Terms of Service

Last updated: 11 July 2026
Effective date: 11 August 2026


1. Agreement to Terms

These Terms of Service ("Terms") constitute a legally binding agreement between you, the licensed real estate agency or its authorised representative ("you", "your", or "the Agency"), and Korvos Pty Ltd (ABN 49 697 208 398) ("Korvos", "we", "us", or "our"), governing your access to and use of the Korvos platform, including all associated software, APIs, documentation, and services (collectively, the "Platform").

By creating an account, completing onboarding, or otherwise using the Platform, you acknowledge that you have read, understood, and agree to be bound by these Terms. If you are entering into these Terms on behalf of an agency, you represent and warrant that you have the authority to bind that agency.

If you do not agree to these Terms, you must not access or use the Platform.

2. Eligibility

The Platform is available only to:

  1. Licensed real estate agencies holding a current and valid licence issued by the relevant state or territory authority in Australia;
  2. Individuals who are at least 18 years of age and authorised to act on behalf of such a licensed agency; and
  3. Agencies that have a current Australian Business Number (ABN).

We reserve the right to verify your licensing status at any time, including by reference to the Office of Fair Trading (QLD), NSW Fair Trading, Consumer Affairs Victoria, or equivalent state and territory registers. If your agency licence is suspended, cancelled, or expires, we may immediately suspend or terminate your access to the Platform.

3. The Platform

3.1 What Korvos Does

Korvos runs the agency's operational tasks autonomously, with the licensed principal as supervisor and signatory. As features are activated for your agency, the Platform may perform identity verification, AML/CTF compliance, statutory document preparation, transaction monitoring, condition tracking, and buyer communication — under the standing delegation you grant at onboarding (see Section 4). The current set of activated features is published on our website and visible in your tenant settings; some capabilities described in these Terms are gated to future product phases (see Section 11 for Voice AI as an example).

Korvos surfaces only the nine decisions Australian law requires a real person to make (see Section 4.3). Everything else runs autonomously with a complete, hash-chained audit trail.

3.2 What Korvos Does Not Do

The Platform does not, and will never:

  1. Provide legal, financial, or tax advice. All generated documents carry the footer: "Prepared by Korvos under standing delegation from [Agency Legal Name]. Reviewed and approved by [Principal Name] on [Date]. This document does not constitute legal advice. The agency is the statutory responsible party."
  2. File suspicious matter reports (SMRs) or threshold transaction reports (TTRs) with AUSTRAC without a compliance officer's express decision. Korvos drafts the report; the compliance officer files it.
  3. Sign statutory instruments (including Form 6, REIQ Contract for Sale, or Form 2 Seller Disclosure) on behalf of parties. Parties sign their own instruments.
  4. Act outside the scope of the standing delegation set out in Section 4 and recorded in your sealed compliance programme.
  5. Guarantee compliance with any law or regulation. The Platform is a tool that assists your agency in meeting its obligations. The licensed principal retains statutory responsibility for all compliance decisions.
  6. Contract directly with sellers, buyers, or other parties. Korvos is a tool of licensed agencies and never operates without a licensed agency as the customer of record.
  7. Clone, replicate, or impersonate any natural person's voice. Voice AI uses a synthetic, Korvos-branded voice and identifies itself as AI at the commencement of every call.

4. Standing Delegation of Authority

4.1 Grant of Delegation

By accepting these Terms, the licensed principal of the Agency grants Korvos a scoped delegation of authority to act on the Agency's behalf in performing the operational functions described in these Terms. This delegation is consistent with Australian agency law, which permits delegation of administrative functions from a principal to an agent or administrator. As the Platform matures, Korvos may offer the option to execute a separate standing-delegation deed via Annature for evidentiary clarity; where executed, that deed prevails over this Section to the extent of any inconsistency.

4.2 Scope of Delegation

The standing delegation authorises Korvos to perform the following categories of actions on the Agency's behalf:

  1. Compliance operations: Identity verification (DVS, PEP screening, sanctions screening), KYC/KYB orchestration, transaction monitoring, AML/CTF programme maintenance, risk assessment, training record management, and AUSTRAC export preparation.
  2. Document preparation: Drafting of statutory and operational documents (including Form 6 appointments, REIQ contracts, Form 2 seller disclosures, trust account receipts, settlement statements, commission tax invoices, condition notices, vendor update reports, and marketing schedules) from matter data.
  3. Agency-internal instrument execution:Electronic execution and dispatch of agency-internal instruments — including marketing schedules, condition satisfaction and waiver notices, vendor update reports, multiple-offer notifications, and commission tax invoices — under the principal's pre-authorised scope, without per-document approval.
  4. Communication: Sending automated notifications, chasing condition deadlines, dispatching vendor updates, and — where enabled for the Agency — handling inbound buyer enquiries via Voice AI.

4.3 Limits of Delegation

The standing delegation does not extend to decisions that Australian law reserves to a natural person. The following nine categories of decisions (the "Nine Irreducible Human Moments") require your express action:

  1. Senior manager approval of the AML/CTF programme, risk assessment, enhanced customer due diligence (ECDD), and reliance arrangements.
  2. Appointment and continued existence of a named natural-person compliance officer.
  3. The "reasonable grounds for suspicion" decision for suspicious matter reporting to AUSTRAC.
  4. Seller signing of the Form 2 Seller Disclosure Statement under the Property Law Act 2023 (Qld) s 99.
  5. Parties signing statutory instruments (Form 6, REIQ Contract for Sale).
  6. Electronic signature of trust account receipts by the principal or other “person completing” under Agents Financial Administration Regulation 2014reg 9. The Platform's trust-receipt signing workflow ships as part of the trust-account module; the regulator-required signing step remains a human action even after the workflow is live.
  7. Engagement of an independent reviewer for the three-yearly independent review.
  8. Maintenance of a current agency licence and employment of licensed persons.
  9. The duty not to make false or misleading representations under the Property Occupations Act 2014 (Qld) ss 207 and 212 and the Australian Consumer Law — addressed at the system level through retrieval-grounded generation.

