ezyshield Platform Terms and Conditions

EZYSHIELD OPERATIONS PTY LTD (ABN 75 698 667 720) (ezyshield)

Version 1.2 | Effective date: 4 June 2026

These Terms and Conditions constitute a legally binding agreement between EZYSHIELD OPERATIONS PTY LTD (ezyshield) and the Customer. The individual accepting these Terms warrants that they have authority to bind the Customer entity.

Table of Contents

1. Definitions and Interpretation
2. Platform Access and Licence
3. API Rate Limits and Service Availability
4. Acceptable Use 4A. Intent to Pay Warranty 4B. CoP Audit Obligations and Responsibility for Underlying Payment Records 4C. Third-Party Services and Dependencies
5. Liability Gate - Bypassed Verification Checks
6. Pricing and Payment
7. GST
8. Liability Cap and Exclusions 8A. Customer Indemnity
9. Data Handling, Privacy and Security
10. Confidentiality
11. Intellectual Property
12. Termination
13. Force Majeure
14. Disputes
15. Amendments
16. General Provisions

Exhibit A - Pricing Schedule

1. Definitions and Interpretation

1.1 Definitions

In these Terms and Conditions, unless the context otherwise requires:

“Agreement” means these Terms and Conditions together with any Order Form executed by the parties, as amended from time to time in accordance with clause 15.

“API” means the ezyshield application programming interface, including all associated documentation, endpoints, and integration specifications made available to the Customer.

“API Call” means a single programmatic request transmitted by the Customer or an Authorised User to the Platform via the API.

“AP+ CoP Scheme Rules” means the Confirmation of Payee scheme rules and associated guidance published by Australian Payments Plus (AP+) from time to time, including the guidance issued by AP+ on 11 March 2026 relating to the intent-to-pay requirement for CoP Lookups.

“APPs” means the Australian Privacy Principles set out in Schedule 1 to the Privacy Act 1988 (Cth).

“AML” means anti-money laundering obligations as defined under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth).

“Authorised User” means any employee, contractor, officer or agent of the Customer who is authorised by the Customer to access and use the Platform on the Customer’s behalf.

“Batch Check” means a pre-payment verification check applied across batch payment file formats including ABA, CSV and ISO 20022 XML formats.

“Biometric (BYO) Verification” means the verification mode under which the Customer provides a trusted identity from an existing KYC provider and ezyshield performs biometric re-checking only, as further described in the Platform documentation.

“Business Day” means a day that is not a Saturday, Sunday or public holiday in Queensland, Australia.

“Check” means either an Individual Check or a Batch Check, as the context requires.

“Commencement Date” means the date on which the Customer accepts these Terms and Conditions by clicking “I Accept” or otherwise accessing the Platform.

“Confidential Information” means all non-public information disclosed by one party (Disclosing Party) to the other party (Receiving Party) in connection with this Agreement, whether disclosed orally, in writing, electronically or by any other means, that is designated as confidential or that reasonably should be understood to be confidential given the nature of the information and circumstances of disclosure, including but not limited to: technical specifications, pricing information, business strategies, customer data, source code, API credentials, and verification records. Confidential Information does not include information that: (a) is or becomes publicly known through no breach of this Agreement; (b) was rightfully known by the Receiving Party before disclosure; (c) is rightfully received from a third party without restriction; or (d) is independently developed by the Receiving Party without reference to the Confidential Information.

“CoP Audit Request” means any request, inquiry, investigation, notice or requirement from a Regulator, auditor, Banking Circle, AP+, or any other third party with authority to require production of records in connection with the Customer’s CoP Lookups or compliance with the AP+ CoP Scheme Rules.

“CoP Log” means the immutable, timestamped record created and maintained by ezyshield in the Platform database upon each CoP Lookup, recording the Customer identifier, the date and time of the CoP Lookup, the payee account details verified, and the payment-purpose tag associated with the lookup.

“CoP Lookup” means (also known as “Confirmation of Payee Lookup”) any verification of a payee’s account name and account details initiated by the Customer or an Authorised User through the ezyshield Platform, whether via the ezyshield application user interface or via the API, that constitutes or gives rise to a Confirmation of Payee query under the AP+ CoP Scheme Rules or any successor scheme.

“Customer” means the entity or individual who accepts these Terms and Conditions by clicking “I Accept” or otherwise accessing the Platform, as identified at registration.

“Customer Data” means all data, information and records submitted, uploaded, transmitted or otherwise provided by the Customer or Authorised Users to the Platform, including but not limited to account-holder information, payment instruction data, and verification outcomes.

“End-Customer” means an individual account-holder or third party whose identity or payment activity is verified through the Platform on behalf of the Customer.

“Exhibit A” means the Pricing Schedule attached to this Agreement and incorporated herein by reference, setting out the applicable rates for each Platform service.

“Force Majeure Event” has the meaning given in clause 13.1.

“GST” has the meaning given in the A New Tax System (Goods and Services Tax) Act 1999 (Cth).

“Indemnified Parties” has the meaning given in clause 4B.6.

“Individual Check” means a fingerprint pre-payment check against a Verification Record in respect of a single payment transaction.

“Intended Payment” means a payment that the Customer intends to make to the relevant payee, either at the time the CoP Lookup is initiated or at a future time in connection with the verified contact or account, consistent with the AP+ CoP Scheme Rules.

“KYC Verification” means the full government identity verification mode, including biometric face scan and ongoing AML, PEP and sanctions screening, as further described in the Platform documentation.

“Licence” has the meaning given in clause 2.1.

“Loss” means any loss, damage, liability, cost, charge, expense, outgoing or payment of any kind, whether direct or indirect, including legal costs on a solicitor-client basis and disbursements.

“Order Form” means any written or electronic order, statement of work or engagement document executed by both parties referencing this Agreement.

“Payment Records” means the transaction records, payment instruction records, ledger entries, bank statements, or other financial records held by the Customer that evidence the existence of an Intended Payment associated with each CoP Lookup.

“PEP” means a politically exposed person as defined under applicable AML legislation.

“Personal Information” has the meaning given in the Privacy Act 1988 (Cth).

“Platform” means ezyshield’s online payment verification and fraud prevention software-as-a-service platform, including the API, web portal, dashboards, verification engine, biometrics infrastructure, and all related services, tools and documentation made available by ezyshield to the Customer under this Agreement.

“Platform Failure” means a demonstrable malfunction, outage or error originating within the Platform itself that causes the Platform to operate materially contrary to its published specifications, and does not include: (a) any failure arising from the Customer bypassing a Verification Check; (b) third-party fraud, identity theft or deception directed at the Customer’s systems or personnel; (c) Customer error or misconfiguration; (d) any act, omission, outage or error of a Third-Party Provider; or (e) Force Majeure Events.

“Pricing Schedule” means Exhibit A, as updated from time to time in accordance with clause 6.4.

“Queue” means the automated system by which API Calls exceeding the Rate Limit are buffered and processed in order of receipt without data loss.

“Rate Limit” has the meaning given in clause 3.1.

“Regulator” means AP+, ASIC, the Australian Prudential Regulation Authority (APRA), the Reserve Bank of Australia (RBA), the Australian Transaction Reports and Analysis Centre (AUSTRAC), Banking Circle, any other financial services regulator, or any other government authority or body with jurisdiction over the Customer’s use of the CoP functionality.

