General Terms and Conditions for Tapp.so Ltd.

Last updated: June 25, 2025

1. Scope of Application

1.1. These Terms and Conditions including the Annex “Data Processing Agreement” (“T&C” or “Agreement”) entered into by Tapp.so Ltd, Unit 4.07 The Tea Building, 56 Shoreditch High Street, London, United Kingdom, E1 6JJ (hereinafter referred to as “Tapp.so”) and the entity accepting them (herein after referred to as “Customer”; individually referred to as “Party” and together as the “Parties”) together with the applicable Order Form (defined in Section 3 below) govern Customer’s use of the Services provided by Tapp.so.

1.2. “Services” means Tapp.so’s products and services as further described in the applicable Order Form, which include but are not limited to deep linking infrastructure, link tracking, and analytics. This includes Customer’s access to the Dashboard. “Dashboard” means Tapp.so’s platform, accessible via its website.

1.3. These T&C are incorporated into the contractual relationship between Tapp.so and Customer either by reference in an Order Form or in checkboxes on Tapp.so’s website (as applicable).

1.4. Tapp.so is entitled to amend/update this Agreement by notice at any time (“T&C Update”). T&C Updates may be necessary to reflect changes in the applicable law or developments in the Services. T&C Updates that would create new obligations for Customer or which would materially alter any existing obligations of Customer may only be introduced by Tapp.so with Customer’s express consent. Tapp.so will notify Customer about T&C Updates in text form providing a notice period of at least thirty (30) days before their effective date. The T&C Update will become effective unless Customer objects to them in writing within the notice period. If Customer objects, Tapp.so is entitled to terminate the Agreement and the relevant Order Form.

1.5. Reference to “in writing” in these T&C includes email but not fax.

2. Services

2.1. The Services are designed to support Customer in the creation, management, and analysis of deep links for their mobile applications and marketing campaigns.

2.2. Tapp.so shall render the Services in accordance with the service description specified in the applicable Order Form and as set forth in this Agreement. The Services and support are provided in English.

2.3. Tapp.so reserves the right to make technical changes and improvements to the Services, provided the changes do not result in a material reduction of the functionality, performance, availability, or security of the Services, and to suspend the Services for maintenance or repair purposes. Tapp.so will inform Customer about material changes or planned suspensions of the Services as far as reasonably possible in advance.

3. Order Form

3.1. The commercial details (including selected Services, volume, fees, and Term) are specified in a separate contractual document (“Order Form”).

3.2. The Order Form will be executed in writing. Tapp.so will send to Customer an Order Form which constitutes a binding offer. Unless otherwise specified, the offer is valid for fourteen (14) days. The Order Form becomes legally valid upon Tapp.so’s receipt of the Customer-signed version of the Order Form.

3.3. The Order Form and this Agreement are drafted in English. If translated, the English version shall prevail in case of a conflict.

4. Free Versions and Trial Access

4.1. Tapp.so may offer certain Services free of charge for a limited period or volume (“Free Versions” or “Trial”). The provision of Free Versions automatically ends once the period or volume limitations have been reached.

4.2. Either Party may terminate the provision/use of Free Versions at any time.

4.3. Subject to Section 11, Tapp.so’s liability for defects of the Free Versions is excluded, except in the case of intent or fraudulent intent.

5. Account

5.1. To access the Services and the Dashboard, Customer must create a Tapp.so account. Customer warrants that all data provided during registration is complete and correct.

6. Grant of Rights, Ownership

6.1. During the Term of this Agreement, Tapp.so grants Customer the non-exclusive, non-transferable, and non-sublicensable right to access and use the Services including the Dashboard pursuant to this Agreement and the applicable Order Form.

6.2. Customer may grant its employees and authorized third-party service providers (“Authorised Users”) access to Customer’s account, provided that Customer remains liable for any breaches of this Agreement by its Authorised Users.

6.3. Tapp.so retains all intellectual property rights in the Services, including all rights in patents, trademarks, source codes, and any other material.

6.4. Customer retains full ownership of the data that Customer generates by using the Services (“Customer Data”).

6.5. During the Term, Customer grants Tapp.so the non-exclusive, royalty-free right to use Customer Data for the sole purpose of fulfilling its obligations under this Agreement.

6.6. Tapp.so is entitled to refer to the collaboration with Customer and to depict Customer’s logo for self-promotional purposes unless agreed otherwise in writing.

7. Customer’s Rights and Obligations

7.1. Customer must follow Tapp.so’s reasonable instructions and protocols provided (e.g., in Tapp.so’s documentation) to ensure the proper functioning of the Services.

7.2. Customer must implement the latest (non-beta) SDK and install library updates within a reasonable time after Tapp.so has provided notice of available updates.

7.3. Customer may not perform or attempt to perform any of the following: breaching the security of the Services; accessing data not intended for the Customer; interfering with the operation of the Services; using the Services to develop a competing product; or using the Services in a manner that violates any applicable law.

8. Term, Termination, Suspension

8.1. The term of this Agreement corresponds with the term indicated in the applicable Order Form (“Term”). If no term is indicated, the Initial Term shall be twelve (12) months, automatically renewing for subsequent twelve (12) month periods unless either Party gives written notice of non-renewal at least 45 days prior to the end of the current term.

