content or the configuration of your AI assistants
  • Any claim by an End User arising from your use of the Services
  • Your failure to obtain required consents from End Users
  • Your failure to comply with applicable data protection, AI transparency, or consumer protection laws
  • Your use of AI-generated content for high-risk decisions without appropriate human oversight
  • Your violation of social media platform terms or email provider policies
  • Claims arising from your use of external tools and API integrations configured by you

27. Term, Suspension, and Termination

27.1 Term

These Terms remain in effect until terminated by either party.

27.2 Termination by You

You may terminate your Account at any time through your account dashboard or by contacting us. Upon termination, you are entitled to a pro-rata refund for unused services in accordance with Section 17.

27.3 Suspension

We may suspend your access to all or part of the Services immediately if:

  • You breach any provision of these Terms and fail to cure within seven (7) days of written notice (Acceptable Use violations may result in immediate suspension)
  • Your Account has an overdue balance exceeding fourteen (14) days
  • We reasonably believe your Account is being used for fraudulent or illegal activity
  • Required by law or regulatory authority

During suspension: (i) your data is preserved; (ii) your payment obligations continue; (iii) you may not access the Services except to export data. We will provide written notice of the reason for suspension and the steps required to restore access.

27.4 Termination by Us

We may terminate your Account if:

  • A suspension remains uncured for thirty (30) consecutive days
  • You materially breach these Terms and fail to cure within thirty (30) days of written notice
  • We are required to do so by law or regulatory authority
  • We discontinue the Services with at least ninety (90) days' prior notice

27.5 Effect of Termination

Upon termination:

  • Your right to access the Services ceases immediately
  • We will, at your choice, delete or return your Personal Data and End User data, except where retention is required by applicable law
  • We may retain anonymised and aggregated data that does not identify individuals
  • Data deletion will be completed within thirty (30) days of termination unless legally required otherwise
  • The following sections survive termination: 2 (Definitions), 4.2 (AI Limitations), 9 (DPA, for duration of processing), 15.7 (Payment Terms for amounts owed), 18 (Intellectual Property), 19 (Data Ownership), 20 (Confidentiality), 24 (Warranties), 25 (Liability), 26 (Indemnification), 29 (Governing Law), and 30 (General Provisions)

28. International Compliance

28.1 Compliance with Laws

You agree to use BALAM AI Services in compliance with all applicable laws in your jurisdiction, including data protection, consumer protection, anti-spam, content standards, and AI regulation laws.

28.2 Cross-Border Data Transfers

Our Services may involve the transfer of data to and from Malaysia and other jurisdictions. We implement appropriate safeguards for cross-border data transfers as described in Section 9.5 and our Privacy Policy.

28.3 Export Controls and Sanctions

You represent that you are not located in, or a national or resident of, any country subject to applicable trade sanctions, and that you are not on any restricted party list.

28.4 Anti-Money Laundering

You agree to use BALAM AI Services in compliance with the Anti-Money Laundering, Anti-Terrorism Financing and Proceeds of Unlawful Activities Act 2001 (AMLA). We reserve the right to verify your identity, request additional documentation, and report suspicious activities to the relevant Malaysian authorities as required by law.

28.5 US State AI Transparency Laws

In compliance with applicable US state AI transparency requirements: (a) California AI Transparency Act (SB 942): AI-generated content is identifiable as such; (b) Colorado AI Act: Business Users deploying AI in high-risk contexts are responsible for compliance with disclosure, impact assessment, and discrimination prevention requirements; (c) Texas TRAIGA: Business Users in Texas must comply with disclosure and consent requirements. Business Users are responsible for determining which laws apply to their deployment.

28.6 Malaysia AI Governance (AIGE)

In alignment with Malaysia's National Guidelines on AI Governance and Ethics (AIGE, September 2024), BALAM AI adheres to the seven AIGE principles: Fairness (non-discriminatory guardrails), Safety (multi-layer safety architecture), Privacy (PDPA compliance), Inclusiveness (multilingual and accessible design), Transparency (AI disclosure and model identification), Accountability (audit logs and incident reporting), and Human Benefit (augmenting human capabilities, not replacing human judgment).

29. Governing Law and Disputes

29.1 Governing Law

These Terms are governed by and construed in accordance with the laws of Malaysia, including the Contracts Act 1950, the Consumer Protection Act 1999, the Electronic Commerce Act 2006, the Personal Data Protection Act 2010 (as amended), and the Communications and Multimedia Act 1998, without regard to conflict of law principles.

