Legal · Terms of Service · The Professional Compact

Terms of Service

This Agreement governs the relationship between Zenta Technologies Sdn. Bhd. and Users of the GetZenta platform. By accessing or using the platform, you agree to these terms in full. If you do not agree, do not use the platform.

Service Provider

Zenta Technologies Sdn. Bhd.

Company No: 202501060152 (1661558-W) · Level 23-1, Premier Suite, One Mont Kiara, No 1 Jalan Kiara, 50480 Kuala Lumpur · "the Company"

User

Auditor, SME, or Staff Account Holder

The individual or organisation registering for and accessing the GetZenta platform at getzenta.com.my or app.getzenta.com.my · "the User"

Effective: 31 March 2026 Last updated: 7 May 2026 Platform: getzenta.com.my Governing law: Malaysia

Section 01

Legal Status & Professional Alignment

Understanding what GetZenta is — and is not — is the foundation of this agreement. These definitions govern how the platform may be used and what responsibilities each party carries.

1.1

Service Provider

GetZenta is a proprietary audit evidence and compliance infrastructure platform owned and operated by Zenta Technologies Sdn. Bhd. ("the Company"). The platform is accessible at getzenta.com.my and app.getzenta.com.my.

1.2

Not a Tax Agent or Auditor

In accordance with Section 153 of the Income Tax Act 1967, the Company is not a licensed Tax Agent. The platform is a digital evidence management and compliance workflow tool. GetZenta does not perform audits, issue audit opinions, provide tax advice, or certify compliance status on behalf of any User or third party. The platform provides infrastructure. The User provides the professional judgment.

1.3

Professional Alignment

This Agreement is designed to complement the Malaysian Institute of Accountants (MIA) By-Laws on Professional Ethics, Conduct, and Practice. For Auditor-role Users, the platform's Human-in-the-Loop architecture and evidence trail model are specifically designed to support — not replace — the professional responsibilities of MIA-registered practitioners. The User's professional obligations under MIA By-Laws remain fully operative regardless of platform use.

1.4

Eligibility

By registering for GetZenta, you confirm that you are at least 18 years of age, have the legal capacity to enter into this Agreement, and — where registering on behalf of an organisation — are authorised to bind that organisation to these terms.

MIA By-Law Aligned ITA 1967 Compliant Infrastructure Only

Section 02

Human-in-the-Loop Architecture

GetZenta's architecture is built around one non-negotiable principle: AI assists, humans decide. This section defines how that principle operates legally and what it means for the User's responsibilities.

2.1

Professional Oversight

GetZenta operates on a Human-in-the-Loop basis for all compliance-critical functions. AI-powered extraction generates evidence signals to assist the User — it does not independently make compliance determinations, grant LHDN submission readiness, or issue audit opinions. Every record requires explicit human review and approval before it progresses to certified status.

2.2

Final Certification — the User's Act

No data is exported as a Compliance Pack or submitted for any regulatory purpose without the User's explicit action via the platform's review and approval function. By performing this action, the User warrants that they have performed the necessary due diligence and professional verification of the underlying evidence. The act of certification is the User's professional declaration — not the platform's.

2.3

Electronic Service Provider Status

Under Section 19 of the Electronic Commerce Act 2006, the Company acts as an Electronic Service Provider. The User remains the "Originator" of all certified records. Zenta Technologies is the intermediary that provides the infrastructure through which those records are captured, structured, and preserved.

2.4

AI Disclosure

The platform uses third-party AI services for optical character recognition and evidence signal generation. The specific AI models used may change without notice as the Company updates its technical stack. The Human-in-the-Loop safeguard applies regardless of which AI model is in use. Full AI processing disclosure is available in the Privacy Policy (Section 04).

ℹ️

The AI never certifies compliance. You do. This is both a legal protection for the platform and a professional responsibility for the User. The architecture is designed to make that responsibility clear and traceable.

Section 03

Audit-Grade Integrity & Security

The integrity of the GetZenta platform depends on each User maintaining the security of their own access. These obligations protect the audit trail, protect other Users, and protect the User themselves.

3.1

Individual Accountability & Credential Security

Credential sharing is strictly prohibited. Each registered user must have their own account. Under MIA Ethics, an Auditor is responsible for the professional work performed under their supervision. Any action taken via a sub-account or staff account within an Auditor's organisation is legally attributed to the Account Owner. The Account Owner must ensure that staff accounts are used only by the named individuals to whom they are assigned.