“Services” means all products, features and services made available by ezyshield to the Customer via the Platform, including KYC Verification, Biometric (BYO) Verification, Skip Mode verification, Individual Checks and Batch Checks.

“Skip Mode” means the verification mode under which no individual identity check is performed, and ezyshield’s fraud engine runs solely against the name on file, as further described in the Platform documentation.

“Term” means the period commencing on the Commencement Date and continuing until termination in accordance with clause 12.

“Third-Party Provider” has the meaning given in clause 4C.1.

“Verification Check” means any check, query or API Call submitted by the Customer to the Platform for the purpose of verifying a payment instruction, account-holder identity or transaction against a Verification Record, and includes Individual Checks and Batch Checks.

“Verification Record” means the immutable record created by the Platform upon completion of a Verification, against which subsequent Checks are matched.

“Verification” means the process by which the Platform creates a Verification Record for an account-holder or End-Customer, in accordance with the applicable verification mode selected by the Customer.

1.2 Interpretation

In this Agreement, unless the context otherwise requires:

(a) headings are for convenience only and do not affect interpretation;

(b) the singular includes the plural and vice versa;

(c) a reference to a clause or exhibit is a reference to a clause of, or exhibit to, this Agreement;

(d) a reference to a party includes that party’s successors and permitted assigns;

(e) “including” and similar expressions are not words of limitation;

(f) a reference to legislation includes any amendment, re-enactment or replacement of that legislation;

(g) where a word or phrase is given a defined meaning, any other grammatical form of that word or phrase has a corresponding meaning;

(h) a reference to a “person” includes an individual, company, partnership, trust, association, government or government body; and

(i) a reference to “dollars” or ”$” is a reference to Australian dollars.

2. Platform Access and Licence

2.1 Grant of Licence

Subject to the Customer’s compliance with this Agreement and payment of all applicable fees, ezyshield grants the Customer a non-exclusive, non-transferable, revocable licence during the Term to access and use the Platform solely for the Customer’s internal business purposes in connection with payment verification and fraud prevention (Licence).

2.2 Scope of Licence

The Licence does not permit the Customer to:

(a) sublicence, resell, transfer, assign or otherwise make the Platform available to any third party other than Authorised Users;

(b) use the Platform on behalf of any third party as a bureau or managed-service provider without ezyshield’s prior written consent;

(c) copy, modify, adapt, translate, reverse-engineer, decompile, disassemble or create derivative works of any part of the Platform or its underlying source code; or

(d) remove, alter or obscure any proprietary notices, branding, or labels on or within the Platform.

2.3 Authorised Users

The Customer is responsible for:

(a) ensuring that only Authorised Users access the Platform;

(b) maintaining the confidentiality of all API credentials, access tokens and passwords;

(c) promptly notifying ezyshield if any API credential or access token is compromised; and

(d) all acts and omissions of Authorised Users as if they were the acts and omissions of the Customer.

2.4 Account Registration

The Customer must provide accurate, current and complete information at registration and must promptly update that information if it changes. ezyshield may suspend or terminate access if registration information is found to be false, inaccurate or misleading.

2.5 Nature of the Service; No Financial Service

The Customer acknowledges and agrees that the Platform is an identity-verification and fraud-prevention software product. Neither ezyshield nor the Platform:

(a) holds, operates or controls any bank account, or holds, receives or deals with any client money or other property;

(b) processes, initiates, clears or settles any payment, funds transfer or other financial transaction;

(c) provides any financial product advice, deals in any financial product, provides any credit or credit reporting, or provides any other financial service within the meaning of the Corporations Act 2001 (Cth) or the National Consumer Credit Protection Act 2009 (Cth); or

(d) guarantees the identity, solvency or creditworthiness of any person or business.

The Platform provides information and verification outcomes that the Customer may use as one input into the Customer’s own payment, onboarding and fraud-prevention decisions. The Customer remains solely responsible for every payment decision it makes. Nothing in this Agreement constitutes the provision by ezyshield of a financial service, financial product or credit, and the Customer must not represent to any third party that it does.

3. API Rate Limits and Service Availability

3.1 Rate Limit

The Platform currently supports a default rate limit of one (1) API Call per second per Customer account (Rate Limit). This Rate Limit is a placeholder figure and may be adjusted by ezyshield from time to time on reasonable notice.

3.2 Queue Mechanism

API Calls that exceed the Rate Limit will not be rejected. They will be automatically placed in the Queue and processed sequentially in order of receipt. The Customer acknowledges and agrees that:

(a) queued API Calls may experience processing delays proportional to queue depth;

(b) ezyshield does not guarantee any specific processing time for queued API Calls; and

(c) the Customer is responsible for designing its systems and workflows to accommodate the Rate Limit and potential Queue delays.

3.3 No Service Level Agreement

ezyshield does not provide any service level agreement (SLA), uptime guarantee, availability commitment or response time guarantee in connection with the Platform or any Services. The Platform is provided on a commercially reasonable efforts basis. The Customer acknowledges that:

(a) the Platform may be unavailable from time to time due to maintenance, upgrades, third-party outages or other factors;

(b) ezyshield will use reasonable endeavours to minimise unplanned downtime and to provide advance notice of planned maintenance windows where practicable; and

(c) ezyshield has no liability to the Customer for any loss or damage arising from Platform unavailability, except to the extent caused by a Platform Failure and subject to the liability cap in clause 8.

3.4 High-Volume Usage

Customers requiring API Call volumes materially exceeding the Rate Limit on a sustained basis should contact ezyshield to discuss enterprise-grade throughput arrangements. Sustained high-volume usage beyond the Rate Limit that materially degrades Platform performance for other customers may constitute a breach of this Agreement.

3.5 Changes to the Platform; Early-Access Features

ezyshield may, from time to time, update, enhance, modify, add to or discontinue features or functionality of the Platform. Where a change is likely to materially and adversely affect the Customer’s use of the Platform, ezyshield will provide reasonable prior notice, and ezyshield will not materially reduce the core functionality for which the Customer is paying without offering the Customer a reasonable alternative or the right to terminate under clause 12.1.

Where ezyshield makes a feature available on an early-access, beta, preview or trial basis, that feature is provided on an “as is” basis, may be changed or withdrawn at any time without notice, is excluded from any availability expectation, and is used at the Customer’s own risk.

4. Acceptable Use

4.1 Permitted Use

The Customer must use the Platform solely for lawful payment verification, fraud prevention, identity verification and AML/PEP/sanctions screening purposes in accordance with this Agreement and all applicable laws.

4.2 Prohibited Use

The Customer must not use the Platform:

(a) for any purpose that is unlawful, fraudulent, deceptive or contrary to any applicable law or regulation in Australia or any other applicable jurisdiction;

(b) to process or submit data in respect of individuals without a lawful basis for doing so, including without all required consents, disclosures and authorities required under the Privacy Act 1988 (Cth) and the APPs;

(c) to transmit, store or process material that infringes the intellectual property rights of any third party;

(d) to introduce, transmit or distribute any malware, virus, worm, trojan horse, ransomware or other malicious code;

(e) to attempt to gain unauthorised access to any part of the Platform, ezyshield’s systems, or the data of any other customer;

(f) to conduct load testing, penetration testing, stress testing or vulnerability scanning of the Platform without ezyshield’s prior written consent;

(g) to scrape, crawl, data-mine or systematically extract data from the Platform other than via the authorised API;

(h) to circumvent or disable any security feature, fraud detection mechanism or access control forming part of the Platform;

(i) to use the Platform in a manner that could damage, disable, overburden or impair ezyshield’s infrastructure or the Platform’s availability to other customers; or

(j) for any purpose or in any manner not expressly authorised by this Agreement.

