Miraki Tech – Terms of Service

Miraki Tech Technologies Private Limited ( “Miraki Tech”, “we”, “us” or “our”) is a pioneering, technology-powered integrated service provider with a unique model rendering human resource management solutions.

Your use of the Website, application or Miraki Tech Platform, owned and managed by Miraki Tech, are governed by the following terms and conditions of this Agreement as applicable to the Website, application or Miraki Tech Platform, including the applicable policies which are incorporated herein by way of reference. By mere use of the Website, application or Miraki Tech Platform, You shall be contracting with Miraki Tech and these Terms including the policies constitute your binding obligations with Miraki Tech.

IF YOU ARE USING ANY SERVICE AS AN EMPLOYEE, AGENT, OR CONTRACTOR OF A CORPORATION, PARTNERSHIP OR ANY OTHER ENTITY, THEN YOU REPRESENT AND WARRANT THAT YOU HAVE THE AUTHORITY TO SIGN FOR AND BIND SUCH ENTITY IN ORDER TO ACCEPT THE TERMS OF THIS AGREEMENT. THE RIGHTS GRANTED UNDER THIS AGREEMENT ARE EXPRESSLY CONDITIONED UPON ACCEPTANCE BY SUCH AUTHORIZED PERSONNEL.

Services offered by Miraki Tech are subject to the terms of our website/platform, policies [i.e. Terms of Use, Privacy Policy, Cancellation and Refund Policy etc.] ( “Policies”), available at ‘https://www.Miraki Tech.com/’ ( “Website”). By contacting Miraki Tech for the services or availing the services or by registering with us or by accepting this Agreement, now or in the future, you being the person or entity placing an order for or accessing the Service ( “Subscriber” or “Customer” “you”, “your”, “yourself” or “user”) signify that you agree to these Terms of the Agreement ( “Terms”) and the Policies.

1. Definitions

1.1. "Affiliates" shall mean any entity which directly or indirectly controls, is controlled by, or is under common control with the subject entity. "Control" for the purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity.

1.2. “Agreement” means this Master Subscription Agreement, including the Service Level Agreement, Data Processing Agreement, Security Agreement, and any other exhibits, addenda, or attachments hereto, and any fully executed Order Form.

1.3. "Authorised User" shall mean an individual user for whom a user license has been purchased by Subscriber pursuant to the terms of the Invoice and this Agreement, and to whom unique user credentials have been given to access Miraki Tech Platform. Authorised Users may include employees, individual contractors or consultants of Subscriber or Subscriber's Affiliates or third party service providers.

1.4. "Confidential Information" shall mean all information disclosed by a party ("Disclosing Party") to the other party ("Receiving Party"), whether orally or in writing, that is designated as confidential or that reasonably should be understood to be confidential given the nature of the information and the circumstances of disclosure. Miraki Tech's Confidential Information shall include the terms of this Agreement and all Invoices (including all non-public pricing information). Confidential Information of each party shall include (without limitation) the business and marketing plans, technology and technical information, product plans and designs, and business processes disclosed by such party. However, Confidential Information shall not include any information that (i) is or becomes generally known to the public without breach of obligation owed to the Disclosing Party, (ii) was known to the Receiving Party prior to its disclosure by the Disclosing Party without breach of any obligation to the Disclosing Party, (iii) is received from a third party without breach of any obligation owed to the Disclosing Party, or (iv) was independently developed by the Receiving Party without the use of Disclosing Party's Confidential Information.

1.5. “Subscriber Data” means electronic data or information submitted to the Miraki Tech Platform by Subscriber.

1.6. “Subscriber Input” means suggestions, enhancement requests, recommendations or other feedback provided by Subscriber, its Employees relating to the operation or functionality of the Miraki Tech Platform.

1.7. "Documentation" shall mean the user manuals and documentation(s), whether in written or electronic form, provided by Miraki Tech to the Subscriber from time to time detailing the features, functionalities and operation of the Miraki Tech Platform.

1.8. “Employee” or “Worker” means employees, consultants, contingent workers, independent contractors, and retirees of Subscriber and its Affiliates, whether actively employed or terminated, whose business record(s) are or may be managed by the Service and for whom a subscription to the Service has been purchased in an Order Form.

1.9. “Improvements” means all improvements, updates, enhancements, error corrections, bug fixes, release notes, upgrades and changes to the Service and Documentation, as developed by Miraki Tech and made generally available for Production use without a separate charge to Subscribers.

1.10. “Intellectual Property” or “IP” shall mean all intellectual property (whether registered or not) including but not limited to patents, designs, literary work, artistic work, audio, video, any translations, adaptations, computer programme and/or any other works, materials, software, source, executable or object code, documentation, methods, apparatus, systems and the like, any copyrightable/patentable material, trade secrets and all trademarks and trade names and any other materials that can be protected under existing or future intellectual property rights in India or any other applicable jurisdiction.

1.11. “Intellectual Property Rights” means any and all common law, statutory and other industrial property rights and intellectual property rights, including copyrights, trademarks, trade secrets, patents and other proprietary rights in the IP issued, honoured or enforceable under any applicable laws anywhere in the world, and all moral rights related thereto.

1.12. “Law” means any local, state, national and/or foreign law, treaties, and/or regulations applicable to the respective party.

1.13. “Malicious Code” means viruses, worms, time bombs, Trojan horses and other malicious code, files, scripts, agents, bots or programs.

1.14. “Order Form” means the ordering documents under which Subscriber subscribes to the Service which is fully executed pursuant to this Agreement.

1.15. “Personal Data” has the definition set forth in the Exhibit 2.

1.16. “Production” means the Subscriber’s use of or Miraki Tech’s written verification of the availability of the Service (i) to administer Employees; (ii) to generate data for Subscriber’s books/records; or (iii) in any decision support capacity.

1.17. “Security Breach” means (i) any actual or reasonably suspected unauthorized use of, loss of, access to or disclosure of, Subscriber Data; provided that an incidental disclosure of Subscriber Data to an Authorized Party or Miraki Tech, or incidental access to Subscriber Data by an Authorized Party or Miraki Tech, where no reasonable suspicion exists that such disclosure or access involves theft, or is fraudulent, criminal or malicious in nature, shall not be considered a “Security Breach” for purposes of this definition, unless such incidental disclosure or incidental access triggers a notification obligation under any applicable Law and (ii) any security breach (or substantially similar term) as defined by applicable Law.

1.18. “Miraki Tech Platform” means Miraki Tech’s software-as-a-service applications as described in the Documentation and subscribed to under an Order Form.

1.19. "Non-Miraki Tech Services" shall mean third party applications, services, software, networks, systems, websites or databases that are integrated with the Miraki Tech Platform to interoperate with the Miraki Tech Platform.

1.20. "Invoice" shall mean the document evidencing a subscription to Miraki Tech Services that specifies the description of services subscribed, subscription plan, Subscription Period, number of user licenses purchased and applicable fees.

1.21. “Subscriber Data” shall mean electronic data and information submitted to and stored within the Miraki Tech Platform by the Subscriber or an Authorized User as a result of Subscriber’s or Authorised User's use of the Miraki Tech Platform.

1.22. “Subscription Period(s)” shall mean, in respect of each of the Miraki Tech Platform, the duration of validity of each fee-based subscription plan purchased by Subscriber.

1.23. "Usage Limits" shall mean the limits on use of each of the Miraki Tech Platform corresponding to the fee-based subscription plan purchased by the Subscriber.

1.24. "Taxes" shall mean all taxes, duties, levies, imposts, fines or similar governmental assessments, including sales and use taxes, value-added taxes, goods and services taxes, excise, business, service, and other similar transactional taxes imposed by any local, state, provincial or foreign jurisdiction and include the interest and penalties thereon.

1.25. "Terms of Service" shall mean the terms and conditions available for access and use of the Miraki Tech Platform, as modified from time to time.

2. Use of the Miraki Tech Platform, Restrictions and Responsibilities.

2.1. Rights Granted. Subject to the terms and conditions of this Agreement, Miraki Tech will make the Miraki Tech Platform available to Subscribers for the Subscription Period as set out in the Invoice. Miraki Tech grants Subscriber a revocable, non-exclusive, non-transferable right and limited license to access, use and, where applicable, download the Miraki Tech Platform during such Subscription Period for Subscriber’s internal business purposes. If the Subscriber exceeds the Usage Limits of the Miraki Tech Platform or functionalities within the Miraki Tech Platform, Subscriber may purchase additional quantities of the Miraki Tech Platform by making payment(s) for such excess usage.

