Legal and Compliance

1. Scope and Acceptance

This agreement is between Zhift Platforms Limited ("Provider") and the subscribing organization ("Customer"). By creating an account, accepting a trial, subscribing to a paid plan, or using NGE Portal, Customer agrees to this agreement and all referenced policies, including the Privacy Policy.

If an individual accepts this agreement on behalf of an organization, that individual confirms they have authority to bind the organization. If that authority is absent, use of NGE Portal is not permitted.

2. Definitions

• Service: NGE Portal software, APIs, connector workers, dashboard, upload tooling, sync controls, and event tracking.
• Connector: Integration mode configured for a tenant, including ERPNEXT, QBO, SAGE, or DIRECT_UPLOAD.
• Customer Data: Information submitted by Customer or retrieved from Customer systems, including invoice payloads, settings, credentials, and logs.
• MBS Service: External validation/signing/transmission endpoints used by the Service.
• Tenant: A single organization workspace in NGE Portal.

3. License Grant

Subject to this agreement and payment of applicable fees, Provider grants Customer a limited, non-exclusive, non-transferable, revocable right to access and use the Service during the subscription term for internal business operations.

No ownership rights are transferred. All rights not expressly granted remain with Provider and its licensors.

4. Restrictions and Acceptable Use

Customer must not, and must not permit any user to:

• Reverse engineer, decompile, or attempt to extract source code from the Service.
• Bypass authentication, entitlement, plan limits, or technical controls.
• Use the Service for unlawful processing, fraudulent invoicing, tax evasion, data scraping, or denial of service activity.
• Upload malware, malicious scripts, corrupted data, or unauthorized third-party personal data.
• Resell, sublicense, or operate the Service as a bureau for unrelated third parties without approval.

5. Accounts and Security

• Customer is responsible for user provisioning, role assignment, and credential hygiene.
• Administrative users must enforce least-privilege access and deactivate stale users promptly.
• Customer is responsible for all actions taken using its credentials unless Customer promptly reports compromise through official support channels.
• Provider may require credential rotation, session invalidation, or temporary access restrictions where a security risk is detected.

6. Subscription, Trial, and Billing

• Plans are annual unless expressly stated otherwise in writing.
• Trial access is time-limited. At trial expiry, login remains available but sync/processing actions may be locked until a valid paid subscription is active.
• Plan limits may be based on invoice volume or annual transaction value. When limits are reached, processing actions can be blocked until renewal or plan upgrade.
• Fees are non-refundable except where mandatory law requires otherwise or where specifically provided in an executed commercial agreement.
• Customer must provide accurate billing details and is responsible for taxes, duties, and statutory charges applicable to the subscription.

7. Regulatory and Compliance Obligations

The Service is operated for e-invoice and compliance workflows. Customer remains accountable for legal correctness of source records and tax filings. Provider supports compliance workflows but is not Customer's legal or tax advisor.

Processing under this agreement is designed to align with applicable requirements, including:

• Nigeria Data Protection Act, 2023 (NDPA).
• Nigeria Data Protection Regulation, 2019 (NDPR), where still applicable or not in conflict with NDPA.
• EU General Data Protection Regulation (GDPR), where EU/EEA data subjects are involved.
• UK GDPR and UK Data Protection Act 2018, where UK data subjects are involved.
• Nigeria Cybercrimes (Prohibition, Prevention, etc.) Act and applicable amendments.
• Any mandatory tax, accounting, and e-invoicing regulations applicable to Customer operations.

8. Data Ownership and Processing Rights

• Customer retains all rights in Customer Data.
• Customer grants Provider a limited right to host, process, transmit, and transform Customer Data solely to operate, secure, and support the Service.
• Provider may create aggregated, anonymized operational analytics that do not identify Customer, users, or identifiable individuals.
• Customer is responsible for lawful basis, transparency obligations, and quality/accuracy of data provided to the Service.

9. Security Controls and Incident Handling

• Provider applies technical and organizational controls proportionate to platform risk profile.
• Secrets are stored using encrypted/password fields and are not returned in plaintext to portal UI.
• Audit logs are maintained for critical actions such as settings changes and manual retries.
• In case of a confirmed incident affecting Customer Data, Provider will notify Customer without undue delay and provide known impact/remediation details.
• Customer must maintain secure endpoints in connected systems and remediate connector-side vulnerabilities.

10. Availability and Support

• Service availability can be affected by third-party dependencies and external government portals.
• Provider may perform maintenance, updates, and emergency changes for security or reliability reasons.
• Support response and SLA commitments apply only where expressly documented in written commercial terms.

11. Intellectual Property

The Service, including software, architecture, user interface, documentation, trademarks, and derivative works, is the exclusive property of Provider or its licensors and is protected by applicable intellectual property laws.

12. Confidentiality

• Each party shall keep the other party's non-public business, technical, and security information confidential and use it only for performance under this agreement.
• Confidentiality obligations do not apply to information that is public, independently developed, or lawfully received without restriction.
• Where disclosure is legally required, the disclosing party shall provide prior notice where legally permitted.

13. Third-Party Services

The Service may integrate with third-party systems such as ERP, accounting, payment gateways, and compliance networks. Provider is not responsible for third-party outages, API policy changes, account suspensions, or data quality issues originating from third-party systems.

14. Liability, Disclaimer, and Indemnity

• Except as required by law, the Service is provided "as is" and "as available" without implied warranties of merchantability, fitness for a particular purpose, or non-infringement.
• Provider is not liable for indirect, incidental, consequential, punitive, or special damages, including lost profits, reputational harm, or data loss caused by Customer or third-party systems.
• To the maximum extent permitted by law, aggregate liability for claims arising from this agreement is limited to fees paid by Customer in the 12 months preceding the event giving rise to liability.
• Customer indemnifies Provider for claims arising from unlawful data use, regulatory breach by Customer, or violation of this agreement by Customer users.

15. Suspension and Termination

• Provider may suspend processing actions immediately for material breach, security risk, non-payment, or legal/regulatory orders.
• Either party may terminate for uncured material breach after reasonable written notice.
• Upon termination, access may be disabled and data retained/deleted in accordance with legal obligations and documented retention schedules.
• Clauses on confidentiality, intellectual property, liability limits, and dispute resolution survive termination.

16. Governing Law and Dispute Resolution

This agreement is governed by the laws of the Federal Republic of Nigeria. Unless mandatory law requires otherwise, disputes shall be submitted to courts of competent jurisdiction in Lagos State, Nigeria.

17. Contact and Notices

Contractual and compliance notices should be sent to support@zhiftplatforms.com. Provider may update this agreement for legal, operational, or product reasons. Material changes take effect on publication with updated date.