GENERAL TERMS AND CONDITIONS FOR THE HIRING OF PRODUCTS AND SERVICES FROM CALI TERMS OF USE

1. OVERALL

1.1. The provisions outlined in these General Terms & Conditions (“Terms”) apply to the Master Services Agreement (“MSA”) and govern the full scope of Cali Instituição de Pagamento S.A.’s platform and services. For the purposes of these Terms, any reference to Cali Instituição de Pagamento S.A. shall be understood as referring to Cali, Provider, or Service Provider, as applicable and interchangeable. In case of any conflict or inconsistency between these Terms and the terms of any other agreements, contracts, or understandings, whether written or verbal, made between Cali and the Client, these Terms shall take precedence and govern.

2. CLIENT OBLIGATIONS

2.1. Without prejudice to the other responsibilities set forth in this Agreement and its Annexes, the Client agrees, throughout the term of this instrument, to:

(i) Fully comply with the terms established in this Agreement, as well as make all payments due, in the forms, terms, and dates stipulated;

(ii) Observe and fully comply with all legal and regulatory standards applicable to its activities, including but not limited to the rules established by the Central Bank, the Card Schemes, the payments market, the national payment system, and the applicable legislation, whether Brazilian or foreign;

(iii) Keep the Provider informed, through the official channels indicated by the Provider, of any relevant facts that may affect the execution of the contracted services, especially events involving changes in the activities subject to this Agreement, or facts such as bankruptcy, judicial reorganization, liquidation, asset sale, or transfer of commercial premises;

(iv) Promptly provide all information requested by the Provider, including registration, corporate, banking, and receivables registration data, and authorize the collection of such information from third parties; and (b) keep such information always up to date, committing to send it to the Provider within five (5) Business Days after the request or after any change in the data, under penalty of being held responsible for the accuracy, sufficiency, and consistency of the information provided, as well as for any losses resulting from inaccurate or outdated information;

(v) Reimburse the Provider for any costs it may incur in complying with third-party determinations involving the Client, including, but not limited to, compliance with court orders, freezes, liens, or seizures; and

(vi) Comply with the technical requirements of the Provider, such as system updates or software approvals, within the stipulated deadlines, thus ensuring the efficiency and security of the service provision.

3. CLIENT REPRESENTATIONS

3.1. Without prejudice to other representations or authorizations set forth in this Agreement, the Client hereby declares, on its own behalf and on behalf of the companies belonging to its economic group, that:

(i) It has the legal capacity and sufficient authority to: (a) enter into this Agreement; (b) fulfill all obligations assumed herein; and (c) carry out the acts provided for in this instrument, having taken all necessary internal and legal measures for such purposes;

(ii) This Agreement constitutes a valid, lawful, and binding obligation for the Client, being fully enforceable in accordance with its terms, and no approval, consent, authorization, notification, registration, or filing with third parties or authorities is required for its execution or performance;

(iii) All information and documents provided to the Provider are true, accurate, complete, consistent, and sufficient, and are up to date as of the date of their submission;

(iv) The Client is not undergoing bankruptcy, judicial or extrajudicial reorganization, or any other similar proceeding, nor is it in a state of insolvency;

(v) Its activities are conducted in accordance with the applicable legal and regulatory standards, and it is not involved in any unlawful practices;

(vi) It does not engage in discriminatory practices in labor relations or hiring processes based on gender, origin, color, race, disability, religion, marital status, age, family status, or pregnancy; and

(vii) Where applicable:

• (a) it is aware of and complies with Brazilian labor and environmental legislation;
• (b) it does not employ child labor or labor under conditions analogous to slavery, and complies with occupational health and safety regulations;
• (c) it only engages with partners who also comply with labor and environmental laws;
• (d) it possesses and maintains all documents required by such legislation up to date; and
• (e) it will keep the Provider informed of any inspections or notifications received from public authorities regarding such matters

3.2. As agreed between the Parties and when applicable, the Client hereby grants express authorization and irrevocably and irreversibly empowers the Provider, under the terms of Articles 683 and 684 of the Brazilian Civil Code, to open a Cali Account in the Client’s name, either directly or through partners, with such account remaining without free movement. This measure is intended to enable the provision of the services set forth in this Agreement and its respective Annexes, as well as other services that may be contracted by the Client with the Provider or its affiliated companies.

3.3. Until the Client voluntarily completes the necessary procedures for registration and activation of additional functionalities, the Cali Account shall remain restricted, allowing only deposits.

3.4. During this period, the mere existence of the Cali Account shall not generate any cost, fee, or administrative charge to the Client. Should the Client choose to activate additional features of the Cali Account, this will occur in accordance with the commercial terms in effect as defined by the Provider at the time of the request.

3.5. If there are any pending amounts due or receivable between the Client and the Provider and/or its
Affiliates, the Client expressly authorizes the debit of such amounts directly from the Cali Account.

3.6. If the Client’s Cali Account does not have sufficient balance to settle the aforementioned amounts, additional fees, taxes, or other charges may be applied. These amounts, along with the outstanding balance, shall be debited as soon as funds are available in the Cali Account.