2.2. Usage Restrictions. Subscriber shall not and shall not permit its Authorised Users to:

• copy, modify, create derivative works or otherwise attempt to gain unauthorised access to the Miraki Tech Platform.
• except as permitted under applicable law, attempt to disassemble, reverse engineer or decompile the Miraki Tech Platform.
• use the Miraki Tech Platform on behalf of any third party or include the Miraki Tech Platform as part of service bureau or provide any business process service.
• use the Miraki Tech Platform in any manner that interferes with or disrupts the integrity, security or performance of the Miraki Tech Platform, its components and the data contained therein.
• sell, resell, license, sublicense, rent, lease, transfer, assign or otherwise make the Miraki Tech Platform available to any third-party without an Authorised User subscription.
• use the Miraki Tech Platform to send or store material containing software viruses, worms or other harmful computer codes, files, scripts or programs.
• Upload or transmit (or attempt to upload or to transmit) any material that acts as a passive or active information collection or transmission mechanism, including without limitation, clear graphics interchange formats (“gifs”), 1×1 pixels, web bugs, cookies, or other similar devices (sometimes referred to as “spyware” or “passive collection mechanisms” or “pcms”).
• use the Miraki Tech Platform to store or transmit any material that is unlawful, abusive, malicious, harassing, tortious, defamatory, vulgar, obscene, libellous, or violates any third party rights
• permit direct or indirect access to or use of the Miraki Tech Platform in a way that circumvents the Usage Limits.
• use the Miraki Tech Platform in any manner that could damage, disable, overburden, impair or harm any server, network, computer system, or resource of Miraki Tech.
• allow Authorised User licenses to be shared or used by more than one individual other than by way of reassigning the user license to a new user.
• remove or obscure any proprietary or other notices contained in the Miraki Tech Platform.
• attempt to gain unauthorized access to the Miraki Tech Platform (including features and functionality) or its related systems or network.
• use the Miraki Tech Platform for any form of competitive or benchmarking purposes.

2.3. Subscriber Responsibilities. Subscriber shall be responsible for (i) providing accurate, current and complete information regarding the Subscriber in connection with Subscriber's access and use of the Miraki Tech Platform; (ii) Authorized Users' compliance with the Agreement, Documentation and Invoice; (iii) accuracy, quality and legality of the Subscriber Data; (iv) means by which the Subscriber Data was acquired and Subscriber's use of the Subscriber Data; (v) using commercially reasonable efforts to prevent unauthorised access to or use of the Miraki Tech Platform; (vi) using the Miraki Tech Platform in accordance with this Agreement, Documentation and Invoice; (vii) all activities that occur under Subscriber's account; and (viii) compliance with all applicable laws and regulations;.

3. Fees and Payments

3.1. Fees: Subscriber will pay to Miraki Tech, without any deductions, the fees set forth in the applicable Invoice. Except as otherwise specified in the Agreement, all payment obligations are non-cancellable and all amounts paid are non-refundable whether or not the Miraki Tech Platform is actively being used. Additional charges will apply for additional purchases or usage in excess of the purchased subscription(s). All pricing terms provided for the Subscriber are confidential and Subscriber agrees not to disclose them to any third party without Miraki Tech’s prior written authorization.

3.2. Invoicing and Payment: Payments for Subscription Period of less than one (1) year shall be made through Miraki Tech's online store using a credit card or online banking facilities. Offline or manual payment options are not entertained. The Subscription Period will commence only upon receipt of payment or a purchase order acceptable to Miraki Tech. Subscriber shall be responsible for providing complete and accurate payment information to Miraki Tech. Subscriber shall promptly update any change in the billing information. If a purchase order raised by the Subscriber is accepted by Miraki Tech, the payment must be made by the Subscriber within fifteen (15) days from the receipt of an invoice by email, unless otherwise stated in the Invoice.

3.3. The Subscription Fee paid by the Subscriber shall be converted into service credits ( “Miraki Tech Service Credits”) which will be stored in a Subscriber e-wallet ( “Miraki Tech Wallet”) provided by Miraki Tech, created pursuant to the aforementioned License under clause 2 of this Agreement. For the purpose of this Agreement, one (1) Miraki Tech Service Credit shall be equivalent to one (1) currency unit as the case may be.

3.4. The Subscriber will be able to use the Miraki Tech Service Credits from its Miraki Tech Wallet for its use of the Software. Upon the expiry of the Miraki Tech Service Credits and subject to the billing cycle provided under the Order Form, the Subscriber shall be liable to top-up the Miraki Tech Wallet according to its usage of the Software.

3.5. Overdue Payments. Undisputed overdue payments shall bear interest at the rate of one (1)% per month or the maximum rate allowed under applicable law. Subscriber acknowledges and accepts that non-payment of any undisputed fees within the term defined in the applicable Invoice constitutes a material breach of this Agreement and that Miraki Tech shall have the right to: (i) block and/or suspend the access to the Miraki Tech Platform until all such due and undisputed amounts and applicable interests, if any, have been paid; and/or (ii) terminate the Agreement as specified under Term and termination clause of this Agreement.

3.6. Payment Disputes: In the event Subscriber has any disputes with regard to the invoice raised by Miraki Tech, then the Subscriber shall raise the same within five (5) business days from the date of receipt of invoice. Subscriber shall not be considered to have defaulted on Subscriber's payment obligations under this Section, if the Subscriber (i) has disputed the fees in good faith in accordance with clause 3.6and is co-operating diligently to resolve the dispute; and (ii) remits payment for any undisputed amounts in a timely manner.

3.7. Taxes: Subscriber shall be responsible for paying the Taxes in addition to the fees applicable for the Miraki Tech Platform as specified in the Invoice. If the Subscriber is withholding Taxes, Subscriber shall pay the withholding Tax directly to the appropriate government entity and shall furnish a tax certificate to Miraki Tech evidencing such payment within hundred (100) days of making such payments. In the event of a failure to furnish the tax certificate within the timer period specified herein, the concerned tax amount shall be fortified by Miraki Tech.

3.8. Pricing: Miraki Tech reserves the right to unilaterally determine and modify its pricing for the Miraki Tech Platform. Where an Invoice is in effect, the pricing for the Miraki Tech Platform shall remain as agreed for the term specified in such Invoice.

4. Availability and Technical Support

4.1. Miraki Tech will make the Miraki Tech Platform available to the Subscriber pursuant to the terms of this Agreement, applicable Invoice and Documentation. Miraki Tech shall use commercially reasonable efforts to make the Miraki Tech Platform available 24 hours a day, 7 days a week and honour the Monthly Uptime Commitment as set forth in Exhibit 1, except during: (i) Scheduled Downtime, and (ii) Force Majeure Events.

4.2. Miraki Tech will provide product support to the Subscriber according to the timeframe specified in Exhibit 1.

5. Privacy and Security

5.1. Privacy. To the extent that Personal Information (as defined under the Exhibit 2) is processed by Miraki Tech when Subscriber uses the Miraki Tech Platform, Miraki Tech shall comply with applicable legal requirements for privacy, data protection and confidentiality. Miraki Tech’s processing of Personal Information will, at all times, be compliant with Exhibit 2 of this Agreement. Exhibit 2 explains how Miraki Tech will, (i) process Personal Information; (ii) use third party service providers who process Personal Information on Miraki Tech’s behalf; (iii) assist Subscriber to handle data subject requests; (iv) handle Security Incidents; (v) accommodate an audit request from Subscriber; (vi) ensure that its personnel maintain confidentiality and security of Personal Information; and (vii) handle return or deletion of Personal Information.

5.2. Security. Miraki Tech has implemented and will maintain industry-standard administrative, technical, and physical safeguards to reasonably protect the security, confidentiality and integrity of the Subscriber Data as described in Exhibit 3 of this Agreement. Miraki Tech will periodically review and update its security practices to address new and evolving security threats and to implement evolving security technologies and industry standard practices. Miraki Tech warrants that no modification to the security practices will materially degrade the security of the Miraki Tech Platform.

6. Proprietary Rights and Licenses

6.1. Reservation of Intellectual Property Rights. As between the Parties to this Agreement, Miraki Tech retains all the rights, title and interest in and to the Miraki Tech Platform and Documentation, including all related Intellectual Property Rights. Except as expressly stated herein, this Agreement does not grant any additional rights or licenses to the Subscriber in the Miraki Tech Platform or in any intellectual property rights of Miraki Tech. The Subscriber agrees and acknowledges that unless as provided herein this Agreement, any other use of the Miraki Tech Platform shall constitute a material breach of this Agreement and an infringement under applicable laws. Such material breach or infringement shall cause Miraki Tech irreparable loss and damage. Therefore, in addition to and without limitation to the rights provided herein this Agreement, Miraki Tech shall have the right to recover damages and injunctive relief under applicable laws.

6.2. License to use Suggestion and Feedback. Subscriber grants to Miraki Tech a fully paid-up, royalty free, worldwide, sub-licensable, assignable, irrevocable and perpetual license to use and incorporate into the Miraki Tech Platform any idea, suggestion for enhancement, recommendation, correction or other feedback provided by Subscriber to Miraki Tech in connection with such Subscriber’s use of the Miraki Tech Platform.

6.3. Subscriber Input. Subscriber Input is defined as any information subscriber may have provided Miraki Tech as an idea, feature request, enhancement or bug-fix on Miraki Tech product offerings to Miraki Tech. Miraki Tech shall have a royalty-free, worldwide, transferable, sub-licensable, irrevocable, perpetual license to use or incorporate into the Service any Subscriber Input. Miraki Tech shall have no obligation to make Subscriber Input an Improvement. Subscriber shall have no obligation to provide subscriber Input.

