Terms & Conditions – Resilient Payment Systems East Africa

RESILIENT PAYMENT SYSTEMS EAST AFRICA LIMITED

Terms & Conditions of Service Effective Date: 7 June 2025

Version: 2.0

Governing Law: Republic of Kenya

PLEASE READ THESE TERMS AND CONDITIONS CAREFULLY BEFORE USING ANY SERVICES PROVIDED BY RESILIENT PAYMENT SYSTEMS EAST AFRICA LIMITED. BY ACCESSING OUR SERVICES, SIGNING A SERVICE ORDER, OR DEPLOYING OUR SOFTWARE, YOU AGREE TO BE BOUND BY THESE TERMS.

1. Definitions In these Terms and Conditions, the following terms shall have the meanings set out below: “RPSE” / “we” / “us”: Resilient Payment Systems East Africa Limited, a company incorporated under the laws of Kenya. “Client” / “you”: Any financial institution, organisation, or individual that enters into a Service Agreement with RPSE, or that accesses or uses the Services.

“Services”: All products, platforms, and professional services offered by RPSE, including but not limited to: Re-Bank Core Banking, Mobile Banking, Agency Banking, Payment Switching, Card Management, Settlement Engine, AML/Tazama Integration, Resilient Cloud, ResilientSMS, SalesMate CRM, and any associated implementation, support, and consultancy services. “Service Agreement”: Any master service agreement, statement of work, service order form, or other binding agreement executed between RPSE and the Client governing the provision of Services.

“Software”: Any proprietary or licensed software, APIs, dashboards, or platforms made available to the Client as part of the Services. “Confidential Information”: Any non-public information disclosed by either party to the other in connection with the Services, whether disclosed orally, in writing, or by any other means, and whether or not marked as confidential.

“Data”: Any data, records, files, or content uploaded, transmitted, or processed through the Services by the Client or its end users. “Intellectual Property Rights”: All patents, copyrights, trademarks, trade secrets, database rights, and all other proprietary rights, whether registered or unregistered, existing anywhere in the world.

“Force Majeure Event”: Any event beyond the reasonable control of a party, including acts of God, war, civil unrest, government action, power failure, internet outages, or natural disasters.

“SLA”: The Service Level Agreement specifying uptime targets, response times, and support obligations applicable to a particular Service.

2. Acceptance of Terms

2.1 These Terms and Conditions (“Terms”) govern your access to and use of all Services provided by RPSE. They form part of, and are incorporated into, any Service Agreement between RPSE and the Client.

n the event of any conflict between these Terms and a specific Service Agreement, the Service Agreement shall prevail to the extent of the conflict.

2.2 By signing a Service Agreement, submitting a purchase order, or accessing the Services in any manner, you confirm that you have read, understood, and agree to be bound by these Terms. If you do not agree, you must not use the Services.

2.3 If you are accepting these Terms on behalf of a legal entity, you represent and warrant that you have the authority to bind that entity to these Terms.

3. Provision of Services

3.1 Service Delivery RPSE will provide the Services described in the applicable Service Agreement with reasonable skill and care, using appropriately qualified personnel. RPSE reserves the right to modify, update, or discontinue any Service with reasonable notice to the Client, provided that material changes to contracted Services shall require the Client’s written consent.

3.2 Implementation and Deployment Where Services include software implementation or system integration, RPSE and the Client shall agree a project plan setting out timelines, milestones, acceptance criteria, and each party’s responsibilities. Time estimates are indicative unless expressly stated as fixed in the Service Agreement. Delays caused by the Client’s failure to provide timely access, data, approvals, or co-operation shall not constitute a breach by RPSE.

3.3 Third-Party and Open-Source Components Certain Services incorporate third-party or open-source components, including Mojaloop (Apache 2.0 Licence) and Tazama. Use of such components is subject to their respective licences. RPSE will make available to the Client, upon request, a list of material open-source components used within the deployed solution.