3.7. The general conditions for the use of the Cali Account are available in the Terms and Conditions
accessible at: https://www.cali.li/payment-account/.

4. PROVIDER OBLIGATIONS

4.1. Without prejudice to the specific responsibilities assigned to Cali in the applicable Annexes, Cali undertakes to use its best efforts to ensure the proper provision of the contracted services, avoiding failures, interruptions, or interferences that may compromise the Client’s experience or the delivery of the agreed products and services.

4.2. The processes of authentication, authorization, acquisition, clearing and settlement of transactions for Cali are controlled by and are the responsibility of the third Acquirers, Payment Arrangement Settlors, Card Scheme Owners and Issuing Banks (and are subject to the established Scheme Rules by the Scheme Owner). Cali acts on its own behalf and has no primary responsibility for the services provided by these third parties and does not control the services provided by third party Acquirers, Payment Arrangement-Settlors, Issuing Banks and Scheme Owners.

Authorizations for Consultation, Use, and Sharing of Information and Data

5.1. By accepting this Agreement, the Client and its respective legal representatives, by expressing their agreement, expressly authorize the Provider and its Affiliates to:

(i) Send and consult data regarding the movement of the Cali Account, as well as financial assets linked to the Client and/or their legal representatives, in registration systems managed by registration entities, in accordance with applicable regulations;

(ii) Based on Complementary Law No. 105, of January 10, 2001, access and share information related to active and passive transactions, for the purpose of enabling the execution of the contracted services, conducting statistical and market analyses, as well as developing and offering products and services from the Provider and/or its Affiliates, including in the context of credit analyses or other financial transactions;

(iii) Disclose, provided it is anonymized, generalized, or non-identifiable, the Confidential Information collected by the Provider and/or its Affiliates during the Client’s use of the services and products;

(iv) Share among themselves any Confidential Information obtained by the Provider and/or its Affiliates from the Client during the use of its products and services, for the purpose of conducting statistical and market analyses, credit assessments, risk checks, and fraud prevention, as well as offering new products and services from the Provider and/or its Affiliates;

(v) Disclose, provided it is anonymized, generalized, or non-identifiable, the Confidential Information collected by the Provider and/or its Affiliates during the Client’s use of the services and products;

(vi) Consult financial data and information of the Client and/or their legal representatives, including but not limited to, credit history and payment information, in credit protection databases or any other entities or companies deemed relevant, under the terms of Law No. 12.414/2011;

(vii) Process and share data and information related to attempts, indications, and/or occurrences of fraud with their Affiliates, as well as in proprietary and/or third-party electronic systems, in compliance with applicable legislation

5.2. The Client and their legal representative(s), by accepting this Agreement, expressly authorize the Provider and/or its Affiliates to:

(i) Consult the information available in the Credit Information System (“SCR”), in accordance with CMN Resolution No. 5.037/2022;

(ii) Access payment data in the Positive Credit Register, in accordance with the applicable regulations;

(iii) Provide the Central Bank with information related to debts, obligations, co-obligations, and guarantees linked to the Client and their legal representatives, especially those outlined in this Agreement, for the purpose of registration in the SCR

5.3. The Client and their legal representative(s) acknowledge and agree that:

(i) The SCR’s objectives are:

• (a) to provide information to the Central Bank for monitoring credit in the financial system and supervisory activities; and
• (b) to enable the sharing of information between financial institutions regarding client responsibilities in credit transactions;

(ii) The Provider may access the Client’s data in the SCR through the Registered system, provided by the Central Bank of Brazil;

(iii) Requests for correction, deletion, or dispute of data in the SCR should be directed to the customer service center of the financial institution responsible for the information. The Client or their representative(s) may also contact the Central Public Service Center of the Central Bank (CAP) or seek appropriate legal means;

(iv) Any consultation of the SCR requires prior authorization, which is granted by this clause; and

(v) Additional information about the SCR is available on the official website of the Central Bank of Brazil.

5.4. The Client and their legal representative(s) who express acceptance of this Agreement may, at any time, revoke the authorization for access to the SCR by submitting a request through any of the official customer service channels provided by the Provider.

6. CONFIDENTIALITY

6.1. The Client undertakes to keep, store, and safeguard all Confidential Information provided to them or to which they have access as a result of this Agreement in a secure location, inaccessible to third parties, except for individuals duly authorized by the Provider and aware of the confidentiality obligation set forth herein, who also agree to adhere to the restrictions stipulated in this clause.

6.2. The Client undertakes to maintain absolute secrecy and confidentiality regarding all Confidential Information. In the event of a breach or disclosure, including by acts of its employees or third parties, the Client shall be responsible for compensating the Provider and third parties for any losses incurred, including direct damages, lost profits, legal costs, and attorney fees.

6.3. The Client is obligated to use the Confidential Information solely for the purposes and services contracted, and any modification of its form or substance is prohibited.