3.2

Account Compromise Notification — 24-Hour Window

In the event of a suspected account compromise, the User must notify the Company at dpo@getzenta.com.my within twenty-four (24) hours of becoming aware of the suspected compromise. Prompt notification allows the Company to investigate, isolate affected access, and preserve the audit trail. Failure to notify within this window may limit the Company's ability to investigate the incident and mitigate its consequences, and will be taken into account in any subsequent dispute relating to actions taken during the period of compromise.

3.3

VPN & Proxy Access

To maintain an accurate and verifiable audit trail, the Company reserves the right — at its discretion — to restrict or flag access from anonymous VPN services or proxy servers that obscure the originating IP address. This is a security integrity measure, not a blanket prohibition. Corporate VPNs, office proxies, and standard business network configurations are not affected. Users who believe their access has been incorrectly restricted may contact info@zentatechnologies.com to resolve the issue.

3.4

Prohibited Uses

The User must not use the platform to: submit fraudulent, fabricated, or intentionally misleading documents; circumvent materiality thresholds or review gates by manipulating submission structure; attempt to access another organisation's data; reverse-engineer or extract the platform's extraction logic; or use the platform for any purpose that violates Malaysian law or professional ethics standards.

Section 04

Admissibility of Evidence (Section 90A)

GetZenta's audit trail architecture is designed with Malaysian evidence law in mind. This section explains the evidentiary status of platform-generated records and the protections they afford Users.

4.1

Prima Facie Evidence of System Records

All system logs, metadata, and certification timestamps generated by the GetZenta platform are created in the ordinary course of business by an automated system operating without deliberate human intervention at the time of generation. These records constitute prima facie evidence of the facts recorded therein, in accordance with established principles of Malaysian evidence law applicable to computer-generated records.

4.2

Section 90A Certificate of Computer-Generated Evidence

Pursuant to Section 90A of the Evidence Act 1950, the Company will, upon written request, provide a Certificate of Computer-Generated Evidence for any certified record held within the platform. This certificate serves as a "Digital Fingerprint" — a formally admissible record that establishes the authenticity, integrity, and timestamp of the underlying evidence. Auditors may use this certificate as a defensive instrument against third-party claims challenging the provenance of certified records.

4.3

Scope of Certificate

A Section 90A certificate issued by the Company covers the system-generated record — the AI extraction output, confidence score, review decision, override reason, and certification timestamp. It does not certify the accuracy of the underlying source document, the correctness of the extracted data, or the professional judgment applied by the User in certifying the record. Those remain the User's professional responsibility.

4.4

Certificate Request Process

Requests for Section 90A certificates should be submitted in writing to info@zentatechnologies.com with the relevant record identifier(s), the name of the requesting party, and the purpose for which the certificate is required. The Company will endeavour to respond within 10 business days. Certificates may be subject to an administrative fee for volume requests.

⚖️

This clause reflects GetZenta's design intent and the Company's willingness to support Users in legal and regulatory proceedings. It does not constitute legal advice. Users should consult qualified Malaysian legal counsel for advice on the admissibility of specific records in specific proceedings.

Section 05

Indemnity & Limitation of Liability

This section defines each party's responsibilities when things go wrong. It is designed to be fair: the Company accepts responsibility for what it controls, and the User accepts responsibility for what they control.

Zenta Technologies Indemnifies You Against

Company-Side Failures

Direct damages caused by a proven system-wide security breach of our core platform infrastructure, where the breach originates from a failure in the Company's own security controls and not from the User's actions or third-party sub-processor failures.

You Indemnify Zenta Technologies Against

User-Side Actions

Any claims, fines, LHDN penalties, or third-party losses arising from: unauthorised credential sharing, negligent verification of certified records, submission of fraudulent or misleading documents, or client-side data fraud once a record has been certified by the User.

5.2

Limitation of Liability

To the maximum extent permitted under the Consumer Protection Act 1999 and applicable Malaysian law, the Company's total aggregate liability for any claim arising under or in connection with this Agreement shall not exceed the total fees paid by the User in the six (6) months preceding the claim, or RM 1,000, whichever is higher. This cap applies to all claims in aggregate, not per incident.

5.3

Excluded Losses

To the maximum extent permitted by law, the Company is not liable for: indirect, consequential, or incidental losses; loss of profit or revenue; loss of data caused by the User's failure to maintain backups or export records; regulatory penalties arising from the User's professional decisions; or losses arising from the failure or unavailability of third-party sub-processors, government portals, or national infrastructure.

5.4

No Liability for Professional Decisions

The Company is not liable for any professional decision made by the User on the basis of AI-extracted data or platform-generated evidence signals. The User's professional judgment, applied through the Human-in-the-Loop review process, is the User's own act and the User's own responsibility.