3.4 Sub-contracting RPSE may engage sub-contractors or implementation partners (including local system integrators) to deliver all or part of the Services. RPSE remains responsible to the Client for the performance of any sub-contracted work as if performed directly by RPSE.

4. Client Obligations The Client agrees to: Provide RPSE with accurate, complete, and timely information, access, and approvals necessary for RPSE to deliver the Services. Ensure that its authorised users access the Services only in accordance with these Terms and applicable law.

Maintain adequate security controls over its own systems, credentials, and access tokens.

Promptly notify RPSE of any actual or suspected security breach, unauthorised access, or system anomaly affecting the Services.

Obtain all regulatory licences, authorisations, and approvals required for the Client’s own business operations, including any approvals required from the Central Bank of Kenya or equivalent regulators in the Client’s jurisdiction.

Ensure that data submitted to or processed through the Services complies with all applicable laws, including data protection and financial regulations.

Pay all fees in accordance with the payment terms set out in the Service Agreement.

5. Fees and Payment

5.1 Fees The fees for the Services are set out in the applicable Service Agreement or Statement of Work. Unless otherwise stated, all fees are quoted exclusive of applicable taxes, including VAT or withholding tax, which shall be added at the prevailing rate.

5.2 Invoicing and Payment Terms RPSE will issue invoices in accordance with the payment schedule agreed in the Service Agreement. Unless otherwise specified, invoices are payable within thirty (30) days of the invoice date. Milestone-based payments shall become due upon RPSE issuing written confirmation that the relevant milestone has been achieved.

5.3 Late Payment Without prejudice to any other remedy available to RPSE, overdue amounts shall accrue interest at the rate of two percent (2%) per month, or the maximum rate permitted by Kenyan law, whichever is lower, from the due date until the date of actual payment. RPSE reserves the right to suspend access to the Services if any undisputed amount remains outstanding for more than thirty (30) days after the due date.

5.4 Disputed Invoices The Client must notify RPSE of any disputed invoice in writing within fourteen (14) days of the invoice date, specifying the basis for the dispute. The Client shall pay any undisputed portion of the invoice by the due date. The parties shall seek to resolve disputes in good faith within thirty (30) days of the dispute notice.

5.5 Price Adjustments RPSE may adjust its fees annually by giving the Client not less than sixty (60) days’ prior written notice. Fee adjustments shall not exceed the greater of five percent (5%) or the change in the Kenya Consumer Price Index over the preceding twelve months, unless otherwise agreed in writing.

6. Intellectual Property Rights

6.1 RPSE Intellectual Property All Intellectual Property Rights in the Software, platforms, methodologies, documentation, templates, and any other materials developed or owned by RPSE (whether before or during the provision of Services) remain exclusively vested in RPSE or its licensors. Nothing in these Terms transfers any ownership of RPSE’s Intellectual Property to the Client.

6.2 Licence to Use Subject to the Client’s compliance with these Terms and payment of applicable fees, RPSE grants the Client a limited, non-exclusive, non-transferable, revocable licence to access and use the Software solely for the Client’s internal business operations during the term of the Service Agreement.

6.3 Client Data The Client retains all ownership of its Data. The Client grants RPSE a limited licence to process and use the Client’s Data solely to the extent necessary to provide the Services. RPSE shall not access, use, or disclose Client Data for any other purpose without the Client’s prior written consent.

6.4 Restrictions The Client shall not, and shall ensure that its users do not: Copy, modify, adapt, translate, reverse engineer, decompile, disassemble, or create derivative works based on the Software. Sublicense, sell, resell, transfer, assign, or otherwise make the Software available to any third party. Remove or alter any proprietary notices, labels, or marks on the Software. Use the Software to build a competing product or service.

6.5 Deliverables Any custom deliverables, configurations, or reports specifically developed for the Client under a Statement of Work shall be owned as specified in that Statement of Work. In the absence of an express provision, all such deliverables shall be owned by RPSE, with RPSE granting the Client a perpetual, royalty-free licence to use them for its internal purposes.