4.3 Compliance with Laws

The Customer is solely responsible for ensuring that its use of the Platform complies with all applicable laws and regulations, including but not limited to: the Privacy Act 1988 (Cth), the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth), the Australian Securities and Investments Commission Act 2001 (Cth), and all applicable financial services legislation. The Customer acknowledges that the Platform is a tool that supports, but does not discharge, the Customer’s own regulatory, AML/CTF, privacy and fraud-prevention obligations.

4.4 Suspension for Breach

ezyshield reserves the right to immediately suspend the Customer’s access to the Platform, without liability, if ezyshield reasonably believes the Customer is using the Platform in breach of clause 4.2 or in a manner that poses a material risk to the Platform, other customers or third parties. ezyshield will notify the Customer promptly of any such suspension and will reinstate access upon resolution of the breach to ezyshield’s reasonable satisfaction.

4.5 Transaction Legitimacy Warranty

The Customer warrants that each transaction it submits through the Platform is legitimate, and that it has undertaken all enquiries required to confirm that legitimacy.

4A. Intent to Pay Warranty

4A.1 Overview

The ezyshield Platform provides access to the Confirmation of Payee (CoP) scheme administered by Australian Payments Plus (AP+) through its banking infrastructure partner, Banking Circle. The AP+ CoP Scheme Rules impose an obligation on participants in the CoP scheme to ensure that CoP Lookups are initiated only for the purpose of making a payment. ezyshield enables Customers to access CoP functionality on the basis that Customers are and remain contractually bound to comply with this requirement.

4A.2 Intent-to-Pay Obligation

The Customer must ensure that every CoP Lookup initiated through the Platform, whether through the ezyshield application user interface or via the API, is made solely for the purpose of an Intended Payment. For the avoidance of doubt:

(a) a CoP Lookup satisfies the intent-to-pay obligation where the Customer intends, at the time of the CoP Lookup, to make a payment to the verified payee at that time or at a future time in connection with the verified contact or account;

(b) a CoP Lookup does not need to be immediately followed by an actual payment, provided the Customer holds a genuine intention to make an Intended Payment at the time the CoP Lookup is initiated; and

(c) a CoP Lookup is not permitted where the Customer does not hold a genuine intention to make an Intended Payment to the relevant payee, whether at the time of the lookup or at any future time in connection with that payee.

4A.3 Prohibited Uses of CoP Functionality

The Customer must not, and must ensure that Authorised Users do not, initiate a CoP Lookup for any purpose other than an Intended Payment. Without limiting the generality of the foregoing, the Customer must not use CoP Lookups for:

(a) general identity verification of individuals where no Intended Payment is contemplated;

(b) data harvesting, data enrichment, or the systematic collection of payee account information for any purpose unconnected to an Intended Payment;

(c) credit assessment, due diligence, or any other commercial or analytical purpose that does not involve an Intended Payment;

(d) testing or monitoring the Platform’s CoP functionality using live payee account details, other than as expressly permitted in writing by ezyshield; or

(e) any other purpose that would constitute a breach of the AP+ CoP Scheme Rules or any applicable law.

4A.4 UI Configuration Requirement

The Customer must configure its user interface and API integration such that every CoP Lookup can only be initiated by an Authorised User through a workflow or action that makes the payment purpose explicit at the point of initiation. Without limiting the foregoing:

(a) where CoP Lookups are initiated through a user interface, the Customer must ensure the primary call-to-action presented to the Authorised User at the point of initiating a CoP Lookup reads “Verify for Payment” or equivalent language that makes the intent to pay unambiguous at the point of action; and

(b) where CoP Lookups are initiated via the API, the Customer must ensure that its API integration and any downstream user interface through which the API call is triggered make the payment purpose explicit in a manner consistent with paragraph (a).

The Customer acknowledges that ezyshield may, from time to time, provide guidance on UI configuration requirements that reflect updates to the AP+ CoP Scheme Rules, and the Customer must implement any such guidance within a reasonable time of receipt.

4A.5 Warranty and Representation Regarding Authorised Users

The Customer warrants and represents that:

(a) it has informed all Authorised Users of the intent-to-pay obligation in clause 4A.2 and the prohibited uses in clause 4A.3, and has taken reasonable steps to ensure Authorised Users comply with those obligations;

(b) it has implemented, or will implement prior to enabling CoP Lookups, appropriate internal policies, procedures and training to ensure ongoing compliance by Authorised Users with this clause 4A; and

(c) it will promptly update its internal policies and user training if the AP+ CoP Scheme Rules are amended in a manner that affects the intent-to-pay requirement.

4A.6 Relationship to Acceptable Use

A breach of this clause 4A constitutes a breach of the Customer’s obligations under clause 4 (Acceptable Use). Without limiting ezyshield’s rights under clause 4.4 and clause 12 (Termination), a material or repeated breach of this clause 4A entitles ezyshield to:

(a) immediately suspend the Customer’s access to the CoP functionality, without affecting access to other Platform features; and

(b) terminate this Agreement in accordance with clause 12.2,

in each case without prejudice to ezyshield’s right to exercise the indemnity in clause 4B.6 of these Terms.

4B. CoP Audit Obligations and Responsibility for Underlying Payment Records

4B.1 ezyshield’s CoP Logging Obligation

ezyshield will maintain a CoP Log for each CoP Lookup initiated through the Platform. The CoP Log constitutes an immutable, timestamped platform-level record and is maintained as part of ezyshield’s core infrastructure. Each CoP Log entry records that the relevant Customer initiated a CoP Lookup tagged for the purpose of making a payment, consistent with clause 4A.2 and the AP+ CoP Scheme Rules.

The Customer acknowledges that:

(a) the CoP Log is a platform-level record. It records that the Customer initiated a CoP Lookup for a payment purpose, as required by the AP+ CoP Scheme Rules and this Agreement. It does not independently verify, record, or confirm that the Customer made, or ultimately proceeded with, an Intended Payment following the CoP Lookup;

(b) the CoP Log is immutable once created and cannot be amended, deleted or altered by the Customer, any Authorised User, or ezyshield; and

(c) ezyshield maintains the CoP Log at the customer and account level and not at the level of the Customer’s individual payment transactions.

4B.2 Step 1 - ezyshield’s Audit Obligation

In the event of a CoP Audit Request directed to or involving ezyshield, ezyshield’s obligation is limited to the following:

(a) ezyshield will produce, or make available for inspection, the CoP Log entries relevant to the CoP Audit Request, demonstrating that the relevant CoP Lookups were logged as payment-purposed at the platform level; and

(b) on production or provision of the relevant CoP Log entries to the requesting party, ezyshield’s audit obligation in respect of those CoP Lookups is discharged in full.

ezyshield is not required, under any circumstances, to produce, verify, obtain, or otherwise provide evidence of the Customer’s underlying Payment Records in connection with any CoP Audit Request. The CoP Log entries constitute ezyshield’s complete audit response.

