LEGAL

Fidify General B2B Terms and Conditions

Version 2.0 — Effective date: 15 June 2026

1. Parties and Applicability

1.1 These General Terms and Conditions (“General Terms”) govern the relationship between the business customer identified in the Fidify Order Form (the “Customer”) and Fidify AB, a limited liability company incorporated in Sweden with company registration number 559431-3800 and registered office at Tulegatan 53, Stockholm, Sweden (“Fidify”, “we” or “us”), for the use of Fidify’s cloud-based software-as-a-service (“SaaS”) and related services for Know-Your-Customer and Anti-Money-Laundering management (the “Services”).

1.2 Fidify’s SaaS platform allows the Customer to request, receive, view, communicate about and manage corporate and personal identification documentation and information from its end-customers, as part of the Customer’s Know-Your-Customer (“KYC”) and Anti-Money-Laundering (“AML”) processes. The platform is delivered through a web portal and a mobile application (the “Fidify App”). The Customer decides, at its sole discretion, which of its end-customers to enrol, what documentation and information to request, the retention period applied to that content, and the content of any communication.

1.3 These General Terms, together with any order form signed or accepted by the Customer (“Order Form”), the Data Processing Agreement referenced in section 13, and any documents they incorporate, form a legally binding agreement (“Agreement”) on the Customer’s signature or online registration.

1.4 These General Terms apply exclusively. Conflicting or additional terms put forward by the Customer apply only if expressly agreed in writing by Fidify. In the event of conflict, the order of precedence is: (a) the Order Form; (b) the Data Processing Agreement, in respect of the processing of personal data; (c) these General Terms; (d) any other document referenced in the Agreement.

2. Account Registration

2.1 Access to the Services requires the Customer to register an account. Fidify may decline a registration where it has reasonable grounds to do so, including legal, regulatory, sanctions or credit-risk grounds.

2.2 On successful registration, Fidify confirms the account by email.

2.3 The Customer is responsible for ensuring that the information it provides on registration is accurate and kept up to date.

3. Subscription Plans and Fees

3.1 Fidify offers various subscription plans and packages, specified in the Order Form and any appended price list (“Price List”). Unless otherwise agreed, fees are charged in advance for 12-month subscription terms that renew in accordance with section 14.

3.2 Volume-based charges, surcharges and excess-usage fees are invoiced separately as set out in the Price List.

3.3 For each renewal term, Fidify may adjust fees as agreed in the Order Form or, failing such agreement, by no more than the greater of (a) five (5) per cent or (b) the annual change in the Swedish consumer price index (KPI), provided Fidify gives at least sixty (60) days’ written notice before the renewal date. If the increase exceeds that threshold, section 6.2 applies.

3.4 No refunds are provided for unused portions of prepaid fees, except as set out in sections 6.2 and 14.

4. Acceptable Use

4.1 The Customer must use the Services in compliance with applicable law and must not take any action that could impair the security, integrity or operation of the Services or Fidify’s infrastructure.

4.2 The Customer must keep its account credentials confidential, ensure that only authorised users access the Services, and notify Fidify without undue delay if it suspects unauthorised access. Unauthorised access attempts and sharing of access with third parties without Fidify’s permission are prohibited. Fidify may suspend access where it reasonably suspects unauthorised account sharing or a security risk, giving the Customer notice as soon as reasonably practicable.

5. Use Rights and Description of the Services

5.1 Fidify grants the Customer a non-exclusive, worldwide, non-transferable and non-sublicensable right to use the Services during the term of the Agreement, for the Customer’s internal business purposes. This right is revocable only in accordance with the suspension and termination provisions of the Agreement.

5.2 The Customer may use the Services in accordance with its subscription plan and the functionality described in the Order Form and on Fidify’s website.

5.3 The Customer must monitor its usage and inform Fidify of any excess. Fidify may invoice additional charges for excess usage as set out in the Price List.

6. Changes to the Services

6.1 Fidify may modify the Services while having due regard to the Customer’s legitimate interests. Significant changes will be communicated in advance.

6.2 If a change materially reduces the core functionality of the Services, or if a fee increase exceeds the threshold in section 3.3, the Customer may terminate the affected subscriptions on thirty (30) days’ written notice and receive a pro-rata refund of prepaid fees for the unused part of the subscription period.

