Master Services Agreement

1. DEFINITIONS

In this Agreement, the following defined terms shall have the meanings set out below. Terms not defined herein have the meaning given in the applicable Order Form.

2. SCOPE OF SERVICES

2.1 Service Provision

Subject to Customer's payment of applicable Fees and compliance with this Agreement, Uonyx grants Customer a limited, non-exclusive, non-transferable, non-sublicensable right to access and use the Services during the Subscription Term solely for Customer's internal business operations and in accordance with the Documentation and this Agreement.

2.2 Platform Modules

The Services include access to the Uonyx ERP Platform and its functional modules, including CRM, Accounting and Finance, HR and Payroll, Inventory and Procurement, Projects and Task Management, Customer Support, Analytics and Reporting, Document Management, AI-powered Automation, and Raven (the workplace communication and collaboration module). Access to specific modules is determined by the Subscription tier and the Order Form.

2.3 Modifications

Uonyx may update, modify, add, or remove features of the Services from time to time. Where changes are material, Uonyx will provide reasonable advance notice. Uonyx will use commercially reasonable efforts to provide ninety (90) days' notice prior to discontinuing any material feature.

2.4 APIs

Uonyx provides application programming interfaces (APIs) enabling integration with third-party systems. Use of APIs is subject to this Agreement and the API Documentation at https://docs.uonyx.com.

3. CUSTOMER RESPONSIBILITIES

3.1 General Obligations

Customer shall: (a) use the Services only for lawful purposes and in accordance with this Agreement and applicable law; (b) ensure all Authorised Users are informed of and comply with this Agreement; (c) provide accurate and complete Account registration information; (d) maintain appropriate security controls over account credentials, access permissions, and API keys; and (e) cooperate with Uonyx in the investigation of security incidents and support requests.

3.2 Technical Requirements

Customer is responsible for procuring and maintaining all hardware, software, connectivity, and infrastructure necessary to access the Services. Uonyx is not responsible for unavailability arising from Customer's own infrastructure failures.

3.3 Data Accuracy

Customer is solely responsible for the accuracy, quality, and legality of Customer Data. Uonyx does not validate Customer Data and accepts no liability for data entered by Customer or its Authorised Users.

3.4 Compliance

Customer is responsible for ensuring that its use of the Services — including use of the HR and Payroll, Healthcare, Lending, and other regulated modules — complies with all applicable laws, regulations, and industry standards in every jurisdiction in which Customer operates.

4. USER ACCOUNTS

4.1 Account Registration

To access the Services, Customer must create an Account and designate one or more account administrators. Customer shall ensure that account registration information is and remains accurate and current.

4.2 Account Security

Customer is responsible for the confidentiality of all Account credentials and for all activities under Customer's Account. Customer must not share credentials with unauthorized individuals. Customer shall notify Uonyx at security@uonyx.com immediately upon discovering any unauthorized Account access.

4.3 Authorised Users

Customer shall manage Authorised User access permissions, provision accounts only for individuals with a legitimate business need, and promptly revoke access for departing employees or contractors. Customer is liable for the acts and omissions of its Authorised Users as its own.

4.4 Subscription Limits

Customer may provision accounts up to the number of Authorised Users or seats specified in the Order Form. Uonyx may charge additional Fees for usage exceeding subscribed limits.

5. ACCEPTABLE USE

Important: Violations of this Section may result in immediate suspension of access to the Services without prior notice.

5.1 Permitted Use

Customer and its Authorised Users may use the Services solely for Customer's legitimate internal business purposes as authorized by this Agreement and the Documentation.

5.2 Prohibited Conduct

Customer and its Authorised Users must not:

• Illegal activities: Use the Services in violation of applicable law or to facilitate fraud, money laundering, or criminal activity.
• Security interference: Attempt unauthorized access to any system or data; probe, scan, or test vulnerabilities without authorization; circumvent authentication or security controls.
• Platform abuse: Generate excessive API loads, conduct denial-of-service attacks, scrape data, reverse engineer any component of the Platform, or develop competing products.
• Malicious code: Upload or transmit malware, viruses, ransomware, or other harmful code through the Services.
• Communications abuse: Use the Raven module or any messaging feature to send spam, phishing communications, harassing content, or unlawful material.
• IP infringement: Upload content that infringes the Intellectual Property Rights of any third party.
• Unauthorized sharing: Sublicense, resell, or share access to the Services without prior written consent from Uonyx.

