Grou

Terms & Conditions of Service

Effective Date: 8 April 2026

Version 1.1

PT Visi Maju Anak Negeri

These Terms of Service ("Agreement") constitute a legally binding contract between PT Visi Maju Anak Negeri, a company incorporated under the laws of the Republic of Indonesia ("Grou", "we", "us", or "our"), and the entity or individual accessing or using the Grou platform ("Client", "you", or "your"). By accessing or using the Service, you represent that you have the authority to bind the Client to this Agreement, and that the Client agrees to be bound by all terms herein.

If you do not agree to these terms, you must not access or use the Service.

Clients using Google Workspace Single Sign-On for authentication must read and comply with Section 15 (Google Workspace SSO Enterprise Addendum) in its entirety.

1. DEFINITIONS

For the purposes of this Agreement, the following terms shall have the meanings ascribed to them below:

  • "Service " means the Grou artificial intelligence-assisted human resources platform, including all software, interfaces, AI Agents, APIs, integrations, authentication mechanisms, and related documentation made available by Grou.
  • " Client " means the organisation or business entity that has entered into this Agreement and whose personnel access the Service.
  • " Authorised User " means any individual employee, contractor, or agent of the Client who is granted access to the Service by the Client, whether authenticated via email and password or via an approved Identity Provider.
  • " Client Data " means all data, content, and information submitted to the Service by the Client or its Authorised Users, including employee records, HR data, and related materials.
  • " AI Agent " means any automated conversational or analytical system deployed within the Service that processes Client Data to assist in HR operations, including agentic workflows that orchestrate multi-step processes on the Client's behalf.
  • " Third-Party AI Infrastructure " means external artificial intelligence processing infrastructure used by Grou to power components of the Service, as further described in the Privacy Policy.
  • " Documentation " means all user guides, technical specifications, and support materials provided by Grou in connection with the Service.
  • " Identity Provider " or " IdP " means a third-party authentication service used to verify the identity of Authorised Users seeking access to the Service, including Google Workspace acting as a SAML 2.0 or OAuth 2.0 identity provider.
  • " Google Workspace " means the suite of cloud-based productivity and identity services provided by Google LLC, including Google Identity Services and Google Workspace Admin Console.
  • " SSO " or " Single Sign-On " means an authentication mechanism that allows Authorised Users to access the Service using credentials managed and verified by an approved Identity Provider, without requiring a separate Grou-specific password.
  • " Google SSO Addendum " means the enterprise-specific terms set out in Section 15 of this Agreement, governing the use of Google Workspace as the Identity Provider for the Service.
  • " Provisioned Account " means an Authorised User account created, updated, or deactivated within the Service as a result of automated or manual provisioning flows connected to the Client's Identity Provider, including via SCIM or Google Workspace Admin Console.
  • " Super Admin " means an Authorised User with the highest level of administrative privileges within the Client's Grou account, responsible for account configuration, user management, and integration settings.
  • " Subscription Term " means the period during which the Client is licensed to access the Service, as specified in the applicable Order Form or Subscription Agreement.

2. SCOPE OF SERVICES

2.1 Platform Access

Subject to the terms of this Agreement and timely payment of applicable fees, Grou grants the Client a limited, non-exclusive, non-transferable, revocable licence to access and use the Service during the Subscription Term solely for the Client's internal HR operations purposes.

2.2 Service Description

The Service provides AI-assisted HR operations capabilities including, without limitation:

  • Employee self-service facilitation for HR-related requests and inquiries, accessible via conversational AI Agents.
  • Operational HR administration support and workflow automation, including attendance, leave, and payroll advisory functions.
  • Data analysis and reporting on workforce and HR metrics with AI-generated insights.
  • Integration with the Client's existing HRIS and enterprise systems as agreed upon during onboarding, including Mekari Talenta and other third-party systems of record.
  • Authentication services, including support for Google Workspace SSO where enabled by the Client.

