B2B Security Tool — Authorized Use Only

Terms & Conditions

Effective Date: May 15, 2025 | Governed by Indian Law | Jurisdiction: Bangalore, Karnataka

⚠ IMPORTANT — READ BEFORE USEGhOst AI is a B2B security and quality-assurance tool designed exclusively for organizations that own or operate online proctoring and assessment platforms, their authorized security researchers, and QA professionals. It is NOT intended for use by individual students, job seekers, or examination candidates. Unauthorized use is a criminal offence under the Public Examinations (Prevention of Unfair Means) Act, 2024, BNS 2023 Section 318, and the IT Act 2000 Section 66D.

⚠ Legal Disclaimer — Authorized B2B Use Only

GhOst AI (ghostai.one) is a business-to-business (B2B) security testing and quality assurance software tool. It is designed and licensed exclusively for:

Organizations that own, operate, or are contracted to audit online proctoring and assessment platforms
Authorized security researchers and penetration testers holding written authorization from the platform owner
QA professionals engaged under a professional services agreement
Academic institutions conducting approved security research

This tool is NOT intended for and must NOT be used by:

Individual students during college, university, or school examinations
Job seekers or candidates during recruitment tests, placement drives, or technical interviews
Any person seeking unauthorized assistance during a live proctored assessment

Criminal Liability Warning: Unauthorized use may constitute an offence under the Public Examinations (Prevention of Unfair Means) Act, 2024 (imprisonment up to 10 years), BNS 2023 Section 318 (cheating, up to 7 years), and IT Act 2000 Section 66D (cheating by impersonation using computer resources).

References to "interview assistance" or "undetectable overlay" in marketing materials are directed exclusively at platform vendors for security demonstration and QA audit purposes. These features are tools for identifying vulnerabilities in proctoring systems — not for facilitating cheating in real examinations. Governing Law: India | Jurisdiction: Bangalore, Karnataka.

Terms & Conditions →Privacy Policy →

1. Acceptance of Terms

These Terms & Conditions ("Terms") constitute a legally binding agreement between GhOst AI Technologies ("Company," "we," "us") and the entity or individual ("Client," "you") accessing the GhOst AI platform at ghostai.one ("Service"). By accessing or using the Service, you represent that you have read, understood, and agree to be bound by these Terms and all applicable Indian laws.

If you are accepting these Terms on behalf of a company or organization, you represent that you have the authority to bind that entity. These Terms supersede all prior agreements relating to the subject matter herein.

2. Description of Service

GhOst AI is a B2B security and quality-assurance software platform that enables:

Authorized penetration testing of online proctoring and assessment platforms
Vulnerability assessment and QA audits by platform owners and their designated security teams
Identification and responsible disclosure of security flaws in remote assessment infrastructure
Internal demonstration and audit of proctoring system weaknesses by platform vendors
Academic and institutional security research with prior written approval

Marketing Context ClarificationReferences to "interview assistance" or "coding assistant" features in marketing materials are directed exclusively at platform vendors for demonstration and testing purposes. These references do not authorize individual candidates, students, or job seekers to use the Service during any real examination or recruitment process.

3. Eligibility & Client Authorization

3.1 Eligible Users

Access to the Service is restricted exclusively to:

Organizations that own, operate, or are contracted to audit online proctoring or assessment platforms
Certified security researchers and penetration testers holding a valid written authorization from the platform owner
QA professionals and software engineers engaged by a platform owner under a professional services agreement
Academic institutions conducting approved cybersecurity research with institutional ethics board approval
The Company itself, for internal demos, sales demonstrations, and product development

3.2 Expressly Excluded Users

The following persons are STRICTLY PROHIBITED from using the Service:

Individual students seeking assistance during college, university, or school examinations
Job seekers or candidates using the Service during employment recruitment, campus placement drives, or technical interviews
Any person attempting to use the Service in an unauthorized manner during any live proctored assessment
Minors under the age of 18

3.3 Written Authorization Requirement

Prior to activating any testing or QA features, Clients must provide written proof of authorization from the target platform owner. This includes: (a) name of the platform, (b) scope of permitted testing, (c) duration of authorization, and (d) authorized signatory from the platform organization. The Company reserves the right to suspend access if authorization cannot be verified.