6.4. Statistical Data Use. Miraki Tech has exclusive rights to use the statistical data derived from the operation of the Service, including, without limitation, the number of records in the Service, the number and types of transactions, configurations, and reports processed in the Service and the performance results for the Service (the “Aggregated Data”). Nothing herein shall be construed as prohibiting Miraki Tech from utilizing the Aggregated Data for purposes of operating Miraki Tech’s business, provided that Miraki Tech’s use of Aggregated Data will not reveal the identity, whether directly or indirectly, of any individual or specific data entered by any individual into the Service. In no event does the Aggregated Data include any personally identifiable information or corporate identifiable information.

6.5. Use of name: In connection with any literature of an advertising or similar nature, Miraki Tech’s name shall not be used or quoted without the prior written permission of Miraki Tech. Miraki Tech may use the fact of its involvement with the Subscriber in this Agreement in its credentials, proposals and publicity material subject to applicable law and professional regulations. The Customer agrees to such use and Miraki Tech may, on the Subscriber’s specific request, share samples of such use.

7. Confidentiality

7.1. Confidentiality Obligations. Except as otherwise permitted in writing by the Disclosing Party, the Receiving Party shall (i) use the same degree of care that it uses to protect the confidentiality of its own confidential information of like kind (but in no event less than reasonable care) not to disclose or use any Confidential Information of the Disclosing Party for any purpose outside the scope of this Agreement, and (ii) limit access to Confidential Information of the Disclosing Party to those of its employees, contractors and agents who need such access for the purposes consistent with this Agreement and who have signed confidentiality agreements with the Receiving Party containing protections no less stringent than those contained herein. Any exchange of Confidential Information prior to the execution of this Agreement shall continue to be governed by any non-disclosure agreement executed by and between the parties and not the terms of this Agreement. All copies of Confidential Information, regardless of form, shall, at the discretion of the Disclosing Party, either be destroyed or returned to the Disclosing Party, promptly upon the earlier of: (i) Disclosing Party’s written request, or (ii) expiration or termination of this Agreement for any reason.

7.2. Compelled Disclosure. The Receiving Party may disclose Confidential Information of the Disclosing Party (i) as necessary to comply with an order or subpoena of any administrative agency or court of competent jurisdiction; or (ii) as reasonably necessary to comply with any applicable law or regulation; or (iii) as necessary to establish the rights of the Receiving Party, provided the Receiving Party gives the Disclosing Party prior notice of the compelled disclosure (to the extent legally permitted) and reasonable assistance, at the Disclosing Party's cost, if the Disclosing Party wishes to contest the disclosure. Any such disclosure shall be limited to only what is required and shall be subject to the confidentiality obligations to the extent reasonably practicable.

8. Representations, Warranties and Disclaimers

8.1. Mutual Representation. Each party represents and warrants to the other party that it is duly organized and validly existing under the laws of the state of its incorporation and has full corporate power and authority, and is duly authorized, to enter into the Agreement and to carry out the provisions thereof.

8.2. Warranty by Miraki Tech. Miraki Tech warrants that during an applicable Subscription Period (i) the Miraki Tech Platform will perform materially in accordance with the Documentation when Subscriber uses the Miraki Tech Platform in accordance with such Documentation; (ii) Miraki Tech will, at a minimum, implement safeguards for protection of the security, confidentiality and integrity of Subscriber Data, as set forth in DPA of this Agreement; (iii) Miraki Tech will not materially decrease the overall functionality of the Miraki Tech Platform. In case of any breach of warranty listed in this Section, the Subscriber shall be entitled to sole and exclusive remedies against Miraki Tech as described in Sections 11.2. and 11.3. of this Agreement.

8.3. Warranty Disclaimer. Subscriber understands and agrees that the use of the Miraki Tech Platform is at subscriber's sole risk. Except as expressly provided herein, Miraki Tech Platform is provided on an "as is" and "as available" basis, without any warranties of any kind. Except for warranties specified in this agreement, Miraki Tech disclaims warranties of all kinds, including, but not limited to, the implied warranties of merchantability, title, fitness for a particular purpose, and non-infringement. Miraki Tech further disclaims warranties that the Miraki Tech Platform will be uninterrupted, timely, secure, error-free or free from viruses or other malicious software. No advice or information obtained by subscriber from Miraki Tech or from any third party shall create any warranty not expressly stated in this agreement. The foregoing exclusions and limitations shall apply to the maximum extent permitted by applicable law, even if remedy fails its essential purpose.

9. Indemnification

Indemnification by Miraki Tech

9.1. Miraki Tech shall defend Subscriber , at Miraki Tech’s expense, from claims, demands, suits, or proceedings made or brought against Subscriber by a third party (“Claims”) alleging that the use of the Miraki Tech Platform as contemplated hereunder infringes such third party’s Intellectual Property Rights and shall indemnify and hold Subscriber harmless against any loss, damage or costs finally awarded or entered into in settlement (including, without limitation, reasonable attorneys' fees) (collectively, “Losses”); provided that Subscriber : (a) promptly gives written notice of the Claim to Miraki Tech (although a delay of notice will not relieve Miraki Tech of its obligations under this section except to the extent that Miraki Tech is prejudiced by such delay); (b) gives Miraki Tech sole control of the defense and settlement of the Claim (although Miraki Tech may not settle any Claim unless it unconditionally releases Subscriber of all liability); and (c) provides to Miraki Tech, at Miraki Tech's cost, all reasonable assistance. Miraki Tech shall have no liability for Claims or Losses to the extent arising from: (d) modification of the Miraki Tech Platform by anyone other than Miraki Tech; (e) use of the Miraki Tech Platform in a manner inconsistent with the Agreement or Documentation; or (f) use of the Miraki Tech Platform in combination with any other product or service not provided by Miraki Tech. If Subscriber is enjoined from using the Miraki Tech Platform or Miraki Tech reasonably believes it will be enjoined, Miraki Tech shall have the right, at its sole option, to obtain for Subscriber the right to continue use of the Miraki Tech Platform or to replace or modify the Miraki Tech Platform so that it is no longer infringing. If neither of the foregoing options is reasonably available to Miraki Tech, then the Agreement may be terminated at either party’s option and Miraki Tech’s sole liability, in addition to the indemnification obligations herein, shall be to refund any prepaid fees for the Miraki Tech Platform that was to be provided after the effective date of termination.

Indemnification by the Subscriber

9.2. Subscriber agrees to indemnify and hold harmless Miraki Tech, its directors, officers, employees, affiliates, agents and representatives from and against, including but not limited to, any and all claims, damages, liabilities, fines, penalties, costs and expenses (including reasonable attorneys' fees) to which Miraki Tech may be subjected as a result of Subscriber's, its employee’s or agent’s (i) business operations, including, without limitation, Subscriber employee claims, (ii) any act or omission to act which constitutes a breach of this Agreement, or (iii) performance hereunder in a manner that is negligent, grossly negligent, reckless, or improper.

9.3. Subscriber recognizes that Miraki Tech will be irreparably harmed by a violation of Subscriber’s confidentiality, non-use or other obligations hereunder. Therefore, in addition to any other available remedies, Miraki Tech is entitled to an injunction or other decree of specific performance with respect to any violation thereof by Subscriber.

10. Limitation of Liability

Under no circumstances and under no legal theory, whether tort, contract, product liability, negligence or otherwise, shall Miraki Tech or its affiliates be liable to you or any other affiliate or third party for any lost profits, lost sales or lost revenue, loss of data, business interruption, loss of goodwill or for any indirect, special, incidental, exemplary, consequential or punitive damages, even if a party or its affiliates have been advised of the possibility of such damages. In no event shall the liability of either party to the other party or its affiliates, for any claim or action arising out of this agreement, exceed the value of 10% of aggregate of all amounts paid by the Subscriber to Miraki Tech in the twelve (12) months preceding the first event giving rise to such claim or action. The limitations specified herein will not limit Subscriber’s obligation to pay fees in accordance with this agreement.

11. Term and Termination

11.1. Term. The term of this Agreement shall commence on the Effective Date and shall thereafter continue for the duration of the Subscription Period of the relevant Invoice, unless terminated in accordance with the provisions of this Section. Except as otherwise specified in the Agreement or Invoice, subscriptions will automatically renew for additional terms equivalent to the expiring Subscription Period.

11.2. Termination for cause. A party may terminate this Agreement for cause : (i) upon 30 days written notice to the other party of a material breach if such breach remains uncured at the expiration of such period, or (ii) if the other party becomes the subject of a petition in bankruptcy or any other proceeding relating to insolvency, receivership, liquidation or assignment for the benefit of the creditors.