6.4. Cali undertakes to maintain the confidentiality of transaction data made by the Client, except when requested by court, administrative, or arbitral orders, or when required by law, the Card Networks, or service providers of the Provider, when applicable. Cali may provide the competent authorities, such as the Ministry of Finance, Central Bank, Federal Revenue, State and Municipal Finance Secretariats, Parliamentary Inquiry Commissions, financial activity control bodies, Federal Police, Courts of Justice, Public Prosecutor’s Office, national and international authorities, among others, with all requested information related to the Client or transactions conducted by them.

6.5. Exclusively for the purposes outlined in this Agreement, the Client, irrevocably and irretrievably, authorizes Cali and its Affiliates to:

(i) Access and share among themselves Confidential Information obtained from the Client through the use of the Provider’s products and services and/or those of its Affiliates, for the purposes of fulfilling the obligations of this Agreement, credit assessment, risk and fraud management and verification, as well as for the offering of products and services by the Provider, its Affiliates, and/or Partners;

(ii) Exchange Confidential Information and other data among themselves, as well as consult and/or verify its accuracy on websites and databases in general;

(iii) Share Confidential Information and other data with Issuers, Home Institutions, Sub-merchant Acquirers, Card Networks, and Partners necessary for the execution of this Agreement;

(iv) Report transactions that may fall under the provisions of Law No. 9.613, of March 3, 1998, and other regulations related to anti-money laundering, anti-corruption, and counter-terrorism financing, including applicable national and international laws, as well as the Provider’s internal policies related to these matters;

(v) Use the Confidential Information and other data, including those obtained from the Client during the use of the Provider’s and/or its Affiliates’ products and services, to create databases and share such information, provided it is done in an anonymous, generalized, and non- identifiable manner; and

(iv) Inform credit protection agencies about data related to the Client’s default on obligations assumed with the Provider.

6.6. The confidentiality obligation will remain in effect even after the termination of this Agreement, regardless of the reason for its termination. The breach of the provisions of this clause will subject the Client to the payment of compensation as per this Agreement, as well as applicable penalties, fines, and/or Losses, without prejudice to other legal measures available to the Parties and to any third parties who may be harmed.

7. DATA PROTECTION

7.1. For the purposes of this Clause, the terms capitalized will have the meaning assigned to them in Article 5 of the LGPD (“Law No. 13,709/2018”).

7.2. Cali and the Client expressly declare that they observe and comply with the applicable legislation regarding the protection of Personal Data, including but not limited to Federal Law No. 13,709/2018 (“General Data Protection Law” or “LGPD”), as well as the regulations issued by competent authorities (“Norms”). The Processing of Personal Data under this Agreement will be carried out in accordance with the said Norms and with the provisions of this Clause..

7.3. The Provider, in cases where it acts as the Operator of Personal Data:

(i) Will process the Personal Data accessed and/or obtained under this Agreement for purposes necessary for the fulfillment of its obligations related to the operationalization of the payment arrangement and for the execution of the contractual object, in accordance with the lawful instructions provided in this Agreement and/or provided by the Client, through the channels made available by the Provider.

(ii) In all cases, the instructions provided by the Client to the Provider regarding the Processing of Personal Data must be in compliance with the Norms, and the Provider cannot be held liable for non compliance arising from instructions that contradict or conflict with such Norms.

7.4. The Provider is authorized to involve third parties (suppliers and/or service providers), through subcontracting, in the Personal Data Processing activities carried out under this Agreement, when necessary for the execution of the contractual object, as well as to share the processed Personal Data with its Affiliates, business partners, and other third parties related to the operationalization of its activities, including those located outside the national territory.

7.5. The Provider is authorized to carry out the International Transfer of the Personal Data processed under this Agreement, when necessary for the execution of the contractual purposes, committing to comply with at least one of the criteria set forth in Article 33 of the LGPD and the regulations issued by the National Data Protection Authority (ANPD).

7.6. It is the Client’s exclusive responsibility to attend to any requests made by Data Subjects or third parties, including public authorities, regarding Personal Data controlled exclusively by the Client.

7.7. The Client acknowledges that the Provider may use anonymized data generated from the Personal Data controlled by the Client, accessed and/or obtained under this Agreement, including by cross- referencing and/or enriching it with other databases, with the Provider and/or its Affiliates being solely responsible for the use made of such information.

7.8. The Provider may combine the Personal Data controlled by the Client, accessed and/or obtained under this Agreement, with other information that the Provider possesses or may obtain in its databases when necessary to achieve the objectives set forth in this Agreement.

7.9. The databases created by the Provider from its own data or enriched data will be the exclusive
property of the Provider.

7.10. When the Provider and the Client act as Data Controllers, both parties ensure that they comply with the transparency requirements established by the applicable laws, and that the Processing of Personal Data carried out under this Agreement is based on at least one of the Legal Bases provided by the LGPD.

7.11. The Parties affirm and ensure that they implement and continuously improve, within their responsibilities and in accordance with the applicable laws, governance rules that include technical and administrative security measures, access control, technical standards, educational programs, and internal systems for supervision and risk mitigation, as well as other actions related to the Processing of Personal Data.