3.4 Age Verification

By registering, you confirm you are at least 18 years of age and legally competent to enter into a binding contract. The Company does not knowingly onboard minors. Under the Digital Personal Data Protection Act, 2023, children's data (persons under 18) is subject to special protections and parental/guardian consent requirements, which the Company cannot facilitate in a B2B context.

4. Permitted Uses

Subject to these Terms and a valid Authorization, Clients may use the Service solely for:

Authorized Penetration Testing: Testing the security posture of proctoring platforms with explicit written permission from the platform owner
Quality Assurance: Identifying bugs, loopholes, or detection failures in proctoring software prior to or during its production lifecycle
Vulnerability Assessment: Systematic evaluation of proctoring system defences as part of a contracted security engagement
Internal Research & Demo: Demonstrating platform vulnerabilities to prospective clients or conducting internal R&D
Institutional Security Research: Academic research projects approved by an institutional review board or ethics committee

5. Prohibited Uses & Anti-Misuse Policy

5.1 Absolutely Prohibited Activities

Using the Service without prior written authorization from the target platform owner
Use by individual students, candidates, or job seekers during any examination, test, or interview
Facilitating cheating, impersonation, or unauthorized assistance in any academic or recruitment assessment
Reverse-engineering, selling, sub-licensing, or redistributing the Service or its outputs
Using the Service to access, alter, or exfiltrate candidate personal data without authorization
Deploying the Service against any platform without a signed authorization agreement

5.2 Specific Academic & Recruitment Prohibition

Use of GhOst AI during or in connection with any of the following is absolutely prohibited:

Internal college or university examinations (semester, annual, or supplementary)
University board examinations and national competitive entrance examinations
Online proctored assessments conducted by any educational institution
Campus placement drives, off-campus recruitment tests, or lateral hiring assessments
Government service examinations (UPSC, SSC, PSC, etc.)
Any assessment where a candidate has not disclosed and received approval for tool usage

5.3 Criminal Liability Warning

Unauthorized use may attract liability under:

Public Examinations (Prevention of Unfair Means) Act, 2024 — imprisonment up to 3-10 years and fines
Bharatiya Nyaya Sanhita (BNS) 2023, Section 318 — cheating, punishable with imprisonment up to 7 years
Information Technology Act, 2000, Section 66D — cheating by personation using computer resources
IT Act 2000, Section 43 & 66 — unauthorized access to computer systems

5.4 Zero-Tolerance Enforcement

Upon receiving credible information or attaining "actual knowledge" (as defined under Section 79 of the IT Act, 2000) of unauthorized use, the Company will immediately suspend the account, preserve logs, and may report the incident to the relevant law enforcement authority and the institution or organization affected.

6. Responsible Disclosure Policy

6.1 Reporting Vulnerabilities Found During Testing

If a Client discovers a critical vulnerability in a third-party platform during authorized testing, they must:

Report the finding to the platform owner in writing within 72 hours of discovery
Provide a detailed technical write-up including proof-of-concept, severity rating, and suggested remediation
Not publicly disclose the vulnerability for a minimum of 90 days (standard responsible disclosure window) unless the platform owner waives this
Notify the Company at security@ghostai.one for record-keeping purposes

6.2 Vulnerabilities in GhOst AI Itself

If you discover a security vulnerability in the GhOst AI platform itself, report it to security@ghostai.one. The Company will acknowledge within 48 hours and aim to resolve critical issues within 30 days. The Company follows a coordinated vulnerability disclosure framework consistent with CERT-In guidelines.

7. Intermediary Status & Safe Harbour (IT Act 2000, Section 79)

7.1 Intermediary Status

GhOst AI operates as an "intermediary" as defined under Section 2(1)(w) of the Information Technology Act, 2000. The Company does not initiate, select, or modify data transmissions generated by Clients during authorized security testing.