11.3. Termination by Miraki Tech: Miraki Tech shall be entitled to terminate this Agreement forthwith upon giving written notice of thirty (30 days) to the subscriber if it: (i) enters an agreement with creditors without authorisation Miraki Tech and/or steps have been taken for its winding up (other than for the purposes of bona fide reconstruction); (ii) has reasonable grounds to suspect that it has participated in illegal practices and/or acts or been charged in a court of law acts in a manner prejudicial to the interests of Miraki Tech; (iii) commits misconduct, fraudulent, dishonest, undisciplined conduct or breach of integrity or embezzlement or misappropriation or misuse or causing damage to the Software and other property of Miraki Tech; (iv) misrepresents, makes false statements and breaches the representations and warranties under the Agreement; and (v) ceases or threatens to cease to carry on business.

11.4. Termination for Convenience: Notwithstanding any other provision in this Agreement, Miraki Tech shall at its absolute discretion be entitled to terminate this Agreement without provision of reasons by giving at least 30 (thirty) days prior written notice to the other Party.

11.5. Refund. Upon termination for cause by Subscriber, Miraki Tech shall refund Subscriber any prepaid fees covering the unused portion of the Subscription Period. Upon any termination for cause by Miraki Tech, Subscriber shall expedite all payments due to Miraki Tech and in no event will termination of this Agreement relieve Subscriber of its obligation to pay any fees due to Miraki Tech. Notwithstanding anything contained herein, in the event Subscriber terminates the Agreement except as mentioned in Section 11.2 of the Agreement, Miraki Tech is under no obligation to refund the fees paid by the Subscriber.

11.6. Retrieval of Subscriber Data. Upon Subscriber’s written request made on or prior to expiration or termination of the Agreement, Miraki Tech will give Subscriber limited access to the Miraki Tech Platform for a period of up to thirty (30) days, at no additional cost, solely for purposes of retrieving Subscriber Data. Subject to such thirty day period and Miraki Tech’s legal obligations, Miraki Tech has no obligation to maintain or provide any Subscriber Data and may, unless legally prohibited, delete Subscriber Data; provided, however, that Miraki Tech will not be required to remove copies of the Subscriber Data from its backup media and servers until such time as the backup copies are scheduled to be deleted.

11.7. Surviving Provisions. Sections "Confidentiality," "Fees and Payments," "Warranty Disclaimers," "Limitation of Liability," "Indemnification," "Termination," "Surviving Provisions" and "General" shall survive termination of this Agreement.

12. General

12.1. Applicability of Terms of Service. Subscriber understands that, in addition to the terms of this Agreement, Miraki Tech's Terms of Service will apply to Subscriber's access and use of the Miraki Tech Platform. In the event of any conflict between this Agreement and the Terms of Service, the terms of this Agreement shall prevail.

12.2. Entire Agreement. This Agreement, including the Exhibits attached hereto and the Terms of Service, constitute the entire agreement between the parties with respect to the subject matter of this Agreement and supersedes any and all prior and contemporaneous agreements, negotiations, correspondence, understandings and communications between the parties, whether written or oral, concerning the subject matter hereof.

12.3. Amendment. No changes, modifications or amendment of any nature made to this Agreement shall be valid unless evidenced in writing and signed for and on behalf of both parties by the respective authorized representatives.

12.4. Governing Law and Jurisdiction. This Agreement shall be governed by and construed strictly in accordance with the laws of India (excluding the rules governing conflict of laws). Any dispute arising out of or resulting from this Agreement shall be subject to the exclusive jurisdiction of courts in Hyderabad to the exclusion of all other courts.

12.5. Notices. All notices required under this Agreement shall be in writing and shall be sent to the respective address set forth below. Any such notice may be delivered by hand, by overnight courier, by registered post or certified mail with return receipt requested, or by electronic mail to the person to whom such notice is to be sent as per the terms of this Agreement. Such notice shall be deemed to have been received: (i) by hand delivery, at the time of delivery; (ii) by overnight courier, on the succeeding business day; (iii) by registered post or certified mail, on the date marked in proof of receipt; and (v) by electronic mail, when sent. All notices shall be sent to: Legal Team on support@mirakitech.com

12.6. Relationship of the Parties. The parties are independent contractors. This Agreement does not create a partnership, franchise, joint venture, agency, fiduciary or employment relationship between the parties. Neither party shall have the power to bind the other or incur obligations on the other party's behalf without the other party's written consent.

12.7. Assignment. Neither party shall assign any of its rights or obligations hereunder, whether by operation of law or otherwise, without the prior written consent of the other party (which consent shall not be unreasonably withheld). . Any attempt by a party to assign its rights or obligations under this Agreement other than as permitted by this section shall be void and of no effect. Subject to the foregoing, this Agreement shall bind and inure to the benefit of the parties, their respective successors and permitted assigns.

12.8. Affairs of the Parties: It has been explicitly agreed between the Parties that at any time within the term of this Agreement, the Subscriber undergoes one of the following including the sale of the company/entity, then the Subscriber shall have the sole unconditional rights, among others, to:

• Change in the management;
• Change in the corporate name or brand name or trademark
• Restructuring;
• Acquisition and merger
• Any Private Equity or Loan infusion into the Party

Miraki Tech will not interfere or raise any objections in or under the above circumstances, provided that the Subscriber shall ensure that the rights of Miraki Tech under this Agreement are not adversely affected or curtailed by virtue of such an event. The existence of the Agreement or/and rights of Miraki Tech under this Agreement shall not be affected in any manner and the Subscriber shall ensure the same terms and conditions are carried through the Term of the Agreement. If the Agreement terminates or any rights of Miraki Tech are adversely effected due to any of the above circumstances as laid down under this clause above, then the defaulting party, i.e., the Subscriber shall indemnify Miraki Tech and compensate it from any loss or expenditure that Miraki Tech incurs.

12.9. No Third Party Beneficiaries. The provisions of this Agreement shall be binding and inure solely to the benefit of the parties, their successors, and permitted assigns. Nothing herein, whether express or implied, will confer any right, benefit or remedy upon any person or entity other than the parties, their successors and permitted assigns.

12.10. Force Majeure. No Party shall be liable to the other if, and to the extent, that the performance or delay in performance of any of its obligations under this Agreement is prevented, restricted, delayed or interfered with, due to circumstances beyond the reasonable control of such Party, including but not limited to, Government legislations, fires, floods, explosions, epidemics, accidents, acts of God, wars, riots, strikes, lockouts, or other concerted acts of workmen, acts of Government. The Party claiming an event of force majeure shall promptly notify the other Party in writing and provide full particulars of the cause or event and the date of first occurrence thereof, as soon as possible after the event and also keep the other Party informed of any further developments. The Party so affected shall use its best efforts to remove the cause of non-performance, and the Parties shall resume performance as soon as such cause is removed.

12.11. Severability. Any provision of this Agreement, which is prohibited or unenforceable in any jurisdiction shall, as to such jurisdiction be ineffective to the extent of such prohibition or unenforceability without invalidating the remaining provisions hereof or affecting the validity or enforceability of such provision in any other jurisdiction. Accordingly, this Agreement shall be construed as if such portion had not been inserted and the remaining provisions of this Agreement shall remain in full force and effect.

12.12. Waiver. Except as otherwise provided in this Agreement, failure on the part of either Party to exercise any right hereunder or to insist upon strict compliance by the other Party with any of the terms, covenants or conditions hereof shall not be deemed a waiver of such right, term, covenant or condition.

12.13. Interpretation. No provision of this Agreement shall be construed against one party by reason of being deemed the "author" of the Agreement. The headings used in this Agreement are for convenience only and shall not affect the interpretation of the terms of this Agreement.

12.14. Specific terms of use for payment automation services – refer exhibit 4

Exhibit 1

SERVICE LEVEL AVAILABILITY

This Exhibit documents Miraki Tech’s Service Level Availability Policy (“SLA”) with its Subscribers. Capitalized terms, unless otherwise defined herein, shall have the same meaning as in the Master Subscription Agreement.

1. Definitions

"Downtime" shall mean inability to access Miraki Tech Platform due to a Qualifying Fault. Downtime is measured based on availability of the Miraki Tech Platform as measured by Miraki Tech’s monitoring tools.

“Qualifying Fault” shall mean and include server side errors and reachability errors attributable to the Miraki Tech Platform.

“Downtime Period" shall mean ten or more consecutive minutes of Downtime. Intermittent Downtime for a period of less than ten minutes will not be counted towards any Downtime Periods.

“Monthly Uptime” shall mean total number of minutes in a calendar month minus the number of minutes of Downtime suffered from all Downtime Periods in a calendar month.

"Monthly Uptime Percentage" shall mean the percentage calculated by dividing Monthly Uptime by the total number of minutes in a calendar month.

"Scheduled Downtime" shall mean unavailability of the Miraki Tech Platform about which Subscriber is informed at least forty eight (48) hours in advance. A Schedule Downtime will not constitute a Qualifying Fault.

"Miraki Tech SLA Service Credit" shall mean Miraki Tech Service Credits added to the Miraki Tech Wallet at no additional cost as compensation for Miraki Tech’s failure to meet the monthly uptime commitment.

2. Service availability

Miraki Tech Platform will have a Monthly Uptime Percentage of 99.8%.

