Software-as-a-Service Agreement

Last Updated: 3 June 2026

This Digital Wallet as a Service Software as a Service Agreement (the "Agreement") is entered into between Vaultody Ltd., a company incorporated under the laws of the Republic of Bulgaria, UIC 207186381, with its registered address at Sofia, Studentski grad, Doctor Yordan Yosifov str., 1A ("Vaultody", "Provider", "we", "our", or "us"), and any individual or legal entity that registers for, subscribes to, accesses, or uses the Services ("Client", "you", or "your").

This Agreement governs your access to and use of Vaultody's software platform, application programming interfaces (APIs), dashboards, and related services.

By creating an account, purchasing a subscription, accessing the Services, checking any acceptance box, clicking "Accept", "Continue", "Register", "Subscribe", "Purchase", or taking any similar action indicating assent, you acknowledge that you have read, understood, and agree to be bound by this Agreement.

If you are accepting this Agreement on behalf of a company, organization, or other legal entity, you represent and warrant that you have the authority to bind such entity to this Agreement. In such case, the term "Client" shall refer to that entity.

IMPORTANT NON-CUSTODIAL NOTICE

Vaultody is a technology-only, non-custodial software-as-a-service provider. Vaultody does not take custody, possession, or control of any Digital Assets, does not hold or control private keys, recovery phrases, backups, or signing authority on Client's behalf, and does not act as a custodian, trustee, fiduciary, broker, financial institution, payment service provider, or similar regulated intermediary.

Client remains solely responsible for its Digital Assets and for all decisions and actions taken using the Services.

At no point does Vaultody have the technical capability to independently access, reconstruct, combine, or use Client's signing authority, private keys, key shares, recovery material, or Digital Assets, whether during normal operation, maintenance, service interruption, system failure, termination of this Agreement, insolvency proceedings, or any legal dispute.

1. Definitions

1.1 "Digital Assets"

Cryptographic tokens, virtual currencies, blockchain-based assets, and similar digital representations of value that may be transferred, stored, managed, or recorded on distributed ledger or blockchain networks.

1.2 "Services"

Provider's cloud-based software platform, dashboards, APIs, tools, integrations, infrastructure, and related functionality made available by Provider to enable Client to build, deploy, operate, and manage digital wallet infrastructure and transaction-signing workflows.

1.3 "Subscription Plan"

The subscription package, service tier, pricing model, support level, usage limits, features, and associated commercial terms selected by Client through Provider's website, onboarding process, checkout flow, account settings, invoice, renewal process, or other written communication from Provider.

1.4 "Applicable Law"

All laws, rules, regulations, directives, orders, sanctions requirements, anti-money laundering requirements, data protection laws, and other legal obligations applicable to a Party in connection with this Agreement.

1.5 "Confidential Information"

Any non-public information disclosed by one Party to the other Party that is designated as confidential or that reasonably should be understood to be confidential given the nature of the information and circumstances of disclosure, including business information, technical information, pricing information, product information, security information, and the terms of this Agreement.

1.6 "Transaction-Based Fees"

Any fees calculated by reference to transaction volume, transaction count, transaction value, API usage, service consumption, overages, or similar usage-based metrics, as specified in the applicable Subscription Plan.

1.7 "Client Application"

Any application, software, platform, integration, script, system, service, or other technology developed, operated, or controlled by Client or its contractors that accesses, integrates with, or utilizes the Services.

1.8 "Account"

The account created by Client for accessing and using the Services.

1.9 "Electronic Acceptance"

Any action by which Client indicates acceptance of this Agreement or other legal documents, including checking an acceptance box, clicking "Accept", "Continue", "Register", "Subscribe", "Purchase", or any similar action indicating assent through Provider's website, platform, onboarding process, or related systems.

1.10 "Data Security Incident"

A confirmed breach of Provider's security affecting Provider-controlled systems that leads to the accidental or unlawful destruction, loss, alteration, or unauthorized disclosure of, or access to, Client Confidential Information or personal data processed within Provider-controlled systems. A Data Security Incident does not include unsuccessful access attempts or events that do not compromise the security, confidentiality, or integrity of such information.

1.11 "Client Confidential Information"

Confidential Information disclosed or made available by Client to Provider, or processed by Provider on Client's behalf, in connection with the Services.

2. Services

2.1

Provider offers Client access to the Services, which include an online software platform, dashboards, APIs, and related functionality that enable Client to:

(i) create and manage wallet instances and blockchain addresses;

(ii) configure policies, approval workflows, and transaction authorization controls;

(iii) initiate, sign, broadcast, monitor, and manage blockchain transactions;

(iv) access operational telemetry, logs, reporting, and account management tools; and

(v) utilize any additional functionality made available as part of the Client's Subscription Plan.

2.2

The Services incorporate multi-party computation (MPC) and/or other cryptographic technologies, including key-sharding, distributed signing, and related cryptographic methods designed to enable transaction signing without exposing a complete private key in a single location.