2.3 Agentic Operations

Certain components of the Service involve AI Agents that operate autonomously or semi-autonomously to complete multi-step HR workflows on behalf of the Client. The Client acknowledges that:

  • Agentic operations may involve AI Agents reading, writing, or modifying data within connected systems of record on the Client's behalf.
  • The Client retains full responsibility for defining the scope and access boundaries of any agentic workflow deployed within its environment.
  • Grou provides controls for configuring and limiting agentic access, and the Client is responsible for configuring such controls in accordance with its internal policies.
  • Grou will document all agentic actions taken on behalf of the Client and make such logs available to the Client upon request.

2.4 Modifications to Service

Grou reserves the right to modify, update, or discontinue any aspect of the Service at any time. Where modifications materially reduce the core functionality of the Service, Grou shall provide the Client with no less than thirty (30) days prior written notice. Changes to authentication integrations, including modifications to Google SSO compatibility, shall be subject to a minimum of forty-five (45) days prior notice.

3. CLIENT OBLIGATIONS

3.1 Authorised Use

The Client agrees to use the Service solely for lawful purposes and in accordance with this Agreement. The Client shall not:

  • Use the Service to process data in violation of applicable laws or the rights of third parties.
  • Attempt to reverse-engineer, decompile, disassemble, or derive the source code of any component of the Service.
  • Resell, sublicence, or otherwise transfer access to the Service to any third party without Grou's prior written consent.
  • Introduce malicious code, conduct unauthorised penetration testing, or otherwise interfere with the integrity or security of the Service.
  • Use AI Agent outputs as the sole basis for consequential employment decisions without independent human review.
  • Circumvent or disable authentication controls, including by sharing SSO-linked credentials between users or bypassing Identity Provider verification mechanisms.

3.2 Account Security

The Client is solely responsible for maintaining the confidentiality of its access credentials and for all activities occurring under its account. Where Google Workspace SSO is enabled, the Client is additionally responsible for maintaining the security of its Google Workspace Admin Console and for ensuring that only current, authorised employees are provisioned access to the Service. The Client shall notify Grou immediately upon becoming aware of any unauthorised access, security breach, or Identity Provider compromise.

3.3 Administrator Responsibilities

The Client's Super Admin is responsible for:

  • Configuring and maintaining the integration between the Service and the Client's Identity Provider, including Google Workspace SSO settings.
  • Promptly deprovisioning Authorised Users who are no longer employed by or affiliated with the Client.
  • Reviewing and applying Grou-recommended security configurations within the Client's administrative console.
  • Ensuring that Grou's service account or application is correctly configured within Google Workspace Admin Console and that appropriate OAuth consent scopes are limited to those documented by Grou.
  • Conducting a review of provisioned Grou accounts and access levels at least once every ninety (90) days.

3.4 Data Accuracy

The Client is responsible for ensuring that Client Data submitted to the Service is accurate, complete, and lawfully obtained. Grou shall bear no liability for outcomes resulting from inaccurate or incomplete Client Data, including data synchronised from Google Workspace directory services.

4. DATA OWNERSHIP AND PROCESSING

4.1 Ownership of Client Data

As between the parties, the Client retains all ownership rights in and to Client Data. Grou makes no claim of ownership over Client Data and shall not use Client Data for any purpose other than the performance of this Agreement and as described in the Privacy Policy. For the avoidance of doubt, user profile data synchronised from Google Workspace (including names, email addresses, organisational units, and role attributes) constitutes Client Data for all purposes of this Agreement.

4.2 Licence to Process

The Client grants Grou a limited, non-exclusive licence to access, process, and use Client Data solely to the extent necessary to provide, maintain, improve, and support the Service. This licence includes the right to process Google Workspace directory data received via OAuth or SCIM for the purposes of user provisioning and access management.

4.3 Data Controller and Processor

For the purposes of applicable data protection legislation, including Law No. 27 of 2022 on Personal Data Protection (UU PDP) and, where applicable for European Union, the General Data Protection Regulation (GDPR), the Client acts as the data controller in respect of personal data contained in Client Data, and Grou acts as the data processor. Grou shall process such personal data only on the documented instructions of the Client and in accordance with the Data Processing Agreement, which forms part of this Agreement.