3. Miraki Tech Platform Updates

Periodically, Miraki Tech introduces new features in the Miraki Tech Platform with enhanced functionality. Features and functionality will be made available as part of a major feature release (“Feature Release”) or as part of weekly service updates (“Service Updates”).

4. SLA Service Credits

• Calculation of Miraki Tech SLA Service Credit:

  Uptime	Compensation for Downtime (% of Monthly Subscription Fees)
  99.5% to 99.8%	5%
  99% to 99.5%	15%
  <99%	25%

• In order to receive any of the Miraki Tech SLA Service Credits described above, Subscriber must notify Miraki Tech within ten (10) days from the time Subscriber becomes eligible to receive a Miraki Tech SLA Service Credit. Failure to comply with this requirement will result in forfeiture of Subscriber’s right to receive a Service Credit.
• Miraki Tech SLA Service Credits will not be exchanged for, or converted to, monetary compensation.
• Subscriber’s sole and exclusive remedy for Miraki Tech’s failure to meet the uptime commitment is to receive Miraki Tech SLA Service Credit.

5. Miraki Tech Support Scope

Miraki Tech will support functionality that is delivered by Miraki Tech as part of the Miraki Tech Platform. For all other functionality, and/or issues or errors in the Miraki Tech Platform caused by issues, errors and/or changes in Subscriber's information systems, customizations, and/or third-party products or services, Miraki Tech may assist Subscriber and its third-party providers in diagnosing and resolving issues or errors but Subscriber acknowledges that these matters are outside of Miraki Tech's support obligations. Failure to meet obligations or commitments under this SLA that are attributable to (i) Subscriber's acts or omissions; and (ii) force majeure events shall be excused.

6. Issue Submission and Reporting

Subscriber’s Named Support Contacts may submit cases to Miraki Tech Support via the Miraki Tech Support Portal. Named Support Contacts must be trained on the Miraki Tech Platform. Each case will be assigned a unique case number. Miraki Tech will respond to each case in accordance with this SLA and will work diligently toward resolution of the issue taking into consideration its severity and impact on the Subscriber’s business operations. Actual resolution time will depend on the nature of the case and the resolution itself. A resolution may consist of a fix, workaround, delivery of information or other reasonable solution to the issue. Case reporting is available on demand via the Miraki Tech Support Portal.

7. Severity level determination

Subscriber shall reasonably self-diagnose each support issue and recommend to Miraki Tech an appropriate Severity Level designation. Miraki Tech shall validate Subscriber's Severity Level designation or notify Subscriber of the change in the Severity Level designation to a higher or lower level with justification. The following definition shall be used in determination of severity level:

Severity Level 1

Description: This Problem Severity Level is associated with: the software, as a whole, is non-functional or is not accessible; unauthorized exposure of all or part of the client's data; or loss or corruption of all or part of the client's data.

Severity Level 2

Description: This Problem Severity Level is associated with significant and / or ongoing interruption of an authorized user’s use of a critical function of the software and for which no acceptable work-around is available.

Severity Level 3

Description: This Problem Severity Level is associated with: a minor and/or limited interruption of an authorized user’s use of a non-critical function of the software; or, problems which are not included in Problem Severity Levels 1 or 2.

Severity Level 4

Description: This Problem Severity Level is associated with: general questions about the software; or, configuration changes that have been previously agreed to be in scope by the client.

8. Response and resolution

Response, Problem Determination and Resolution/Restoration/Work-around Timeframe

9. Exclusions

The SLA does not apply to any performance and availability issues:

• caused by factors outside of Miraki Tech’s reasonable control;
• that resulted from any actions or inactions of Subscriber; or
• that resulted from Subscriber’s equipment and/or third party equipment that are not within Miraki Tech’s reasonable control.

Exhibit 2

Data Processing Agreement

GDPR Regulation (EU) 2016/679

Your use of the Website, application or Miraki Tech Platform, owned and managed by Miraki Tech, are governed by the following terms and conditions of this Agreement as applicable to the Website, application or Miraki Tech Platform, including the applicable policies which are incorporated herein by way of reference. By mere use of the Website, application or Miraki Tech Platform, You shall be contracting with Miraki Tech and these terms and conditions including the policies constitute your binding obligations with Miraki Tech.

This Agreement is hereby executed and enforceable between:
Customer/Partner (Hereinafter referred to as “Data Controller”)

AND

Miraki Tech Technologies Private Limited, a company incorporated as per Indian Companies Act, 2013 (Hereinafter referred to as the “Data Processor” or “Miraki Tech”)

Data Controller and Data Processor may be referred to as “Party” individually and “Parties” collectively in this DPA.

WHEREAS

A. The Data Controller is, for the purpose of this DPA, a data controller as provided under Article 4 sub-article 7 of the GDPR Regulation (EU) 2016/679 ( “GDPR Regulation”).

B. The Data Controller wishes to obtain certain services from the Data Processor in light of which it will share certain information/data/material which shall require processing compliances with GDPR Regulation by both Parties.

C. Therefore, the Parties have agreed to enter into this DPA which contains the relevant GDPR Regulation clauses to be followed by the Parties who signed the Subscription Services with Miraki Tech.

Therefore, In consideration of the mutual obligations set out in this DPA, the parties agree as follows:

• This DPA details the roles of both Parties set forth in GDPR Regulation under Articles 28, 32, and 82.
• The capitalised terms as provided under this DPA and not defined therein, shall have their respective meaning prescribed under Annexure 2 of this DPA.
  

  This DPA is applicable for below Clauses

  • If the Customer entity signing this DPA is also a party to the MSA, then this DPA shall form an integral part of such MSA.
  • If the Customer entity signing this DPA has executed an Order Form with Miraki Tech, or its Affiliate pursuant to the relevant agreement, but is not by itself a party to the Agreement, then this DPA is an addendum to that Order Form and/or applicable renewal Order Forms.
  • If the Customer entity signing this DPA is neither a party to an Order Form nor the Agreement, this DPA is not valid and is not legally binding. Such entity should request that the Customer entity who is a party to the Agreement executes this DPA.
  • If the Customer entity signing the DPA is not a party to an Order Form nor a Master Subscription Agreement directly with Miraki Tech, but is instead a customer indirectly via an authorized reseller of Miraki Tech, services, this DPA is not valid and is not legally binding. Such entity should contact the authorized reseller to discuss whether any amendment to its agreement with that reseller may be required. This DPA shall not replace any comparable or additional rights relating to Processing of Customer Data contained in Customer’s Agreement (including any existing data processing addendum to the Agreement).
  • The Data Controller and Miraki Tech, each warrant that they are and will continue to adhere to GDPR and shall perform their obligations under this DPA in accordance with the provisions of the GDPR from time to time in force.
  • The parties acknowledge that for the purposes of GDPR, that the Customer/Partner is the Data Controller for the Personal Data (Personal Data of Customer’s Employees or the Customer’s Customer or Contractor as applicable) and the performance of the services will require the processing of Personal Data by Miraki Tech, for the Data Controller.

  The parties acknowledge that for the purposes of GDPR:

  • Miraki Tech, shall be processing the personal data provided by Data Controller that is limited to Name, Phone, E-Mail and Job Title for the escalation and communication that is used to send notifications/ alerts during the business operations to the Data Subjects whose personal data is shared by the Data Controller.
  • Miraki Tech, implements controls to undertake Consent from Users of the platform without disrupting Customer’s Operations. The Data Controller is responsible for ensuring the respective customers and users accept the user consent.
  • Miraki Tech, may use various software tools/Cloud Services for storing such Personal Data in their repositories which is vetted as per the conditions as laid down under Article 32 of the GDPR Regulation.
  • Miraki Tech, may use or store the Personal Data for retracting any reference to the Data Subject, as mentioned in their Privacy Policy, if it is required in future even after expiry of the agreement for identifying or tracing any alerts/ notifications sent to the Data Subject.
  • The Customer/Partner shall be responsible to notify and undertake Consent from their Employees/ Customers/ Contractors on how the Personal Data is processed by Miraki Tech, and their Data Sub-Processor, without which compliance to GDPR Regulation by the Data Controller/Miraki Tech, /Data Sub Processor would be difficult.
  • Miraki Tech, shall bring to the Customer’s /Partner’s attention if they find a Personal Data Breach in their or their Data Sub-Processor environment that has impacted any form of Personal Data stored by either or both parties.
• Miraki Tech, shall not process Personal Data (Personal Data collected from the Data Controller) other than for the purposes of the processing which are documented in the Agreement.Miraki Tech warrants to the Data Controller (Customer/Partner) to comply with below,
  • It shall fully comply with the provisions of GDPR in carrying out its obligations under this DPA.
  • It has all provisions for data protection necessary for carrying out of its obligations under this agreement and shall maintain such provisions throughout the term.
• Miraki Tech, shall:
  • Adopt and maintain appropriate technical and organizational measures to ensure Personal Data is kept secure throughout the data life cycle, considering the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing, and take such precautions as are necessary to ensure the integrity of Personal Data and to prevent any Personal Data Breach.
  • Appoint, transfer or transmit the Personal Data to Data Sub-Processors only after they have received express written permission of the Data Controller.
  • Ensure that the Data Sub-Processors process the Personal Data (Personal Data collected from the Data Controller) as per the instructions provided by Miraki Tech, in accordance with the requirements of GDPR.
  • Shall not collect Personal Data (Personal Data collected from the Data Controller), more than that is required to Miraki Tech, for Processing.
  • Shall not appoint any other Data Sub-Processor/ Third Party for processing Personal Data (Personal Data collected from the Data Controller) that does not meet the requirements of GDPR
  • Allow Data Subjects to keep contents of their Personal Data (Personal Data collected from the Data Controller) accurate
  • On reasonable written notice by the Data Controller, make available to the Data Controller all such information as is necessary to demonstrate Miraki Tech’s compliance with GDPR, including where such information is requested as part of an audit/assessment/compliance check.
  • On termination of the Agreement, at the Data Controller’s sole written requisition, provide all Personal Data (Personal Data collected from the Data Controller) to the Data Controller and shall provide reasonable evidence of erasure.
  • Keep the records of the Processing activities that are carried out on behalf of Data Controller
  • Assist the controller in meeting its GDPR obligations to notify the Personal Data Breaches to the Supervisory Authority along with the process and information required to be submitted for the same.
  • Shall Not use the Personal Data (Personal Data collected from the Data Controller) for activities like analytics and profiling unless required for business operations to provide subscribed services.
• Customer Data Incident Management:

  Miraki Tech maintains security incident management policies and procedures specified in the Security Policy on the website and shall notify Customer without undue delay after becoming aware of the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Customer Data, including Personal Data, transmitted, stored or otherwise Processed by Miraki Tech, or its Sub-processors of which Miraki Tech, becomes aware (a “Customer Data Incident”). Miraki Tech, shall make reasonable efforts to identify the cause of such Customer Data Incident and take those steps as Miraki Tech, deems necessary and reasonable in order to remediate the cause of such a Customer Data Incident to the extent the remediation is within Miraki Tech’s reasonable control. The obligations herein shall not apply to incidents that are caused by Customer or Customer’s Users.

  Immediately notify the Data Controller with full details of:

  • Any Personal Data Breach in relation to this Agreement;
  • Processing of Personal Data (Personal Data collected from the Data Controller) which are contrary to or would require it to act in a way contrary to GDPR
  • Any request received (including from an individual or the Supervisory Authority) to disclose any Personal Data
• Return and Erasure of Customer Data: -

  Miraki Tech, has made provision for retrieval of customer data from the platform by authorization, to the extent allowed by applicable law, delete Customer Data in accordance with the procedures and timeframes specified in the Retention Policies

• Nothing in this Agreement shall relieve Miraki Tech, of its own direct responsibilities and liabilities under GDPR.
• The Clauses in this document shall be governed by the law of the Member State of EEA (European Economic Area) in which the data processing is established.

In assessing the appropriate level of security, Miraki Tech, shall conduct DPIA (Data Protection Impact Assessment) on a periodic basis to evaluate the risks that are presented by processing, from a Personal Data Breach.

Appendix 1

This Appendix forms part of the DPA covering Information Security of the Platform and Operations. Description of the technical and organizational security measures implemented by Miraki Tech, in accordance with Data Processing Agreement

Miraki Tech currently observes the security practices described in this Appendix 1. Notwithstanding any provision to the contrary otherwise agreed to by data controller, Miraki Tech may modify or update these practices at its discretion provided that such modification and update does not result in a material degradation in the protection offered by these practices. All capitalized terms not otherwise defined herein shall have the meanings as set forth in the Agreement.

• Access Control

  Preventing Unauthorized Product Access

  • Outsourced processing: Miraki Tech, hosts its Service in a Colocation and outsourced cloud infrastructure providers. Miraki Tech, maintains contractual relationships with vendors in order to provide the Service in accordance with our Data Processing Agreement.
  • Miraki Tech relies on contractual agreements, privacy policies, and vendor compliance programs to protect data processed or stored by these vendors.
  • Physical and environmental security: Miraki Tech, hosts its product infrastructure with multi-tenant, outsourced infrastructure providers. The physical and environmental security controls are audited for SOC2 Type II and ISO 27001 compliance, among other certifications.
  • Authentication: Miraki Tech, implemented a unifies password policy for its Platform.
  • Customers who interact with the platform via the user interface must authenticate before accessing their data. Miraki Tech, also has a provision for integrating with various single sign on tools or use Miraki Tech’s authentication mechanisms
  • Authorization: Customer data is stored in multi-tenant storage systems accessible to Customers via only application user interfaces and application programming interfaces. Customers are not allowed direct access to the underlying application infrastructure. The authorization model in each of Miraki Tech’s products is designed to ensure that only the appropriately assigned individuals can access relevant features, views, and customization options. Authorization to data sets is performed through validating the user’s permissions against role-based access policies defined by the Customer
  • Application Programming Interface (API) access: Public product APIs may be accessed using an API key or through any other authorized process or method.
  
  Preventing Unauthorized Product Use :

  Miraki Tech implements standard access controls and detection capabilities for the internal networks that support its products.

  • Access controls: Network access control mechanisms are designed to prevent network traffic using unauthorized protocols from reaching the product infrastructure. The control measures are implemented by security group assignment, and traditional firewall rules.
  • Intrusion detection and prevention: Miraki Tech implemented Firewalls designed to identify and prevent attacks against publicly available network services. A regular VA and PT assessment is carried on to proactively identify any threats and remediate as required.
  • Static code analysis: Security reviews of code stored in Miraki Tech’s source code repositories is performed, checking for coding best practices and identifiable software flaws.
  
  

  Limitations of Privilege & Authorization Requirements

  • Product access: An authorized group of Miraki Tech’s employees have access to the Platform and to customer data via controlled interfaces. The intent of providing access to an authorized employee is to provide effective customer support, to troubleshoot potential problems, to detect and respond to security incidents and implement data security. Access is enabled through a Service request process for all requests for access. Employees are granted access by role and responsibility. Employee roles are reviewed at least once every six months as part of Internal Security Audit.
  • Product access: All Miraki Tech employees undergo a third-party background check prior to being extended an employment offer, in accordance with the applicable laws. All employees are required to conduct themselves in a manner consistent with company guidelines, non-disclosure requirements, and ethical standards.
• Data Transfer Controls
  • In-transit: Miraki Tech, makes HTTPS encryption (also referred to as SSL or TLS) available on every one of its logins. Data is transmitted between systems in same geographical regions
  • At-rest: Miraki Tech, stores user passwords following policies that follow industry standard practices for security. Miraki Tech, has implemented technologies to ensure that stored data is encrypted at rest.
• Data Input
  • Detection: Miraki Tech has designed an internal monitoring and management systems to log information about the system behaviour, traffic received, system authentication, and other application requests. Internal systems alert appropriate Platform Support Groups of malicious, unintended, or anomalous activities. Miraki Tech has established support process and personnel for security, operations to respond to various incidents
  • Response and tracking: Miraki Tech, maintains a record of known security incidents that includes description, dates and times, priority and remediation process. Suspected and confirmed security incidents are investigated by security, operations, or support personnel; and appropriate resolution steps are identified and documented. For any confirmed incidents, Miraki Tech will take appropriate steps to minimize Product and Customer damage or unauthorized disclosure.
  • Communication: If Miraki Tech becomes aware of unlawful access to Customer data stored within its products, Miraki Tech, will
    • notify the affected Customers of the incident
    • provide a description of the steps taken to resolve the incident; and
    • provide status updates to the Customer contact, as Miraki Tech deems necessary. Notification(s) of incidents, if any, shall be delivered to one or more of the Customer’s contacts in a form Miraki Tech, selects, which may include via email through Customer Support
• Availability Control
  • Infrastructure availability: Miraki Tech, is obligated to provide a minimum of 99.8% uptime for the Platform. The providers maintain a minimum of N+1 redundancy to power, network, and other Services in the Colo.
  • B. Fault tolerance: Backup and replication strategies are designed to ensure redundancy and failover protections during a significant processing failure. Customer data is backed up to multiple durable data stores and replicated across multiple systems. Miraki Tech maintains an Active -Active set-up for disaster recovery to ensure redundancy and seamless failover. The server instances that support the products are also architected with a goal to prevent single points of failure. This design assists Miraki Tech’s operations in maintaining and updating the product applications and backend while limiting downtime.
• Audits and Certification

  Miraki Tech, is certified for ISO 27001:2013 and has been assessed in compliant with the controls stipulated in SOC 2 Type II.