4B.3 Step 2 - Customer’s Audit Obligation and Responsibility for Payment Records

The Customer is solely responsible for maintaining Payment Records sufficient to demonstrate, in response to any CoP Audit Request, that each CoP Lookup was associated with an actual or Intended Payment. Without limiting the generality of the foregoing:

(a) if any Regulator, auditor, Banking Circle, AP+, or other third party with authority to make a CoP Audit Request requires evidence of the actual underlying payment transaction or Intended Payment corresponding to any CoP Lookup, that obligation falls solely on the Customer. ezyshield is not responsible for, and cannot be compelled to produce, the Customer’s Payment Records;

(b) the Customer must maintain Payment Records in a manner that is sufficient to satisfy the requirements of any CoP Audit Request for the longer of:

(i) seven (7) years from the date of the relevant CoP Lookup; or

(ii) such period as is required by applicable law or the AP+ CoP Scheme Rules;

(c) the Customer must, upon receipt of any CoP Audit Request that may also affect ezyshield, promptly notify ezyshield in writing, providing reasonable details of the CoP Audit Request and the period of CoP Lookups to which it relates; and

(d) the Customer is solely responsible for all costs, expenses, and obligations arising from its response to a CoP Audit Request, including any obligation to engage with Regulators, AP+, or Banking Circle in connection with the Customer’s Payment Records.

4B.4 Step 3 - Customer Breach; ezyshield Not in Breach

If the Customer is unable to produce Payment Records evidencing an Intended Payment for any CoP Lookup when required to do so by a Regulator or other party with authority to make a CoP Audit Request:

(a) that inability constitutes a material breach by the Customer of clause 4A.2 (intent-to-pay obligation) and this clause 4B.3; and

(b) ezyshield is expressly not in breach of the AP+ CoP Scheme Rules, this Agreement, or any obligation to any third party by reason of the Customer’s failure to maintain or produce Payment Records, provided that ezyshield has discharged its obligation under clause 4B.2 by producing the relevant CoP Log entries.

The parties agree that the allocation of responsibility in this clause 4B reflects the distinct roles of ezyshield as a platform provider and the Customer as the party making CoP Lookups in connection with its own payment operations.

4B.5 Relationship to Liability Gate

The liability protection afforded to ezyshield under clause 5 (Liability Gate - Bypassed Verification Checks) and clause 8 (Liability Cap and Exclusions) applies equally to any claim, loss, fine, penalty, or liability arising from:

(a) the Customer’s failure to comply with the intent-to-pay obligation in clause 4A.2;

(b) the Customer’s failure to maintain or produce Payment Records in accordance with clause 4B.3; or

(c) any Regulator’s finding that the Customer’s CoP Lookups were not made in compliance with the AP+ CoP Scheme Rules,

and ezyshield’s aggregate liability to the Customer in connection with any such matter is subject to the cap in clause 8.3.

4B.6 Customer Indemnity - CoP Compliance

The Customer indemnifies ezyshield and its officers, directors, employees, agents, and subcontractors (Indemnified Parties) against any and all Loss suffered or incurred by any Indemnified Party arising from or in connection with:

(a) any breach by the Customer (or any Authorised User) of the intent-to-pay obligation in clause 4A.2 or the prohibited uses in clause 4A.3;

(b) any failure by the Customer to configure its user interface or API integration in accordance with clause 4A.4;

(c) any failure by the Customer to maintain or produce Payment Records in accordance with clause 4B.3;

(d) any CoP Audit Request directed wholly or partly to ezyshield in connection with the Customer’s CoP Lookups, to the extent that the Loss results from the Customer’s non-compliance with this clause 4B or clause 4A rather than from a Platform Failure; and

(e) any regulatory investigation, fine, penalty, sanction, or third-party claim (including any claim by AP+, Banking Circle, ASIC, or any other Regulator) arising from the Customer’s failure to comply with the AP+ CoP Scheme Rules in connection with its use of the Platform’s CoP functionality,

in each case whether or not such Loss was foreseeable by either party at the Commencement Date.

For the avoidance of doubt, the indemnity in this clause 4B.6 does not apply to Loss caused directly by a Platform Failure as defined in these Terms.

4B.7 Survival

The obligations in this clause 4B (including the Customer’s obligation to maintain Payment Records and the indemnity in clause 4B.6) survive termination or expiry of this Agreement for the period specified in clause 4B.3(b) or, if longer, for the period during which a CoP Audit Request remains pending or unresolved.

4C. Third-Party Services and Dependencies

4C.1 Dependencies

The Customer acknowledges that certain Platform functionality, including Confirmation of Payee, depends on services, infrastructure, scheme rules and data provided by third parties, including Australian Payments Plus (AP+), Banking Circle, financial institutions, identity and biometric verification providers, and cloud hosting providers (each a Third-Party Provider), and on the AP+ CoP Scheme Rules. ezyshield does not control, and is not responsible for, any Third-Party Provider.

4C.2 Changes to Third-Party Arrangements

ezyshield’s ability to provide CoP functionality and certain other Services depends on the continuation of its arrangements with, and the scheme rules, pricing, technical requirements and availability of, Third-Party Providers. If a Third-Party Provider varies, suspends or terminates its services, scheme rules, pricing or its arrangement with ezyshield, ezyshield may vary, suspend or withdraw the affected functionality on as much notice as is reasonably practicable in the circumstances, without liability to the Customer. Where such a change materially and adversely affects the core functionality for which the Customer is paying, the Customer’s sole remedy is to terminate this Agreement under clause 12.1.

4C.3 No Liability for Third-Party Providers

To the maximum extent permitted by law and subject to clause 8.6 (Consumer Guarantees), ezyshield is not liable for any Loss arising from or in connection with:

(a) the acts, omissions, outages, errors, suspensions or unavailability of any Third-Party Provider;

(b) the accuracy, completeness, currency or fitness for any purpose of any information, match result or verification outcome provided by, or sourced from, any Third-Party Provider or financial institution; or

(c) any change to, suspension of, or withdrawal of a Third-Party Provider’s services, pricing or scheme rules.

5. Liability Gate - Bypassed Verification Checks

5.1 Obligation to Run Verification Checks

The Customer acknowledges and agrees that the core fraud prevention function of the Platform depends on the Customer consistently running a Verification Check for every payment transaction in respect of which a Verification Record has been established.

5.2 No Liability for Bypassed Checks

ezyshield has no liability whatsoever to the Customer or any third party for any Loss, fraud, unauthorised payment, or adverse outcome arising from or in connection with any payment transaction for which the Customer or any Authorised User:

(a) failed to submit a Verification Check prior to payment authorisation;

(b) overrode, bypassed, disabled or circumvented the Verification Check process, whether manually or programmatically;

(c) approved a payment notwithstanding a failed, negative or flagged Verification Check result; or

(d) processed a payment outside the ezyshield Platform in a manner that prevented the Platform from conducting a Verification Check.

5.3 Customer Responsibility

The Customer is solely responsible for:

(a) configuring its payment systems and workflows to require a Verification Check before each outbound payment is authorised;

(b) ensuring Authorised Users do not override or bypass Verification Check requirements; and

(c) maintaining appropriate internal controls to enforce compliance with the payment verification workflow.