2.3 Non-Custodial Nature of the Services

The Parties acknowledge and agree that:

(a) the Services constitute software infrastructure only;

(b) Provider does not receive, hold, store, custody, safeguard, administer, or transfer Digital Assets;

(d) Provider does not possess or control Client's private keys, recovery phrases, recovery material, or signing authority; and

(e) Provider does not have the ability to unilaterally authorize transactions, transfer Digital Assets, or access Client-controlled signing authority.

2.3.1 No Bailment or Custodial Relationship

Nothing in this Agreement creates or shall be deemed to create any bailment, trust, escrow, custodial, fiduciary, agency, partnership, or similar relationship between Provider and Client.

2.4 No Guarantee of Blockchain Performance

Provider makes no representations, warranties, or guarantees regarding transaction finality, confirmation times, network congestion, forks, reorganizations, validator performance, gas fees, blockchain availability, or the continued operation of any blockchain network, protocol, bridge, smart contract, validator, infrastructure provider, or third-party service.

Provider shall not be responsible or liable for delays, failures, interruptions, losses, or damages arising from any such blockchain networks, protocols, or third-party infrastructure.

2.5

Client acknowledges and accepts that blockchain transactions may be irreversible and that unauthorized access, credential compromise, user error, configuration mistakes, software vulnerabilities, smart contract risks, protocol failures, or other security incidents may result in the permanent loss of Digital Assets.

2.6

Provider will use commercially reasonable efforts to maintain the functionality, security, and accessibility of the Services, subject to scheduled maintenance, emergency maintenance, updates, force majeure events, and circumstances beyond Provider's reasonable control.

2.7

Provider may modify, enhance, update, replace, suspend, or discontinue any feature, functionality, integration, blockchain network, API endpoint, or component of the Services from time to time.

Provider will use commercially reasonable efforts to provide advance notice of material changes where reasonably practicable.

2.8

Provider may make available beta features, trial functionality, experimental integrations, early-access features, or similar pre-release functionality.

Such functionality is provided on an "as available" basis and may be modified, suspended, or withdrawn at any time without liability.

3. Subscription, Account Activation & Access

3.1

Client may access the Services by creating an Account, selecting a Subscription Plan, completing the onboarding process, providing any required information, accepting the applicable legal documents, and paying any applicable fees.

3.2

Provider reserves the right to approve, reject, suspend, limit, or terminate any registration, Account, subscription, or access request at its reasonable discretion, including where necessary to comply with Applicable Law, protect the integrity of the Services, address security concerns, prevent fraud, or mitigate operational risks.

3.3

Access to certain features, functionality, APIs, blockchain networks, integrations, environments, or service levels may depend on the Client's selected Subscription Plan and payment status.

3.4

Provider shall have no obligation to provide access to paid Services until:

(a) Client has completed the registration and onboarding process;

(b) Client has accepted this Agreement and any other applicable legal documents;

(d) any reasonable verification or security requirements imposed by Provider have been satisfied.

3.5 Electronic Acceptance

Client acknowledges and agrees that Electronic Acceptance constitutes a legally binding acceptance of this Agreement and any other legal documents presented during the registration, onboarding, subscription, renewal, upgrade, or purchase process.

Electronic Acceptance shall have the same legal force and effect as a handwritten signature.

3.6 Authority to Bind

If Client is a company, organization, partnership, trust, fund, or other legal entity, the individual accepting this Agreement represents and warrants that he or she is duly authorized to act on behalf of and legally bind such entity.

Provider may rely upon such representation without further verification.

3.7

Provider may communicate with Client electronically regarding the Services, including operational notices, security notifications, billing communications, account updates, legal notices, support communications, and other information relating to the Services.

Client is responsible for maintaining accurate and current contact information within its Account.

4. Account Creation, Security & Compliance

4.1

To access the Services, Client must create an Account and provide accurate, complete, and current information as reasonably requested by Provider.

Client shall promptly update any information that becomes inaccurate, incomplete, or outdated.

4.2

Provider may require reasonable verification, authentication, security, fraud prevention, compliance, or abuse-prevention measures before granting or maintaining access to the Services.

Such measures are intended solely to protect the Services and are not intended to constitute regulated customer due diligence, know-your-customer (KYC), custodial verification, or financial institution onboarding procedures.

4.3

Client is solely responsible for maintaining the confidentiality, security, and control of all credentials, passwords, API keys, authentication devices, access tokens, recovery materials, and other security mechanisms associated with its Account.

Client is responsible for all activities conducted through its Account, whether authorized or unauthorized.

4.3.1 Client Backup and Recovery Responsibility

Client is solely responsible for securely storing, protecting, maintaining, backing up, and recovering any private keys, key shares, recovery phrases, recovery materials, authentication devices, backup files, security credentials, or other components associated with Client's use of the Services.

