Terms of Service
Effective date: to be set on first commercial customer. Last updated: 2026-05-08.
⚠ Draft for lawyer review. This document is a starting point for the
Master Services Agreement (MSA) between EDENIC Consulting and customer
audit firms. It must be reviewed by an Australian commercial / IT
solicitor before being used in any contract.
1. Parties
These Terms of Service ("Terms") form a binding agreement between:
- EDENIC Consulting Pty Ltd (ABN [to insert]) trading as Audit
Intelligence ("we", "us", "our"); and
- the customer audit firm identified in the Order Form
("you", "your", "Customer").
By signing an Order Form, you accept these Terms.
2. The Service
We provide Audit Intelligence, a cloud-based audit-management platform hosted at auditintel.com and customer-specific subdomains (<yourfirm>.auditintel.com). The Service includes the features described in the then-current product documentation.
We reserve the right to evolve the Service. We will not materially reduce features available to you during a paid subscription term without 30 days' notice and, where applicable, a pro-rata refund.
3. Term & subscription
3.1 The subscription term is one (1) year unless otherwise specified on the Order Form. The term renews automatically for successive one-year terms unless either party gives 60 days' written notice before the renewal date.
3.2 Pricing is per user per year as set out in the Order Form. The current standard rate is AUD $2,500 per user per year ex-GST, subject to change for renewal terms with 60 days' notice.
3.3 Onboarding fees, if any, are one-off and described in the Order Form.
3.4 Invoices are payable within 14 days of issue. Overdue accounts may be suspended on 7 days' written notice.
4. Your responsibilities
4.1 Acceptable use. You will use the Service only in connection with your audit practice, in compliance with applicable laws (including the Privacy Act 1988 (Cth), Corporations Act 2001 (Cth), and the professional standards that apply to you).
4.2 Account security. You are responsible for:
- maintaining strong passwords and enforcing 2FA on every user account;
- promptly disabling access for departing staff;
- not sharing credentials between users;
- notifying us of any suspected compromise within 24 hours of awareness.
4.3 Audit responsibility. The Service is a tool. You remain professionally responsible for every audit conclusion, sign-off, and report. AI-generated suggestions are advisory only; nothing in the Service substitutes for the professional judgement of a qualified auditor.
4.4 Client data. You are the controller of audit data uploaded to the Service. You are responsible for ensuring you have lawful authority to disclose that data to us as a processor. We will sign a Data Processing Addendum on request.
5. Our responsibilities
5.1 We will provide the Service substantially in accordance with the documentation, with reasonable skill and care.
5.2 Service level. Target uptime: 99.5% measured monthly, excluding scheduled maintenance announced at least 48 hours in advance, and excluding outages caused by sub-processors outside our reasonable control. Where we miss the target in a calendar month, you may request a service credit equal to 10% of the monthly subscription fee for that month per percentage point below target, capped at 50%.
5.3 Maintenance. We will keep the Service reasonably current. We apply security patches promptly. We will give you reasonable notice of material UI or workflow changes.
5.4 Support. Standard support is available by email at support@auditintel.com, business hours Sydney time, with target first-response within one business day. Priority/enterprise support available under a separate Service Level Agreement.
6. Data, security & residency
6.1 Data ownership. You own your audit data. We are a custodian processor. We will not access, copy, share, or use your audit data except as necessary to provide the Service or as required by law.
6.2 Residency. Structured data and uploaded files are stored in Australia (ap-southeast-2 and Cloudflare APAC region). Two named data flows leave Australia — AI inference and outbound email — and both are disclosed in our Privacy Policy and Data Residency document. Strict-AU configuration is available on request: see §11.
6.3 Security. We maintain administrative, technical, and physical safeguards designed to protect your data, including TLS 1.3 in transit, AES-256 at rest, multi-tenancy isolation via schema-per-firm, insert- only audit trail, 2FA enforcement, and annual security reviews. Full posture is documented at auditintel.com/legal/data-residency.
6.4 Sub-processors. We use sub-processors as listed at auditintel.com/legal/subprocessors. We will give you 30 days' notice before adding a new sub-processor. If you object on reasonable security grounds, we will work with you on an alternative or you may terminate the affected service with refund of unused fees.
6.5 Backups & recovery. Database point-in-time recovery is retained for up to 30 days. File versioning is enabled on all object storage. We test restoration quarterly. Recovery Point Objective: 1 hour. Recovery Time Objective: 4 hours.
6.6 Breach notification. If we become aware of a breach of security leading to unauthorised access, disclosure, alteration, loss, or destruction of your data, we will notify you within four (4) hours of classifying the incident as customer-affecting, with the information required for you to fulfil your own NDB obligations. Our Incident Response Runbook governs the full process.
6.7 Retention & deletion. During the term, we retain your data per the Privacy Policy. On termination, we will, at your election:
- (a) return all your data via a structured export (database dump + file
archive) within 30 days; or
- (b) delete your data within 30 days, subject to statutory retention
obligations (ASIC + APES 320 + ASA 230 — 7 years from audit report date for audit working papers). Data held under statutory retention is sealed with no application access path until the retention period ends.
A certificate of deletion is provided on request.
7. AI features
7.1 What AI does. The Service uses AI to assist with mapping account codes, drafting narratives, summarising documents, suggesting risk ratings, generating information request lists, analysing journals for fraud indicators, and similar advisory tasks.
7.2 Human-in-the-loop. Every AI output requires explicit auditor review and acceptance before being committed to the audit file. The Service is architected to make this unskippable.
7.3 No model training. AI vendors are contractually prohibited from training models on data submitted by us. The default configuration uses vendors with zero-retention API tiers.