5.4 No Guarantee of Fraud Prevention

The Customer acknowledges that:

(a) the Platform is a fraud risk reduction tool and does not guarantee the detection or prevention of all fraudulent transactions;

(b) the effectiveness of the Platform depends on the Customer’s consistent use of Verification Checks and the accuracy of information submitted to the Platform; and

(c) ezyshield does not warrant that the Platform will detect all instances of fraud, identity theft, account takeover or payment diversion.

5.5 Accuracy of Verification Results

The Customer acknowledges and agrees that verification outcomes, match results and Verification Records provided by the Platform:

(a) are provided to support, but not to replace, the Customer’s own payment and fraud-prevention controls and due diligence;

(b) reflect information held by financial institutions, AP+, CoP infrastructure and other third-party data sources at the time of the relevant Check or CoP Lookup, the accuracy, completeness and currency of which ezyshield does not control; and

(c) must not be relied on by the Customer as the sole basis for any payment decision, nor represented to any third party as a guarantee of identity, account ownership or the legitimacy of any payment.

6. Pricing and Payment

6.1 Pricing Schedule

The fees payable by the Customer for the Services are set out in Exhibit A (Pricing Schedule) to this Agreement. Exhibit A is incorporated into this Agreement by reference. The Pricing Schedule sets out ezyshield’s standard subscription plans and any usage-based (including API) rates, together with any custom or enterprise pricing agreed in an Order Form. Where an Order Form sets out custom pricing for the Customer, that Order Form pricing prevails over the standard schedule. Pricing is governed by Exhibit A and any applicable Order Form, as updated from time to time in accordance with clause 6.4.

6.2 Invoicing and Payment

(a) The Customer will be invoiced monthly in arrears based on actual usage of the Platform in the preceding calendar month.

(b) Invoices are payable within fourteen (14) days of the invoice date, unless otherwise agreed in writing.

(c) All fees are quoted in Australian dollars, exclusive of GST.

(d) Payments must be made by the method nominated by ezyshield from time to time (including bank transfer or direct debit).

6.3 Late Payment

If the Customer fails to pay any invoice by the due date, ezyshield may:

(a) charge interest on the outstanding amount at the rate of 10% per annum, calculated daily from the due date until payment in full; and

(b) after providing five (5) Business Days’ written notice of the overdue amount, suspend the Customer’s access to the Platform until payment is received in full.

6.4 Pricing Changes

ezyshield may amend the Pricing Schedule by providing the Customer with not less than thirty (30) days’ written notice. If the Customer does not agree to the amended pricing, the Customer may terminate this Agreement in accordance with clause 12.2 without penalty, provided notice of termination is given before the amended pricing takes effect.

6.5 No Minimum Commitment

There is no minimum monthly spend, no minimum number of API Calls or Verifications, and no upfront commitment required. The Customer pays only for actual usage as recorded by the Platform.

6.6 Disputed Invoices

If the Customer disputes any invoice in good faith, the Customer must: (a) notify ezyshield in writing within seven (7) days of the invoice date, specifying in reasonable detail the basis for the dispute; and (b) pay the undisputed portion of the invoice by the due date. The parties will use reasonable endeavours to resolve any invoice dispute within fifteen (15) Business Days of receipt of the dispute notice.

7. GST

7.1 GST Exclusive

Unless expressly stated otherwise, all amounts payable under this Agreement are exclusive of GST.

7.2 GST Payable

If GST is imposed on any supply made under or in connection with this Agreement, the party making the supply (Supplier) may, in addition to any amount or consideration payable for that supply, recover from the party receiving the supply (Recipient) an additional amount equal to the GST payable on the supply. The Recipient must pay that additional amount at the same time and in the same manner as the consideration for the supply, subject to the Supplier providing a valid tax invoice.

7.3 Tax Invoices

Where ezyshield is registered for GST, ezyshield will issue tax invoices compliant with the A New Tax System (Goods and Services Tax) Act 1999 (Cth) for all taxable supplies made under this Agreement.

7.4 Adjustments

If the GST payable on a supply under this Agreement is recalculated for any reason, the parties will make corresponding adjustments to payments between them, and ezyshield will issue any necessary adjustment notes.

8. Liability Cap and Exclusions

8.1 Exclusion - Third-Party Fraud

ezyshield is not liable to the Customer or any third party for any Loss arising from or in connection with:

(a) fraud, identity theft, account takeover, payment diversion or other criminal or deceptive conduct by a third party directed at the Customer, its End-Customers or its payment systems;

(b) the Customer’s failure to run a Verification Check in accordance with clause 5; or

(c) the accuracy, completeness or currency of information or identity documents submitted by End-Customers or third parties for the purpose of Verification.

8.2 Exclusion - Consequential Loss

To the maximum extent permitted by applicable law, ezyshield excludes all liability to the Customer for any:

(a) indirect, consequential, incidental, special or punitive loss or damage;

(b) loss of profits, revenue or anticipated savings;

(c) loss of business opportunity or goodwill;

(d) loss, corruption or destruction of data (other than Customer Data held by ezyshield, which is addressed in clause 9); or

(e) business interruption loss,

whether arising in contract, tort (including negligence), under statute or otherwise, even if ezyshield has been advised of the possibility of such loss.

8.3 Aggregate Liability Cap

ezyshield’s total aggregate liability to the Customer for all claims arising under or in connection with this Agreement (including claims arising from Platform Failure) in any twelve (12) month period is limited to the greater of:

(a) the total fees paid by the Customer to ezyshield in the three (3) calendar months immediately preceding the event giving rise to the claim; or

(b) ten thousand Australian dollars (AUD $10,000).

8.4 Liability for Platform Failure

Subject to clauses 8.1, 8.2 and 8.3, ezyshield’s liability to the Customer is limited to direct Loss caused directly and solely by a Platform Failure that has been:

(a) reported by the Customer to ezyshield in writing with reasonable particularity; and

(b) investigated and confirmed by ezyshield as a Platform Failure.

8.5 Mitigation

Each party must take reasonable steps to mitigate any Loss it suffers in connection with this Agreement. ezyshield’s liability will be reduced to the extent that the Customer’s own acts or omissions, or those of its Authorised Users, contributed to the Loss.

8.6 Consumer Guarantees

Nothing in this Agreement excludes, restricts or modifies any guarantee, right or remedy under the Australian Consumer Law (Schedule 2 to the Competition and Consumer Act 2010 (Cth)) that cannot lawfully be excluded. Where the Australian Consumer Law applies to a supply of services that is not of a kind ordinarily acquired for personal, domestic or household use, ezyshield’s liability for failure to comply with a consumer guarantee is limited to re-supplying the services or paying the cost of having the services supplied again.

8.7 Platform Provided “As Is”

To the maximum extent permitted by law and subject to clause 8.6, the Platform and all Services are provided on an “as is” and “as available” basis. ezyshield excludes all warranties, representations, conditions and guarantees that are not expressly set out in this Agreement, whether express or implied by statute, custom or otherwise, including any implied warranty or guarantee of merchantability, fitness for a particular purpose, accuracy, or non-infringement. The Customer acknowledges that it has not relied on any representation, warranty or statement not expressly set out in this Agreement.