Provider shall have no responsibility or liability for any loss, compromise, destruction, corruption, unavailability, unauthorized access, theft, misconfiguration, or failure relating to any such materials, devices, credentials, or storage environments under Client's control.

4.4

Client shall promptly notify Provider upon becoming aware of:

(a) unauthorized access to its Account;

(b) compromise of credentials, API keys, authentication devices, or recovery materials;

(d) any actual or suspected security incident that may affect the Services or Client's use of the Services.

4.5

Provider may refuse, restrict, suspend, limit, or terminate access to the Services where reasonably necessary to:

(a) comply with Applicable Law;

(b) respond to lawful requests from competent authorities;

(d) investigate suspected fraud, abuse, prohibited conduct, or security threats; or

(e) mitigate operational, legal, regulatory, or cybersecurity risks.

4.6

Client represents and warrants that:

(a) the information provided during registration and onboarding is accurate and complete;

(b) it is authorized to use the Services;

(d) the individual accepting this Agreement is authorized to act on behalf of and bind the Client.

4.7

Client remains solely responsible for determining and complying with any legal, regulatory, tax, licensing, reporting, anti-money laundering, sanctions, consumer protection, financial services, or other obligations applicable to its business, activities, Digital Assets, customers, or transactions.

5. Subscription Term & Renewal

5.1 Initial Term

This Agreement becomes effective upon Electronic Acceptance and shall remain in effect for an initial term of one (1) year (the "Initial Term").

The Initial Term applies regardless of the billing frequency selected by Client, including monthly, quarterly, semi-annual, annual, or other payment arrangements offered by Provider.

5.2 Automatic Renewal

Unless either Party provides written notice of non-renewal at least thirty (30) days prior to the expiration of the then-current term, this Agreement shall automatically renew for successive one (1) year renewal terms.

5.3

Client remains responsible for all fees, charges, and obligations accrued through the end of the applicable subscription term, including any amounts due under Sections 6, 7, and 8 of this Agreement.

5.4 Changes to Subscription Plan

Client may request an upgrade of its Subscription Plan during an active term.

Any upgrade may result in revised pricing, limits, features, or usage allowances, which shall become effective upon Provider's acceptance of the upgrade request.

Downgrades shall generally take effect only upon renewal unless otherwise approved by Provider in writing.

5.5 Non-Renewal

If Client elects not to renew, Client must provide notice in accordance with Section 15 and shall remain responsible for all fees and obligations through the expiration of the then-current term.

6. Fees, Invoicing & Payment

6.1

Client agrees to pay all fees applicable to its Subscription Plan, including any recurring subscription fees, Transaction-Based Fees, overage fees, usage-based charges, implementation fees, support fees, or other charges associated with the Services.

All fees are stated and payable in the currency specified by Provider.

6.2

Provider may offer different billing frequencies, including monthly, quarterly, semi-annual, annual, or other payment schedules.

The selected billing frequency affects only the timing of payments and does not alter the one-year subscription commitment established under Section 5.

6.3

Unless otherwise specified by Provider, invoices are due within fourteen (14) days from the invoice date.

Provider may invoice in advance for recurring subscription fees and may invoice usage-based fees after the applicable usage period.

6.4

Client authorizes Provider to charge any payment method designated by Client for recurring subscription fees, usage-based fees, renewals, upgrades, overages, and other amounts due under this Agreement.

Client is responsible for maintaining accurate and valid payment information at all times.

6.5 Suspension for Non-Payment

Provider may suspend, restrict, or disable access to all or part of the Services if any undisputed payment remains overdue following written notice and a cure period of not less than seven (7) days.

Provider shall not be liable for any loss, damage, interruption, delay, or consequence arising from a suspension permitted under this Agreement.

6.6 Taxes

All fees are exclusive of taxes, duties, levies, withholding obligations, VAT, sales taxes, goods and services taxes, and similar governmental charges.

Client is solely responsible for all taxes associated with its purchase and use of the Services, excluding taxes based on Provider's net income.

6.7 Non-Refundability

Except as expressly required by Applicable Law or expressly stated by Provider in writing, all fees paid or payable under this Agreement are non-refundable and non-creditable.

6.8 Failed Payments

If any payment method is declined, rejected, reversed, charged back, or otherwise fails, Provider may retry the payment, suspend access to the Services, require an alternative payment method, or exercise any other rights available under this Agreement.

Client remains responsible for all amounts owed.

6.9 Collection Costs

Client shall reimburse Provider for all reasonable costs incurred in collecting overdue amounts, including legal fees, collection agency fees, court costs, and related expenses to the extent permitted by Applicable Law.

