Terms of service

40 South Guard is AI compliance middleware. Guard sits between your business and your AI providers, monitoring AI interactions against Australian regulatory frameworks, detecting personal information and prompt injection, generating cryptographically signed attestations, and maintaining a tamper-evident audit trail.

Guard does not replace your AI providers. It does not provide AI models, generate AI responses, or make decisions on your behalf. Guard monitors, logs, and attests.

Account creation. To use Guard, your organisation must create an account. The person who creates the account is the initial administrator. Administrators can invite additional users and assign roles (such as CISO, auditor, or engineer).

Access credentials. You are responsible for keeping your login credentials and Guard API keys secure. Do not share API keys outside your organisation. Notify us at security@40south.au immediately if you believe your credentials have been compromised.

Authorised use. You may only use Guard for lawful business purposes consistent with these Terms. You may not use Guard to process data on behalf of third parties without our written agreement.

Pricing. Guard is available at $5,500 per month (AUD), billed monthly. This includes all compliance features, PII detection, prompt injection detection, attestation signing, audit trail storage (7 years), and standard support.

Pilot. We offer a 60-day pilot at a flat fee of $4,500 (AUD). The pilot includes full Guard functionality on one team or use case, integration support, policy setup, and a compliance gap report. No obligation to continue.

Payment terms. Invoices are issued monthly in advance. Payment is due within 14 days of the invoice date. All amounts are in Australian dollars and are exclusive of GST unless stated otherwise.

No lock-in. Either party may terminate the subscription at the end of any billing period with 30 days' written notice. There are no early termination fees.

Price changes. We will give you at least 60 days' written notice of any price increase. The new price takes effect at the start of the next billing period after the notice period.

Your data is yours. All data processed through Guard belongs to you. We do not own, license, or claim any rights over your data.

Data location. All data is processed and stored in Australia (Google Cloud Sydney, australia-southeast1, with failover to australia-southeast2). Data never leaves Australian borders.

Data processing. We process your data solely to provide the Guard service. We do not use your data to train AI models. We do not sell your data.

Audit trail. Guard maintains a tamper-evident audit trail of all AI interactions. Evidence records are retained for 7 years, cryptographically signed and immutable once written.

PII handling. When Guard detects personal information, it records the detection (type, location, confidence) in the attestation. Raw PII is scrubbed from evidence records before storage.

During your subscription. You can export your compliance data, attestations, and audit trail at any time through the Guard dashboard or API. Export formats include JSON and PDF.

On termination. After your subscription ends, you have 90 days to export your data. After 90 days, we will delete your account data and configuration. Audit trail records within the 7-year retention period remain accessible on request.

Uptime. We target 99.9% uptime for the Guard proxy and API services, measured monthly. Scheduled maintenance windows are excluded.

Support. Standard support is included. We respond to enquiries within one business day. Critical issues (service outage, data breach) are escalated immediately.

Incident notification. If we become aware of a security incident that affects your data, we will notify you within 72 hours and provide ongoing updates until the incident is resolved.

Guard monitors AI interactions, detects Australian PII, detects prompt injection, generates cryptographically signed attestations, maintains a 7-year audit trail, and provides compliance reporting with APRA-ready evidence export.

Guard does not provide legal advice, guarantee regulatory compliance (it provides evidence and controls; compliance is your organisation's responsibility), replace your compliance team or auditors, make automated decisions on your behalf, or provide AI models or generate AI responses.

Guard is a tool that supports your compliance efforts. It does not substitute for professional legal or compliance advice.

Our IP. Guard, including its software, documentation, algorithms, and brand, is owned by 40° South AI Pty Ltd. These Terms do not transfer any intellectual property rights to you.

Your data. You retain all rights in your data. We do not acquire any intellectual property rights in your data by processing it through Guard.

To the maximum extent permitted by Australian Consumer Law, we are not liable for any indirect, incidental, consequential, or special damages arising from your use of Guard, including lost profits, lost data, or business interruption.

Our total aggregate liability for any claims arising from these Terms or the Service is limited to the fees you paid in the 12 months preceding the claim.

Nothing in these Terms excludes or limits any rights you have under the Australian Consumer Law that cannot be excluded or limited by contract.

By you. Cancel at any time with 30 days' written notice. Access continues until the end of the current billing period.

By us. We may suspend or terminate access if you breach these Terms and fail to remedy within 14 days of notice. We may also terminate immediately if required by law or if your use poses a security risk to other customers.

Effect. On termination, access is revoked. You have 90 days to export data. Audit trail records within the 7-year retention window remain accessible on request.

Legal enquiries: legal@40south.au

General enquiries: hello@40south.au

40° South AI Pty Ltd, New South Wales, Australia