8A. Customer Indemnity

8A.1 General Indemnity

In addition to the indemnity in clause 4B.6, the Customer indemnifies ezyshield and the Indemnified Parties against any and all Loss suffered or incurred by any Indemnified Party arising from or in connection with:

(a) the Customer’s breach of this Agreement, including any breach of clause 2.5, clause 4 (Acceptable Use) or clause 9.3 (Customer’s Privacy Obligations);

(b) any use of the Platform by the Customer or an Authorised User in breach of any applicable law;

(c) any claim by an End-Customer or other third party arising from the Customer’s collection, use or disclosure of Personal Information, or from the Customer’s failure to obtain a consent, authority or notice required before submitting data to the Platform;

(d) any representation by the Customer to a third party of a verification outcome as a guarantee of identity, account ownership or payment legitimacy; and

(e) any Customer Data that infringes the intellectual property rights or other rights of a third party.

8A.2 Reduction for ezyshield’s Conduct

ezyshield’s entitlement to be indemnified under this clause 8A is reduced proportionally to the extent that the relevant Loss was caused or contributed to by ezyshield’s own negligence, wilful misconduct or breach of this Agreement.

9. Data Handling, Privacy and Security

ezyshield is an identity-verification and fraud-prevention software product. It handles personal information only to verify identities, businesses and payment instructions, and it does not process or settle payments or hold account balances. ezyshield manages all personal information in accordance with the Privacy Act 1988 (Cth) and the thirteen Australian Privacy Principles (APPs). This clause sets out how that information is collected, used, stored, secured, disclosed and retained.

9.1 Our Roles

The parties agree that:

(a) the Customer is the data controller of all Customer Data and Personal Information relating to End-Customers submitted to the Platform. The Customer determines the purposes and means of collection and bears primary responsibility for compliance with the Privacy Act 1988 (Cth) and the APPs in connection with the collection, use and disclosure of that data; and

(b) ezyshield is the data processor of that data, processing it on the Customer’s instructions and for the purpose of providing the Services under this Agreement.

9.2 Information ezyshield Handles

To provide the Services, ezyshield processes the following categories of Personal Information:

(a) identity information, including name, date of birth and contact details and, where an identity verification mode is used, information drawn from government-issued identity documents and biometric data used to confirm identity;

(b) business information, including ABN, ACN and related business details; and

(c) payment instruction information, including payee and payer account names, BSB and account numbers, used to verify a payment instruction.

ezyshield collects this information from the Customer and Authorised Users and, where an identity verification mode is used, directly from the relevant individual at the point of verification. Biometric data and identity-document data are sensitive information and are collected only with consent and only for the verification purpose for which they are provided. Given the verification purpose of the Platform, individuals generally cannot be dealt with anonymously or under a pseudonym.

9.3 How ezyshield Uses Information

ezyshield uses Personal Information only to provide and operate the Services, including identity and account verification, fraud prevention, and maintaining the audit and verification records described in this Agreement, and as otherwise required by law. ezyshield does not sell Personal Information, does not use End-Customer Personal Information submitted for verification for direct marketing, and does not use that information for any purpose unrelated to the Services without a lawful basis.

9.4 Government-Related Identifiers

Where the Platform uses a government-related identifier (for example, information from an identity document) to perform a verification requested by the Customer, ezyshield uses that identifier only for that verification purpose and does not adopt a government-related identifier as its own identifier of an individual.

9.5 Security of Information

ezyshield maintains technical, organisational and physical security measures appropriate to the sensitivity of the information it handles, including:

(a) encryption of Personal Information in transit and at rest;

(b) role-based access controls and least-privilege access, so that personnel and systems access information only as needed to provide the Services;

(c) network and application security controls, logging and monitoring; and

(d) an immutable, timestamped audit record of verification activity.

ezyshield reviews and updates these measures from time to time to reflect changes in risk and good industry practice.

9.6 Sub-Processors and Cross-Border Disclosure

ezyshield engages a limited number of specialist third-party service providers (sub-processors) to deliver parts of the Services, including identity and biometric verification and secure cloud hosting. Each sub-processor is engaged under written terms that require it to keep the information confidential, to protect it to a standard no less protective than this Agreement and the APPs, and to use it only to provide the relevant service to ezyshield.

Some sub-processors may store or process Personal Information outside Australia, including in jurisdictions such as the European Union whose data protection laws meet or exceed Australian requirements. Where Personal Information is disclosed to an overseas recipient, ezyshield complies with APP 8 and takes reasonable steps to ensure the recipient handles the information consistently with the APPs.

9.7 Data Location

Subject to clause 9.6, ezyshield uses commercially reasonable endeavours to store and process Customer Data and Personal Information within Australia.

9.8 Retention and Deletion

ezyshield retains Personal Information only for as long as it is needed for the purpose for which it was collected, or as required by law. In particular:

(a) verification and CoP records are retained for seven (7) years from the date of the relevant verification, or longer where required by law or the AP+ CoP Scheme Rules, to support the Customer’s audit and compliance obligations; and

(b) Customer Data is retained for the Term and is deleted or de-identified following termination in accordance with clause 12.5.

When Personal Information is no longer required for a permitted purpose, ezyshield destroys or de-identifies it.

9.9 Data Quality, Access and Correction

ezyshield takes reasonable steps to keep the Personal Information it holds accurate and up to date for the purpose for which it is used, noting that verification outcomes reflect third-party source data as described in clause 5.5. Because the Customer is the data controller, a request by an individual to access or correct their Personal Information is directed to and handled by the Customer, and ezyshield will assist the Customer to respond to such a request as reasonably required.

9.10 Data Breach Notification

ezyshield will notify the Customer without undue delay, and in any event within 72 hours, after becoming aware of any actual or reasonably suspected unauthorised access to, loss of, or disclosure of Customer Data or Personal Information that is likely to constitute an eligible data breach under the Notifiable Data Breaches scheme in the Privacy Act 1988 (Cth), and will cooperate reasonably with the Customer in assessing and responding to the breach.

9.11 Customer’s Privacy Obligations

The Customer warrants and undertakes that:

(a) it has a lawful basis under the Privacy Act 1988 (Cth) and the APPs for collecting, using and disclosing all Personal Information submitted to the Platform;

(b) it has provided all required privacy notices and obtained all required consents from End-Customers prior to submitting their Personal Information to the Platform;

(c) it will maintain a compliant privacy policy and will not instruct ezyshield to process Personal Information in a manner that would cause ezyshield to breach the APPs; and

(d) it will promptly notify ezyshield of any privacy-related complaint, investigation or regulatory inquiry that may affect ezyshield’s processing activities under this Agreement.

9.12 Verification Records

ezyshield maintains Verification Records as part of the Platform’s core fraud prevention functionality. The Customer acknowledges that Verification Records form part of the immutable audit chain of the Platform and may be retained by ezyshield in anonymised or aggregated form for fraud detection, AML compliance and product improvement purposes following termination, provided that no personally identifiable information of End-Customers is retained beyond the period required by law or specified in clause 12.5.

9.13 ezyshield Privacy Policy

ezyshield maintains and publishes a privacy policy at ezyshield.com.au describing how it manages personal information, consistent with APP 1. The Privacy Policy applies to ezyshield’s own collection of personal information and supplements this clause 9. In the event of any inconsistency between the Privacy Policy and this Agreement, this Agreement prevails to the extent of the inconsistency.