7. Termination, Suspension & Cancellation

7.1 Suspension or Termination by Provider

Provider may suspend, restrict, or terminate Client's access to all or part of the Services where:

(a) required by Applicable Law, court order, regulatory requirement, or competent authority;

(b) Provider reasonably suspects unlawful, fraudulent, prohibited, sanctioned, or abusive activity;

(d) Client attempts to bypass, interfere with, disable, or compromise Provider's security controls, systems, or Services;

(e) Client's use of the Services presents a material legal, regulatory, operational, cybersecurity, or reputational risk to Provider; or

(f) Client fails to pay amounts due in accordance with this Agreement.

7.2 Notice

Where reasonably practicable, Provider will use commercially reasonable efforts to notify Client of any suspension or termination.

Provider may take immediate action without prior notice where required by law or where Provider reasonably determines that immediate action is necessary to protect the Services, Provider, other customers, or third parties.

7.3 Termination by Client for Material Breach

Client may terminate this Agreement if Provider materially breaches this Agreement and fails to cure such breach within thirty (30) days following receipt of written notice describing the breach in reasonable detail.

7.4 Termination by Provider for Material Breach

Provider may terminate this Agreement if Client materially breaches this Agreement and fails to cure such breach within fourteen (14) days following receipt of written notice.

7.5 Force Majeure Termination

Either Party may terminate this Agreement if performance becomes objectively impossible due to circumstances beyond its reasonable control and such circumstances continue for a prolonged period that materially prevents performance of this Agreement.

Any fees, charges, and obligations accrued prior to termination shall remain payable.

7.6 Effect of Termination

Upon termination or expiration of this Agreement:

(a) Client's right to access and use the Services shall immediately cease;

(b) Provider may disable or remove access credentials, API keys, and related access mechanisms;

(c) Client shall remain responsible for all fees, charges, and obligations accrued prior to the effective date of termination; and

(d) Sections intended to survive termination shall remain in effect in accordance with their terms.

7.7 Cancellation Requests

A request by Client to cancel, discontinue, deactivate, or stop using the Services shall not relieve Client of its contractual obligations under this Agreement, including any applicable minimum subscription commitment, renewal obligations, accrued fees, or amounts payable under Section 8.

7.8 No Refund Upon Termination

Except where expressly required by Applicable Law or expressly provided in this Agreement, termination, cancellation, suspension, non-use of the Services, or closure of an Account shall not entitle Client to any refund, credit, or reimbursement of fees previously paid or owed.

8. Early Termination & Liquidated Damages

8.1

Client acknowledges and agrees that Provider's pricing, resource allocation, onboarding efforts, infrastructure planning, support commitments, and commercial terms are based upon Client's commitment to the minimum subscription term specified in Section 5.

8.2 Liquidated Damages

If Client terminates this Agreement for convenience, cancels the Services, closes its Account, ceases using the Services, or otherwise attempts to discontinue the contractual relationship prior to the expiration of the then-current subscription term, Client shall pay liquidated damages equal to the subscription fees that would have become payable during the remainder of the applicable term.

Such liquidated damages shall be capped at six (6) months of the then-current recurring subscription fees.

8.3

The Parties acknowledge and agree that:

(a) the actual damages likely to be suffered by Provider as a result of early termination would be difficult to determine with precision;

(b) the liquidated damages set forth in this Section represent a reasonable and genuine pre-estimate of Provider's anticipated losses; and

8.4

Payment of liquidated damages shall not relieve Client of responsibility for any other fees, charges, usage costs, taxes, or obligations accrued prior to the effective date of termination.

8.5 Exceptions

Liquidated damages shall not apply where:

(a) Client terminates this Agreement due to Provider's uncured material breach pursuant to Section 7.3;

(b) Client terminates this Agreement pursuant to Section 16.5 following rejection of revised pricing; or

In such circumstances, Client shall remain responsible only for fees and obligations accrued through the effective date of termination.

8.6

For the avoidance of doubt, a reduction in usage, suspension of activity, deactivation of wallets, removal of API integrations, non-use of the Services, or closure of Client's internal operations shall not by itself terminate this Agreement or eliminate Client's obligations under this Section.

9. API Access, Third-Party Applications & Acceptable Use

9.1

The Services may be accessed through Provider's website, dashboards, APIs, integrations, software tools, and other interfaces made available by Provider.

Client may access and use the Services directly and/or through Client Applications.

9.2

Access to APIs, integrations, blockchain networks, features, functionality, and system resources may be subject to usage limits, rate limits, fair use policies, technical restrictions, Subscription Plan limitations, or other operational controls established by Provider.

If Client exceeds applicable limits, Provider may throttle requests, restrict access, impose additional fees, require a Subscription Plan upgrade, or take other reasonable measures to protect the Services.

9.3

Client remains solely responsible for the development, operation, maintenance, configuration, security, compliance, performance, and use of all Client Applications.

Provider shall have no responsibility or liability for any Client Application or any actions, transactions, instructions, data, or activities initiated through a Client Application.

9.4

Provider may modify, update, replace, suspend, deprecate, or discontinue APIs, API endpoints, integrations, protocols, blockchain network support, or other technical components of the Services.