4.4 Third-Party AI Infrastructure

The Client acknowledges and agrees that Grou utilises third-party AI infrastructure providers to deliver certain components of the Service. Client Data may be transmitted to and processed by such providers in accordance with Grou's Privacy Policy and applicable data protection obligations. Grou shall ensure that any such providers are bound by data processing terms no less protective than those set out in this Agreement.

4.5 Google Workspace Data

Where the Client has enabled Google Workspace SSO or directory synchronisation, Grou may receive from Google the following categories of data through the approved OAuth consent scopes:

  • User profile information: full name, primary work email address, and profile photo URL.
  • Organisational directory attributes: department, job title, manager relationship, and organisational unit.
  • Authentication tokens: OAuth 2.0 access and refresh tokens, and SAML assertions, used solely to verify user identity and maintain authenticated sessions.
  • Login activity metadata: timestamps and IP addresses associated with SSO authentication events.

Grou shall not request or process Google Workspace data beyond the scopes expressly consented to by the Client's Google Workspace administrator. The Client acknowledges that Google LLC's own terms of service and privacy policies govern Google's processing of data within its systems, and Grou makes no representations regarding Google's data practices.

5. AI AGENT LIMITATIONS AND HUMAN OVERSIGHT

5.1 Nature of AI Outputs

The AI Agents within the Service produce outputs based on automated processing of data and models. Such outputs are informational and assistive in nature. They do not constitute professional HR, legal, financial, or regulatory advice and should not be treated as such.

5.2 Human Review Obligation

The Client accepts that all outputs generated by AI Agents that relate to employment decisions, performance management, disciplinary action, compensation, or other consequential HR determinations must be reviewed and ratified by a qualified human professional with appropriate authority before being acted upon. Grou disclaims all liability for decisions made on the basis of AI Agent outputs without such independent human review.

5.3 Agentic Action Scope

Where agentic workflows are enabled, AI Agents may take actions within connected systems of record (including read, write, and update operations) within the permission boundaries configured by the Client. The Client acknowledges that:

  • Grou AI Agents operate within the access privileges granted to them by the Client's Super Admin at the time of configuration.
  • The Client is solely responsible for reviewing and limiting the scope of permissions granted to Grou's service accounts and integrations.
  • Grou will document all agentic actions taken on behalf of the Client and make such logs available to the Client upon request.

5.4 No Guarantee of Accuracy

Grou does not warrant that outputs produced by AI Agents will be free from error, bias, or omission. The Client is responsible for validating AI Agent outputs against its own records, policies, and applicable legal requirements, including Indonesian labour law and social security regulations.

6. FEES AND PAYMENT

6.1 Subscription Fees

Access to the Service is subject to the fees set out in the applicable Order Form or Subscription Agreement executed between the parties. All fees are quoted in the currency stated in such documents and are exclusive of applicable taxes.

6.2 Payment Terms

Invoices are due and payable within thirty (30) days of the invoice date unless otherwise specified. Grou reserves the right to suspend access to the Service for accounts that are more than fourteen (14) days past due, following written notice to the Client.

6.3 Taxes

The Client is responsible for all applicable taxes, levies, or duties imposed on the Service, excluding taxes on Grou's net income. For Indonesian Clients, fees may be subject to applicable VAT (PPN) in accordance with prevailing Indonesian tax regulations.

7. CONFIDENTIALITY

7.1 Mutual Obligations

Each party agrees to keep confidential all non-public information received from the other party that is designated as confidential or that reasonably should be understood to be confidential given the nature of the information and circumstances of disclosure ("Confidential Information"). For the avoidance of doubt, Grou's AI model architecture, prompt engineering, integration specifications, and pricing structures constitute Confidential Information of Grou.

7.2 Exclusions

Confidential Information does not include information that: (a) is or becomes publicly available through no fault of the receiving party; (b) was already known to the receiving party prior to disclosure; (c) is independently developed without use of or reference to the disclosing party's Confidential Information; or (d) is required to be disclosed by applicable law or valid court order, provided the disclosing party is given reasonable prior notice.