10. Confidentiality

10.1 Mutual Obligation

Each party (Receiving Party) agrees that it will:

(a) keep all Confidential Information of the other party (Disclosing Party) strictly confidential;

(b) not use the Disclosing Party’s Confidential Information for any purpose other than performing its obligations or exercising its rights under this Agreement;

(c) not disclose the Disclosing Party’s Confidential Information to any third party without the Disclosing Party’s prior written consent, except as permitted by clause 10.2; and

(d) protect the Disclosing Party’s Confidential Information using at least the same degree of care as it uses to protect its own confidential information, but in no case less than reasonable care.

10.2 Permitted Disclosures

The Receiving Party may disclose the Disclosing Party’s Confidential Information:

(a) to its employees, officers, directors, contractors, advisers and subcontractors who: (i) need to know the information for the purposes of this Agreement; and (ii) are bound by confidentiality obligations no less protective than those in this clause 10;

(b) to the extent required by applicable law, court order or the requirement of a regulatory authority, provided that the Receiving Party: (i) gives the Disclosing Party as much prior written notice as is reasonably practicable; (ii) cooperates with the Disclosing Party in seeking a protective order or other appropriate relief; and (iii) discloses only the minimum amount of Confidential Information required to comply with the legal obligation.

10.3 Return or Destruction

Upon request by the Disclosing Party, or upon termination of this Agreement, the Receiving Party will promptly return or (at the Disclosing Party’s election) securely destroy all documents and materials containing the Disclosing Party’s Confidential Information, and will certify in writing that it has done so if requested.

10.4 Survival

The obligations in this clause 10 survive termination of this Agreement for a period of five (5) years from the date of termination, and indefinitely in respect of trade secrets.

11. Intellectual Property

11.1 ezyshield Platform IP

The Customer acknowledges and agrees that:

(a) all intellectual property rights in and to the Platform, the API, the software underlying the Platform, the fraud detection engine, biometric infrastructure, algorithms, models, documentation, training data, Verification Records (in anonymised or aggregated form), and all improvements, enhancements, modifications and derivative works of the foregoing, vest exclusively in ezyshield and its licensors (Platform IP); and

(b) nothing in this Agreement transfers or assigns any ownership interest in the Platform IP to the Customer. The Customer’s rights are limited to the Licence granted under clause 2.1.

11.2 Customer Data Ownership

The Customer retains full ownership of all Customer Data submitted to the Platform. The Customer grants ezyshield a limited, non-exclusive, royalty-free licence to access, store, process and use Customer Data solely for the purpose of providing the Services under this Agreement and as otherwise permitted by this Agreement.

11.3 Feedback

If the Customer provides ezyshield with any suggestion, feedback, idea or recommendation regarding the Platform (Feedback), the Customer grants ezyshield a perpetual, irrevocable, royalty-free, worldwide licence to use and incorporate that Feedback into the Platform or any other ezyshield product without any obligation of attribution, compensation or confidentiality to the Customer.

11.4 No Reverse Engineering

The Customer must not, and must ensure Authorised Users do not, reverse-engineer, decompile, disassemble, or attempt to derive the source code of the Platform or any component thereof.

11.5 Infringement Claims

If a third party claims that the Customer’s use of the Platform (in accordance with this Agreement) infringes that third party’s intellectual property rights, the Customer must promptly notify ezyshield. ezyshield may, at its option: (a) modify the Platform so that it no longer infringes; (b) obtain a licence for the Customer’s continued use; or (c) terminate the Licence and refund any prepaid fees attributable to the unused portion of the Term. This clause sets out ezyshield’s sole obligation and the Customer’s sole remedy in respect of intellectual property infringement claims relating to the Platform.

12. Termination

12.1 Termination for Convenience

Either party may terminate this Agreement at any time, for any reason or no reason, by providing not less than thirty (30) days’ written notice to the other party. No exit fees, break fees or early termination penalties apply.

12.2 Termination for Cause

Either party may terminate this Agreement immediately by written notice to the other party if:

(a) the other party commits a material breach of this Agreement and, where the breach is capable of remedy, fails to remedy the breach within fourteen (14) days after receiving written notice specifying the breach and requiring it to be remedied;

(b) the other party becomes insolvent, is placed into receivership, administration, liquidation or voluntary administration, makes an arrangement with creditors generally, or ceases or threatens to cease carrying on business; or

(c) the other party engages in fraudulent, unlawful or wilfully dishonest conduct in connection with this Agreement.

12.3 Termination for Pricing Change

The Customer may terminate this Agreement without penalty in accordance with clause 6.4 if the Customer objects to a change in the Pricing Schedule.

12.4 Effect of Termination

Upon termination of this Agreement for any reason:

(a) the Licence is immediately revoked and the Customer and all Authorised Users must immediately cease accessing and using the Platform;

(b) all outstanding invoices become immediately due and payable;

(c) each party must comply with its obligations under clause 10.3 regarding the return or destruction of Confidential Information; and

(d) the Customer must promptly decommission any API integrations and revoke all API credentials.

12.5 Data Return and Deletion

Following termination, ezyshield will:

(a) make Customer Data available for export by the Customer for a period of thirty (30) days following the effective date of termination, in a commonly used machine-readable format;

(b) delete or permanently de-identify all Customer Data (including Personal Information of End-Customers) within thirty (30) days following the later of: (i) the expiry of the export period; or (ii) the Customer’s written confirmation that it no longer requires export access; and

(c) upon the Customer’s written request, provide written certification that Customer Data has been deleted or de-identified.

ezyshield may retain Customer Data beyond 30 days to the extent required by applicable law or where such data forms part of anonymised aggregated Platform data that does not include personally identifiable information.

12.6 Surviving Clauses

The following clauses survive termination of this Agreement and continue in full force and effect:

• Clause 1 (Definitions and Interpretation)
• Clause 2.5 (Nature of the Service; No Financial Service)
• Clause 4A and Clause 4B (CoP obligations and indemnity), in accordance with clause 4B.7
• Clause 7 (GST, in respect of amounts accrued prior to termination)
• Clause 8 (Liability Cap and Exclusions)
• Clause 8A (Customer Indemnity)
• Clause 9 (Data Handling, Privacy and Security, until data is deleted in accordance with clause 12.5)
• Clause 10 (Confidentiality)
• Clause 11.1 (Platform IP)
• Clause 12 (Termination)
• Clause 14 (Disputes)
• Clause 16 (General Provisions)

13. Force Majeure

13.1 Definition

A Force Majeure Event means any event or circumstance beyond the reasonable control of a party that prevents or delays that party from performing its obligations under this Agreement, including but not limited to: acts of God, flood, earthquake, storm, fire or other natural disaster; epidemic, pandemic, or public health emergency; act of war, terrorism, insurrection, riot or civil unrest; action or inaction of government or regulatory authorities; power outages or failures of telecommunications infrastructure not within the affected party’s control; or failures of third-party cloud hosting or infrastructure providers.

13.2 Suspension of Obligations

Neither party is in breach of this Agreement or liable to the other party for any delay or failure to perform its obligations under this Agreement to the extent that such delay or failure is caused by a Force Majeure Event, provided that:

(a) the affected party notifies the other party in writing as soon as reasonably practicable after the Force Majeure Event begins, with reasonable particularity of the nature, expected duration and likely impact of the event;

(b) the affected party uses all reasonable endeavours to mitigate the effects of the Force Majeure Event and to resume performance as soon as reasonably practicable; and

(c) the suspension of performance is only to the extent necessitated by the Force Majeure Event.