7. Intellectual Property and Customer Data

7.1 As between the parties, Fidify and its licensors own all intellectual property rights in the Services, the Fidify App, and all related software, documentation and materials, including any improvements and derivative works. No rights are granted to the Customer other than the use rights expressly set out in the Agreement.

7.2 As between the parties, the Customer owns all data, documents and content that the Customer or its end-customers submit to or generate through the Services (“Customer Data”). The Customer grants Fidify a limited right to host and process Customer Data solely to provide the Services and as set out in the Data Processing Agreement.

7.3 Fidify may collect and use aggregated and anonymised data derived from use of the Services for the purposes of operating, securing and improving the Services, provided such data does not identify the Customer, any end-customer or any individual.

7.4 Where the Customer provides feedback or suggestions, Fidify may use them without restriction or obligation.

8. Confidentiality

8.1 Each party must keep confidential the confidential information disclosed by the other party and use it only to perform the Agreement.

8.2 Neither party may use, reverse engineer, disassemble, decompile or disclose the other party’s data or confidential information to develop services or software that are similar to or compete with those of the other party.

8.3 Confidentiality obligations survive for five (5) years after termination of the Agreement, except that confidentiality obligations relating to personal data and trade secrets continue for as long as the information remains protectable under applicable law.

9. Limitation of Liability

9.1 Subject to sections 9.3 and 9.4, each party’s total aggregate liability under the Agreement is limited to the fees paid by the Customer under the Agreement in the twelve (12) months preceding the event giving rise to the claim.

9.2 Subject to sections 9.3 and 9.4, neither party is liable for indirect or consequential loss, including loss of profit, loss of business or loss of goodwill.

9.3 Nothing in the Agreement limits or excludes either party’s liability for: (a) death or personal injury caused by negligence; (b) fraud or fraudulent misrepresentation; (c) wilful misconduct or gross negligence; (d) infringement of the other party’s intellectual property rights; (e) a party’s indemnification obligations under section 10; or (f) any liability that cannot be limited or excluded under applicable mandatory law.

9.4 The exclusion of liability for loss of data in section 9.2 does not apply to losses arising from a party’s breach of its confidentiality or data-protection obligations, which are subject only to the cap in section 9.1 (or, where section 9.3 applies, are uncapped).

10. Indemnities

10.1 The Customer will indemnify Fidify against third-party claims arising from the Customer’s use of the Services in breach of the Agreement or applicable law, or from Customer Data.

10.2 Fidify will indemnify the Customer against third-party claims that the Customer’s authorised use of the Services infringes that third party’s intellectual property rights, and will, at its option, procure a right to continue use, modify the Services, or refund prepaid fees for the affected period. This indemnity does not apply to claims arising from Customer Data or from use of the Services other than as permitted under the Agreement.

10.3 Each indemnity is conditional on the indemnified party promptly notifying the indemnifying party, allowing the indemnifying party to control the defence, and providing reasonable cooperation.

11. General Obligations of the Customer

11.1 The Customer must comply with all obligations applicable to it and is responsible for the acts and omissions of its authorised users.

11.2 The Customer must provide accurate information and maintain the hardware, software and connections necessary to use the Services.

11.3 The Customer is responsible for its own data-communication costs.

11.4 The Customer is solely responsible for determining whether the Services meet the Customer’s own regulatory and legal requirements in its jurisdiction, and for the lawful basis and instructions for any processing of personal data through the Services.

12. Payment Terms

12.1 The Customer must pay fees in accordance with the Order Form. Unless otherwise stated, payment terms are twenty (20) days from the invoice date.

12.2 Late payment may incur interest at the rate set out in the Swedish Interest Act (räntelagen). Where payment is materially overdue, Fidify may suspend access to the Services after giving the Customer at least ten (10) days’ written notice and an opportunity to pay. Suspension does not affect the Customer’s right to export Customer Data under section 11 of the Data Processing Agreement.

13. Data Protection

13.1 In providing the Services, Fidify acts as a processor of personal data on behalf of the Customer, who acts as controller. The processing is governed by Fidify’s Data Processing Agreement, available at fidifygroup.com/dpa, which forms part of the Agreement and incorporates the EU Standard Contractual Clauses where required for transfers of personal data to third countries.

13.2 Fidify maintains an up-to-date list of sub-processors and their processing locations at fidifygroup.com/subprocessors, and applies the technical and organisational measures published at fidifygroup.com/toms-tsd.

14. Term and Termination

14.1 The Agreement renews automatically for successive 12-month terms unless either party gives written notice of non-renewal at least sixty (60) days before the end of the then-current term.