7. Confidentiality

7.1 Each party (“Receiving Party”) agrees to keep confidential all Confidential Information received from the other party (“Disclosing Party”) and to use such information only for the purposes of performing its obligations or exercising its rights under these Terms.

7.2 The Receiving Party shall protect the Disclosing Party’s Confidential Information using at least the same degree of care it uses to protect its own confidential information, and in any event no less than reasonable care.

7.3 Confidential Information may be disclosed to the Receiving Party’s employees, directors, contractors, and professional advisors who have a need to know and who are bound by confidentiality obligations no less stringent than those in these Terms.

7.4 Confidentiality obligations do not apply to information that: (a) is or becomes publicly available through no fault of the Receiving Party; (b) was already known to the Receiving Party at the time of disclosure; (c) is independently developed by the Receiving Party without reference to the Confidential Information; or (d) is required to be disclosed by law, regulation, or court order, provided that the Receiving Party gives the Disclosing Party prompt written notice (where legally permitted) and cooperates with the Disclosing Party in seeking a protective order.

7.5 Confidentiality obligations shall survive the termination or expiry of the Service Agreement for a period of five (5) years.

8. Data Protection

8.1 Each party shall comply with its respective obligations under the Kenya Data Protection Act, 2019 and all applicable data protection legislation in the jurisdictions in which it operates.

8.2 Where RPSE processes personal data on behalf of the Client in its capacity as a data processor, the parties shall enter into a Data Processing Agreement (DPA) that meets the requirements of applicable data protection law. The DPA shall govern the subject matter, duration, nature, and purpose of processing, the type of personal data, and the rights and obligations of each party.

8.3 RPSE’s collection and use of personal data in its own capacity as a data controller is governed by its Privacy Policy, available at www.resilientsystems.co/privacy.

9. Warranties and Representations

9.1 RPSE Warranties RPSE warrants that: It has the right and authority to enter into the Service Agreement and to grant the licences and rights described herein. The Services will be performed with reasonable skill and care by appropriately qualified personnel. The Software will perform materially in accordance with the applicable documentation during the warranty period specified in the Service Agreement (or, if not specified, for ninety (90) days following acceptance). It will implement and maintain reasonable technical and organisational security measures as described in its ISO/IEC 27001:2022-aligned security programme.

9.2 Client Warranties The Client warrants that: It has the authority to enter into the Service Agreement and to grant RPSE the rights necessary to deliver the Services. All data and information provided to RPSE is accurate and does not infringe the Intellectual Property Rights or other rights of any third party. Its use of the Services will comply with all applicable laws and regulations, including financial services, anti-money laundering, and data protection laws.

9.3 Disclaimer EXCEPT AS EXPRESSLY SET OUT IN THESE TERMS, THE SERVICES ARE PROVIDED “AS IS” AND “AS AVAILABLE”. TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, RPSE DISCLAIMS ALL IMPLIED WARRANTIES, INCLUDING WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. RPSE DOES NOT WARRANT THAT THE SERVICES WILL BE UNINTERRUPTED, ERROR-FREE, OR FREE FROM SECURITY VULNERABILITIES.

10. Limitation of Liability

10.1 Neither party shall be liable to the other for any indirect, incidental, special, consequential, or punitive damages, including loss of profit, loss of revenue, loss of data, loss of business, or loss of goodwill, arising out of or in connection with these Terms or the Services, even if advised of the possibility of such damages.

10.2 RPSE’s total aggregate liability to the Client in connection with these Terms and the Services, whether in contract, tort (including negligence), breach of statutory duty, or otherwise, shall not exceed the total fees paid or payable by the Client to RPSE in the twelve (12) months immediately preceding the event giving rise to the claim.

10.3 The limitations in Clauses 10.1 and 10.2 shall not apply to: (a) death or personal injury caused by negligence; (b) fraud or fraudulent misrepresentation; (c) any other liability that cannot be excluded or limited by applicable law; or (d) the Client’s obligation to pay fees due under the Service Agreement.

