1. Who we are

Gates-AI (a subsidiary of Gates Digital Pte. Ltd., Singapore) provides independent AI assurance: testing, audits, risk assessments, benchmarking, MLOps pipeline testing, and certification services.

2. Scope of services

We perform services set out in an Order, Proposal, or SOW (collectively, “SOW”). Unless stated otherwise, services include: model functional testing, prompt/LLM testing, bias & fairness audits, compliance testing, stress & edge-case testing, safety & risk assessments, performance benchmarking, and MLOps pipeline testing. Certification (where applicable) follows our Gates-AI Certification Framework and published criteria.

3. Roles & data

• For client production or test data processed during our work, we typically act as a data processor/service provider; you remain the controller/owner.
• For website, marketing, and account data, we act as a data controller (see Privacy Policy).

4. Client obligations

You will: (a) provide timely access to systems, environments, datasets, and SMEs; (b) ensure you have lawful rights to share data and systems for testing/audits; (c) maintain backups and operational safeguards; (d) not request unlawful testing (e.g., unauthorized access).

5. Security & access

We apply industry controls (least privilege, encryption, logging, change control, vulnerability management, incident response) consistent with ISO/IEC 27001 practices. You may request our current security summary and subprocessors list under NDA. 

6. Testing boundaries

Unless expressly authorized in writing, we will not conduct destructive tests in production. You will provide approved windows, targets, and test data. Findings may include simulated prompt injection, adversarial inputs, stress loads, and bias tests.

7. Deliverables & IP

• You own client data and the specific reports/certificates delivered under the SOW (for your internal and regulator communications).
• We retain all background IP, methods, test suites, frameworks, and templates. We grant you a non-exclusive license to use the deliverables internally and with regulators/auditors.
• Any certification mark/seal is licensed, revocable, and subject to your continued compliance.

8. Confidentiality

Each party will protect the other’s Confidential Information using reasonable safeguards and use it solely to perform the SOW.

9. Compliance & ethics

We perform services consistent with NIST AI RMF and ISO/IEC 42001 principles for AI risk/governance; and relevant privacy laws (GDPR/PDPA/CPRA) where applicable.

10. Warranties (limited)

We warrant we’ll perform services with reasonable skill and care. We do not warrant that your systems will be error-free, invulnerable, or fully compliant after remediation—risk changes over time.

11. Indemnity

• You indemnify us against third-party claims arising from your data, systems, or unlawful instructions.
• We indemnify you for third-party IP claims alleging our background IP in the deliverables infringes IP rights (excluding your modifications, your data, third-party components you supply, or use outside the SOW).

12. Liability

To the maximum extent permitted by law:

• Neither party is liable for indirect or consequential damages, loss of profits or data.
• Our aggregate liability under an SOW is capped at the fees paid for that SOW in the 12 months prior to the claim.

13. Term & termination

Either party may terminate for material breach uncured within 30 days. Upon termination, you pay for work performed. Confidentiality, IP, and liability limits survive.

14. Publicity

We will not use your name or marks without permission, except to identify you as a client where you have publicly disclosed the relationship.

15. Export & sanctions

Each party complies with applicable export controls and sanctions.

16. Force majeure

Neither party is liable for delays beyond reasonable control (e.g., outages, disasters, war).

17. Governing law & venue

Unless agreed otherwise in the SOW: Singapore law governs; courts of Singapore have exclusive jurisdiction.

18. Order of precedence

If there’s a conflict, the SOW controls over these T&Cs.