4.4 Revocation

You may revoke or modify the standing delegation at any time by written notice to us (and by amending your compliance programme). Revocation is effective on our receipt of your notice; on receipt we will cease performing the affected autonomous functions. You acknowledge that revocation may limit the Platform's ability to perform autonomous functions, and that certain features may become unavailable or require manual intervention.

4.5 Statutory Responsibility

The licensed principal retains full statutory responsibility for all decisions made under the Agency's name, including the compliance officer role. Korvos is a software tool that acts under the principal's delegation. The principal is the statutory responsible party.

5. Accounts and Access

5.1 Account Registration

To use the Platform, you must create an account and provide accurate, current, and complete information during registration and onboarding. You agree to update this information promptly if it changes.

5.2 User Roles

The Platform supports a configurable user-role model within each agency account. The role designations available to the Agency are published in the Platform's team-management settings; the current set is summarised below. Permissions for each role are documented in product and may be adjusted as the Platform evolves.

  1. Principal: Full access to all features, including compliance approvals, standing delegation management, billing, and user provisioning.
  2. Compliance Officer (AMLCO): Approval authority over the AML/CTF programme, risk assessments, ECDD, and SMR preparation. Required by AUSTRAC Rules 2025.
  3. Senior Agent: Access to all listings and matters within the agency; cannot approve compliance artefacts.
  4. Agent: Access to own listings and assigned matters.
  5. External Advisor: Read-only scoped access for external solicitors, conveyancers, or auditors retained by the Agency.
  6. Admin: User management and audit/compliance record access without operational matter access.

5.3 Account Security

You are responsible for maintaining the confidentiality of your account credentials and for all activity that occurs under your account. You must notify us immediately of any unauthorised access or use. Subject to Section 14.1, we are not liable for loss arising from your failure to secure your account credentials, except to the extent the loss was caused or contributed to by a defect in the Platform or by our act or omission.

5.4 User Limits

Each subscription tier includes a maximum number of users. If you exceed the user limit for your tier, you must upgrade to a higher tier or remove users to comply with your current plan.

6. Subscription and Billing

6.1 Subscription Tiers

The Platform is offered on a per-office, monthly subscription basis. Current tiers and pricing are published on our website and may be updated from time to time in accordance with Section 6.6. Tier features, user limits, and matter limits are as described on the pricing page at the time of your subscription.

6.2 Payment

Subscription fees are processed through Stripe (Stripe Payments Australia Pty Ltd). You authorise us to charge your nominated payment method on a recurring monthly basis. Your subscription renews automatically each month until you cancel it; you can cancel at any time (see Section 17.1), and cancellation stops all future renewals. All amounts are in Australian Dollars (AUD) and inclusive of GST where applicable. Korvos will issue a valid tax invoice for each payment. Stripe's processing of payment card data is governed by Stripe's own privacy terms — see our Privacy Policy, Section 12.1.

6.3 Buyer-Pays Compliance Checks

Where buyer-pays billing applies, certain compliance checks (including KYC bundles and KYB packs) are charged directly to the End Party (the buyer, seller, or party being verified) at the point the check is requested. Two settlement models apply:

  1. Direct billing (default).By default, Korvos is the merchant of record for buyer-paid checks. The End Party is charged by Korvos, Korvos issues the tax invoice and receipt to the End Party, and Korvos remits any GST payable on the check. The Agency does not handle the End Party's payment.
  2. Stripe Connect Express (optional). An Agency may instead activate a Stripe Connect Express account in its own legal name via the Platform. Where it does, the Agency becomes the merchant of record for buyer-paid checks, charges are issued as Stripe Connect destination charges with a Korvos application feetaken at settlement, the Agency issues the End Party's tax invoice, and Korvos operates as the platform operator under Stripe's Connect Platform Agreement. The Agency must keep its Connect onboarding current (including capability re-verification and any information Stripe requires); suspension of the Connect account by Stripe disables buyer-pays for that Agency until it is restored. Korvos does not control Stripe's onboarding decisions.
  3. Per-check charges.A buyer or seller paying for their own check is charged the disclosed per-check fee (currently A$25 for the KYC bundle and A$45–A$145 for KYB packs, depending on entity type and the depth of beneficial-ownership verification). Stripe's Australian processing fees (1.7% + A$0.30, inclusive of GST) apply to the transaction.
  4. Credit-back against subscription.Korvos credits 100% of the buyer-pays revenue earned in a billing period back against the Agency's subscription, applied to the Agency's next subscription invoice, up to the licence fee cap. Buyer-pays revenue in excess of the licence fee cap accrues to Korvos.
  5. End Party disclosures.The Platform displays the applicable per-check fee, processing fees, GST treatment, and Stripe's privacy terms to the End Party before any card is charged. Refunds are processed through Stripe, our payment processor; your rights under the Australian Consumer Law are not affected by Stripe's processing arrangements. Where a completed check fails to meet a consumer guarantee, your remedy (which may include a full or partial refund of the price you paid) is determined by the Australian Consumer Law and is not reduced by amounts Korvos has already paid to third-party providers (DVS, sanctions, PEP, adverse media). Where a check was properly supplied, those third-party amounts are consumed and are not separately refundable.

6.4 Per-Document Fees

Certain features may incur additional per-document fees (for example, complex KYB entity chain verification, or search disbursements passed through at cost). These fees will be clearly disclosed before you incur them and will be charged to your payment method on a monthly billing cycle.

6.5 Free Access Period and Billing Commencement

Free access until 1 July 2026 (pre-commencement sign-ups). Subscriptions opened before 1 July 2026 (AUSTRAC Tranche 2 commencement) were provided at no charge until that date. Subscription billing commenced on 1 July 2026 at the applicable rate (Section 6.6).