5.3 Enforcement

Uonyx may suspend or terminate access without prior notice upon determining, in its reasonable discretion, that a violation has occurred. Uonyx may report violations to relevant authorities where required by applicable law.

6. CUSTOMER DATA OWNERSHIP

6.1 Customer Ownership

Customer retains all right, title, and interest in and to Customer Data. Uonyx does not claim any ownership of Customer Data.

6.2 Licence to Process

Customer grants Uonyx a limited, non-exclusive, royalty-free licence to access, store, process, and transmit Customer Data solely to the extent necessary to provide the Services, fulfil obligations under this Agreement, and comply with applicable law.

6.3 Customer Warranties

Customer represents and warrants that: (a) it has all necessary rights to submit Customer Data; (b) submission of Customer Data does not violate the rights of any third party; and (c) Customer has a valid legal basis for processing any Personal Data included in Customer Data.

6.4 Aggregated Data

Uonyx may use de-identified, aggregated data derived from Customer Data — in a form that cannot be attributed to Customer or any individual — to improve the Platform, generate benchmarks, and develop new features.

6.5 Data Export

Uonyx provides data export tools allowing Customer to retrieve Customer Data in standard formats including CSV, JSON, and via API during the Subscription Term.

7. DATA PROCESSING

7.1 Data Processing Agreement

Where Uonyx processes Personal Data included in Customer Data, Uonyx acts as a data processor on behalf of Customer. Such processing is governed by the Uonyx Data Processing Agreement (DPA), which is incorporated into this Agreement by reference and is available at https://uonyx.com/legal/dpa. Customers processing Personal Data subject to GDPR or equivalent obligations must execute the DPA prior to uploading any such data.

7.2 Privacy Policy

Uonyx's Privacy Policy, available at https://uonyx.com/legal/privacy, governs Uonyx's collection and use of Personal Data in its capacity as an independent data controller. The Privacy Policy is incorporated into this Agreement by reference.

7.3 Sub-Processors

Uonyx may engage third-party sub-processors to support the delivery of the Services. A current list of sub-processors is maintained at https://uonyx.com/legal/subprocessors. All sub-processors are bound by data protection obligations materially equivalent to those in the DPA.

7.4 International Transfers

Customer Data may be processed in the United States and in other countries where Uonyx or its sub-processors operate, subject to appropriate transfer safeguards including Standard Contractual Clauses or other recognized mechanisms under applicable law.

8. CONFIDENTIALITY

8.1 Definition

"Confidential Information" means any non-public information disclosed by one party ("Disclosing Party") to the other ("Receiving Party") that is designated as confidential or that a reasonable person would understand to be confidential given the circumstances. Uonyx IP, pricing, and platform architecture constitute Uonyx's Confidential Information. Customer Data and business information shared by Customer constitute Customer's Confidential Information.

8.2 Obligations

The Receiving Party shall: (a) protect Confidential Information with at least the same care it uses to protect its own confidential information, but not less than reasonable care; (b) use Confidential Information solely for purposes of this Agreement; and (c) limit access to employees, contractors, and advisors who need access and are bound by equivalent confidentiality obligations.

8.3 Exceptions

Confidentiality obligations do not apply to information that: (a) is or becomes publicly available through no fault of the Receiving Party; (b) was known prior to disclosure; (c) is independently developed without use of Confidential Information; or (d) is received from a third party without restriction.

8.4 Compelled Disclosure

The Receiving Party may disclose Confidential Information if required by law, regulation, or court order, provided it gives the Disclosing Party reasonable prior notice and cooperates to limit the scope of disclosure.

9. SECURITY MEASURES

9.1 Uonyx Security Programme

Uonyx implements and maintains technical and organizational security measures to protect the Services and Customer Data in accordance with its Security Policy at https://uonyx.com/legal/security. These measures include encryption in transit and at rest, access controls, multi-factor authentication enforcement, continuous monitoring, and a formal incident response programme.