7.3 Duration

Confidentiality obligations shall survive the termination or expiration of this Agreement for a period of three (3) years.

8. INTELLECTUAL PROPERTY

8.1 Grou's Intellectual Property

Grou retains all right, title, and interest in and to the Service, including all underlying software, models, algorithms, prompt systems, interfaces, authentication modules, and documentation. Nothing in this Agreement transfers any intellectual property rights to the Client. The Google Workspace integration layer, SSO configuration templates, and associated workflows developed by Grou constitute Grou's proprietary intellectual property.

8.2 Feedback

To the extent the Client provides Grou with feedback, suggestions, or recommendations regarding the Service ("Feedback"), the Client grants Grou a perpetual, irrevocable, royalty-free licence to use such Feedback for any purpose, including the development and improvement of the Service. Feedback shall not include Client Data.

9. WARRANTIES AND DISCLAIMERS

9.1 Grou's Warranties

Grou warrants that: (a) it has the authority to enter into this Agreement; (b) the Service will perform materially in accordance with the Documentation under normal use conditions; (c) it maintains commercially reasonable security measures to protect Client Data; and (d) its integration with Google Workspace operates in compliance with Google's API Terms of Service and Google Workspace Marketplace policies as applicable.

9.2 Disclaimer

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, THE SERVICE IS PROVIDED "AS IS" AND "AS AVAILABLE". GROU EXPRESSLY DISCLAIMS ALL IMPLIED WARRANTIES, INCLUDING WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND ANY WARRANTIES ARISING FROM COURSE OF DEALING OR USAGE OF TRADE. GROU DOES NOT WARRANT UNINTERRUPTED AVAILABILITY OF THE SERVICE OR OF THIRD-PARTY AUTHENTICATION SERVICES INCLUDING GOOGLE WORKSPACE.

10. LIMITATION OF LIABILITY

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, GROU'S AGGREGATE LIABILITY TO THE CLIENT FOR ANY CLAIMS ARISING UNDER OR RELATED TO THIS AGREEMENT SHALL NOT EXCEED THE TOTAL FEES PAID BY THE CLIENT TO GROU IN THE TWELVE (12) MONTHS PRECEDING THE EVENT GIVING RISE TO THE CLAIM.

IN NO EVENT SHALL GROU BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING LOSS OF PROFITS, DATA, BUSINESS, OR GOODWILL, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

For the avoidance of doubt, Grou shall not be liable for any loss or damage arising from: (a) the unavailability or malfunction of Google Workspace or any third-party Identity Provider; (b) unauthorised access to the Client's account resulting from compromise of the Client's Google Workspace environment; or (c) misconfiguration of SSO or directory synchronisation settings by the Client or its administrators.

11. INDEMNIFICATION

The Client agrees to indemnify, defend, and hold harmless Grou and its officers, directors, employees, and agents from and against any claims, damages, losses, and expenses (including reasonable legal fees) arising out of or relating to: (a) the Client's use of the Service in violation of this Agreement; (b) Client Data, including any allegation that Client Data infringes the rights of a third party; (c) the Client's employment decisions or actions taken on the basis of AI Agent outputs; or (d) the Client's misconfiguration of Google Workspace SSO settings or failure to deprovision Authorised Users in a timely manner.

12. TERM AND TERMINATION

12.1 Term

This Agreement commences on the date the Client first accesses the Service and continues for the duration of the applicable Subscription Term, unless earlier terminated in accordance with this section.

12.2 Termination for Cause

Either party may terminate this Agreement immediately upon written notice if the other party: (a) materially breaches this Agreement and fails to cure such breach within thirty (30) days after receiving written notice of the breach; or (b) becomes insolvent, makes an assignment for the benefit of creditors, or becomes subject to insolvency proceedings.