10.4 The Client acknowledges that the fees charged by RPSE reflect the allocation of risk set out in these Terms and that RPSE would not enter into the Service Agreement on different terms.

11. Indemnification

11.1 The Client shall indemnify, defend, and hold harmless RPSE and its directors, officers, employees, and agents from and against any claims, damages, losses, liabilities, costs, and expenses (including reasonable legal fees) arising out of or relating to: (a) the Client’s breach of these Terms; (b) the Client’s use of the Services in violation of applicable law; (c) any claim that the Client’s Data infringes the rights of a third party; or (d) any wilful misconduct or gross negligence by the Client.

11.2 RPSE shall indemnify, defend, and hold harmless the Client from and against any third-party claim that the Software, as provided by RPSE and used in accordance with these Terms, infringes any Intellectual Property Rights of a third party. This indemnity does not apply if the alleged infringement arises from: (a) the Client’s modification of the Software; (b) use of the Software in combination with products or services not supplied by RPSE; or (c) the Client’s failure to implement updates or patches provided by RPSE.

12. Term and Termination

12.1 Term These Terms remain in effect for as long as any Service Agreement between RPSE and the Client is in force. The initial term of each Service Agreement shall be as specified therein.

12.2 Termination for Convenience Either party may terminate a Service Agreement for convenience by giving not less than ninety (90) days’ prior written notice to the other party, unless a different notice period is specified in the relevant Service Agreement.

12.3 Termination for Cause Either party may terminate a Service Agreement immediately by written notice if the other party: Commits a material breach of these Terms or the Service Agreement and, where the breach is capable of remedy, fails to remedy it within thirty (30) days of written notice specifying the breach. Becomes insolvent, makes an assignment for the benefit of creditors, or is subject to administration, liquidation, or analogous proceedings. Ceases or threatens to cease carrying on business.

12.4 Effect of Termination Upon termination or expiry of a Service Agreement: The Client’s licence to use the Software shall immediately cease. Each party shall promptly return or securely destroy the other party’s Confidential Information, except to the extent retention is required by law. RPSE shall provide the Client with a data export of the Client’s Data in a standard format within thirty (30) days of the termination date, subject to payment of any applicable data-extraction fees. Any fees accrued but unpaid as of the termination date shall become immediately due and payable. Clauses that by their nature should survive termination shall do so, including Clauses 6 (Intellectual Property), 7 (Confidentiality), 8 (Data Protection), 10 (Limitation of Liability), 11 (Indemnification), and 15 (Governing Law).

13. Service Suspension RPSE may suspend access to the Services, in whole or in part, with prior written notice where reasonably practicable, if: The Client fails to pay any undisputed amount due and the failure continues for more than thirty (30) days after the due date. Continued provision of the Services would violate applicable law or a regulatory requirement.

There is a credible threat of harm to RPSE’s systems, infrastructure, or other clients. The Client is in material breach of these Terms and the breach poses an ongoing risk. RPSE will restore access promptly upon resolution of the cause of suspension. Suspension does not relieve the Client of its payment obligations.

14. Force Majeure Neither party shall be liable to the other for any delay or failure to perform its obligations (other than payment obligations) to the extent that such delay or failure is caused by a Force Majeure Event. The affected party shall: (a) notify the other party promptly of the Force Majeure Event; (b) take all reasonable steps to mitigate the impact; and (c) resume performance as soon as reasonably practicable. If a Force Majeure Event continues for more than sixty (60) consecutive days, either party may terminate the affected Service Agreement upon written notice without liability, other than for fees accrued prior to the Force Majeure Event.

15. Governing Law and Dispute Resolution

15.1 These Terms and any Service Agreement shall be governed by and construed in accordance with the laws of the Republic of Kenya, without regard to its conflict of laws principles.

15.2 The parties shall seek to resolve any dispute, controversy, or claim arising out of or in connection with these Terms or the Services in good faith through senior management discussions within thirty (30) days of written notice of the dispute.