7.12. In the event of unauthorized access, improper disclosure, and/or any accidental or intentional situation involving the destruction, loss, alteration, communication, dissemination, or leakage of Personal Data (“Incident”), the Provider will assess the need to notify the Client, in accordance with the applicable laws.

7.13. If the Provider acts as the Processor of the affected Personal Data, it will send written communication to the Client, providing the available information, in accordance with the requirements of the applicable laws.

7.14. If the Provider is the Controller of the affected Personal Data, it will conduct a risk assessment of the Incident and take appropriate measures in accordance with the obligations set forth in the applicable laws, including notifying the competent authorities and the affected Data Subjects.

7.15. Under no circumstances will the Provider be held responsible for any Processing of Personal Data carried out by the Client, by companies in the same corporate group, or by subcontracted entities (“Client Affiliates”), with the Client remaining exclusively responsible for such processing before the Data Subjects, competent authorities, and/or any third parties involved.

7.16. If the Provider is called upon by any individual or legal entity, including public authorities, due to the Processing of Personal Data carried out by the Client and/or Client Affiliates, including, but not limited to, Incidents, the Provider shall have the right to bring a third-party action, as set forth in Article 125, II, of the Brazilian Code of Civil Procedure or applicable local legislation, without prejudice to the right to seek reimbursement for any expenses, costs, fines, indemnifications, and/or burdens that the Provider may incur as a result, including but not limited to legal fees, expert costs, accounting fees, procedural expenses, and amounts set by court judgment.

7.17. By means of this instrument, the Client acknowledges and agrees that the Provider will only be liable for direct damages, as determined by a final and unappealable court ruling and/or irrevocable administrative decision, that can be demonstrably attributed to the action or omission of the Provider and/or its Affiliates, exclusively in the following situations:

• (i) failure to comply with the Client’s lawful instructions to the Provider when acting as Data Processor;
• (ii) non-compliance with the applicable laws and/or provisions of this Clause;
• (iii) an Incident caused by the Provider. In the event of the Provider’s liability, the liability limits provided in this Agreement will be observed.

7.18. The Client declares that they are aware and guarantees that they have informed the Data Subjects about the content of the Provider’s Privacy Policy, available on its website (https://cali.li/en/privacy- policy) and/or through other channels provided by the Provider to the Data Subjects. The Client also declares that they are aware that the Privacy Policy may be amended and updated at any time

CLAUSE 8 : SECURITY REQUIREMENTS

8.1. To ensure the secure execution of the contracted services, the Provider may provide the Client with logins, usernames, passwords, security keys, encryption, and/or tokens (collectively referred to as “Keys”). The Client acknowledges and agrees to keep the Keys confidential and under their control, committing to use them exclusively to access the contracted services and in accordance with the minimum security requirements established by the Provider, which must be implemented immediately or within the deadlines defined by the Provider.

8.2. The absence of technical security recommendations provided by the Provider does not exempt the Client from the responsibility of maintaining the confidentiality and security of the Keys, nor from fulfilling the obligations outlined in this Agreement.

8.3. If the Client stores, processes, or transmits Cardholder data in their environment, whether in physical or digital media, the Client agrees to follow applicable standards, including but not limited to the rules established by the Payment Card Industry (PCI) Security Standards Council or any future regulations related to the security of Cardholder data in the local and international Payment Systems market, during the term of this Agreement, as per the deadlines and conditions defined by the Provider.

8.4. The obligations mentioned above apply to any supplier contracted by the Client who has access to the Keys and/or performs activities involving the traffic, processing, or storage of Cardholder data.

8.5. The Client acknowledges that the Provider is not responsible for creating or securing the Client’s virtual environment, nor for how the Client’s customers access this environment.

8.6. The Client assumes full responsibility for installing and maintaining up-to-date systems and devices, as well as any other resources necessary to prevent breaches of equipment that have access to the solutions and services offered by the Provider.

8.7. Furthermore, the Client must ensure that the configuration of the equipment they use, whether owned or third-party, complies with the minimum security requirements necessary to use the solutions and services provided by the Provider. The Provider shall be exempt from any responsibility related to this matter.

8.8. This clause does not imply any responsibility on the part of the Provider regarding the storage, use, and/or processing of the Keys and Cardholder data by the Client. The Client remains exclusively responsible for the storage, use, and/or processing of the Keys and Cardholder data, before the competent authorities and/or third parties involved.

8.9. Non-compliance with the provisions established in this clause by the Client may result in the unilateral termination of this Agreement by the Provider, who may automatically suspend the fulfillment of its obligations arising from this Agreement and/or terminate it immediately. A violation of this clause by the Client will also entail the obligation to compensate the Provider for any losses, as provided in this Agreement.