12.3 Effect of Termination

Upon termination or expiration: (a) all licences granted under this Agreement shall immediately cease; (b) each party shall return or destroy the other party's Confidential Information; (c) Grou shall provide Client Data for export in a standard format for a period of thirty (30) days following termination, after which Grou may delete Client Data from its systems; and (d) any Google Workspace SSO integration shall be disconnected and all OAuth tokens and SAML configurations associated with the Client's Grou account shall be revoked.

13. GOVERNING LAW AND DISPUTE RESOLUTION

13.1 Governing Law

This Agreement shall be governed by and construed in accordance with the laws of the Republic of Indonesia, without regard to its conflict of laws principles.

13.2 Dispute Resolution

The parties agree to first attempt to resolve any dispute through good-faith negotiation. If a dispute is not resolved within thirty (30) days of written notice, either party may refer the matter to binding arbitration in Jakarta, Indonesia, in accordance with the rules of the Badan Arbitrase Nasional Indonesia (BANI).

14. GENERAL PROVISIONS

14.1 Entire Agreement

This Agreement, together with all Order Forms, the Privacy Policy, any Data Processing Agreement, and the Google SSO Enterprise Addendum (Section 15 where applicable), constitutes the entire agreement between the parties with respect to its subject matter and supersedes all prior agreements, understandings, and negotiations.

14.2 Amendments

Grou reserves the right to amend this Agreement from time to time. Clients will be notified of material changes no less than thirty (30) days in advance. Continued use of the Service after the effective date of such changes constitutes acceptance.

14.3 Severability

If any provision of this Agreement is held to be invalid or unenforceable, the remaining provisions shall continue in full force and effect.

14.4 Waiver

No failure or delay by either party in exercising any right under this Agreement shall constitute a waiver of that right.

14.5 Force Majeure

Neither party shall be liable for any failure or delay in performance due to circumstances beyond its reasonable control, including natural disasters, acts of government, infrastructure failures, or the unavailability of third-party services including Google Workspace.

14.6 Contact

For questions or notices relating to this Agreement, please contact:

PT Visi Maju Anak Negeri

Email: admin@grou.co.id

Website: grou.co.id

15. GOOGLE WORKSPACE SSO ENTERPRISE ADDENDUM

This Section 15 applies exclusively to Clients who have enabled Google Workspace as their Identity Provider for the Service. If this feature is not enabled, this Section has no effect but remains part of this Agreement for future reference.

15.1 Applicability

This Addendum applies where the Client's Super Admin has configured Google Workspace as the Identity Provider for Authorised User authentication to the Service. By enabling Google SSO, the Client confirms that it has the authority to grant Grou the OAuth consent scopes required for the integration and that it has disclosed the use of third-party AI-assisted HR tools to its employees as required by applicable law.

15.2 Authentication Mechanism

Grou supports Google Workspace SSO via the following protocols:

OAuth 2.0 / OpenID Connect (OIDC): Used for browser-based authentication flows. Grou acts as the OAuth relying party and requests identity tokens from Google's authorisation server on behalf of Authorised Users.

SAML 2.0: Available upon request for enterprise Clients requiring SAML-based federation. Configuration details are provided in the Grou Enterprise Integration Guide.

Authentication credentials (passwords) are never transmitted to or stored by Grou when Google SSO is enabled. Grou receives only cryptographically signed identity assertions from Google.

15.3 OAuth Consent Scopes

Grou requests the following Google OAuth 2.0 scopes to support the integration. The Client's Google Workspace administrator must approve these scopes in the Google Workspace Admin Console:

  • openid: Core authentication and identity assertion. Standard sensitivity.
  • email: Retrieve primary work email address for account matching. Standard sensitivity.
  • profile: Retrieve display name and profile photo URL. Standard sensitivity.
  • https://www.googleapis.com/auth/admin.directory.user.readonly: Read user directory records for provisioning via Admin SDK. Sensitive — requires Admin approval.
  • https://www.googleapis.com/auth/admin.directory.group.readonly: Read group memberships for role-based access mapping. Sensitive — requires Admin approval.