Provider will use commercially reasonable efforts to provide advance notice of materially breaking changes where reasonably practicable.

9.5 Prohibited Uses

Client shall not, and shall not permit any third party to:

(a) reverse engineer, decompile, disassemble, copy, modify, or attempt to derive source code from the Services except to the extent expressly permitted by Applicable Law;

(b) interfere with, disrupt, impair, damage, overload, or compromise the Services or Provider's systems;

(d) use automated tools, scraping technologies, bots, crawlers, or similar technologies for competitive analysis, benchmarking, or unauthorized data collection;

(e) introduce malware, viruses, ransomware, malicious code, or other harmful software into the Services;

(f) use the Services in connection with unlawful, fraudulent, deceptive, prohibited, or sanctioned activities;

(g) use the Services in a manner that violates Applicable Law or the rights of any third party;

(h) attempt to gain unauthorized access to any account, system, infrastructure, network, or data belonging to Provider or another customer; or

(i) use the Services in any manner that could reasonably be expected to impair the security, stability, integrity, or availability of the Services.

9.6

Provider reserves the right to investigate suspected violations of this Section and may suspend, restrict, or terminate access to the Services where Provider reasonably determines that a violation has occurred or may occur.

9.7

Client is solely responsible for ensuring that its use of the Services, including any transactions, Digital Assets, wallet infrastructure, workflows, Client Applications, or integrations, complies with all Applicable Law.

10. Intellectual Property

10.1 Ownership of Services

Provider and its licensors retain all rights, title, and interest in and to the Services, including all software, APIs, dashboards, interfaces, documentation, designs, content, trademarks, service marks, logos, technology, source code, object code, inventions, know-how, trade secrets, and other intellectual property rights associated with the Services.

Except for the limited rights expressly granted under this Agreement, no rights are transferred or granted to Client.

10.2 Limited License

Subject to Client's compliance with this Agreement and payment of applicable fees, Provider grants Client a limited, non-exclusive, non-transferable, non-sublicensable, and revocable right to access and use the Services solely for Client's internal business purposes during the applicable subscription term.

10.3 Client Ownership

As between the Parties, Client retains ownership of its data, information, configurations, wallet information, transaction information, business records, and other materials provided, uploaded, submitted, or generated by Client through its use of the Services.

10.4 Feedback

If Client provides suggestions, feedback, recommendations, enhancement requests, feature requests, comments, or other input relating to the Services, Provider may use, modify, incorporate, disclose, commercialize, and otherwise exploit such feedback without restriction and without any obligation to Client.

10.5 Reservation of Rights

All rights not expressly granted to Client under this Agreement are reserved by Provider and its licensors.

11. Confidentiality

11.1 Confidentiality Obligations

Each Party shall protect the other Party's Confidential Information using at least a reasonable degree of care and shall not disclose, use, copy, distribute, or make available such Confidential Information except as permitted by this Agreement.

11.2 Permitted Use

A receiving Party may use Confidential Information solely for purposes of exercising its rights and performing its obligations under this Agreement.

11.3 Permitted Disclosures

A receiving Party may disclose Confidential Information:

(a) to its employees, contractors, professional advisors, auditors, service providers, and representatives who have a legitimate need to know such information and who are bound by confidentiality obligations;

(b) where required by Applicable Law, court order, governmental authority, or regulatory requirement; or

11.4 Exclusions

Confidential Information does not include information that:

(a) is or becomes publicly available through no breach of this Agreement;

(b) was lawfully known to the receiving Party prior to disclosure;

(d) is independently developed without use of or reference to the disclosing Party's Confidential Information.

11.5 Compelled Disclosure

Where legally permitted, a Party required to disclose Confidential Information shall use commercially reasonable efforts to provide advance notice to the other Party and cooperate in seeking confidential treatment or protective measures.

11.6 Survival

The obligations set forth in this Section shall survive termination or expiration of this Agreement for a period of five (5) years, except with respect to trade secrets, which shall remain protected for so long as they remain trade secrets under Applicable Law.

12. Provider Obligations, Security & Data Protection

12.1

Provider shall operate the Services in a professional and commercially reasonable manner consistent with generally accepted practices for software-as-a-service providers.

12.2

Provider shall maintain commercially reasonable administrative, technical, organizational, and security measures designed to protect the confidentiality, integrity, and availability of the Services.

Such measures may include access controls, authentication mechanisms, encryption technologies, monitoring systems, logging, incident response procedures, and other safeguards determined by Provider to be appropriate based on the nature of the Services.

12.3 Data Security Incident

In the event of a Data Security Incident affecting Provider-controlled systems and resulting in unauthorized access to Client Confidential Information or personal data, Provider shall notify Client without undue delay after becoming aware of such incident, subject to legal, regulatory, law enforcement, or security-related restrictions.