Billing commences at sign-up (sign-ups from 1 July 2026). Subscriptions opened on or after 1 July 2026 are billed from the date the subscription is created; there is no free trial period. Pay-per-use charges (including DVS identity verification at the then-current per-check rate and any third-party search disbursements) are incurred and billed as the services are requested, because Korvos pays these third parties on your behalf at that time.

Refunds and change of mind. Subscription fees and pay-per-use charges are for services as supplied and are not refundable for change of mind. This does not affect your rights under the Australian Consumer Law: nothing in these Terms excludes, restricts or modifies any consumer guarantee, right or remedy that cannot lawfully be excluded, and where a service fails to meet a consumer guarantee you are entitled to a remedy as required by law (see Section 14). Refunds may also be issued at our discretion on a goodwill basis by contacting contact@korvos.com.au. Third-party disbursements (for example DVS identity checks, title searches, and eSignature fees) are consumed when the service is performed and are not otherwise refundable, except to the extent a non-excludable consumer guarantee entitles you to a remedy. See our Refund and Cancellation Policy for the full position.

6.6 Price Lock and Price Changes

Lifetime price lock. Your subscription fee is locked at the rate disclosed in your tier description at the time you subscribed and is held for the entire lifetime of the subscription, while the subscription remains continuously active. Korvos does not run promotions, founding-member deals, or limited-time discounts; the rate you sign up at is the rate you pay, and it will not increase for the duration of your continuous subscription, regardless of third-party wholesale cost changes or changes to the list price for new customers.

Cancellation and resubscription.The lifetime price lock applies for the duration of the subscription's continuous active term. If you cancel your subscription and later resubscribe, the then-current list rate for your tier applies to the new subscription; the lifetime lock does not survive cancellation. Pausing or downgrading a subscription does not break the lock; cancellation does.

Pay-per-use rates.Per-check DVS rates, third-party search disbursements, and other pay-per-use charges are passed through at the prevailing third-party cost and are not covered by the lifetime price lock. We will provide at least thirty (30) days' written notice before any change to pay-per-use rates takes effect.

List-price changes for new customers.Korvos may adjust the list price applicable to new subscriptions from time to time. Existing subscribers stay on their locked rate for as long as the subscription remains continuously active and are not migrated to the new list price. We will provide at least thirty (30) days' written notice before any change to the list price applicable to new sign-ups.

6.7 Taxes

All stated prices are inclusive of GST. Korvos will remit GST to the Australian Taxation Office. You are responsible for any other taxes, duties, or charges imposed on your agency in connection with your use of the Platform, excluding taxes on our net income.

6.8 Late Payment

If payment fails, we will notify you and provide a 14-day grace period. If payment is not received within the grace period, we may suspend your access to the Platform. During suspension, your data remains intact and accessible for export. We will not delete your data due to non-payment without providing at least 30 days' notice after suspension.

7. Data Collection, Use, and Privacy

7.1 Collection of Personal Information

In the course of providing the Platform, we collect personal information including:

  1. Agency personnel data: Names, email addresses, phone numbers, and role designations of your staff who use the Platform.
  2. Party data: Names, dates of birth, addresses, identity document details, entity structures, beneficial ownership information, and contact details of individuals and entities involved in your real estate transactions, as entered by you or obtained through identity verification processes.
  3. Transaction data: Listing details, property information, contract terms, conditions, offer details, settlement information, commission details, and all associated documents.
  4. Compliance data: KYC/KYB verification results, PEP and sanctions screening outcomes, transaction monitoring alerts, risk assessments, AML/CTF programme records, training records, and SMR/TTR preparation data.
  5. Usage data: Login activity, feature usage, session duration, user interactions, error logs, and performance metrics.
  6. Voice AI data: Call recordings, transcripts, caller contact details, and structured data extracted from voice interactions (where Voice AI features are enabled).
  7. Communication data: Emails, notifications, and messages sent through or generated by the Platform.
  8. Device and technical data: IP addresses, browser type, operating system, and device identifiers.

This collection is reasonably necessary for the Platform's primary purposes: AML/CTF compliance, statutory document preparation, agency operation, and platform security, consistent with Australian Privacy Principle 3 (Privacy Act 1988 (Cth)).

7.2 Use of Personal Information

We use personal information for the following purposes:

  1. Primary purposes: Operating the Platform, providing AML/CTF compliance services, preparing statutory documents, executing standing delegation functions, identity verification, and managing your account.
  2. Related secondary purposes: Platform improvement, product development, customer support, security monitoring, fraud prevention, and service notifications — purposes you would reasonably expect in connection with the primary purpose (APP 6.2(a)).
  3. Legal obligations: Complying with applicable laws, regulations, and lawful requests from regulatory authorities, including AUSTRAC (APP 6.2(b)).
  4. Anonymised analytics: As described in Section 8.

7.3 Data Residency

Personal information is stored and processed within Australia, specifically in the ap-southeast-2 (Sydney) region. This includes our database (Supabase Postgres, ap-southeast-2), our AI inference endpoint (AWS Bedrock, ap-southeast-2), object storage and long-term archival (Supabase Storage and AWS S3 with Object Lock, ap-southeast-2), and our application runtime (Vercel syd1).

Two services in our active stack have US-hosted infrastructure and a small number of metadata fields transit them. We have architected each integration to ensure no personal information leaves Australia:

  • Inngest (workflow orchestration): Inngest event payloads contain only opaque unique identifiers (UUIDs) — no names, addresses, identity details, agency identifiers, or any data that qualifies as personal information is included in Inngest payloads. Each workflow step re-reads the snapshot it needs from Supabase (Sydney) inside the step boundary.
  • Stripe(billing and Stripe Connect Express AU): Stripe processes payment card data on its own PCI-DSS-compliant infrastructure. Card data may be processed outside Australia under Stripe's own terms — see our Privacy Policy, Section 12.1 for the APP 8 framing.