7.2 Due Diligence Obligations

The Company maintains safe harbour under Section 79 of the IT Act by:

Publishing and enforcing these Terms prohibiting unauthorized use
Requiring written authorization from platform owners before activating testing features
Maintaining access logs for a minimum of 180 days as required by applicable rules
Cooperating with law enforcement and designated authorities upon lawful request
Appointing a Grievance Officer (see Section 8)

7.3 Loss of Safe Harbour

Safe harbour protection shall not apply if the Company has actual knowledge of ongoing misuse and fails to act expeditiously. Upon receiving a valid notice of misuse (including from CERT-In, a law enforcement authority, or an affected institution), the Company will act within 36 hours to disable access.

7.4 Takedown & Notice Procedure

To report misuse or request takedown, send a written notice to admin@ghostai.one containing: (a) identity of the complainant, (b) nature of the complaint, (c) evidence of misuse, and (d) relief sought. The Company will acknowledge within 24 hours and resolve within 15 days per Rule 4 of the IT (Intermediary Guidelines) Rules, 2021.

8. Grievance Officer

Grievance Officer Details — Mandatory under Rule 4, IT (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021

Name: Deva

Designation: Grievance Officer, GhOst AI Technologies

Email: admin@ghostai.one

Postal Address: GhOst AI Technologies, Bangalore, Karnataka – 560001, India

Response Timeline: Acknowledgment within 24 hours; Resolution within 15 days of receipt of complaint

Working Hours: Monday to Friday, 10:00 AM – 6:00 PM IST

9. Data Protection & Privacy (DPDP Act 2023)

9.1 Data Fiduciary Status

The Company acts as a "Data Fiduciary" as defined under Section 2(i) of the Digital Personal Data Protection Act, 2023 ("DPDP Act") with respect to personal data collected from Client representatives during onboarding and account management.

9.2 Lawful Basis for Processing

The Company processes personal data on the following lawful bases under the DPDP Act:

Consent: Freely given, specific, informed, and unambiguous consent obtained at registration
Contractual Necessity: Processing necessary to fulfil the B2B service agreement
Legitimate Interest: Security logging, fraud prevention, and service integrity
Legal Obligation: Compliance with lawful orders from competent authorities

9.3 Data Principal Rights

Client representatives (as Data Principals) have the right to:

Access personal data held by the Company (Section 11, DPDP Act)
Correct inaccurate or incomplete data (Section 12, DPDP Act)
Erasure of data no longer necessary for the stated purpose (Section 12, DPDP Act)
Nominate a representative for data rights in case of death or incapacity (Section 14, DPDP Act)
Grievance redressal through the Grievance Officer and, thereafter, the Data Protection Board of India

9.4 Data Breach Notification

In the event of a personal data breach, the Company shall notify affected Data Principals and the Data Protection Board of India within 72 hours of becoming aware, in the manner prescribed under the DPDP Act, 2023.

9.5 Data Storage & Localisation

Primary data for Indian Clients is stored on servers located within India. Where data is processed by third-party sub-processors outside India (e.g., AI model inference providers), the Company ensures adequate contractual safeguards, including standard contractual clauses, consistent with DPDP Act provisions on cross-border data transfer. Clients may request details of sub-processors by writing to the Grievance Officer.

Full details are set out in our Privacy Policy.

10. Subscriptions, Billing & RBI Compliance

10.1 B2B Subscription Agreements

Commercial access to the Service is governed by a Master Service Agreement ("MSA") executed between the Company and the Client organization. Pricing, billing cycles, and payment terms are set forth in the applicable Order Form.

10.2 Auto-Renewal

Subscriptions auto-renew at the end of each billing period unless the Client provides written notice of non-renewal at least 30 days before the renewal date. The Company will send a pre-renewal reminder at least 7 days prior.

10.3 RBI Recurring Payment Compliance

For Indian payment methods, the Company complies with the Reserve Bank of India's framework on recurring payments:

e-Mandate Registration: Clients will complete e-mandate registration per RBI circular DPSS.CO.PD No.1210/02.14.003/2019-20
Pre-Debit Notification: Clients will receive a notification at least 24 hours before each auto-debit
UPI AutoPay: Where payment is via UPI, UPI AutoPay mandate rules apply and Clients may revoke the mandate at any time through their UPI app

11. Cancellation & Refund Policy (Consumer Protection Act 2019)

11.1 B2B Refunds — Master Service Agreement

Refunds for enterprise Clients are primarily governed by the executed MSA. In the absence of specific MSA terms, the following apply.