9.2 Incident Notification

Uonyx will notify Customer of confirmed security incidents affecting Customer Data in accordance with the Data Processing Agreement and applicable breach notification laws, including the GDPR 72-hour notification requirement where Uonyx acts as data processor.

9.3 Customer Security Responsibilities

Customer is responsible for maintaining appropriate security practices for its Account and Authorised Users, including credential management, enabling multi-factor authentication, and promptly reporting suspected security incidents to security@uonyx.com.

10. SUB-PROCESSORS

Uonyx engages sub-processors to support the delivery of the Services. All sub-processors are subject to written agreements imposing data protection and security obligations materially equivalent to those applicable to Uonyx. A current list of sub-processors is maintained at https://uonyx.com/legal/subprocessors and updated when sub-processors are added or removed.

Where Customer has executed the DPA, Uonyx will provide advance notice of material changes to the sub-processor list in accordance with the DPA notification procedures, and Customer may object to new sub-processors in accordance with the DPA's objection process.

11. SERVICE AVAILABILITY

Uonyx's availability commitments, uptime targets, maintenance windows, incident response standards, and service credit entitlements are set out in the Uonyx Service Level Agreement (SLA), available at https://uonyx.com/legal/sla. The SLA is incorporated into this Agreement by reference.

Uonyx will use commercially reasonable efforts to maintain availability of the Services in accordance with the SLA. Planned maintenance will be communicated in advance through the status page at https://status.uonyx.com. Customer acknowledges that service availability may be affected by factors outside Uonyx's reasonable control.

12. SUPPORT SERVICES

Uonyx provides technical support to Customer in accordance with the support tier applicable to Customer's Subscription as described in the SLA at https://uonyx.com/legal/sla. Support is available via the support portal at https://support.uonyx.com and by email at support@uonyx.com.

Enterprise-tier customers have access to Uonyx's Customer Success Programme, which includes a designated Customer Success Manager, onboarding and deployment guidance, adoption support, and periodic business reviews, as further described in the SLA.

13. FEES AND PAYMENT TERMS

13.1 Fees

Customer shall pay the Fees set out in the applicable Order Form. All Fees are in U.S. dollars unless otherwise specified.

13.2 Payment

Fees are due in accordance with the payment schedule in the Order Form. Unless otherwise agreed, annual Subscriptions are billed annually in advance and monthly Subscriptions are billed monthly in advance. Invoices are due within thirty (30) days of the invoice date.

13.3 Late Payment

Overdue amounts bear interest at 1.5% per month or the maximum permitted by law, whichever is lower. Uonyx may suspend Services following non-payment in accordance with Section 15.

13.4 Taxes

All Fees exclude applicable taxes. Customer is responsible for all sales, use, VAT, withholding, and similar taxes imposed by any governmental authority, excluding taxes on Uonyx's net income.

13.5 Invoice Disputes

Customer must notify Uonyx of any good-faith invoice dispute within fifteen (15) days of receipt. Undisputed amounts remain due.

13.6 No Refunds

Except as expressly provided in this Agreement or required by applicable law, all Fees are non-refundable.

14. TERM AND TERMINATION

14.1 Agreement Term

This Agreement commences on the Effective Date and continues until all Order Forms have expired or been terminated, unless earlier terminated in accordance with this Section.

14.2 Termination for Cause

Either party may terminate this Agreement or any Order Form immediately on written notice if: (a) the other party materially breaches this Agreement and fails to cure the breach within thirty (30) days of written notice (or immediately for breaches of Section 5, 6.3, or 8); (b) the other party becomes insolvent or subject to insolvency proceedings.

14.3 Termination for Convenience

Customer may terminate this Agreement or any Order Form for convenience by providing at least thirty (30) days' written notice. Fees paid for the remaining Subscription Term are non-refundable unless otherwise specified in the Order Form.

14.4 Effect of Termination

Upon termination: (a) all licences immediately cease; (b) Customer must cease use of the Services; (c) each party returns or destroys the other's Confidential Information; (d) Customer Data is handled in accordance with Section 6 and the DPA. Accrued obligations and Sections 6.4, 8, 13, 16, 18, 19, 20, 23, and 24 survive termination.