7.4 Data Security

We implement the following security measures, consistent with APP 11:

  1. Row-Level Security (RLS) enforced at the database level on every table, ensuring strict tenant data isolation.
  2. Encryption at rest (AES-256) for all stored data.
  3. Encryption in transit (TLS 1.2+) for all data transmission.
  4. Append-only AML/CTF record storage (INSERT and SELECT permissions only at the PostgreSQL level — no UPDATE or DELETE).
  5. SHA-256 hash chaining for tamper-evident audit trails.
  6. UPDATE, DELETE, and TRUNCATE permissions revoked from authenticated and anon roles on every AML/CTF table, with BEFORE-trigger functions as defence-in-depth, ensuring sealed records cannot be modified or deleted for the 7-year retention period.
  7. Service role key access restricted to tenant provisioning and administrative migrations — never used for user-facing data operations. Restriction is enforced by a CI lint rule that refuses imports outside an explicit allowlist.
  8. Input validation and sanitisation on all API boundaries.
  9. Cloudflare Turnstile bot gate and per-IP rate limits on every unauthenticated authentication endpoint (signup, login, password-reset).
  10. Per-tenant credential storage in Supabase Vault for the integrations that store credentials on the agency’s behalf (rolled out per integration as those features ship).

7.5 Privacy Policy

Our collection, use, disclosure, and handling of personal information is further described in our Privacy Policy, which forms part of these Terms. In the event of any inconsistency between these Terms and the Privacy Policy on matters of personal information handling, the Privacy Policy prevails.

7.6 Collection Notices for Third Parties

Where you enter personal information of third parties (including buyers, sellers, directors, trustees, and beneficial owners) into the Platform, you are responsible for ensuring those individuals have been notified of the collection in accordance with Australian Privacy Principle 5. We provide template collection notices within the Platform for this purpose.

7.7 Individual Access and Correction Rights

Individual rights of access (APP 12) and correction (APP 13) in respect of personal information held on the Platform are described in our Privacy Policy.

8. Anonymised Data, Intelligence, and Benchmarking

8.1 Aggregated and Anonymised Data

Korvos may collect, aggregate, and anonymise operational data from your use of the Platform to improve the Platform, develop benchmarks, train risk models, and enhance services for all users. Aggregated data is anonymised such that no individual, agency, or transaction is identifiable. This de-identified, aggregated data may be retained and used to improve the Platform, develop benchmarks, and for de-identified research.

For the purposes of this Section, "anonymised data"means data that has been processed such that it can no longer be used to identify a specific individual, agency, property, or transaction, either directly or in combination with other data. Anonymised data is not "personal information" within the meaning of the Privacy Act 1988 (Cth) and is not subject to the Australian Privacy Principles.

8.2 Cross-Tenant Anonymised Pattern Matching (Future Capability)

The cross-tenant anonymised identity registry described in this Section is a future Platform capability and is not active at the date of these Terms. The disclosures below are published in advance so the architecture and consent framework are visible before activation. Korvos will provide a separate End Party collection notice and Agency Customer notification before the feature is enabled, and the framing below may be revised in light of regulator guidance before launch.

When activated, the Platform may maintain an anonymised identity registry for the purpose of cross-tenant risk signal aggregation, intended to operate as follows:

  1. At KYC completion, a keyed HMAC-SHA256 cryptographic hash of the normalised legal name and date of birth of each verified party would be computed and stored in a global registry.
  2. The hash is a one-way function — it cannot be reversed to derive the original name or date of birth.
  3. The cryptographic key used for hashing is held exclusively by Korvos and is not shared with any Agency Customer or third party.
  4. No personal information, agency identity, or transaction detail crosses tenant boundaries.
  5. When a matching hash is detected, the Platform returns only banded signals — such as activity level (e.g. first-time buyer, active, investor) and historical fall-over risk band (e.g. low, medium, high).
  6. The originating agency's identity and data are never disclosed to the querying agency.

8.3 Intelligence Layer and Data Products

Korvos may use anonymised, aggregated data derived from Platform usage to improve the Platform and to produce internal benchmarks and de-identified research, including:

  1. Compliance benchmarks comparing anonymised performance metrics across the platform (for example, average KYC completion time and programme-quality indicators).
  2. Improvement of the Platform's risk-assessment capabilities using anonymised, aggregated signals.
  3. De-identified, aggregated industry statistics for internal research and reporting.

Korvos does not sell your data, and does not provide personal information about you or any End Party to third parties for their own commercial purposes.

All intelligence products are subject to the following safeguards:

  1. A minimum cell size of 20 records per data point to prevent re-identification (k-anonymity).
  2. No individual agency, transaction, party, or property is identifiable in any published or shared data.
  3. AML/CTF compliance data (including source-of-funds records, ECDD details, and SMR preparation data) is never included in intelligence products or cross-tenant aggregation. There is no query path from AML-prefixed tables to intelligence layer outputs.

8.4 Your Rights Regarding Anonymised Data

Where data has been de-identified to the standard required by the Privacy Act 1988 so that it no longer reasonably identifies an individual, it falls outside the access, correction and deletion rights in the Australian Privacy Principles. We apply de-identification to that standard; if you or an individual consider that particular data remains personal information, contact our Privacy Officer and we will assess it. De-identified, aggregated data may be retained after termination of your subscription.

8.5 Self-Improving AI

The Platform uses anonymised operational feedback — including document edit patterns, monitoring alert outcomes, and verification results — to improve its performance over time. This includes adjusting risk model weightings, refining document drafting quality, and calibrating verification confidence thresholds. All feedback data used for this purpose is anonymised and aggregated across the platform. Identity- document data and AML/CTF screening outcomes are excluded from this feedback, and no individually identifiable data is used to train or fine-tune any AI model.

9. AML/CTF Record-Keeping and Retention

9.1 Statutory Retention Obligations

The Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) requires reporting entities to retain certain records for seven (7) years from the date the last designated service was provided to the relevant customer. The Platform is designed to assist your agency in meeting these obligations.

9.2 Append-Only Records

All AML/CTF records stored in the Platform are maintained in append-only tables. This means:

  1. Records can be created and read, but not modified or deleted — at the database level, not merely at the application level.
  2. Each record includes a SHA-256 hash of the preceding record in its chain, providing cryptographic evidence of completeness and tamper-resistance.
  3. Generated PDFs and identity documents are held in tenant-prefixed Supabase Storage paths in ap-southeast-2; the underlying database records are append-only and hash-chained for the full retention period.

9.3 Post-Termination Data Retention

Upon termination or expiry of your subscription:

  1. AML/CTF records subject to the 7-year statutory retention requirement will be retained for the balance of the retention period, measured from the date the last designated service was provided to each relevant customer. These records will remain in append-only, hash-chained storage and will be available for export upon your request.
  2. Non-AML/CTF data (including matter records, documents, and operational data not subject to statutory retention) will be retained for 90 days following termination. During this period, you may request an export of your data in a standard, machine-readable format. After 90 days, non-retained data will be securely deleted.
  3. Where non-AML/CTF data is materially related to an AML/CTF record that is subject to ongoing statutory retention (for example, a listing document referencing a party who is also the subject of ongoing transaction monitoring), we may retain that related data for the duration of the AML/CTF retention period.
  4. Anonymised data (as described in Section 8) is retained indefinitely and is not subject to deletion upon termination, as it does not constitute personal information.
  5. We will provide you with an AUSTRAC-auditable export of all AML/CTF records upon request, at no additional charge, at any time during your subscription or during the post-termination retention period.

9.4 Legal Hold

If any matter is subject to litigation, regulatory investigation, or legal hold, you must notify us promptly. We will suspend automated retention processing for the relevant records until the hold is lifted.

9.5 Tipping-Off Protections

In accordance with s 123 of the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth), suspicious matter report (SMR) data is subject to strict access controls within the Platform. SMR preparation data, filing decisions, and AUSTRAC reference numbers are visible only to the compliance officer and senior manager roles. The Platform enforces role-based access to prevent inadvertent disclosure of SMR-related information to other staff or third parties. You acknowledge that tipping off is a criminal offence under s 123 of the AML/CTF Act, carrying a penalty of up to 2 years' imprisonment, 120 penalty units, or both. Since 31 March 2025 the offence applies to a disclosure of information about an SMR (or related SMR-preparation activity) where the disclosure would or could reasonably be expected to prejudice an investigation. You must ensure that your staff do not make such a disclosure to any person, including the subject of the report.

10. AI-Generated Documents and Verifier Framework

10.1 Document Generation

The Platform generates statutory and operational documents using AI (specifically, large language models accessed via AWS Bedrock Sydney). Every generated document field traces to a data source: the source may be a verified data provider (such as ABR, Geoscape, QBCC, or CITEC Confirm), a party record entered by you, listing terms, a calculation, or AI-generated content that is retrieval-grounded against verified data with source citations.

10.2 Verifier Agents

The Platform applies a verifier framework to generated artefacts before sealing. The current verifier scope covers the AML/CTF compliance artefacts (programme, risk assessment, ECDD packs, and related compliance evidence). Verifier coverage for statutory and operational documents (Form 6, contracts, Form 2, trust receipts, settlement statements) is rolling out as those generators ship, and the applicable scope at any time is published in the Platform's product documentation.

Where applied, the verifier:

  1. Re-reads every source document cited by the generating AI;
  2. Confirms every extracted field matches its source within tolerance;
  3. Runs applicable statutory rule-engines (for example, Property Occupations Act 2014 (Qld) s 112 (with s 103) for the 90-day cap on sole or exclusive agency appointments and s 104 for rebate and benefit disclosure, Agents Financial Administration Regulation 2014 reg 9 for trust receipt structure, A New Tax System (Goods and Services Tax) Act 1999 s 29-70 for tax invoice format); and
  4. Refuses to seal artefacts with unresolved anomalies, instead surfacing the specific disputed field to the exception queue.

10.3 Exception-Based Review

Document fields are automatically included in the final document when they meet all of the following criteria: the extraction confidence exceeds the applicable threshold, the value falls within historical variance, and the field is not on a statutory-critical list requiring human review. Fields that do not meet these criteria are surfaced for your review as exceptions.

10.4 Retrieval-Grounded Generation

For all contract-inducing content (including property descriptions, vendor updates, offer presentations, and marketing materials), the Platform uses retrieval-grounded generation. This means every factual claim is sourced from a verified data provider or record, and the source citation is captured in the audit trail. The Platform does not generate free-form content from model training data for public-facing or contract-inducing artefacts.

10.5 Document Liability

AI-generated documents are tools prepared on behalf of your agency under standing delegation. You acknowledge that:

  1. The licensed principal is the statutory responsible party for all documents issued under the Agency's name.
  2. While the Platform employs verifier agents and statutory rule-engines to reduce errors, no automated system is infallible. The principal retains supervisory responsibility.
  3. The document generation liability footer is automatically applied to every generated PDF and must not be removed.
  4. Korvos does not warrant that any generated document is free from error. Our liability for document errors is limited as set out in Section 14.

11. Voice AI (Future Capability)

Voice AI is a future Platform capability and is not active at the date of these Terms. The terms below take effect only when Voice AI is activated for the Agency. Korvos will provide a separate collection notice and updated consent flow before the feature is enabled. The disclosures in this Section are published in advance so the contractual framework is in place at activation.

11.1 Disclosure

When activated, Voice AI handles inbound buyer enquiries using a synthetic, Korvos-branded AI voice. The AI identifies itself as an AI system at the commencement of every call, in compliance with applicable consumer protection and telecommunications laws.

11.2 Retrieval-Grounded Responses

Voice AI responses are grounded in verified listing data from the relevant matter record. The Voice AI does not generate unsourced claims about properties. All responses are traceable to verified data in the matter record.