11.2 7-Day Satisfaction Window for New Clients

New organizational Clients who have not previously subscribed may request a full refund within 7 calendar days of their first payment if the Service was not delivered as described. Requests must be submitted to billing@ghostai.one with reasons stated.

11.3 Refund Eligibility Criteria

Service was materially unavailable for more than 72 continuous hours due to Company-side failure
Core features advertised were not functional at the time of purchase
Client cancels within the 7-day window (first subscription only)

11.4 Non-Refundable Situations

Cancellations after 7 days from first payment (unless MSA provides otherwise)
Partial usage of a billing period
Suspension or termination due to policy violation by the Client

11.5 Consumer Forum Rights

Without prejudice to arbitration rights under Section 13, individual Client representatives who are consumers under the Consumer Protection Act, 2019 retain the right to approach the District Consumer Disputes Redressal Commission having jurisdiction. The Company will cooperate with any such proceedings.

Detailed policy: Cancellations & Refunds

12. Limitation of Liability

To the maximum extent permitted under Indian law, the Company's aggregate liability for any claim arising out of or relating to the Service shall not exceed the total fees paid by the Client in the 3 months preceding the event giving rise to the claim.

The Company shall not be liable for: (a) loss of profit, revenue, or data; (b) indirect, incidental, or consequential damages; (c) unauthorized use of the Service by persons who misrepresented their authorization; or (d) actions taken by Clients beyond the permitted scope of their authorization.

The Company bears no liability whatsoever for misuse of the Service by unauthorized users, including students or job seekers who access the Service in violation of these Terms. The Client organization through which such unauthorized access occurred shall bear full indemnification liability.

13. Indemnification

You agree to defend, indemnify, and hold harmless the Company, its directors, officers, employees, and agents from and against all claims, damages, losses, liabilities, and expenses (including reasonable legal fees) arising from:

Your use of the Service outside the scope of written authorization
Your violation of any applicable law, including the IT Act, DPDP Act, or BNS 2023
Use of the Service by any person within your organization without proper authorization
Any claim by a third party (including examination candidates or institutions) arising from your unauthorized use
Breach of confidentiality obligations regarding vulnerabilities discovered during testing

14. Dispute Resolution & Arbitration

14.1 Informal Resolution

Parties shall first attempt to resolve any dispute through good-faith negotiation for a period of 30 days from written notice of the dispute.

14.2 Arbitration Clause

If the dispute is not resolved informally, it shall be referred to and finally resolved by arbitration under the Arbitration and Conciliation Act, 1996 (as amended by the 2019 Amendment Act):

Seat & Venue: Bangalore, Karnataka, India
Number of Arbitrators: Sole Arbitrator mutually appointed by the parties
Language: English
Governing Rules: Arbitration and Conciliation Act, 1996
Award: Final and binding on both parties

14.3 Emergency Relief

Either party may seek urgent interim or injunctive relief from courts in Bangalore, Karnataka, without waiving the right to arbitration.

15. Governing Law & Jurisdiction

These Terms shall be governed by and construed in accordance with the laws of the Republic of India. Subject to the arbitration clause in Section 14, the courts at Bangalore, Karnataka shall have exclusive jurisdiction over any disputes not submitted to arbitration.

16. Changes to Terms

The Company reserves the right to modify these Terms at any time. Material changes will be communicated to Clients via email at least 14 days before taking effect. Continued use of the Service after the effective date constitutes acceptance of the revised Terms. It is the Client's responsibility to review these Terms periodically.

17. Contact Information

For general inquiries regarding these Terms:

GhOst AI Technologies

Bangalore, Karnataka – 560001, India

Email: contact@ghostai.one

Grievance: admin@ghostai.one

Security: security@ghostai.one

Website: ghostai.one