9. COMPLIANCE

9.1. The Client declares, on behalf of itself and its collaborators, contractors, partners, entities within its corporate group, shareholders, employees, workers, and administrators (“Representatives”), that:

(i) The Client has not, does not, and will not engage in any actions or conduct that, directly or indirectly, involve the offer, promise, bribery, extortion, authorization, solicitation, acceptance, payment, delivery, or any other act related to obtaining undue financial advantage or any other illicit favoritism in violation of the applicable legislation;

(ii) Acts in compliance with all laws, regulations, manuals, policies, and any provisions related to the prevention and combat of corruption, money laundering, and the financing of terrorism, including, but not limited to, applicable Brazilian legislation, the UK Bribery Act, and the Foreign Corrupt Practices Act (FCPA);

(iii) Has not used and will never use slave or child labor;

(iv) Does not engage in any activity that, directly or indirectly, causes any environmental damage or incident of any nature to the environment, understanding that the concepts of “environmental damage” and “environment” also cover all matters regulated by specific and related regulations, including, for example, regulations regarding public health, urban planning, cultural heritage, and environmental management, which the Provider commits to comply with;

(v) Holds all necessary licenses required by federal, state, and municipal authorities to carry out its activities;

(vi) Its employees, executives, directors, administrators, legal representatives, and attorneys, to the best of their knowledge, are not involved in any administrative or judicial processes for unlawful acts covered by the aforementioned regulations, nor have they ever engaged in such conduct;

(vii) Adopts appropriate due diligence measures, as applicable, when hiring and supervising third parties, such as suppliers and service providers, to ensure that these third parties do not engage in conduct contrary to the aforementioned regulations;

(viii) If they become aware of any act or fact that violates the declarations in this Agreement, they will immediately inform the Provider;

(ix) Fully complies with labor laws, especially regarding occupational health and safety and the prohibition of slave and child labor;

(x) Does not exploit or profit from criminal activities; and

(xi) Will be responsible to Cali for any charges and/or liabilities that may be imposed on Cali by competent authorities due to non-compliance with any applicable regulations, as well as for any direct or indirect damages caused by the Client resulting from the contract now entered into.

9.2.The Client commits to inform the Provider if any of its Representatives have ever held or currently hold a public authority position, as well as disclose any family or close personal relationships between its Representatives and public authorities.

9.3.The Client declares, for all due purposes, that they have had full access to the Anti-Money Laundering Policy (“AML Policy”) available on the Provider’s website, as well as the Provider’s Code of Conduct. The Client commits to comply with all provisions established in these documents, as applicable, throughout the term of this contract.

9.4.Non-compliance with the provisions of this Clause by the Client may result in unilateral termination of this Agreement by the Provider, which may automatically suspend the fulfillment of obligations arising from this Agreement and/or terminate it immediately. Violations of this Clause, whether by the Client or its Representatives, will also entail the obligation to indemnify the Provider for any losses, as provided in this Agreement.

9.5.The Client agrees that the Provider may, at any time, conduct an audit on the Client to verify compliance with the provisions of this Agreement, which may be performed by the Provider itself or by third parties designated and paid by the Provider. The Client commits to ensuring, at all times, full and unrestricted access to all relevant documents and locations for the audit.

9.6.The Client commits not to use, in any way, child labor, adopting all necessary measures to prevent the hiring of individuals or the acquisition of products and/or services from entities that directly or indirectly employ child labor anywhere. The Client further declares that it will fully comply with all laws protecting the rights of children and adolescents.

9.7.The Client commits to immediately notify the Provider if any violation, suspicion of violation, or any irregular situation related to the applicable legislation on anti-money laundering, terrorism financing, corruption, as well as relevant international agreements and conventions on the subject, occurs.

10. INTELECTUAL PROPERTY

10.1. The Client authorizes the Provider to include, at no cost or charge, its name, trademarks, and address, as well as those of its business units and subsidiaries, in promotional actions, marketing materials, press releases, and/or other advertising materials of the Provider, its partners, and/or Affiliates. Additionally, the Client authorizes the disclosure of its commercial data and/or information to Issuers, Cardholders, Payment Scheme Providers, and other participants in the payment system to which the Provider is affiliated.

10.2. The Client acknowledges that the Provider owns or is licensed to use various Intellectual Property Rights, including trademarks and internet domains related to the Provider (hereinafter collectively referred to as the “Brand”), along with other distinguishing marks not expressly mentioned in this agreement.

10.3. Regarding the Provider’s Brand and the trademarks of the Payment Scheme Providers, the Client agrees to use them strictly in accordance with the terms of this Agreement and the respective applicable regulations and/or standards, in the forms, colors, and models previously indicated and approved by the Provider and/or the trademark holder, as applicable. The Client is prohibited from altering or using the Brand in any way other than as approved. Any misuse of the Brand by the Client will result in the obligation to indemnify the losses that must be paid by the Client to the holders of the respective Intellectual Property Rights.

10.4. Under no circumstances should the Client claim or acquire any rights, titles, or interests in the Brand or the trademarks of the Payment Scheme Providers, and the Client agrees to respect all the rights, titles, and interests of the Provider, the Payment Scheme Providers, and/or the Central Bank over their respective Intellectual Property Rights, undertaking not to take any actions that may harm, question, or annul such rights, whether in Brazil or abroad.