Grou does not request and will not store OAuth refresh tokens beyond the session duration unless the Client has separately enabled automated provisioning workflows, in which case refresh token usage will be disclosed in the applicable integration documentation.

15.4 Directory Synchronisation and User Provisioning

Where the Client enables directory synchronisation:

  • Grou may retrieve updated user records from Google Workspace at configurable intervals to maintain accurate Authorised User lists within the Service.
  • User attributes synchronised may include: full name, primary email, department, job title, manager, organisational unit, and account status (active/suspended/deleted).
  • When a user's Google Workspace account is suspended or deleted, Grou will deactivate the corresponding Provisioned Account within the Service within twenty-four (24) hours of the change being reflected in the Google Workspace directory, subject to synchronisation interval settings.
  • The Client acknowledges that Grou's deprovisioning is dependent on directory sync frequency and that the Client remains responsible for promptly revoking access in urgent cases (e.g., involuntary separation) by notifying Grou's support team directly.

15.5 Data Received from Google

Grou's use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • Data received via Google OAuth will only be used to provide and improve the Grou Service.
  • Grou will not use Google user data to serve advertisements.
  • Grou will not allow humans to read Google user data unless: (a) the Client has given express permission; (b) it is necessary for security purposes; (c) it is required by law; or (d) the data is aggregated and anonymised.
  • Grou will not sell Google user data to third parties.

15.6 Security Requirements for Google SSO Clients

Clients enabling Google Workspace SSO must implement the following minimum security configurations:

  • Multi-Factor Authentication (MFA): The Client's Google Workspace organisation must enforce MFA for all Authorised Users accessing the Service. Grou strongly recommends phishing-resistant MFA (e.g., passkeys or hardware security keys) for Super Admin accounts.
  • Conditional Access Policies: The Client should configure Google Workspace context-aware access policies to restrict Service access to corporate-managed devices where technically feasible.
  • Session Management: The Client should configure appropriate Google session duration and token expiry settings commensurate with its security requirements. Grou supports session timeouts of a minimum of one (1) hour and a maximum of ninety (90) days.
  • Privileged Access Review: The Client's Super Admin must conduct a review of provisioned Grou accounts and access levels at least once every ninety (90) days and revoke access for inactive or departed users.

15.7 Incident Notification Obligations

In the event of a security incident affecting the Client's Google Workspace environment that may impact the security or integrity of the Service:

  • The Client must notify Grou at security@grou.co.id within twenty-four (24) hours of becoming aware of the incident.
  • The Client must cooperate with Grou to assess the scope of any potential impact on Authorised User accounts within the Service.
  • Grou may, at its discretion, temporarily suspend SSO access for the affected Client organisation and require re-authentication via alternative methods pending investigation.

15.8 Compliance with Google's Terms

The Client's use of Google Workspace SSO in connection with the Service is subject to and must comply with Google's applicable terms of service, including the Google Workspace Terms of Service, Google API Terms of Service, and Google API Services User Data Policy. Grou is not responsible for changes to Google’s APIs, authentication flows, or terms that affect the availability or functionality of the SSO integration.

15.9 Fallback Authentication

Grou maintains a fallback email and one-time password (OTP) authentication mechanism for Super Admin accounts to ensure continuity of administrative access in the event of Google Workspace unavailability. The Client is responsible for ensuring that fallback contact email addresses for Super Admins are registered and kept up to date within the Grou administrative console.

15.10 Disconnection of Google SSO

The Client may disconnect Google Workspace SSO at any time through the Grou administrative console. Upon disconnection:

  • All active Google SSO sessions will be terminated and Authorised Users will be required to authenticate via Grou’s fallback mechanism.
  • OAuth tokens issued in connection with the Grou application should be revoked by the Client’s Google Workspace administrator via the Google Admin Console.
  • Grou will delete all Google-origin OAuth tokens from its systems within seventy-two (72) hours of disconnection confirmation.
  • User accounts previously provisioned via Google directory sync will be retained in the Service but transitioned to manual management by the Client’s Super Admin.