Appendix 2

Definitions:

• Personal Data: Personal Data means any information relating to an identified or identifiable natural person ('Data Subject'). The following data, often used for the express purpose of distinguishing individual identity, can be classified as Personal Data
  • Name
  • Identification Number
  • Location data
  • An online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of a Natural Person.
  • IP Address
  • Cookie Identifiers
  • Radio Frequency ID (RF ID) tags
• Natural Person/Data Subject: An identifiable Natural Person/Data Subject is one who can be identified, directly or indirectly, by reference to his/her Personal Data.
• Processing: Processing means any operation or set of operations which is performed on Personal Data or on sets of Personal Data by automated means, such as
  • Collection
  • Recording
  • Organisation
  • Structuring
  • Storage
  • Adaptation or alteration
  • Retrieval/Downloading data
  • Consultation
  • Use
  • Disclosure by transmission
  • Dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction
• Data Controller: Data Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
• Data Processor: Data Processor means a natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Data Controller.
• Data Sub-Processor: Data Sub-Processor means a natural or legal person, public authority, agency or other body which processes Personal Data on behalf of Data Processor.
• GDPR: The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of Personal Data of individuals within the European Union (EU).
• Profiling: Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
• Personal Data Breach: Personal Data Breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data transmitted, stored or otherwise processed.
• Consent: Consent of the Data Subject means any freely given, specific, informed and unambiguous indication of the Data Subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to the Data Subject.
• Data Protection Impact Assessment (DPIA): This activity is carried out to enhance compliance with GDPR where processing operations are likely to result in a high risk to the rights and freedoms of Data Subjects.
• Supervisory Authority: Supervisory authority means an independent public authority which is established by an EU member state. Supervisory Authority Concerned means a Supervisory Authority which is concerned by the processing of personal data because:
  • The Data Controller or processor is established on the territory of the Member State of that supervisory authority;
  • Data Subjects residing in the Member State of that Supervisory Authority are substantially affected or likely to be substantially affected by the processing; or
  • A complaint has been lodged with that supervisory authority

Exhibit 3

TECHNICAL AND ORGANISATIONAL SECURITY MEASURES

Miraki Tech has established, and will maintain at a minimum, an information security management system that includes the following:

Security Governance

• A governance framework that supports relevant aspects of information security through appropriate policies and standards.
• Formal documentation of the roles and responsibilities of employees with respect to governance of Information Security within Miraki Tech that are communicated by the management to employees.
• An information security program in accordance with the international standard ISO 27001 that includes technical, organizational and physical security measures in order to protect Personal Information against accidental loss, destruction or alteration, unauthorized disclosure or access, or unlawful destruction.
• Formally documented information security policy, data privacy policy and other policies that are communicated periodically to employees responsible for the design, implementation and maintenance of security and privacy controls. The policies will be reviewed annually to keep them up-to-date.
• Compliance with industry standard security measures as described at https://www.Miraki Tech.com/compliance.html.

Risk Management

• Annual risk assessment, to prioritize mitigation of identified risks.
• Established internal audit requirements and periodical audits on information systems and processes at planned intervals.
• Assessment of the design and operating effectiveness of controls against the established control framework through which corrective actions related to identified deficiencies will be tracked to resolution.

Human Resources Security

• Background verification of all employees having access to confidential data that includes verification of criminal records, previous employment records if any, and educational background.
• Signing of confidentiality agreement and acceptable use policy by employees upon their employment with clauses on protection of confidential information.
• Training on security and privacy awareness including training on Miraki Tech's policies, standards and relevant technologies along with maintenance and retention of training completion records.
• Employees will be required to adhere to the information security policies and procedures. Disciplinary process for non adherence will be defined and communicated.

Identity and Access management of Miraki Tech Personnel

• Creation of unique identifiers for employees to access information systems and prohibition of sharing user accounts among employees
• User authentication to information systems protected by passwords that meet Miraki Tech's password policy requirements derived based on NIST SP 800-63B standards.
• Strong password configurations that include i) 8 character minimum length; ii) non dictionary words and iii) screening of passwords against list of known compromised passwords.
• Mandatory Two factor authentication for access to information systems involving confidential data.
• Secure remote access to the corporate network provisioned via SSL VPN with strong encryption and two factor authentication.
• Adherence to the principles of least privilege and need-to-know and need-to-use basis for access control.
• Approval mechanism from appropriate personnel to provide access to information systems.
• Revocation of access that is no longer required in the event of termination or role change.
• Recording of approval, assignment, alteration and withdrawal of access rights.
• User access reviews on a half yearly basis and corrective actions whenever necessary.
• Restrictions on administrative access to Personal Information and provision of access on a strictly need-to-know basis along with implementation of access-control measures such as mandatory two factor authentication.

Asset Management

• Inventory maintenance of assets associated with information processing. Owners are assigned for each asset and rules for acceptable use of assets are defined. Assets assigned to employees are returned in the event of termination or role change.
• Capacity management policies through which resources are continuously monitored and projections are made for future requirements.
• Determined procedures in accordance with industry best practices for the reuse, secure disposal and destruction of electronic media to ensure that the data is rendered unreadable and unrecoverable.
• Disposal of unusable devices by verified and authorized vendors which includes storing of such devices in a secure location until disposal, formatting any information contained in the devices before disposal, degaussing and physical destruction of failed hard drives using shredder and crypto-erasing and shredding of failed SSDs.

Physical Security

• Physical access to Miraki Tech's data center is highly restricted and requires prior management approval. The data centers are housed in facilities that require electronic card key access. Additional two-factor authentication and biometric authentication are required to enter the data center premises and there is continuous monitoring of CCTV cameras and alarm systems.
• Control of physical access to Miraki Tech's development facilities using access cards and monitoring by security personnel.
• Installation of CCTV cameras and review of access logs and CCTV footage in case of any incidents.
• Defined visitor management process to authorize visitor entries and maintenance of access records of visitors.
• Revocation of physical access to employees in the event of termination of employment or role change.

Network Security and Operations

• A dedicated Network Operations Center (NOC), which operates 24x7 monitoring the infrastructure health.
• Establishment and implementation of firewall rules in accordance to identified security requirements and business justifications.
• Review of firewall rules on a quarterly basis to ensure that legacy rules are removed and active rules are configured correctly.
• Establishment and maintenance of appropriate network segmentation, that includes use of virtual local area networks (VLANS) where appropriate, to restrict access to systems storing confidential data with a data storage layer that is designed to be not directly accessible from the Internet.
• Clear separation of production, development and integration environments to ensure that production data is not replicated or used in non-production environments for testing purposes.
• Management of access to production environments by a central directory and authentication for such access using a combination of strong passwords, two-factor authentication, and passphrase-protected SSH keys. Access to the production environment is facilitated through a separate network with strict rules.
• Deployment of DDOS mitigation capabilities from well established service providers to prevent volumetric attacks and to keep the applications available and performing.

Secure Software Development

• Well defined security process that is implemented and monitored throughout the SDLC taking into consideration confidentiality, availability and integrity requirements.
• Implementation of secure software development policies, procedures, and standards that are aligned to industry standard practices such as OWASP, CSA, CWE/SANS including secure design review, secure coding practices, risk based testing and remediation requirements.
• Training on secure coding principles and industry standards to personnel involved in the development and coding of products.
• "Secure by design" approach by incorporating security risk assessments and Threat modeling in the planning and analysis phase of SDLC and review of the design to prevent new threats.
• Examination of Source code changes for potential security issues using Miraki Tech's proprietary SAST (static code analysis) tools and manual review process before deployment.
• Web Application Firewall (WAF) layer that is embedded in all web applications for protection against Open Web Application Security Project (OWASP) threats, including SQL injections, Cross-site scripting (XSS) and remote file inclusions.
• Maintenance of inventory of third party software that gets bundled in the products/services .
• Alerts on potential security vulnerabilities in the third party software by Miraki Tech's proprietory SCA(Software Composition Analysis) that is reviewed periodically to check its applicability and impact and to take steps to upgrade third party software to the latest version.
• Appropriate checking and elimination procedures to ensure that the service is not affected by malware/viruses during development, maintenance and operation.
• Appropriate security controls to ensure the confidentiality, integrity and availability of the CI/CD pipeline in the software development environment used to develop, deploy, and support the products.
• Maintenance of clear distinction between the development, QA and production environments.

Data Security and Management

• Information classification scheme with data handling guidelines related to access control, physical and electronic storage, and electronic transfer.
• Logical separation of each subscriber's service data from other subscriber' data by distributing and maintaining separate logical cloud space for each subscriber.
• Deletion of data from active database upon termination of Miraki Tech Platforms by the subscriber (clean-up occurs once in every 6 months), deletion of backup data within 3 months of deletion from active database and termination of accounts that remain unpaid and inactive for a continuous period of 120 days by giving prior notice to the subscriber.

Encryption

• Use of transport encryption for information that traverses across networks outside of the direct control of Miraki Tech including, but not limited to the Internet, Wi-Fi and mobile phone networks.
• Encryption of data transmission to Miraki Tech Platforms are made using TLS 1.2/TLS1.3 protocols, with latest and strong ciphers like AES_CBC/AES_GCM 256 bit/128 bit keys, authentication of message using SHA2 and use of ECDHE_RSA as the key exchange mechanism.
• Encryption of sensitive Personal Information at rest using 256-bit Advanced Encryption Standard (AES). (The data that is encrypted at rest varies specific to Miraki Tech Platforms and also options are provided where the subscriber defines the fields to encrypt depending on their business need and data sensitivity).
• Irreversible industry standard algorithm (bcrypt) will be used to hash and store the passwords of Miraki Tech Platforms with randomly generated per user salt added to the input.
• Miraki Tech's in-house Key Management Service (KMS) to own and maintain encryption keys that includes additional layer of security by encrypting the data encryption keys using master keys.
• Separation of master keys and data encryption keys by physically storing them in different servers with limited access.