10.5. Consequently, this Agreement does not transfer to the Client any Intellectual Property Rights that the Provider, the Payment Scheme Providers, and/or the Central Bank hold over their processes and systems and/or any Intellectual Property Rights they may create, develop, or acquire.

10.6. The authorization granted herein, on a non-exclusive basis, is solely for the reproduction of the Brand and the trademarks of the Payment Scheme Providers related to identifying the provision of services by the Provider, and should not be construed as a license to use the Brand.

10.7. The Client agrees to promptly notify the Provider of any misuse of the Brand by third parties that it becomes aware of. The Provider shall retain the exclusive right to defend its Brand. The Client agrees to actively cooperate with the Provider in protecting its intellectual property rights over the Brand.

10.8.It is the Client’s responsibility to ensure the proper use of the Brand, as well as the trademarks of the Payment Scheme Providers, as outlined in this Agreement and its corresponding regulations and standards. ANY MATERIAL PRODUCED BY THE CLIENT, INCLUDING BUT NOT LIMITED TO ADVERTISING PIECES, THAT CONTAINS THE BRAND, MUST BE SUBMITTED TO THE PROVIDER FOR PRIOR, EXPRESS APPROVAL, WHICH SHALL HAVE THE AUTHORITY TO FULLY OR PARTIALLY VETO THE USE OF SUCH MATERIAL.

10.9.Upon the termination of this Agreement, regardless of the reason, the Client must immediately definitively, and irrevocably cease any use of the Provider’s Brand, the Payment Scheme Providers’ trademarks, and/or the Central Bank of Brazil’s trademarks, as well as return or cease the use of all equipment, devices, software, and other materials provided by the Provider.

11. INDEMNIFICATION EVENTS

11.1. The Client irrevocably and unconditionally agrees to defend, indemnify, and hold the Provider harmless from any liability for losses or damages arising from acts or facts attributable to the Client, regardless of intent or fault, including but not limited to:

• (i) the falsity or inaccuracy of any statements made in this Agreement, as well as any breach of these statements;
• (ii) the total or partial failure to comply with legal, contractual, or regulatory obligations assumed by the Client;
• (iii) the provision of incorrect or incomplete information that has been used by the Provider to fulfill its contractual obligations; and
• (iv) damages caused to third parties. The obligations outlined in this clause will remain in effect even after the termination of this Agreement, including during the processing of administrative or judicial proceedings, until a final, unappealable decision or judgment.

11.2. The Client shall make payment for the indemnity corresponding to the Loss within a maximum period of 7 (seven) Business Days from receipt of formal notice sent by the Provider.

11.3. Payment of indemnification for Losses arising from the violation of the provisions of this Agreement does not exclude the possibility of requiring specific performance of the obligations set forth herein, nor does it exempt the Client from other legal sanctions applicable for non-compliance.

11.4. If the Provider receives, in writing, notification regarding an extrajudicial claim, administrative procedure, or judicial action brought by a third party due to an act or omission attributable to the Client, it must inform the Client about the content of the notification.

11.5. The Client agrees to reimburse the Provider for all costs arising from its defense, including legal fees, as well as indemnify it for any Losses arising from the aforementioned claim, procedure, or action.

11.6. Each Party will be solely responsible for all labor and social security obligations concerning its own employees, representatives, or contractors.

11.7. This Agreement does not establish any employment relationship between the Parties and the professionals designated by the other Party for the execution of the contracted services. The contracting Party will have full responsibility for managing these professionals and for ensuring compliance with labor, fiscal, and social security obligations, including those related to occupational health and safety. Similarly, no employment relationship is established between either Party and the service providers of
the other Party.

11.8. The responsibility outlined in the previous clause will remain in effect and valid even if, for any reason, an employment relationship is recognized between the professionals designated by one Party and the other Party.

11.9. In the event that the solutions and services provided by the Provider exhibit unexpected behavior, interruptions, delays, or failures arising from circumstances beyond its control — such as operational problems or failures attributable to Payment Scheme Providers, Issuers, Acquirers, Sub-acquirers, Payment Institutions, processors, clearing and settlement systems, financial agents, or financial institutions — the Provider will make reasonable efforts to maintain the proper functioning of the services but will not be held liable for any interruptions, failures, or delays, nor for any damages claimed by the Client resulting from these situations. The Client irrevocably and unconditionally acknowledges that no indemnification will be applicable under these circumstances.

CLAUSE 12: TERM

12.1. Unless otherwise specified in a specific Annex, this Agreement will commence upon the signing of the Agreement or when the Client performs its first Transaction using a Payment Method through the systems provided by the Provider or, as applicable, when the Client first uses the services provided by the Provider, whichever occurs first. The Agreement will be in effect for an indefinite term, and may be terminated at any time by the Client, without charges or penalties, provided all pending obligations are fulfilled and with 60 (sixty) days’ prior notice. The Provider may, in turn, terminate this Agreement or any of its Annexes at any time, with immediate effect and without the need for judicial or extrajudicial notification or interpellation, committing to make best efforts to inform the Client in advance about the termination.