13.3 Extended Force Majeure

If a Force Majeure Event continues for more than sixty (60) consecutive days, either party may terminate this Agreement by giving fourteen (14) days’ written notice to the other party, without liability to either party (except in respect of payment obligations for Services received prior to termination).

14. Disputes

14.1 Governing Law

This Agreement is governed by the laws of Queensland, Australia. The parties submit to the non-exclusive jurisdiction of the courts of Queensland and the Federal Court of Australia.

14.2 Dispute Notice

If a dispute arises out of or in connection with this Agreement, including any question regarding its existence, validity, breach or termination (Dispute), the party alleging the Dispute must give written notice to the other party identifying the nature of the Dispute and the resolution sought (Dispute Notice).

14.3 Good-Faith Negotiation

Within ten (10) Business Days of receipt of a Dispute Notice, senior representatives of each party with authority to settle the Dispute must meet (in person, by telephone or videoconference) and attempt in good faith to resolve the Dispute within twenty (20) Business Days of the Dispute Notice (or such longer period as the parties may agree in writing) (Negotiation Period).

14.4 Arbitration

If the Dispute is not resolved during the Negotiation Period, either party may refer the Dispute to binding arbitration conducted in Brisbane, Queensland under the rules of the Australian Centre for International Commercial Arbitration (ACICA) as in force at the time of referral. The arbitration will be conducted:

(a) before a single arbitrator agreed between the parties, or failing agreement within five (5) Business Days, appointed by ACICA;

(b) in the English language; and

(c) in accordance with the ACICA Arbitration Rules.

The arbitrator’s award will be final and binding on the parties.

14.5 Litigation

Neither party may commence court proceedings in respect of a Dispute (other than for urgent interlocutory relief) unless and until the parties have exhausted the processes in clauses 14.3 and 14.4.

14.6 Urgent Relief

Nothing in this clause 14 prevents either party from seeking urgent interlocutory or injunctive relief from a court of competent jurisdiction where that party reasonably considers such relief is necessary to protect its rights.

14.7 Costs

Each party will bear its own costs of the dispute resolution process under clauses 14.3 and 14.4, unless the arbitrator orders otherwise.

15. Amendments

15.1 Amendments by ezyshield

ezyshield may amend these Terms and Conditions at any time by:

(a) publishing the amended Terms and Conditions on the ezyshield website and/or within the Platform portal; and

(b) providing not less than thirty (30) days’ written notice to the Customer at the email address recorded in the Customer’s account.

15.2 Customer’s Right to Reject Amendments

If the Customer does not agree to an amendment, the Customer may terminate this Agreement without penalty by providing written notice of termination to ezyshield before the amended Terms and Conditions take effect.

15.3 Deemed Acceptance

If the Customer continues to access or use the Platform after the date on which the amended Terms and Conditions take effect, the Customer will be deemed to have accepted the amended Terms and Conditions.

15.4 Customer Amendments

Any amendment proposed by the Customer to these Terms and Conditions requires ezyshield’s express prior written consent to be effective.

16. General Provisions

16.1 Entire Agreement

This Agreement (including Exhibit A and any Order Form) constitutes the entire agreement between the parties with respect to its subject matter and supersedes all prior negotiations, representations, warranties, statements, agreements and understandings between the parties, whether written or oral, relating to that subject matter.

16.2 No Reliance

Each party acknowledges that it has not entered into this Agreement in reliance on any representation, warranty, statement or conduct of the other party that is not expressly set out in this Agreement.

16.3 Severability

If any provision of this Agreement is held by a court or arbitrator of competent jurisdiction to be invalid, illegal, unenforceable or contrary to public policy, that provision will be severed from the Agreement to the minimum extent necessary and the remaining provisions will continue in full force and effect. The parties will negotiate in good faith a replacement provision that is as close in commercial effect to the severed provision as is legally permissible.

16.4 Waiver

A party’s failure or delay in exercising a right or remedy under this Agreement does not constitute a waiver of that right or remedy. A single or partial exercise of a right or remedy does not preclude further exercise of that right or remedy or the exercise of any other right or remedy. No waiver is effective unless it is in writing signed by the waiving party.

16.5 Assignment

(a) The Customer must not assign, novate, transfer, charge or otherwise deal with its rights or obligations under this Agreement without ezyshield’s prior written consent (not to be unreasonably withheld or delayed).

(b) ezyshield may assign this Agreement, without the Customer’s consent, to: (i) any related body corporate of ezyshield; or (ii) a purchaser of all or substantially all of ezyshield’s business or assets, provided that the assignee assumes all of ezyshield’s obligations under this Agreement.

16.6 Notices

Any notice or other communication required or permitted under this Agreement must be in writing and will be deemed delivered:

(a) if sent by email, at the time of transmission (provided no delivery failure notification is received), to ezyshield at legal@ezyshield.com.au (or such other address as ezyshield may notify from time to time) and to the Customer at the email address recorded in the Customer’s account; or

(b) if delivered by hand or sent by prepaid post to the Customer’s registered address or ezyshield’s registered office, on delivery or (if sent by post) on the second Business Day after posting.

16.7 Relationship of Parties

Nothing in this Agreement creates a partnership, joint venture, employment relationship, agency or other fiduciary relationship between the parties. Neither party has authority to bind the other party.

16.8 Further Assurance

Each party must do all things and execute all documents reasonably required to give full effect to this Agreement.

16.9 Counterparts and Electronic Execution

This Agreement (and any Order Form) may be executed electronically. Click-wrap acceptance as described in the acceptance mechanism at the commencement of this Agreement constitutes valid and binding acceptance. Electronic signatures are accepted and have the same legal effect as original handwritten signatures for the purposes of this Agreement.

16.10 No Third-Party Beneficiaries

This Agreement is for the sole benefit of the parties and their respective successors and permitted assigns. Nothing in this Agreement confers any right, benefit or remedy on any third party, except that the Indemnified Parties may enforce the indemnities in clauses 4B.6 and 8A.

Exhibit A - Pricing Schedule

(Incorporated by reference into the ezyshield Platform Terms and Conditions)

Effective date: as set out in your Order Form or Platform account dashboard.

Standard subscription plans are priced by the number of active contacts the Customer verifies. Every plan includes unlimited verifications, invoice checks and ABA file checks, month-to-month with no lock-in. Prices are in Australian dollars and exclude GST.

A one-off onboarding health check applies to each new rollout and is scoped with the Customer at onboarding.

API access is available on the Enterprise plan or as a stand-alone offering, and is priced by enquiry only.

Where an Order Form sets out custom or enterprise pricing for the Customer, that Order Form pricing prevails over this standard schedule for the term stated in the Order Form.

ezyshield may update the Pricing Schedule on thirty (30) days’ written notice in accordance with clause 6.4 of these Terms and Conditions. The applicable rates at the time of each invoice are those published in Exhibit A as at the invoice date.

Invoiced monthly. No minimum spend, no lock-in, no exit fees.

Contact

EZYSHIELD OPERATIONS PTY LTD ABN 75 698 667 720 Burleigh Heads QLD 4220, Australia Legal notices: legal@ezyshield.com.au General enquiries: support@ezyshield.com.au Web: ezyshield.com.au