8.2. Each Party has the right to immediately terminate this Agreement for cause if the other Party materially breaches the provisions of this Agreement and fails to remedy such breach within thirty (30) days of written notice.

8.3. Tapp.so reserves the right to Suspend the Services if it becomes aware of Customer’s material non-compliance with this Agreement. “Suspend/Suspension” means disabling access to the Services or components thereof.

9. Fees, Payment

9.1. The fees for the Services are set forth in the applicable Order Form and are exclusive of VAT.

9.2. Unless specified otherwise, fees are payable for the whole Term in advance. Invoices must be paid within 30 days of receipt.

9.3. In the event of late payments, Tapp.so reserves the right to Suspend Customer’s access to the Services.

10. Indemnification

10.1. Tapp.so will indemnify Customer against third-party claims arising from an allegation that Tapp.so’s provision of the Services infringes a third party’s intellectual property rights.

10.2. Customer will indemnify Tapp.so against third-party claims arising from Customer’s use of the Services in breach of this Agreement.

11. Liability

11.1. Tapp.so shall be responsible for ensuring the Services operate as specified. Tapp.so does not assume liability for damages resulting from usage not in accordance with this Agreement.

11.2. Subject to clause 11.3, Tapp.so’s total liability to Customer shall be limited to the greater of the amount payable by Customer in the twelve (12) months preceding the event leading to the liability or GBP 200,000.00.

11.3. Nothing in this agreement limits any liability which cannot legally be limited, including liability for death or personal injury caused by negligence, and fraud or fraudulent misrepresentation.

12. Confidentiality

12.1. Each Party (“Receiving Party”) shall keep in confidence all Confidential Information it receives from the other Party (“Disclosing Party”). “Confidential Information” means all information marked as confidential or which should reasonably be considered confidential.

12.2. The obligations of confidentiality shall not apply to information that was already known to the Receiving Party, was independently developed, was obtained from a third party, or is or becomes generally known without fault of the Receiving Party.

12.3. This Section 12 shall survive the termination of this Agreement by a term of three (3) years.

13. Data Protection

13.1. Pursuant to Article 28 of the General Data Protection Regulation (“GDPR”), the processing of personal data by Tapp.so on behalf of Customer requires a written agreement. Customer hereby commissions Tapp.so to process personal data in accordance with the conditions of the Annex “Data Processing Agreement”.

13.2. Customer is responsible for ensuring it has a lawful basis, including obtaining and maintaining valid consents from its end-users where necessary, to process their personal data as set forth in this Agreement.

13.3. Customer is obliged to comply with all applicable app store guidelines, including those of the Apple App Store and Google Play Store.

14. Miscellaneous

14.1. This Agreement shall be governed by the laws of England and Wales, and the parties submit to the exclusive jurisdiction of the English courts.

14.2. Notices to Tapp.so under this Agreement should be sent to legal@tapp.so. Tapp.so will provide notices to Customer at the email address associated with Customer’s account.

14.3. If any provision of this Agreement is invalid, the validity of the remaining provisions shall remain unaffected.

14.4. This Agreement and the relevant Order Form constitute the entire agreement between the Parties.

Annex: Data Processing Agreement

Preamble

This Data Processing Agreement (“DPA”) forms part of the Agreement between Customer (the “Controller”) and Tapp.so (the “Processor”) to reflect the parties’ agreement with regard to the Processing of Personal Data.

1. Definitions

Terms such as “Personal Data”, “Processing”, “Controller”, “Processor”, and “Data Subject” shall have the meanings ascribed to them in the GDPR.

2. Details of the Processing

The subject matter, duration, nature, and purpose of the Processing, as well as the types of Personal Data and categories of Data Subjects, will be detailed in an Appendix to this DPA, to be completed by the Parties. [Note: This Appendix needs to be created and filled out by Tapp.so based on its specific data flows.]

3. Obligations of the Processor (Tapp.so)

Tapp.so shall:

• a. Process Personal Data only on documented instructions from the Controller.
• b. Ensure that persons authorised to process the Personal Data have committed themselves to confidentiality.
• c. Implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, as detailed in an Appendix. [Note: Tapp.so needs to create this Appendix.]
• d. Respect the conditions for engaging another processor (“Sub-processor”), including obtaining the Controller’s prior written authorisation and ensuring the same data protection obligations are imposed on the Sub-processor. A list of Sub-processors will be maintained in an Appendix. [Note: Tapp.so needs to create this list.]
• e. Assist the Controller by appropriate technical and organisational measures in fulfilling the Controller’s obligation to respond to requests for exercising Data Subject’s rights.
• f. At the choice of the Controller, delete or return all Personal Data to the Controller after the end of the provision of services.
• g. Make available to the Controller all information necessary to demonstrate compliance with the obligations laid down in Article 28 GDPR.

4. Obligations of the Controller (Customer)

The Controller warrants that it has a lawful basis for the Processing of Personal Data and has provided all necessary notices to Data Subjects as required by applicable data protection law.

5. International Transfers

Transfers of Personal Data to a third country or an international organisation shall only take place on the basis of an adequacy decision or where appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs).

6. Governing Law and Jurisdiction

This DPA shall be governed by the laws of England and Wales.