14.2 Either party may terminate the Agreement on thirty (30) days’ written notice for a material breach by the other party that is not remedied within fifteen (15) days of written notice of the breach.

14.3 On expiry or termination, the Customer’s right to use the Services ends. The Customer may export Customer Data, and Fidify will delete or return Customer Data, in accordance with section 11 of the Data Processing Agreement.

14.4 Sections 7, 8, 9, 10, 13, 16 and 19, and any provision that by its nature should survive, continue to apply after termination.

15. Regulatory Cooperation (DORA and Outsourcing)

This section supports Customers that are EU-regulated financial entities (for example CSSF-supervised management companies and fund administrators) and their obligations under Regulation (EU) 2022/2554 (DORA) and applicable outsourcing rules.

15.1 Fidify will provide the Customer, on reasonable request, with the information the Customer reasonably requires to comply with its regulatory obligations relating to the use of ICT third-party services, including information needed to maintain its register of information.

15.2 The Customer, its auditors, and its competent authorities (and any person appointed by them) have the right to access, inspect and audit Fidify’s relevant premises, systems and records in connection with the Services, in accordance with the audit provisions of the Data Processing Agreement, including effective rights of access, inspection and audit.

15.3 Fidify will cooperate with the Customer’s competent authorities, will inform the Customer of material sub-contracting of ICT services supporting the Customer’s critical or important functions, and will support the Customer with incident reporting and the testing of operational resilience to the extent relevant to the Services.

15.4 On termination, Fidify will provide reasonable transition assistance to support an orderly exit, including export of Customer Data in a commonly used format, on the terms of the Data Processing Agreement. Fidify may charge a reasonable fee for assistance beyond standard export functionality.

16. Communication and Modifications

16.1 Fidify will notify the Customer electronically of important information affecting the Services, normally by email to the Customer’s designated contact set out in the Order Form. The Customer is responsible for keeping its contact details current and for being able to receive such notifications.

16.2 Fidify may modify these General Terms on at least thirty (30) days’ written notice (email sufficing). If the Customer objects to a modification that materially and adversely affects it, the Customer may terminate the affected subscriptions before the modification takes effect and receive a pro-rata refund of prepaid fees for the unused period; continued use of the Services after the effective date constitutes acceptance.

17. Assignment and Change of Control

17.1 The Customer may not assign or transfer its rights or obligations without Fidify’s prior written consent, not to be unreasonably withheld.

17.2 Fidify may transfer its rights and obligations to an affiliate or in connection with a merger, reorganisation or sale of the relevant business, provided the transferee assumes Fidify’s obligations under the Agreement.

18. Force Majeure

18.1 Neither party is liable for failure or delay in performance caused by events beyond its reasonable control, including natural disasters, war, civil unrest, regulatory changes, failure of telecommunications or utility networks, and large-scale cyber-attacks.

18.2 The affected party must notify the other party without undue delay of the occurrence and cessation of the force-majeure event and use reasonable efforts to mitigate its effects. If a force-majeure event continues for more than sixty (60) days, either party may terminate the affected subscriptions on written notice.

19. Warranty and Availability

19.1 Fidify warrants that it will provide the Services with reasonable skill and care and in accordance with the service levels (if any) set out in the Order Form or the measures published at fidifygroup.com/toms-tsd.

19.2 Except as expressly stated in the Agreement, and to the extent permitted by applicable law, the Services are provided “as is” and “as available”, and Fidify does not warrant that they will be uninterrupted or error-free. The Customer remains responsible for assessing the suitability of the Services for its own regulatory and operational requirements.

19.3 The Customer accepts that scheduled maintenance and certain downtime may occur. Fidify will, where feasible, schedule maintenance to minimise disruption and give advance notice of planned downtime.

20. Governing Law and Disputes

20.1 The Agreement is governed by the substantive laws of Sweden, without regard to its conflict-of-laws rules and excluding the UN Convention on Contracts for the International Sale of Goods.

20.2 The courts of Sweden have exclusive jurisdiction over any dispute arising out of or in connection with the Agreement, with the Stockholm District Court (Stockholms tingsrätt) as the court of first instance, unless a different governing law or forum is expressly agreed in the Order Form for a specific Customer.

20.3 Nothing in this section prevents a party from seeking interim or injunctive relief from any court of competent jurisdiction.

© 2026 Fidify AB. All rights reserved.