15. SUSPENSION OF SERVICES

Uonyx may suspend Customer's access to the Services, in whole or in part, without prior notice if: (a) Uonyx determines that Customer's use poses a security risk or causes harm to the Services or other customers; (b) Customer's Fees are overdue by more than thirty (30) days; (c) Customer is in material breach of Section 5 (Acceptable Use); or (d) suspension is required by applicable law. Uonyx will use reasonable efforts to provide advance notice where practicable and will restore access promptly once the basis for suspension is resolved.

16. INTELLECTUAL PROPERTY RIGHTS

16.1 Uonyx IP

All Intellectual Property Rights in and to the Services, Platform, Documentation, AI models, algorithms, and all improvements and derivative works thereof are and remain the exclusive property of Uonyx or its licensors. Nothing in this Agreement transfers ownership of Uonyx IP to Customer.

16.2 Restrictions

Customer must not: (a) copy, modify, or create derivative works of Uonyx IP; (b) reverse engineer, decompile, or disassemble any component of the Platform; (c) remove proprietary notices; (d) use Uonyx trademarks without prior written consent; or (e) use the Services to build a competing product.

16.3 Feedback

If Customer provides Feedback, Customer grants Uonyx an irrevocable, perpetual, royalty-free, worldwide licence to use and commercialize such Feedback without obligation of attribution or compensation.

18. WARRANTIES AND DISCLAIMERS

18.1 Uonyx Warranties

Uonyx warrants that: (a) the Services will materially conform to the Documentation during the Subscription Term; and (b) Uonyx will not materially reduce the functionality of the Services during a Subscription Term without reasonable notice.

18.2 Disclaimer

EXCEPT AS EXPRESSLY SET OUT IN SECTION 18.1, THE SERVICES ARE PROVIDED "AS IS" AND "AS AVAILABLE". TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, UONYX DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND TITLE. UONYX DOES NOT WARRANT THAT THE SERVICES WILL BE UNINTERRUPTED OR ERROR-FREE, OR THAT AI-GENERATED OUTPUTS WILL BE ACCURATE OR COMPLETE.

19. LIMITATION OF LIABILITY

19.1 Exclusion of Consequential Damages

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, NEITHER PARTY WILL BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, PUNITIVE, OR EXEMPLARY DAMAGES, INCLUDING LOSS OF PROFITS, LOSS OF REVENUE, BUSINESS INTERRUPTION, OR LOSS OF DATA, ARISING OUT OF OR RELATED TO THIS AGREEMENT, REGARDLESS OF CAUSE OF ACTION AND EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

19.2 Aggregate Cap

EACH PARTY'S TOTAL AGGREGATE LIABILITY ARISING OUT OF OR RELATED TO THIS AGREEMENT WILL NOT EXCEED THE TOTAL FEES PAID OR PAYABLE BY CUSTOMER TO UONYX DURING THE TWELVE (12) MONTHS IMMEDIATELY PRECEDING THE CLAIM.

19.3 Exceptions

Sections 19.1 and 19.2 do not apply to: (a) Customer's payment obligations; (b) either party's confidentiality obligations under Section 8; (c) indemnification obligations under Section 20; (d) Customer's violation of Uonyx's IP rights; or (e) liability that cannot be excluded by applicable law.

20. INDEMNIFICATION

20.1 Customer Indemnity

Customer shall defend, indemnify, and hold harmless Uonyx and its officers, directors, employees, and agents from any claims, losses, damages, and expenses (including reasonable legal fees) arising out of: (a) Customer's breach of this Agreement; (b) Customer's violation of applicable law; (c) Customer Data, including infringement of third-party rights; or (d) Customer's use of third-party integrations.

20.2 Uonyx IP Indemnity

Uonyx shall defend Customer against third-party claims that the Platform, used as authorized, infringes a third party's Intellectual Property Rights, subject to the exclusions in Section 20.3.

20.3 IP Indemnity Exclusions

Uonyx's IP indemnity does not apply where infringement arises from: (a) Customer Data; (b) Customer's modifications to the Platform; (c) combination with non-Uonyx products without approval; or (d) use after notice of an available non-infringing alternative.