7.4 Cross-border disclosure. AI inference is performed by third- party providers in the United States by default. This is a disclosed cross-border disclosure under APP 8. See §6.2 and the Privacy Policy for detail. Strict-AU configuration is available.
7.5 Accuracy. AI suggestions can be wrong. You must review every AI output before accepting it. We disclaim liability for any audit conclusion that relied on an unreviewed AI suggestion.
8. Intellectual property
8.1 Our IP. We own the Service, including all software, content, templates, and documentation. We grant you a non-exclusive, non-transferable, non-sublicensable licence to use the Service for the term, for your audit practice.
8.2 Your data. You own your audit data and any working papers, narratives, journals, and outputs your users author within the Service. You grant us a non-exclusive licence to host, process, and display that data solely to provide the Service to you.
8.3 Feedback. If you give us feedback or suggestions about the Service, we may use them without restriction or attribution.
8.4 No reverse engineering. You will not reverse-engineer, decompile, or extract source code from the Service except to the extent permitted by law.
9. Confidentiality
Each party will keep confidential information of the other party in strict confidence, use it only for the purpose of the relationship, and protect it with the same standard of care it uses for its own confidential information (and no less than a reasonable standard). This clause survives termination by 3 years (or, for audit data, by the statutory retention period).
10. Warranties & disclaimers
10.1 Mutual warranties. Each party warrants it has authority to enter into these Terms and will comply with applicable law.
10.2 Service warranty. We warrant that the Service will perform substantially in accordance with the documentation. Your sole remedy for breach of this warranty is, at our option, to (a) cure the defect or (b) terminate the affected portion of the subscription with a pro-rata refund.
10.3 Disclaimer. Except as expressly stated, the Service is provided "as is" to the maximum extent permitted by law. We do not warrant that the Service will be uninterrupted, error-free, or that AI outputs will be accurate. The Service does not substitute for the professional judgement required of an auditor.
10.4 Consumer law. Nothing in these Terms excludes or limits any consumer guarantee under the Australian Consumer Law (Sch 2, Competition and Consumer Act 2010) that cannot be excluded.
11. Strict-AU configuration (optional)
If your firm requires that no audit data leaves Australia at any point — including during AI inference — we offer a Strict-AU configuration:
- Sensitive AI features (document summarisation, journal fraud
analytics, working-paper narrative drafting, pre-lock checklist, journal rationale, final-checklist validation) route through AWS Bedrock in ap-southeast-2 (Sydney) instead of vendor US endpoints.
- Outbound email via Resend can be disabled; in-app notifications only.
Request Strict-AU configuration in writing. Additional fees may apply to cover Bedrock inference costs (typically AUD $0.05–0.30 per sensitive AI call); we will quote on request.
12. Liability
12.1 Cap. To the maximum extent permitted by law, each party's aggregate liability under these Terms in any 12-month period is limited to the fees paid by you to us in that 12-month period.
12.2 Excluded losses. Neither party is liable for indirect, consequential, or incidental losses, including lost profits, lost business opportunity, or lost goodwill, except where caused by deliberate wrongdoing or breach of confidentiality.
12.3 Carve-outs. The cap and exclusions do not apply to: a party's indemnity obligations, breach of confidentiality, fraud, wilful misconduct, or amounts owed under §3 (Subscription fees).
12.4 Indemnity (you). You will indemnify us against losses we suffer from your unlawful use of the Service or breach of §4.1.
12.5 Indemnity (us). We will indemnify you against losses you suffer from third-party claims that the Service infringes their intellectual property rights, except to the extent the claim arises from your modification of the Service or use outside scope.
13. Termination
13.1 For convenience. Either party may terminate the subscription at end of the then-current term by giving 60 days' written notice.
13.2 For cause. Either party may terminate immediately if the other (a) is in material breach and fails to cure within 30 days of written notice, or (b) becomes insolvent or has a liquidator appointed.
13.3 Effect. On termination:
- All licences end immediately.
- You may request data export or deletion per §6.7.
- Outstanding fees become payable on the original schedule.
- Sections 6, 7.5, 8, 9, 10, 12, 14, 15 and 16 survive.
14. Disputes
14.1 The parties will attempt in good faith to resolve disputes by direct discussion within 30 days.
14.2 If not resolved, the dispute will be referred to mediation administered by the Australian Disputes Centre.
14.3 If mediation fails, disputes are subject to the exclusive jurisdiction of the courts of New South Wales, Australia.
15. General
15.1 Governing law. New South Wales, Australia.
15.2 Notices. In writing, to the email addresses on the Order Form, with reasonable steps to confirm receipt for material notices (e.g. breach, termination).
15.3 Assignment. Neither party may assign without the other's consent, except to an affiliate or successor in a merger or sale of substantially all assets.
15.4 Entire agreement. These Terms, the Order Form, the Privacy Policy, the Data Processing Addendum (where executed), and the Data Residency document together form the entire agreement.
15.5 Severability. If any provision is unenforceable, the rest remains in force.
15.6 Variation. We may update non-material terms (e.g. sub- processor list, technical SLAs) with 30 days' notice. Material changes require your consent.
15.7 No waiver. A failure to enforce any right is not a waiver.
15.8 Counterparts & electronic signatures. Order Forms can be signed electronically and in counterparts.
16. Contact
EDENIC Consulting Pty Ltd [Registered address — to insert] ABN [to insert]
For service questions: support@auditintel.com For legal / contracts: legal@auditintel.com (Eden Pearson) For privacy: privacy@auditintel.com For security: security@auditintel.com
Document history
| Date | Change | Author |
|---|---|---|
| 2026-05-08 | Initial draft for lawyer review | Eden Pearson |