12.4 Privacy

Provider's collection, use, processing, disclosure, retention, and protection of personal data shall be governed by Provider's Privacy Policy, as amended from time to time.

Where Provider processes personal data on behalf of Client as a processor or sub-processor, such processing is governed by Provider's Data Processing Addendum, which is incorporated into and forms part of this Agreement.

12.5 Clarification Regarding Data and Digital Assets

Client acknowledges and agrees that Provider does not store, custody, possess, control, administer, process, or manage Client Digital Assets, private keys, seed phrases, recovery phrases, recovery materials, or Client-controlled signing components.

Provider processes only such account information, operational information, usage information, support information, technical information, and metadata as may be reasonably necessary to provide, maintain, secure, support, improve, and administer the Services.

12.6 Insolvency Clarification

Client Digital Assets are never held, owned, possessed, controlled, or administered by Provider and do not form part of Provider's assets, estate, property, or insolvency estate.

In the event of Provider's insolvency, bankruptcy, liquidation, restructuring, administration, receivership, or similar proceeding, Client Digital Assets shall not be subject to claims by Provider's creditors, insolvency practitioners, administrators, receivers, trustees, or similar parties.

12.7 No Security Guarantee

While Provider implements commercially reasonable security measures, Provider does not warrant or guarantee that the Services will be free from vulnerabilities, interruptions, unauthorized access, cyberattacks, malicious actors, software defects, or other security incidents.

Client acknowledges that no system, software, infrastructure, network, blockchain, or security control can be completely secure.

12.8 Security Cooperation

Client shall cooperate with Provider regarding any actual or suspected security incident, unauthorized access event, abuse of the Services, vulnerability disclosure, or investigation relating to the security, integrity, or availability of the Services.

13. Warranties & Disclaimers

13.1 Client Warranties

Client represents and warrants that:

(a) it has the legal capacity, authority, and right to enter into and perform its obligations under this Agreement;

(b) the individual accepting this Agreement is authorized to act on behalf of and bind the Client;

(d) Client will not use the Services in connection with unlawful, fraudulent, prohibited, or sanctioned activities;

(e) Client is solely responsible for determining and complying with any legal, regulatory, tax, licensing, reporting, financial services, anti-money laundering, sanctions, or other obligations applicable to its business, activities, Digital Assets, customers, or transactions; and

(f) all information provided by Client during registration, onboarding, subscription, payment, and use of the Services is accurate and complete.

13.2 Provider Warranties

Provider represents and warrants that:

(a) it is duly organized, validly existing, and in good standing under the laws of the Republic of Bulgaria;

(b) it has the legal authority to enter into and perform its obligations under this Agreement; and

(c) it will provide the Services in a professional and commercially reasonable manner consistent with generally accepted practices for software-as-a-service providers.

13.3 Disclaimer of Warranties

EXCEPT AS EXPRESSLY PROVIDED IN THIS AGREEMENT, THE SERVICES ARE PROVIDED ON AN "AS IS" AND "AS AVAILABLE" BASIS.

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, PROVIDER DISCLAIMS ALL WARRANTIES, REPRESENTATIONS, CONDITIONS, AND GUARANTEES OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE, INCLUDING ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, NON-INFRINGEMENT, ACCURACY, RELIABILITY, OR UNINTERRUPTED AVAILABILITY.

13.4 No Advice

Provider does not provide financial, investment, trading, tax, legal, accounting, compliance, regulatory, custody, fiduciary, or other professional advice.

Any information, documentation, communications, support, guidance, examples, technical assistance, or materials provided by Provider are for informational purposes only.

Client is solely responsible for determining the suitability of the Services for its intended purposes.

13.5 Regulatory Non-Reliance

Client acknowledges and agrees that it has not relied, and will not rely, upon Provider for any legal, regulatory, tax, accounting, compliance, licensing, sanctions, anti-money laundering, financial services, custody, or Digital Asset-related determination.

Client remains solely responsible for obtaining its own professional advice and for determining the legal and regulatory treatment of its activities, transactions, Digital Assets, products, services, and business operations.

13.6 No Warranty Regarding Blockchain Networks

Provider does not warrant, guarantee, or represent that any blockchain network, protocol, validator, bridge, smart contract, token, Digital Asset, third-party integration, infrastructure provider, or related technology will operate without interruption, delay, error, vulnerability, exploit, attack, failure, loss, or change.

Provider shall have no responsibility for the performance, availability, security, functionality, governance, operation, or continued existence of any such third-party systems or technologies.

14. Indemnification & Limitation of Liability

14.1 Client Indemnification

Client shall defend, indemnify, and hold harmless Provider and its affiliates, directors, officers, employees, contractors, agents, successors, and assigns from and against any third-party claims, actions, proceedings, damages, losses, liabilities, penalties, fines, costs, and expenses (including reasonable legal fees) arising out of or relating to:

(a) Client's use of the Services;

(b) Client Applications;

(d) Client's breach of this Agreement;

(e) Client's violation of Applicable Law; or

(f) any claim that Client's data, content, instructions, activities, or use of the Services infringes, misappropriates, or otherwise violates the rights of a third party.