15.3 If the dispute is not resolved within thirty (30) days (or such longer period as the parties may agree in writing), either party may refer the dispute to binding arbitration administered by the Nairobi Centre for International Arbitration (NCIA) in accordance with the NCIA Arbitration Rules current at the time of the dispute. The seat of arbitration shall be Nairobi, Kenya. The arbitration shall be conducted in the English language. The arbitral award shall be final and binding on both parties.

15.4 Nothing in this Clause prevents either party from seeking urgent interlocutory relief from a court of competent jurisdiction.

16. Acceptable Use Policy The Client shall not use the Services for any purpose that is unlawful, harmful, or prohibited by these Terms. Without limitation, the Client shall not: Use the Services to process transactions that facilitate money laundering, terrorist financing, fraud, or any other financial crime.

Attempt to gain unauthorised access to any part of the Services, RPSE’s systems, or the data of other clients. Introduce malware, viruses, or other malicious code into the Services or RPSE’s infrastructure. Use the Services in a manner that disrupts, degrades, or impairs the availability of the Services for other users. Reverse engineer, decompile, or attempt to extract source code from the Software.

Use automated scripts or bots to access the Services in a manner inconsistent with normal use, without RPSE’s prior written consent. RPSE reserves the right to investigate any suspected violation of this Acceptable Use Policy and to take appropriate action, including suspension or termination of access, cooperation with law enforcement, and pursuit of legal remedies.

17. Amendments to These Terms RPSE may amend these Terms from time to time. Where changes are material, RPSE will notify the Client in writing at least thirty (30) days before the changes take effect.

The Client’s continued use of the Services after the effective date of the amended Terms constitutes acceptance. If the Client does not accept the amended Terms, the Client may terminate the affected Service Agreement upon written notice to RPSE within the thirty (30)-day notice period, in which case RPSE will provide a pro-rata refund of any prepaid fees for the unused portion of the term.

18. General Provisions 18.1 Entire Agreement These Terms, together with any applicable Service Agreement and DPA, constitute the entire agreement between the parties with respect to the subject matter hereof and supersede all prior negotiations, representations, warranties, and understandings.

18.2 Severability If any provision of these Terms is found by a court or arbitral tribunal to be invalid, illegal, or unenforceable, that provision shall be modified to the minimum extent necessary to make it enforceable, and the remaining provisions shall continue in full force and effect.

18.3 Waiver No failure or delay by either party in exercising any right under these Terms shall constitute a waiver of that right. A waiver is only effective if made in writing and signed by the waiving party.

18.4 Assignment The Client may not assign or transfer any of its rights or obligations under these Terms without RPSE’s prior written consent. RPSE may assign its rights and obligations to an affiliate or in connection with a merger, acquisition, or sale of all or substantially all of its assets, provided it gives the Client reasonable prior notice.

18.5 Notices All formal notices under these Terms shall be in writing and delivered by email (with read-receipt requested), registered post, or courier to the addresses specified in the Service Agreement. Notices shall be deemed received on the date of confirmed email delivery or two (2) business days after posting.

18.6 Relationship of the Parties The parties are independent contractors. Nothing in these Terms creates a partnership, joint venture, agency, franchise, or employment relationship between the parties.

18.7 No Third-Party Beneficiaries These Terms are for the sole benefit of the parties and their permitted successors and assigns. Nothing in these Terms confers any rights or remedies on any third party.

18.8 Counterparts Any Service Agreement incorporating these Terms may be executed in counterparts, including by electronic signature, each of which shall constitute an original and all of which together shall constitute one and the same instrument.

19. Contact Information For any questions, concerns, or notices relating to these Terms, please contact RPSE at: Company: Resilient Payment Systems East Africa Limited Address: Nairobi, Kenya Website: www.resilientsystems.co Legal enquiries: legal@resilientsystems.co

General enquiries: customerservice@resilientsystems.co These Terms & Conditions were prepared for Resilient Payment Systems East Africa Limited and are governed by the laws of the Republic of Kenya.

They should be reviewed by qualified legal counsel before publication.