12.2. The Provider may terminate this Agreement immediately, without prejudice to the right to be compensated for any losses that may have been caused by the Client, as provided in this instrument, in the following cases:

(i) By determination of the Card Schemes or the competent regulatory authorities;

(ii) Detection of suspicion or commission of fraud or other illicit activities by the Client;

(iii) Violation, attempted violation, or non-compliance by the Client with any provision of this Agreement, its Annexes, or guidelines and requests issued by the Provider;

(iv) Engagement in illegal activities or activities not in compliance with applicable legislation by the Client;

(v) Disagreement between the Parties regarding the definition of changes or adjustments to this Agreement;

(vi) In the event the Client is declared insolvent, has bankruptcy declared, requests judicial recovery, proposes extrajudicial recovery, or is involved in any similar procedure, or if an event occurs that, at the exclusive discretion of the Provider, reveals the Client’s inability to fulfill its obligations to the Provider or third parties;

(vii) Improper use of the Provider’s Brand that results or may result in damage to its image or the reputation of the Card Schemes’ brands, without prejudice to the adoption of appropriate legal measures;

(viii)Change in the Client’s corporate structure, directly or indirectly, or in its management, as well as merger, spin-off, incorporation, or any other form of corporate reorganization, without prior written consent from the Provider;

(ix) If the Client, without the Provider’s authorization, transfers, leases, or provides the equipment or materials received under this Agreement to third parties, or uses them in non- compliance with the specifications established by the Provider;

(x) Changes in legal or regulatory standards applicable to the subject matter of this Agreement and/or to the Provider’s industry, or any event that significantly impacts procedures, contractual rules, the Client’s ability to meet its obligations, or the economic-financial balance of this instrument.

12.3. The termination of this Agreement does not exempt the Parties from the obligation to fully comply with all responsibilities assumed during the term of the Agreement.

12.4. The provisions of Clauses 4, 6, 7, 8, 9, 11, 12, 13, and 14 will continue to apply even after the termination or rescission of the Agreement.

13. Contract Amendments and Updates

13.1. The Provider may modify, add, or include clauses or conditions in this Agreement and/or its Annexes, through direct communication or by making them available on its website, informing the Client of the changes made.

13.2. During the term of this Agreement, the Client may receive electronic notifications from the Provider to ensure compliance with contractual obligations, such as notices of contractual changes, technological updates, among others. Such messages will not be considered as unwanted, abusive, spam, or email marketing, as they are intended to keep the Client informed about their contractual relationship with the Provider.

13.3. This Agreement (including all of its Annexes) represents the entire and exclusive agreement between the Provider and the Client.

13.4. This Agreement comes into effect on the date of its signature and automatically revokes all prior agreements between the Parties.

14. SUPPORT

14.1. The Provider offers free Support Channels to adequately and promptly address any doubts, requests, suggestions, and/or complaints from the Client regarding the services provided (“Requests”).

Customer Service: A support channel provided by the Provider to address Requests, through the phone number 0800 590 0027 or via e-mail support@cali.li, available Monday to Friday, from 9 AM to 6 PM, except on holidays.

Ombudsman: A support channel provided by the Provider to address Requests that were not resolved by the Cali Support, through the phone number 0800 590 0084 or via the website www.compliance.cali.li/ombudsman/, available Monday to Friday, from 9 AM to 6 PM, except on holidays.

14.2. The availability of these Support Channels demonstrates the Provider’s legitimate interest in resolving Requests appropriately and promptly, and the Client agrees to submit any issues to the Support Channels whenever possible before resorting to other applicable legal or extrajudicial measures.

15. EFX SERVICES

15.1 When applicable, when using the eFX Services, by agreeing to our Terms, the User authorizes and grants, at this moment, a mandate to Cali and its affiliates to act on their behalf in performing foreign exchange operations, in accordance with the applicable regulations. This mandate includes:

• (i) Reception and Forwarding of Operations: Cali may receive and forward foreign exchange operations, as well as process withdrawals of funds and charge fees, according to the Client’s instructions;
• (ii) Formalization of Contracts: Cali is authorized to formalize foreign exchange contracts, accept proof of transactions, guarantee contracts, and other necessary documents;
• (iii) Opening of Banking Relationship: the mandate includes the possibility of opening a banking relationship and/or account with authorized financial institutions, in order to enable deposits or transfers between accounts in the Client’s name; and
• (iv) Execution of Commands on the Merchant Portal: Cali may execute commands that the Client performs on the Merchant Portal, related to resources held with an authorized financial institution.

15.2. In accordance with the obligation set forth in Resolution BCB No. 277, art. 51, the Client ensures that are clearly and promptly informed about the following aspects of the service:

15.3. Responsibilities of the eFX Provider:

a) Execute foreign exchange operations in compliance with applicable regulations and market best practices.

b) Provide accurate and up-to-date information about the costs, fees, and timelines involved in the operation.

c) Protect the Client’s data and information, respecting privacy and data protection regulations.

d) Act diligently in identifying and preventing fraud and illegal activities, in compliance with
AML/CFT policies.