Section 06

Subscription, Credits & Billing

GetZenta operates on a credit-based subscription model. This section defines how credits work, what happens when they expire, and what the refund policy is. Read it before you buy.

6.1

Evidence Credits

Platform features are consumed using Evidence Credits. Credit consumption rates are as follows: 1 standard receipt scan = 1 credit. 1 ESG analysis = 5 credits. Other feature credit costs are displayed in the platform before consumption. The Company reserves the right to adjust credit consumption rates on 30 days' written notice to registered Users.

6.2

Subscription Plans

Subscription fees are charged monthly in advance. Subscriptions auto-renew unless cancelled before the renewal date. Cancellation takes effect at the end of the current billing period — the User retains platform access and credit allocation for the remainder of the paid period. No pro-rata refunds are issued for early cancellation of an ongoing subscription period.

6.3

Credit Expiry

All purchased Evidence Credits expire six (6) months from the date of purchase. Monthly subscription credits expire at the end of each subscription month and do not roll over. Top-up credit packs expire six months from purchase regardless of subscription status. Expired credits are forfeited without refund.

6.4

Refund Policy

The Company's refund policy is credits-first, not cash-first. In the event of a verified platform error that incorrectly consumed credits, the Company will restore the affected credits. Cash refunds are issued only where required by applicable Malaysian consumer protection law. The Company does not issue refunds for unused credits, changed business circumstances, or User error in submitting incorrect documents.

6.5

Payment Processing

Payments are processed through Stripe. The Company does not store card numbers, banking credentials, or full payment instrument details. Transaction data received by the Company is limited to payment reference, amount, status, and timestamp. By making a payment, the User agrees to Stripe's own terms of service and privacy policy in addition to this Agreement.

6.6

Pricing Changes

The Company reserves the right to adjust subscription pricing and credit costs with 30 days' written notice to affected Users. Alpha Founding Partner accounts are subject to a separate founding rate commitment as specified in their individual onboarding agreement. Standard plan pricing changes do not affect Founding Partner rates.

Item	Policy
Monthly subscription credits	Expire end of subscription month · No rollover
Top-up credit packs	Expire 6 months from purchase date
Refund method	Credits restored for platform errors · Cash refunds only where legally required
Cancellation	Access continues to end of paid period · No pro-rata refund
Pricing change notice	30 days written notice to registered Users
Alpha Founding rate	Locked for life per individual onboarding agreement

Section 07

Infrastructure & Force Majeure

GetZenta depends on third-party infrastructure and government systems that are outside the Company's control. This section sets out what the Company is and is not responsible for when those dependencies fail.

7.1

Third-Party Infrastructure Dependencies

The User acknowledges that the platform depends on the availability of the following third-party infrastructure components: Supabase (database, authentication, storage, and Edge Functions), cloud AI services for OCR and extraction, and Stripe for payment processing. The Company maintains these dependencies to the standard described in the Data Processing Policy but cannot guarantee the continuous availability of third-party services.

7.2

Government Portal Dependencies

LHDN MyInvois workflow support within GetZenta depends on the availability and API stability of LHDN's own systems. The Company is not responsible for delays, errors, or unavailability in LHDN's systems, and no LHDN-related deadline failure caused by LHDN's own system downtime shall be attributed to the platform.

7.3

Force Majeure

The Company is not liable for any failure or delay in performance caused by circumstances beyond its reasonable control, including but not limited to: national ISP outages, government portal downtime, AWS or Supabase infrastructure failures, acts of God, civil unrest, or changes in Malaysian law or regulation that materially affect platform operations. The Company will communicate any significant force majeure event to registered Users as soon as reasonably practicable.

7.4

Backup Responsibility

The User is strongly advised to maintain independent digital backups of all Compliance Packs and certified records, as required under Section 82 of the Income Tax Act 1967. GetZenta provides export functionality for this purpose. Platform availability should not be relied upon as the sole archive of compliance-critical records.

Section 08

Termination & Data Export

This section governs what happens to your account and data when you stop using GetZenta — whether by choice or otherwise. Read this before closing your account.

8.1

Termination by the User

The User may cancel their subscription at any time via the platform's account management settings. Cancellation takes effect at the end of the current billing period. The User retains full platform access and all evidence records during the remainder of the paid period. After the paid period ends, the account enters a 90-day data export window during which records remain accessible for export but new processing is suspended.

8.2

Termination by the Company

The Company reserves the right to suspend or terminate an account immediately and without notice in cases of: material breach of these Terms of Service, suspected fraud or abuse of the platform, use of the platform for illegal purposes, or conduct that places other Users' data at risk. In non-urgent cases, the Company will provide 14 days' written notice before termination and allow the User to export their data during that period.