11.3 Call Recording and Transcription

When activated, Voice AI calls may be recorded and transcribed. Recordings and transcripts are stored in the matter record as part of the audit trail. Australian state and territory laws on recording private conversations vary: Queensland, New South Wales, South Australia, the Northern Territory, the Australian Capital Territory, and Tasmania apply one-party consent; Victoria (under the Surveillance Devices Act 1999 (Vic)) and Western Australia (under the Surveillance Devices Act 1998 (WA)) require notification to all parties. To meet the strictest requirement, the Voice AI announces itself and the fact that the call is recorded at the start of every call. You remain responsible for ensuring your configuration complies with the law in each jurisdiction in which you operate.

11.4 Data from Voice Interactions

Structured data extracted from voice interactions (including buyer contact details, property interest, inspection booking requests, and buyer qualification signals) is written to the relevant matter record and treated as party data under these Terms.

12. Intellectual Property

12.1 Platform IP

Korvos retains all intellectual property rights in the Platform, including all software, algorithms, AI models, verifier frameworks, statutory rule-engines, user interface designs, documentation, and branding. Nothing in these Terms transfers any IP rights to you, except the limited licence to use the Platform during your subscription.

12.2 Your Data

You retain ownership of all data you input into the Platform, including party records, listing details, and transaction data. You grant us a non-exclusive, royalty-free licence — exercised within Australia (ap-southeast-2), consistent with Section 7.3 — to use, process, and store your data for the purposes of providing the Platform services, complying with legal obligations (including statutory record retention), and generating de-identified, aggregated data as described in Section 8.

12.3 Generated Documents

Documents generated by the Platform on behalf of your agency are your property. We retain no proprietary claim over the content of documents generated from your data. We retain the right to use the structure, templates, and methodology of document generation as part of our Platform IP.

12.4 Feedback

If you provide feedback, suggestions, or feature requests regarding the Platform, you grant us a non-exclusive, royalty-free licence to use, modify, and incorporate the ideas, concepts, and suggestions contained in that feedback into the Platform without compensation. You retain any intellectual property in the feedback itself.

13. Acceptable Use

You agree not to:

  1. Use the Platform for any purpose that is unlawful or prohibited by these Terms.
  2. Attempt to access data belonging to another agency or tenant on the Platform.
  3. Reverse engineer, decompile, or disassemble any part of the Platform.
  4. Use the Platform to store or transmit malicious code, malware, or any harmful software.
  5. Interfere with or disrupt the integrity or performance of the Platform.
  6. Use the Platform on behalf of an agency that does not hold a current, valid licence in the relevant Australian state or territory.
  7. Remove, alter, or obscure the document generation liability footer from any generated document.
  8. Enter false or misleading information into the Platform, including fabricated party details, transaction data, or compliance records.
  9. Use the Platform to circumvent, avoid, or undermine AML/CTF obligations, including by failing to report suspicious matters or by structuring transactions to avoid threshold reporting.
  10. Resell, sublicence, or provide access to the Platform to third parties without our prior written consent.
  11. Use automated scripts, bots, or crawlers to access the Platform except through our published APIs.

14. Limitation of Liability

14.1 Your rights under the Australian Consumer Law (this Section is subject to them)

Nothing in these Terms — including the exclusions in Section 14.2 and the cap in Section 14.3 — excludes, restricts or modifies any guarantee, right or remedy that you or any End Party (buyer or seller) has under any law that cannot lawfully be excluded, restricted or modified. This includes the consumer guarantees under the Competition and Consumer Act 2010 (Cth), Schedule 2 (Australian Consumer Law), and the right to recover reasonably foreseeable loss or damage for a failure to comply with a consumer guarantee under section 267(4) of that Schedule. Every exclusion, limitation and cap in this Section 14 applies only to the extent the law permits, and does not apply to our liability for a failure to comply with a consumer guarantee.

Where a liability can lawfully be limited but not excluded, and the services are not of a kind ordinarily acquired for personal, domestic or household use, our liability for a failure to comply with a consumer guarantee is limited, at our option, to resupplying the affected services or paying the cost of having them resupplied. This limitation is not available for services of a kind ordinarily acquired for personal, domestic or household use. The terms on which End Parties pay for individual identity checks, and the consumer rights that apply to those payments (which are not limited by this Section 14), are set out in our Refund and Cancellation Policy.

14.2 Exclusion of Certain Liabilities

Subject to Section 14.1, and in respect of our liability to you (the Agency) only, Korvos excludes liability to the maximum extent permitted by law for:

  1. Indirect and consequential loss: Loss of profits, revenue, business, goodwill, data (except as required by statutory retention obligations), anticipated savings, or any indirect, special, or consequential loss or damage, howsoever caused.
  2. Third-party actions or omissions: Acts or omissions of third-party service providers integrated with the Platform, including identity verification providers, search brokers, eSignature providers, and CRM platforms.
  3. Regulatory outcomes: Any decision, finding, or penalty issued by AUSTRAC, the OFT, or any other regulatory body. The Platform is a compliance tool; it does not guarantee compliance outcomes.
  4. Content accuracy: Errors or inaccuracies in data obtained from third-party sources (including land title registries, council records, government registers, and search providers) that are incorporated into generated documents.
  5. Standing delegation actions:Any loss arising from actions taken by the Platform under the standing delegation you grant, except to the extent caused by (i) a defect in the Platform's software, (ii) our negligence in the design or operation of the Platform, or (iii) inaccurate data provided by you or your staff that caused the loss.

Nothing in this Section excludes or limits our liability for fraud, wilful misconduct, or death or personal injury caused by our negligence.

14.3 Liability Cap

Subject to Section 14.1, our total aggregate liability to you under or in connection with these Terms, whether in contract, tort (including negligence), statute, or otherwise, is limited to the greater of:

  1. The total subscription fees paid by you in the 12-month period immediately preceding the event giving rise to the claim; or
  2. AUD $5,000.

This cap does not apply to, and does not limit, any liability of Korvos for a failure to comply with a consumer guarantee under the Australian Consumer Law; that liability is dealt with under Section 14.1.

15. Indemnification

15.1 Your Indemnity

You indemnify Korvos, its officers, employees, and agents against all claims, losses, damages, liabilities, costs, and expenses (including reasonable legal fees) to the extent arising from:

  1. Your breach of these Terms.
  2. Your failure to comply with applicable laws, including AML/CTF obligations, real estate licensing requirements, and the Privacy Act.
  3. Inaccurate or misleading data entered by you or your staff into the Platform.
  4. Any claim by a third party to the extent it arises from inaccurate, incomplete or misleading data you or your staff entered, or from your use of a document in a manner inconsistent with the standing delegation scope or after removal of the statutory footer.
  5. Your use of the Platform in a manner inconsistent with the standing delegation scope.

This indemnity does not apply, and is reduced proportionately, to the extent that a defect in the Platform (including the document generator, verifier, or statutory rule-engine) or any act or omission of Korvos caused or contributed to the relevant claim, loss, damage, liability, cost or expense.

15.2 Our Indemnity

Korvos indemnifies you against any claim that the Platform infringes the intellectual property rights of a third party in Australia, provided that: (a) you notify us promptly of such claim; (b) you grant us sole control of the defence and settlement; and (c) you provide reasonable assistance at our expense. This indemnity does not apply to claims arising from your data, your modifications to the Platform, or your use of the Platform in combination with third-party products.

16. Service Availability

16.1 Availability Target

Subject to Section 14.1, we target 99.5% uptime for the Platform, measured monthly, excluding scheduled maintenance. This is a target, not a guarantee, and we do not offer service-level credits unless expressly agreed in a separate Enterprise agreement. Nothing in this Section limits any remedy you have for a failure to meet a consumer guarantee under the Australian Consumer Law.

16.2 Scheduled Maintenance

We will provide at least 24 hours' notice of scheduled maintenance that may affect Platform availability. Where practicable, maintenance will be scheduled outside of Australian Eastern Standard Time business hours (9:00 am to 5:00 pm AEST).

16.3 Force Majeure

Neither party is liable for any failure or delay in performing its obligations under these Terms to the extent that such failure or delay is caused by circumstances beyond its reasonable control, including natural disasters, acts of government, internet or telecommunications failures, infrastructure provider outages, cyberattacks, or pandemics. A party may not rely on this clause to the extent the failure or delay was caused or contributed to by its own negligence or breach of these Terms, including a cyberattack that exploited a security defect within that party's reasonable control.

16.4 Graceful Degradation

The Platform is designed so that the failure of any single integrated service (such as a CRM, search provider, or identity verification service) does not prevent the use of other Platform features. If a third-party integration is unavailable, the Platform degrades gracefully to manual entry or alternative workflows.

17. Termination

17.1 Termination by You

You may cancel your subscription at any time through the Platform or by written notice to us. Cancellation takes effect at the end of your current billing period, and you are not charged again after that. You are not entitled to a refund of the fee for the current billing period for change of mind. This does not affect any refund or remedy you are entitled to under the Australian Consumer Law (see Section 14) or under our Refund and Cancellation Policy.

In addition, you may terminate immediately by written notice if Korvos commits a material breach of these Terms and fails to remedy it within 14 days of written notice. In that case we will refund any prepaid subscription fees attributable to billing periods after the termination date on a pro-rata basis.

17.2 Termination by Us

We may terminate or suspend your access to the Platform:

  1. Immediately, if you breach any material provision of these Terms and fail to remedy the breach within 14 days of written notice.
  2. Immediately, if your agency licence is suspended, cancelled, or expires.
  3. Immediately, if we reasonably believe your use of the Platform constitutes or facilitates money laundering, terrorism financing, or other criminal activity.
  4. On 180 days' written notice, for any reason, including discontinuation of the Platform.

Where we terminate without cause under paragraph (d), we will (i) keep data export facilities available throughout the notice period at no additional charge, (ii) provide an AUSTRAC-auditable export of all AML/CTF records in the format described in Section 17.4, and (iii) refund any prepaid subscription fees attributable to billing periods after the termination date on a pro-rata basis.

17.3 Effect of Termination

Upon termination:

  1. Your right to access and use the Platform ceases immediately (or at the end of the billing period, for voluntary cancellation).
  2. Data retention and export rights apply as set out in Section 9.3.
  3. Sections that by their nature should survive termination will survive, including Sections 8 (Anonymised Data), 9 (AML/CTF Record Retention), 12 (Intellectual Property), 14 (Limitation of Liability), 15 (Indemnification), 18 (Dispute Resolution), and 19 (Governing Law).

17.4 Data Portability

Upon written request during your subscription or during the 90-day post-termination period, we will provide an export of your data in a standard, machine-readable format (JSON or CSV). AML/CTF records can be exported in AUSTRAC-auditable ZIP format at any time.

18. Dispute Resolution

18.1 Good Faith Negotiation

If a dispute arises under or in connection with these Terms, the parties agree to first attempt to resolve the dispute by good faith negotiation for a period of 30 days from written notice of the dispute.

18.2 Mediation

If the dispute is not resolved by negotiation within 30 days, either party may refer the dispute to mediation administered by the Resolution Institute (or its successor body) in Brisbane, Queensland. The costs of mediation will be shared equally.

18.3 Litigation

If the dispute is not resolved by mediation within 60 days of referral, either party may commence legal proceedings in the courts of Queensland, Australia. Nothing in this Section prevents either party from seeking urgent injunctive or interlocutory relief. Nothing in this Section 18 prevents you from bringing a claim in any court or tribunal of competent jurisdiction — including a small-claims tribunal and any claim to enforce a non-excludable right under the Australian Consumer Law — without first completing negotiation or mediation, and the negotiation and mediation steps do not extend or affect any limitation period.

19. Governing Law and Jurisdiction

These Terms are governed by and construed in accordance with the laws of Queensland, Australia. Each party irrevocably submits to the exclusive jurisdiction of the courts of Queensland and the Federal Court of Australia (Queensland registry) in respect of any dispute arising under or in connection with these Terms.