14.2 Exclusion of Certain Damages

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, PROVIDER SHALL NOT BE LIABLE FOR ANY:

(a) LOST PROFITS;

(b) LOST REVENUE;

(d) LOSS OF GOODWILL;

(e) LOSS OF DATA;

(f) LOSS OF USE;

(g) LOSS OF DIGITAL ASSETS;

(h) DIMINUTION IN VALUE OF DIGITAL ASSETS;

(i) BUSINESS INTERRUPTION;

(j) SPECIAL, INCIDENTAL, INDIRECT, EXEMPLARY, PUNITIVE, OR CONSEQUENTIAL DAMAGES;

WHETHER ARISING IN CONTRACT, TORT, NEGLIGENCE, STRICT LIABILITY, STATUTE, OR OTHERWISE, EVEN IF PROVIDER HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

14.3 Liability Cap

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, PROVIDER'S TOTAL AGGREGATE LIABILITY ARISING OUT OF OR RELATING TO THIS AGREEMENT OR THE SERVICES SHALL NOT EXCEED THE TOTAL FEES ACTUALLY PAID BY CLIENT TO PROVIDER DURING THE TWELVE (12) MONTHS IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO THE CLAIM.

14.4 Exceptions

Nothing in this Agreement shall limit or exclude liability to the extent such limitation or exclusion is prohibited by Applicable Law, including liability arising from:

(a) fraud;

(b) fraudulent misrepresentation; or

14.5 Exclusion of Market, Protocol, and Digital Asset Losses

Provider shall have no liability whatsoever for any losses, damages, liabilities, claims, or expenses arising from or relating to:

(a) market movements;

(b) volatility in the value of Digital Assets;

(d) protocol failures;

(e) validator failures;

(f) smart contract vulnerabilities or exploits;

(g) bridge failures or exploits;

(h) blockchain reorganizations, forks, or network disruptions;

(i) third-party hacks, compromises, attacks, or exploits; or

(j) any increase, decrease, fluctuation, impairment, or loss in the value of Digital Assets.

14.6 No Liability for Client-Controlled Security Components

Provider shall have no liability for any loss, compromise, destruction, corruption, theft, unauthorized access, misuse, or unavailability of private keys, key shares, recovery phrases, recovery materials, authentication devices, backup files, credentials, or other security components that are controlled, maintained, stored, or managed by Client or any third party acting on Client's behalf.

14.7 Basis of the Bargain

The Parties acknowledge and agree that the limitations, exclusions, disclaimers, and allocations of risk contained in this Agreement form an essential basis of the bargain between the Parties and have been taken into account in determining the pricing and availability of the Services.

15. Notices

15.1 Electronic Notices

Client agrees that Provider may deliver notices, communications, disclosures, invoices, security alerts, service announcements, legal notices, and other information relating to the Services electronically.

Such notices may be delivered by email, through the Client Account, through the Services, through the Provider website, or through other electronic means reasonably designated by Provider.

15.2 Deemed Receipt

Unless otherwise required by Applicable Law, notices shall be deemed received:

(a) immediately when delivered through the Client Account or Services;

(b) when sent by email to the email address associated with the Client Account; or

(c) when published on Provider's website where the notice relates generally to the Services or Provider's legal documentation.

15.3 Client Contact Information

Client is solely responsible for maintaining accurate and current contact information, including email addresses and billing information.

Provider shall not be responsible for any failure by Client to receive notices due to inaccurate, outdated, inaccessible, blocked, or inactive contact information.

15.4 Notices to Provider

Unless otherwise specified by Provider, notices relating to this Agreement shall be sent to:

Vaultody Ltd.
Sofia, Studentski grad, Doctor Yordan Yosifov str., 1A
Republic of Bulgaria

Email: [email protected]

Provider may update its contact details from time to time by publishing updated information on its website.

15.5 Legal Process

Nothing in this Section shall prevent either Party from serving legal process, court documents, regulatory requests, or other legally required communications in any manner permitted by Applicable Law.

16. Price Changes

16.1 Future Pricing Changes

Provider reserves the right to modify pricing, fees, usage limits, billing structures, Subscription Plans, feature allocations, support offerings, and other commercial terms applicable to future subscription terms.

Any such changes shall apply prospectively and shall not affect fees already invoiced, accrued, or paid for the then-current subscription term, except as expressly provided in this Agreement.

16.2 Non-Retroactivity

Provider shall not retroactively increase fees that have already been invoiced, accrued, or paid for the then-current subscription term.

Any approved pricing changes shall apply only to future billing periods or future subscription terms.

16.3 Currency Changes

Provider may modify the currency in which the Services are priced, billed, or invoiced.

