Policy of Use

Last updated: 2 June 2026

IMPORTANT: This Policy of Use forms part of our Terms & Conditions. Capitalised terms have the same meaning as defined in the Terms. By using StaffBot.my, you agree to abide by this Policy. Violations may result in immediate suspension or termination of your account.

1. Purpose

This Policy of Use ("Policy") sets out the rules, standards, and restrictions governing your use of the StaffBot.my Platform. It is designed to protect our infrastructure, users, and the public, and to ensure compliance with Malaysian laws and regulations.

2. General Principles

  1. Lawful Use Only: You must use the Platform only for lawful purposes and in compliance with all applicable laws, including but not limited to:
    • Personal Data Protection Act 2010 (PDPA)
    • Communications and Multimedia Act 1998 (CMA)
    • Computer Crimes Act 1997
    • Consumer Protection Act 1999
    • Penal Code (Act 574) — particularly provisions on fraud, defamation, and criminal intimidation
    • Any regulations, guidelines, or orders issued by the Malaysian Communications and Multimedia Commission (MCMC)
  2. Respect for Others: You must not use the Platform in any way that harasses, threatens, abuses, defames, or violates the rights of others.
  3. Integrity: You must not interfere with, disrupt, or compromise the integrity, security, or performance of the Platform.

3. Prohibited Activities

The following activities are strictly prohibited on the Platform:

3.1 Illegal & Harmful Activities

  1. Engaging in, promoting, or facilitating any criminal offence under Malaysian law.
  2. Fraud, deception, phishing, or any activity intended to mislead or defraud others.
  3. Transmission of malware, ransomware, viruses, worms, trojans, or any malicious code.
  4. Unauthorised access, hacking, or attempting to probe, scan, or test the vulnerability of our systems.

3.2 Harmful Content

You must not upload, generate, transmit, or distribute Content that:

  1. Is defamatory, libellous, or harmful to the reputation of any person or entity.
  2. Is obscene, pornographic, or sexually explicit.
  3. Promotes hate speech, discrimination, or violence based on race, religion, gender, sexual orientation, disability, or any protected characteristic.
  4. Harasses, bullies, intimidates, or threatens any person.
  5. Promotes or glorifies terrorism, violent extremism, or organised crime.
  6. Contains false, misleading, or deceptive information (including disinformation).
  7. Infringes any person's intellectual property, privacy, or publicity rights.
  8. Exploits or harms minors in any way.
  9. Promotes illegal gambling, unlicensed financial services, or pyramid schemes.

3.3 Platform Abuse

  1. Excessive Use: Using the Platform in a manner that imposes unreasonable load on our infrastructure (as determined by us).
  2. Circumvention: Bypassing any usage limits, access controls, or security measures.
  3. Scraping: Automated extraction of data, content, or AI model outputs beyond your authorised use.
  4. Reverse Engineering: Decompiling, disassembling, or reverse-engineering our software, AI models, or APIs.
  5. Unauthorised Access: Accessing another user's account, data, or AI Agent without permission.
  6. Competing Services: Using the Platform to train, develop, or benchmark competing AI models or services.

3.4 Spam & Unsolicited Communications

  1. Sending unsolicited bulk messages (spam) via any Platform communication channel.
  2. Using AI Agents for telemarketing or unsolicited commercial communications in violation of the CMA or any applicable anti-spam laws.
  3. Misrepresenting the source, identity, or purpose of any communication.

4. Content Standards for AI-Generated Outputs

When configuring and using AI Agents, you must:

  1. Ensure that prompts and instructions do not direct AI Agents to generate prohibited content listed in Section 3.2.
  2. Monitor and review AI-generated outputs before distribution to end users or customers.
  3. Clearly disclose to your end users when they are interacting with an AI Agent (not a human).
  4. Not configure AI Agents to impersonate specific individuals without authorisation.
  5. Comply with any applicable sector-specific regulations (e.g., financial services, healthcare, legal) regarding AI-assisted communications.

5. Security Requirements

  1. You must use strong, unique passwords and enable multi-factor authentication (MFA) where available.
  2. You must not share your login credentials or allow unauthorised individuals to access your account.
  3. You must promptly report any security vulnerability or breach you discover to security@marz.my.
  4. You must not conduct security research or penetration testing on the Platform without our prior written authorisation.

6. Data Protection Obligations

  1. If you process personal data of individuals through the Platform:
    • You are the "data user" under the PDPA and bear full responsibility for compliance with the PDPA's 7 Data Protection Principles.
    • You must obtain valid consent from data subjects for the collection, processing, and storage of their personal data.
    • You must not upload or process "Sensitive Personal Data" (as defined in the PDPA) without our prior written consent and appropriate safeguards.
  2. You must promptly notify us of any data breach involving personal data processed through the Platform.
  3. You must comply with our reasonable instructions regarding data protection and security.

7. Enforcement

  1. Monitoring: We reserve the right, but not the obligation, to monitor Platform usage for compliance with this Policy. AI-generated content may be subject to automated content filtering.
  2. Investigation: We may investigate suspected violations and cooperate with law enforcement authorities as required by law.
  3. Consequences of Violation: We may, at our sole discretion:
    • Issue a warning and require corrective action within a specified timeframe.
    • Suspend or limit access to specific features or the entire Platform.
    • Terminate your account immediately for serious or repeated violations.
    • Report violations to relevant authorities where required by law.
    • Take legal action to recover damages or obtain injunctive relief.
  4. No Refund: Fees paid are non-refundable if your account is terminated for violation of this Policy.

8. Reporting Violations

If you become aware of any violation of this Policy, please report it immediately:

We treat all reports confidentially and will acknowledge receipt within 2 business days.

9. Changes to This Policy

We may update this Policy from time to time to reflect changes in law, industry standards, or our services. Material changes will be communicated via email or Platform notification. Your continued use of the Platform after changes take effect constitutes acceptance of the revised Policy.

10. Contact

For questions about this Policy, contact:

Marz Technology & Trading
SSM: 001884868V (200903206205)
Email: legal@marz.my
Abuse Reports: abuse@marz.my
Security: security@marz.my
Website: https://marz.my

© 2026 Marz Technology & Trading. All rights reserved.

Terms & Conditions · Policy of Use