20. Modifications to Terms

20.1 Changes

We may modify these Terms from time to time. We will provide you with at least 30 days' written notice of material changes by email to the address associated with your account and by displaying a notice within the Platform. Only formatting changes, typographical corrections, and updates to contact details are treated as non-material and may take effect immediately upon posting; any change that affects your rights, obligations, fees, or how we handle your data is material and follows the notice and acceptance process in Section 20.2, regardless of how it is labelled. For clarity, this Section does not permit us to increase your locked subscription rate — your rate is fixed for the life of your continuous subscription under Section 6.6 — and any change we make will be limited to what is reasonably necessary (for example, to reflect a change in the law or in a third-party pass-through cost).

20.2 Acceptance

Your continued use of the Platform after the effective date of a non-material modification constitutes your acceptance of it. For a material change, we will ask you to confirm your acceptance within the Platform; the change binds you on the earlier of your acceptance or the end of the notice period. During the notice period you may terminate your subscription in accordance with Section 17.1 without penalty and without being bound by the change, and if you neither accept nor terminate we will prompt you again before the change binds you.

20.3 Historical Versions

Previous versions of these Terms are available upon request by emailing legal@korvos.com.au.

21. General Provisions

21.1 Entire Agreement

These Terms, together with the Privacy Policy and any order form or Enterprise agreement executed between the parties, constitute the entire agreement between you and Korvos in relation to the Platform and supersede all prior representations, understandings, and agreements.

21.2 Severability

If any provision of these Terms is found to be invalid, illegal, or unenforceable by a court of competent jurisdiction, that provision is severed and the remaining provisions continue in full force and effect.

21.3 Waiver

A failure or delay by either party in exercising any right or remedy under these Terms does not constitute a waiver of that right or remedy.

21.4 Assignment

You may not assign or transfer your rights or obligations under these Terms without our prior written consent, such consent not to be unreasonably withheld or delayed where the assignee is a licensed real estate agency with a current ABN that agrees to be bound by these Terms (for example, on a genuine sale or succession of your business). We may assign our rights and obligations under these Terms to a successor entity in connection with a merger, acquisition, or sale of substantially all of our assets, provided the successor agrees to be bound by these Terms.

21.5 Notices

All notices under these Terms must be in writing and sent by email. Notices to us must be sent to legal@korvos.com.au. Notices to you will be sent to the email address associated with your account. Notices are deemed received on the business day following the day of sending.

21.6 Relationship of Parties

Nothing in these Terms creates a partnership, joint venture, or employment relationship between the parties. Korvos acts as an independent contractor and, under the standing delegation, as a delegated administrator — not as an employee, partner, or joint venturer of the Agency.

21.7 Third-Party Rights

These Terms do not confer any rights on any third party. Sellers, buyers, and other parties to real estate transactions are not parties to these Terms and have no rights under them. Nothing in this clause affects any right or remedy an End Party has under the Australian Consumer Law or other law that cannot be excluded; the terms governing the checks an End Party pays for are set out in our Refund and Cancellation Policy.

22. Notifiable Data Breach

22.1 Our Obligations

In the event of an eligible data breach (as defined in Part IIIC of the Privacy Act 1988 (Cth)) affecting personal information held by us in connection with the Platform, we will:

  1. Notify you in writing as soon as reasonably practicable, and in any event within 72 hours, after confirming the breach — including the categories of data involved, the affected tenants, and our initial containment actions.
  2. Assess the breach in accordance with the Notifiable Data Breaches (NDB) scheme as soon as practicable, and in any event within 30 days, and cooperate with you in determining whether notification to affected individuals and the Office of the Australian Information Commissioner (OAIC) is required.
  3. Take reasonable steps to contain the breach and mitigate any resulting harm.
  4. Provide you with sufficient information to enable you to meet your own NDB obligations as a reporting entity.

Security incidents and suspected breaches can be reported to us at security@korvos.com.au (monitored daily during Australian business hours).

22.2 Your Obligations

You must notify us promptly if you become aware of any actual or suspected data breach involving your account credentials, your staff's access, or any personal information accessible through the Platform.

22.3 Cooperation

Both parties agree to cooperate in good faith in the investigation, containment, and remediation of any data breach, and to comply with all applicable breach notification laws.

23. Audit Trail and Record Integrity

23.1 Audit Trail

The Platform maintains a comprehensive audit trail for every action performed on the Platform, including: the action taken, the identity of the actor (user or system), the tenant, the timestamp, the IP address and user agent (for user actions), and the state before and after the action. For document generation, the audit trail additionally records the AI model identifier, model version, prompt hash, extraction confidence score, and source document identifiers. For human review actions, the audit trail records the field identifier, system-proposed value, human-entered value, the action taken (approve, edit, or reject), and the review duration.

23.2 Ownership

Audit trail records generated by the Platform in connection with your use are your data and are subject to the data portability provisions in Section 17.4. The structure and format of audit trails are Platform IP.

23.3 Tamper Evidence

Audit trail records are append-only and hash-chained. Any attempt to modify or delete a record would break the hash chain, providing cryptographic evidence of tampering. We do not modify or delete audit trail records, except as required by law or court order.

24. Statutory Footer

Every document generated by the Platform carries the following footer:

Prepared by Korvos under standing delegation from [Agency Legal Name]. Reviewed and approved by [Principal Name] on [Date]. This document does not constitute legal advice. The agency is the statutory responsible party.

This footer is applied automatically and must not be removed, altered, or obscured. Documents from which this footer has been removed are not covered by any warranty, indemnity, or limitation of liability under these Terms.


25. Contact

For questions about these Terms, contact us at:

Korvos Pty Ltd
Legal: legal@korvos.com.au
Privacy: privacy@korvos.com.au
Security incidents: security@korvos.com.au
Support: contact@korvos.com.au
Website: korvos.com.au


These Terms of Service were last updated on 11 July 2026. Korvos Pty Ltd reserves all rights not expressly granted herein.