Any such change shall apply prospectively only and Provider shall use a commercially reasonable conversion methodology based upon a reputable published exchange rate source.

16.4 Mid-Term Changes Required by External Factors

Provider may modify pricing, fees, or commercial terms during an active subscription term where reasonably necessary as a result of:

(a) changes in Applicable Law;

(b) regulatory requirements;

(d) material increases in third-party costs;

(e) significant changes in infrastructure costs;

(f) material changes to the Services; or

(g) circumstances beyond Provider's reasonable control.

Provider will use commercially reasonable efforts to provide advance notice of any such changes.

16.5 Right to Reject Revised Pricing

If Client does not agree to a pricing change implemented pursuant to Section 16.4, Client may terminate the affected subscription before the revised pricing takes effect by providing written notice to Provider.

In such circumstances:

(a) the pricing change shall not apply to Client;

(b) liquidated damages under Section 8 shall not apply; and

17. Miscellaneous

17.1 Publicity

Client shall not issue, publish, distribute, or make any public statement, press release, marketing material, announcement, or communication that references Provider, the Services, or any relationship between the Parties without Provider's prior written consent.

Nothing in this Section restricts either Party from making disclosures required by Applicable Law.

17.2 Entire Agreement

This Agreement, together with any policies, legal documents, pricing information, Subscription Plan terms, and other documents expressly incorporated by reference, constitutes the entire agreement between Provider and Client regarding the Services and supersedes all prior or contemporaneous discussions, communications, proposals, understandings, or agreements relating to the subject matter of this Agreement.

17.3 Amendments

Provider may modify this Agreement from time to time.

Material changes shall become effective upon the date specified in the updated version of the Agreement.

Provider will use commercially reasonable efforts to provide advance notice of material changes.

Continued access to or use of the Services following the effective date of an updated Agreement constitutes acceptance of the revised Agreement.

If Client does not agree to a material change, Client may discontinue use of the Services and exercise any rights expressly provided under this Agreement.

17.4 Assignment

Client may not assign, transfer, delegate, sublicense, or otherwise dispose of any rights or obligations under this Agreement without Provider's prior written consent.

Provider may assign, transfer, or novate this Agreement in connection with a merger, acquisition, corporate reorganization, financing transaction, or sale of all or substantially all of its assets or business.

17.5 Severability

If any provision of this Agreement is determined to be invalid, unlawful, unenforceable, or ineffective, such provision shall be modified and enforced to the minimum extent necessary to achieve its intended purpose, and the remaining provisions shall remain in full force and effect.

17.6 Survival

Any provisions that by their nature should survive termination or expiration of this Agreement shall survive, including without limitation provisions relating to:

(a) fees and payment obligations;

(b) confidentiality;

(d) limitation of liability;

(e) intellectual property rights;

(f) dispute resolution; and

(g) any other provisions intended to survive termination.

17.7 No Partnership or Agency

Nothing in this Agreement shall be construed as creating any partnership, joint venture, agency, fiduciary relationship, employment relationship, franchise relationship, or similar relationship between the Parties.

Neither Party has authority to bind, represent, or create obligations on behalf of the other Party.

17.8 Waiver

No failure or delay by either Party in exercising any right, remedy, power, or privilege under this Agreement shall operate as a waiver thereof.

Any waiver must be in writing and shall apply only to the specific matter expressly identified.

17.9 Governing Law and Jurisdiction

This Agreement shall be governed by and construed in accordance with the laws of the Republic of Bulgaria, without regard to conflict of law principles.

Any dispute, claim, controversy, or proceeding arising out of or relating to this Agreement or the Services shall be subject to the exclusive jurisdiction of the competent courts of Sofia, Bulgaria.

17.10 Electronic Records

Client agrees that electronic records maintained by Provider relating to registration, onboarding, account creation, acceptance of legal documents, subscriptions, payments, renewals, notices, and use of the Services shall be admissible as evidence and may be relied upon to demonstrate Client's acceptance of and compliance with this Agreement.

17.11 Order of Precedence

In the event of any conflict or inconsistency between this Agreement and any policy, legal document, pricing information, Subscription Plan terms, or other document incorporated by reference, this Agreement shall prevail with respect to the Services, subscription obligations, fees, liability, termination, non-custodial status, and contractual rights and obligations, unless this Agreement expressly states otherwise.

The Privacy Policy shall govern personal data processed by Provider as a controller. The Data Processing Addendum shall govern, and prevail with respect to, personal data processed by Provider as a processor or sub-processor on behalf of Client.

The Electronic Signature Consent shall govern electronic signatures, electronic records, and electronic communications to the extent not inconsistent with this Agreement.

The Data Security Policy shall govern the operational security measures described therein to the extent not inconsistent with this Agreement.

The Subscription & Cancellation Policy and Complaints & Dispute Policy are provided for transparency and operational guidance and shall not override this Agreement.