20.4 Procedure

The indemnified party must: (a) promptly notify the indemnifying party; (b) grant sole control of defense and settlement; and (c) provide reasonable cooperation at the indemnifying party's expense. The indemnifying party may not settle any claim that imposes obligations on the indemnified party without prior written consent.

21. COMPLIANCE WITH LAWS

Each party is responsible for complying with all applicable laws and regulations relevant to its obligations under this Agreement, including applicable data protection law, anti-corruption legislation, and industry-specific regulations. Customer is responsible for ensuring that its use of specific platform modules (including HR and Payroll, Healthcare, Lending, and Financial modules) complies with applicable sector-specific regulations in the jurisdictions in which Customer operates.

22. EXPORT COMPLIANCE

The Services may be subject to U.S. export control laws including the Export Administration Regulations (EAR) and economic sanctions programmes administered by the Office of Foreign Assets Control (OFAC). Customer represents and warrants that it will not export, re-export, or transfer the Services, directly or indirectly, to any destination, entity, or individual subject to U.S. export restrictions or sanctions, or that is listed on any U.S. restricted party list. Customer is solely responsible for compliance with applicable export control laws.

23. GOVERNING LAW

This Agreement is governed by and construed in accordance with the laws of the State of California, United States, without regard to its conflict of law provisions. The United Nations Convention on Contracts for the International Sale of Goods does not apply. Subject to Section 24, the parties submit to the exclusive jurisdiction of the state and federal courts of Orange County, California.

24. DISPUTE RESOLUTION

24.1 Informal Resolution

Before initiating formal proceedings, the parties shall attempt to resolve any dispute informally. Either party may initiate this process by written notice. The parties shall negotiate in good faith for at least thirty (30) days before commencing arbitration.

24.2 Binding Arbitration

Disputes not resolved informally shall be finally resolved by binding arbitration administered by JAMS in accordance with its commercial arbitration rules, conducted in English in Orange County, California. The arbitrator's decision is final and enforceable in any competent court.

24.3 Class Action Waiver

TO THE MAXIMUM EXTENT PERMITTED BY LAW, EACH PARTY MAY BRING CLAIMS ONLY IN AN INDIVIDUAL CAPACITY AND NOT AS A PLAINTIFF OR CLASS MEMBER IN ANY CLASS ACTION, CONSOLIDATED, OR REPRESENTATIVE PROCEEDING.

24.4 Emergency Relief

Either party may seek emergency injunctive relief from a court of competent jurisdiction without first engaging the dispute resolution process in this Section.

25. ASSIGNMENT

Customer may not assign or transfer this Agreement or any rights hereunder without Uonyx's prior written consent. Uonyx may assign this Agreement in connection with a merger, acquisition, or sale of all or substantially all of its assets, provided the assignee assumes all obligations. Any purported assignment in violation of this Section is void.

26. CHANGES TO THE AGREEMENT

Uonyx may modify this Agreement from time to time. Material changes will be communicated with at least thirty (30) days' advance written notice by email or in-platform notification. Customer's continued use of the Services after the effective date of any change constitutes acceptance. Where changes materially and adversely affect Customer's rights, Customer may terminate the affected Order Form by written notice within thirty (30) days of the effective date of the change.

27. ENTIRE AGREEMENT

27.1 Complete Agreement

This Agreement, together with all executed Order Forms, incorporated policies (including the DPA, SLA, Privacy Policy, and Security Policy), and any exhibits, constitutes the entire agreement between the parties regarding the Services and supersedes all prior negotiations, representations, and understandings.

27.2 Order of Precedence

In the event of conflict, the order of precedence is: (1) an executed Order Form (for deal-specific terms); (2) the DPA (for personal data processing); (3) this MSA; (4) incorporated policies and Documentation.

27.3 General Provisions

(a) Severability: If any provision is found unenforceable, it is modified to the minimum extent necessary and the remaining provisions continue in force. (b) Waiver: Failure to enforce any provision is not a waiver. (c) Force Majeure: Neither party is liable for delays caused by circumstances beyond reasonable control. (d) Relationship: The parties are independent contractors. (e) Notices: Legal notices must be in writing to legal@uonyx.com (for Uonyx) or to Customer's address in the Order Form.

28. CONTACT INFORMATION

For all enquiries relating to this Agreement: