Terms of Service
These Terms and Conditions govern the licensing, deployment, and use of the AuthKey platform, APIs, SDKs, and associated documentation. Please read them carefully before deploying or utilizing the Software.
§ 1 Acceptance of Terms and Software License
By licensing, downloading, deploying, or utilizing the AuthKey platform, APIs, SDKs, and associated documentation (collectively, the "Software"), your organization ("Client") agrees to be bound by these Terms and Conditions. AuthKey grants the Client a limited, non-exclusive, non-transferable license to deploy the Software within the Client's own on-premise data centers or designated private cloud environments for internal business operations and customer-facing authentication flows.
§ 2 Deployment and Infrastructure Responsibilities
The Software is delivered for on-premise or private cloud deployment. The Client is solely responsible for the provisioning, configuration, security, and maintenance of the servers, networks, and infrastructure required to host the Software. AuthKey does not operate a multi-tenant or Software-as-a-Service (SaaS) environment and does not have access to the Client's deployed environment unless explicitly granted for support purposes under a separate agreement. The integration of AuthKey's SDKs into the Client's existing payment and approval systems is the responsibility of the Client's development teams.
§ 3 Data Storage and Cryptographic Material
The Software is designed to generate, process, and store sensitive authentication data, including user PINs, public keys, and One-Time Passwords (OTPs). Because the Software operates entirely within the Client's infrastructure, the Client retains total control over, and responsibility for, the security, lifecycle management, and backup of this data. The AuthKey platform is engineered to support the Client's compliance with established frameworks, including the implementation of robust cryptographic controls as defined in ISO/IEC 27001:2022 Annex A.8, and meets the authenticator assurance levels outlined in NIST SP 800-63B Section 4, ensuring enterprise-grade protection for stored credentials.
§ 4 Compliance and Regulatory Alignment
Designed for the stringent data residency and security requirements of the Southeast Asian financial sector, the on-premise nature of the Software ensures the Client maintains absolute data sovereignty. The Client remains solely responsible for ensuring that their deployment, architecture, and use of the Software comply with all applicable industry regulations, local data protection laws, and financial authority guidelines (e.g., PSD2 SCA).
Important: AuthKey provides tooling designed to support compliance, but the responsibility for verifying that your specific deployment satisfies all applicable regulatory requirements — including those imposed by Bank Negara Malaysia, MAS, OJK, or any other relevant authority — rests solely with the Client.
§ 5 Support and Maintenance
AuthKey will provide technical documentation, software updates, and security patches as outlined in a separate Service Level Agreement (SLA) or Master Services Agreement (MSA) executed between AuthKey and the Client.
§ 6 Intellectual Property
All intellectual property rights in the Software, including machine learning models, contextual risk analysis engines, proprietary APIs, and source code, remain the exclusive property of AuthKey. The Client may not reverse engineer, decompile, or create derivative works from the Software.
§ 7 Limitation of Liability
To the maximum extent permitted by applicable law, AuthKey shall not be liable for any indirect, incidental, special, consequential, or punitive damages, including loss of profits, data breaches occurring on the Client's infrastructure, or business disruption, arising out of the use or inability to use the Software.