8.3

The 90-Day Export Window

Following account closure or subscription termination, the User's data is retained for 90 days to allow for data export. After this window expires, all evidence records, audit trail data, and account information are securely deleted or anonymised. The 90-day window is shorter than the 7-year record-keeping requirement under the Income Tax Act 1967. The User is solely responsible for exporting and maintaining their own compliant archive.

8.4

Extended Retention

Users who require data retention beyond the 90-day post-closure window — for example, to satisfy the 7-year ITA 1967 requirement — must arrange this in writing before account closure. Extended retention is subject to separate agreement and may incur an additional fee. Contact info@zentatechnologies.com to discuss extended retention arrangements.

⚠️

Export your records before closing your account. The 90-day post-closure window does not satisfy the 7-year retention requirement under Malaysian tax law. Once the window expires, your records cannot be recovered. Use the platform's export function to download your Compliance Packs before cancelling.

Section 09

Governing Law & Dispute Resolution

This Agreement is a Malaysian contract, governed by Malaysian law, and any disputes will be resolved in Malaysian courts. This section sets out the process for resolving disagreements before they reach that stage.

9.1

Governing Law

This Agreement shall be governed by and construed in accordance with the laws of Malaysia, including but not limited to the Contracts Act 1950, Consumer Protection Act 1999, Personal Data Protection Act 2010, Electronic Commerce Act 2006, Evidence Act 1950, and Income Tax Act 1967, as amended from time to time.

9.2

Jurisdiction

The parties submit to the exclusive jurisdiction of the courts of Malaysia for the resolution of any dispute arising under or in connection with this Agreement. The courts of Kuala Lumpur shall have primary jurisdiction unless otherwise agreed in writing.

9.3

Dispute Resolution — Good Faith First

Before initiating formal legal proceedings, the parties agree to attempt to resolve any dispute through good-faith negotiation. Either party may initiate this process by sending written notice of the dispute to the other party. The parties shall have 30 days from the date of that notice to attempt resolution. If resolution is not achieved within 30 days, either party may proceed with formal legal or arbitration proceedings.

9.4

Language

This Agreement is written in English. In the event of any conflict between an English version and any translated version, the English version shall prevail.

Legal & Dispute Contact

📧 Legal notices: info@zentatechnologies.com

📍 Zenta Technologies Sdn. Bhd. · Level 23-1, Premier Suite, One Mont Kiara, No 1 Jalan Kiara, 50480 Kuala Lumpur

📞 +603 2785 6806

Section 10

Amendments & Notifications

These Terms of Service will be updated as the platform evolves, as Malaysian law changes, and as the Company's practices develop. This section governs how those changes are communicated and when they take effect.

10.1

Right to Amend

The Company reserves the right to amend these Terms of Service at any time. Amendments will not be applied retroactively to events that occurred before the effective date of the amendment.

10.2

Notice of Material Changes

For material changes — those that affect the User's rights, liability, pricing, or data handling — the Company will provide at least 14 days' written notice via email to the registered account address and via in-platform notification. The effective date of the change will be clearly stated. Non-material changes such as clarifications, formatting corrections, or typographical fixes may be made without notice.

10.3

Continued Use as Acceptance

Continued use of the platform after the effective date of any amendment constitutes the User's acceptance of the updated Terms of Service. If the User does not accept a material change, they must cease using the platform and cancel their subscription before the effective date of the change. Contact info@zentatechnologies.com if you have questions about a specific amendment.

10.4

Severability

If any provision of these Terms of Service is found to be invalid, illegal, or unenforceable by a court of competent jurisdiction, the remaining provisions shall continue in full force and effect. The invalid provision shall be modified to the minimum extent necessary to make it enforceable, or severed entirely if modification is not possible.

10.5

Entire Agreement

These Terms of Service, together with the Privacy Policy, Data Processing Policy, and any separate onboarding agreement (such as the Alpha Founding Partner agreement), constitute the entire agreement between the Company and the User in relation to the GetZenta platform. They supersede all prior agreements, representations, and understandings.

These Terms of Service were last updated on 7 May 2026 and are effective from 31 March 2026. They are provided in plain language to the extent possible while maintaining legal accuracy. They do not constitute legal advice. Users with specific legal questions about these terms should consult a qualified Malaysian lawyer. Zenta Technologies Sdn. Bhd. · Company No: 202501060152 (1661558-W) · getzenta.com.my

Legal enquiries: info@zentatechnologies.com · Version 1.1 · Effective 31 March 2026

🔒 Privacy Policy → 📋 Data Processing Policy → 🛡️ Security Statement →