Change Management

• A change management policy that governs changes in all components of the service environment whereby all changes are planned, tested, reviewed and authorized before implementation into production.
• Assessment of the potential impacts, including information security and privacy impacts of the changes.
• Documented fall-back mechanisms including procedures and responsibilities for aborting and recovering from unsuccessful changes and unforeseen events.
• Notification to subscriber of any changes that may affect subscribers in an adverse manner.

Configuration Management

• Implementation of security hardening and baseline configuration standards in accordance with industry standards that are reviewed and updated periodically.
• Predefined OS images with security baselines are used to build systems in development and production.
• Hardening standards including (i) ensuring that unnecessary features, services, components, files, protocols and ports are removed from the production environment; and (ii) removing unnecessary user logins and disabling or changing default passwords.
• Approval from the appropriate personnel to install any software package in the production environment.

Vulnerability Management

• Vulnerability management plan designed to (i) identify promptly, prevent, investigate, and mitigate any cyber security vulnerabilities; (ii) analyze the vulnerability; (iii) perform recovery actions to remedy the impact.
• Vulnerability assessments using automated scanners performed periodically on Miraki Tech's internet facing systems.
• Application penetration testing by Miraki Tech's in house security personnel performed annually in accordance to defined test methodologies
• Review of identified issues from vulnerability assessments and penetration testing, determination of its applicability, impact and priority and rectification in accordance with the SLA definition: High level vulnerabilities within 7 calendar days of discovery, Medium level vulnerabilities within 30 calendar days of discovery and Low level vulnerabilities within 60 calendar days of discovery.
• Monitoring known vulnerabilities from common sources such as OWASP, CVE, NVD and other vendor security lists and installation of security relevant patches to product and/or supporting systems in accordance with Miraki Tech's patch management policy
• Antivirus deployment by running the current version of industry standard anti-virus software as a part of which signature definitions are updated periodically within 24 hours of release, real time scans are enabled and alerts are reviewed and resolved by appropriate personnel.

Security Logging and Monitoring

• Use of centralized logging solution to aggregate and correlate events from various components including network devices, servers and applications.
• Maintenance of audit logs recording privileged user access activities, authorized and unauthorized access attempts, system exceptions, and information security events and retention of logs in accordance with applicable policies and regulations.
• Host and application intrusion detection (IDS) technology to facilitate timely detection, investigation and response to incidents.
• Restrictions on physical and logical access of logs by authorized personnel.

Business continuity and Disaster recovery

• Disaster recovery and business continuity plans and processes (i) to ensure continuous availability of the services in case of any disaster; (ii) to provide an effective and accurate recovery.
• Annual review of business continuity plan to evaluate its adequacy & effectiveness
• Redundancy mechanisms to eliminate single point of failure consisting of (i) dual or multiple circuits, switches, networks or other necessary devices; and (ii) storing of application data in a resilient storage that is replicated in near real time across data centers.
• Taking periodic backups (incremental backups every day and weekly full backups) and storing them in an encrypted format in the same datacenter.
• Retention of backups for a period of three months and testing recovery of backups at planned intervals.
• SLA for service availability with 99.9% monthly uptime as a part of which real time availability can be viewed in https://status.Miraki Tech.com.

Incident Management

• An incident response plan and program containing procedures that are to be followed in the event of an information security incident.
• Dedicated email (incidents@Miraki Tech.com) to which external parties can report security incidents and creating awareness among employees to report any potential security incident or weakness on time without any delay.
• Tracking of security incidents, fixing of such incidents through appropriate actions, maintenance of such records in the incident registry and implementation of controls to prevent recurrence of similar incidents.
• Incident management procedures that lays down the steps for notifying the client, and other stakeholders in a timely manner in accordance with breach notification obligations.
• Implementation of appropriate forensic procedures including chain of custody for collection, retention, and presentation of evidence in the event of an information security incident likely to result in a legal action.

Third-Party Vendor Management

• Vendor management policy through which Miraki Tech evaluates and qualifies third party vendors as a part of which new vendors are onboarded only after understanding their processes and performing risk assessments.
• Execution of agreements with vendors that require vendors to adhere to confidentiality, availability, and integrity commitments in order to maintain Miraki Tech's security stance.
• Execution of agreements with vendors that require vendors to adhere to confidentiality, availability, and integrity commitments in order to maintain Miraki Tech's security stance.

Exhibit 4

Specific terms of use for payment automation services

This document/agreement/understanding is a computer-generated electronic record published in terms of Rule 3 of the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (amended from time to time) read with Information Technology Act, 2000 (amended from time to time) and does not require any physical or digital signatures.

• You agree that your use of any value-added service shall be construed as a consent to any additional fees which may be levied by Miraki Tech on such additional Service or value-added service.
• You agree that the fees shall be charged according to the manner, rates and frequency determined by Miraki Tech. Miraki Tech reserves the right to update the amount of the Fees at any point of time.
• Fees are exclusive of applicable taxes and Miraki Tech will charge such applicable taxes on the fees from time to time. You agree that any statutory variations in applicable taxes during the subsistence of these Terms shall be borne by You.
• For fees deducted upfront before provision of the specific Service, it is agreed that if You deposit applicable taxes under Section 194J of the Income Tax Act, 1961 (in respect of invoices received by You) and furnish to Miraki Tech Form 16-A in respect of such taxes paid, then Miraki Tech shall reimburse to You, on a quarterly basis, the amount in respect of such taxes paid. In all other cases, with respect to invoices received by You, at the time of payment of the Fees, You will withhold applicable taxes under Section 194J of the Income Tax Act, 1961 (in case LTDC is provided as per the LTDC issued). You shall deposit the withheld taxes with the government treasury, file the statutorily mandated returns and furnish the requisite tax deduction certificate (Form 16-A) to Miraki Tech within the timelines prescribed so as to enable Miraki Tech to obtain full credit for the taxes deducted at source.
• You understand that the sender account name being reflected in the receivers' bank transfer will be ‘Miraki Tech Technologies Private Limited’.
• You shall be solely responsible for any incorrect transaction or transaction processed for any reason other than the intended use from Miraki Tech. Miraki Tech will process transactions on your behalf in good faith.
• If Miraki Tech is intimated, by a Facility Provider, that a customer has reported an unauthorized debit of the customer’s Payment Instrument (“ Fraudulent Transaction ”), then in addition to its rights under Clause 1T&6 of the General Terms of Use, Miraki Tech shall be entitled to suspend settlements to You during the pendency of inquiries, investigations and resolution thereof by the Facility Providers
• If the amount in respect of the Fraudulent Transaction has already been settled to You pursuant to these Terms, any dispute arising in relation to the said Fraudulent Transaction, following settlement, shall be resolved in accordance with the RBI’s notification DBR.No.Leg.BC.78/09.07.005/2017-18, dated July 6, 2017 read with RBI’s notification DBOD. LEG. BC 86/09.07.007/2001-02 dated April 8, 2002 and other notifications, circulars and guidelines issued by the RBI in this regard from time to time.
• Subject to Clause 5 above, if the Fraudulent Transaction results in a Chargeback, then such Chargeback shall be resolved in accordance with the provisions set out in the Terms.
• You shall be liable in the event of breach of the fraud amount thresholds as provided under the NPCI guideline on ‘Fraud liability guidelines on UPI transactions’ NPCI/2022- 23/RMD/001. You hereby understand and agree that the decision of the NPCI or the concerned acquiring bank, as the case may be, shall be final and binding.
• You shall be responsible to do reconciliation on a daily basis for all the transactions processed. In case of discrepancies, You shall report to Miraki Tech regarding such discrepancy within three (3) working days. However, if any reconciliation issue is highlighted by You to Miraki Tech after three (3) working days from the transaction date, Miraki Tech shall not be responsible or liable in any way whatsoever in case such queries and/or concerns are not resolved.
• You shall be solely responsible for updating Your GST registration number with Miraki Tech before Miraki Tech generates the invoice and shall also submit the GST certificate as part of KYC. Miraki Tech will raise a GST tax invoice and report the transactions in the GST returns based on the information provided by You. The GST returns will be filed as per the statutory timelines, to enable You to avail appropriate input tax credit. Miraki Tech shall not be responsible for any mistake and or misrepresentation by You in updating the GST number and other particulars as per the GST certificate. Further, any liability raised on Miraki Tech by the GST authorities due to incorrect information provided by You or deliberate withholding of any statutory information by You shall be recovered by Miraki Tech from You.
• We will raise invoices in respect of fees charged for Services provided. Any dispute in respect of an invoice must be communicated by You to Us via a notice no later than ten (10) days from the date of the invoice. Miraki Tech shall use good faith efforts to reconcile any reasonably disputed amounts