29.2 Dispute Resolution

Any dispute arising out of or relating to these Terms shall be resolved as follows:

  1. Negotiation: The parties shall first attempt to resolve the dispute through good faith negotiation within thirty (30) days.
  2. Mediation: If negotiation fails, the parties may agree to mediation under the Malaysian Mediation Centre rules.
  3. Consumer Claims: Malaysian consumers may file claims with the Tribunal for Consumer Claims (TTPM) for disputes up to RM50,000.
  4. Litigation: If mediation is unsuccessful or not pursued, disputes shall be submitted to the exclusive jurisdiction of the courts of Malaysia.

29.3 Class Action Waiver

To the extent permitted by law, you agree to resolve disputes individually and waive any right to participate in class action lawsuits or class-wide arbitration.

29.4 Limitation Period

Any claim arising under these Terms must be brought within two (2) years of the date the cause of action accrues, except where a shorter or longer period is mandated by applicable law.

29.5 Regulatory Complaints

Nothing in these Terms prevents you from lodging complaints with:

  • The Personal Data Protection Commissioner of Malaysia (www.pdp.gov.my)
  • The Malaysian Communications and Multimedia Commission (MCMC)
  • Your local data protection supervisory authority (for EU/EEA residents)
  • Any other competent regulatory authority in your jurisdiction

30. General Provisions

30.1 Entire Agreement

These Terms, together with our Privacy Policy and any other policies referenced herein, constitute the entire agreement between you and BALAM AI regarding the Services.

30.2 Severability

If any provision of these Terms is found to be unenforceable or void (including under the Consumer Protection Act 1999 unfair contract terms provisions), the remaining provisions shall continue in full force and effect.

30.3 Waiver

Our failure to enforce any provision shall not be deemed a waiver of that provision or our right to enforce it later.

30.4 Assignment

You may not assign or transfer these Terms without our prior written consent. We may assign these Terms in connection with a merger, acquisition, or sale of assets, with appropriate notice provided.

30.5 Notices

Notices to you may be sent to the email address associated with your Account. Notices to us should be sent to admin@ibalam.ai.

30.6 Force Majeure

We shall not be liable for any failure or delay in performance due to circumstances beyond our reasonable control, including natural disasters, war, terrorism, riots, embargoes, acts of civil or military authorities, fire, floods, accidents, pandemic, epidemics, strikes, shortages, cyberattacks, government actions, or third-party service disruptions.

30.7 Language

These Terms are drafted in English. In the event of any conflict between the English version and any translation, the English version shall prevail, except where prohibited by applicable law.

30.8 Third-Party Rights

These Terms do not confer any rights on any third party, except as expressly provided herein.

30.9 Insurance

BALAM AI maintains commercially reasonable insurance coverage appropriate to the nature and scope of the Services provided. Details of coverage limits are available upon request for enterprise customers.

31. Changes to Terms

We reserve the right to modify these Terms at any time. Changes will be effective upon posting to this page with an updated "Last Updated" date.

For material changes, we will provide at least thirty (30) days' notice through:

  • A prominent notice on our Platform
  • Email notification to registered Business Users
  • In-app notification upon login

Your continued use of the Services after the notice period constitutes acceptance of the modified Terms. If you do not agree to the changes, you must stop using the Services and terminate your Account before the changes take effect. You are entitled to a pro-rata refund for unused services upon termination.

31.1 Version History

Version Date Summary
2.0 January 30, 2026 Comprehensive update: added SLA, API terms, beta services, confidentiality, data portability, AI model identification, open-source licenses, subscription billing compliance (FTC/CARL), external tools, EU Data Act, US state AI laws, Malaysia AIGE, enhanced consumer rights and security disclosures
1.0 January 30, 2026 Initial comprehensive Terms of Service

32. Contact Information

For questions, concerns, or complaints about these Terms, please contact us:

  • General Inquiries: admin@ibalam.ai
  • Data Protection Officer: admin@ibalam.ai
  • Legal Notices: admin@ibalam.ai
  • Security Concerns: admin@ibalam.ai
  • AI Safety Reports: admin@ibalam.ai

32.1 Regulatory Bodies

You may also contact the following regulatory bodies:

Thank you for using BALAM AI. We are committed to providing you with a reliable, secure, and innovative AI chat platform while maintaining full compliance with applicable laws and regulations.