15.4. Nature and Conditions of the Provided Service:

a) The eFX service consists of converting foreign currency to Brazilian reais and vice versa, according to the conditions previously agreed upon between the parties.

b) The operations are carried out exclusively through payment or deposit accounts in the Client’s name;

c) The exchange rates and any applicable charges will be informed to the Client before the transaction is completed;

d) The eFX provider may refuse or cancel operations that do not comply with the prevailing regulations or show signs of irregularity.

16. GENERAL PROVISIONS

16.1. Tolerance or omission by either Party shall not be considered as a waiver, forgiveness, novation, or modification of the terms agreed upon in this Contract, nor as a waiver of the right to demand compliance with the conditions set forth herein, or the right to require, in the future, the full execution of each of the obligations provided for in this Contract.

16.2. This Contract, together with all its Annexes, constitutes the complete agreement between the Parties regarding its subject matter, replacing in full all prior proposals, negotiations, discussions, and understandings between the Parties related to this Contract.

16.3. The Parties shall not be liable for failures, interruptions, or delays in fulfilling their obligations if caused by events of force majeure or unforeseeable circumstances, as provided for in Article 393 of the Civil Code, including but not limited to governmental acts, restrictions imposed by public authorities, interruptions in government-licensed, authorized, or granted services (such as power supply and telecommunications services, as well as related service interruptions), natural disasters, strikes, public disturbances, and other similar events.

16.4. If any provision of this Contract is declared or deemed illegal, unenforceable, or void, both Parties will be exempt from fulfilling the obligations related to that provision, but only to the extent that it is illegal, unenforceable, or void. In such case, the Parties shall, by mutual agreement, modify the Contract, amending the provision in question as necessary to make it legal and enforceable while maintaining its purpose. If this is not possible, it will be replaced by a new provision that is legal, enforceable, and achieves the same objective.

16.5. The conditions of this Contract are binding on the Parties and their successors, regardless of any title.

16.6. This Contract does not establish any corporate, labor, or employment relationship between the Parties. Each Party will be exclusively responsible for the expenses with its employees, agents, contractors, and subcontractors, including charges arising from the applicable legislation, whether labor, social security, insurance, or other. The relationship between the Parties is limited to the object of this Contract and cannot, under any circumstances, be interpreted as an association, partnership, employer-employee relationship, supplier-consumer relationship, or any other form not expressly provided for in this Contract.

16.7. The Service Provider may assign or transfer, in whole or in part, its rights and obligations arising from this Contract to companies in its corporate group or third parties, without the need for consent, communication, or prior notice to the Client. The rights and obligations of the Client under this Contract may not be assigned or transferred, in whole or in part, directly or indirectly, without the prior written consent of the Service Provider, under penalty of immediate termination of this Contract.

16.8. Taxes and contributions that are or may be levied on the amounts paid to the Service Provider and/or the Client as a result, directly or indirectly, of this Contract will be the responsibility of the respective taxpayer, as defined by the legislation governing such taxes and contributions.

16.9. If the Client has debts or credits with companies belonging to the Service Provider’s corporate group, the Client hereby irrevocably and irretrievably authorizes the offsetting of these amounts, including but not limited to the creation of encumbrances or charges on receivables owned by the Client, waiving any challenge to this offset.

16.10. As set forth in this Contract, the Parties acknowledge that the allocation of losses and damages, although due and assessed in accordance with applicable legislation, will not be sufficient compensation for the non-performance of the obligations of this Contract, and the Service Provider may judicially demand specific performance of the breached obligation, including both the main and ancillary obligations set forth in this instrument.

16.11. This Contract is considered an extrajudicial enforcement title, pursuant to Article 784, Section II and following of Law No. 13,105, of March 16, 2015 (Brazilian Code of Civil Procedure) or other applicable local legislation that may replace it.

16.12. The Parties agree that, for the resolution of disputes or for the interpretation of the clauses of this Contract that cannot be resolved amicably, the exclusive jurisdiction of the Court of the District of São Paulo, State of São Paulo, shall apply, waiving any other jurisdiction, regardless of its level of privilege.

ANNEX 1 TO THE GENERAL TERMS OF CONTRACTING PAYMENT PRODUCTS AND SERVICES

By this Annex 1, the Client contracts CALI INSTITUIÇÃO DE PAGAMENTO S.A., registered under CNPJ/MF No. 55.650.381/0001-46 (‘Service Provider’ or “Cali”), for the provision of the services described in this Annex 1, with respect to which the Parties agree to observe the specific conditions outlined below.

SPECIFIC CONDITIONS OF ADMISSION

1. INITIAL CONSIDERATIONS

1.1. This Annex 1 aims to outline the main terms and conditions applicable to the provision of services by Cali to the Client. The Client acknowledges that the services mentioned are provided to the Client by the Service Provider, with the involvement of participants from the Payment Arrangements in which the Service Provider currently participates or will participate in the future.

II. ADHESION

2.1. The Client’s accreditation process for accepting Payment Methods may be carried out through channels made available by the Service Provider, which may include, but are not limited to, third-party or partner companies, the Service Provider’s commercial team, self-accreditation via the Cali Website, as well as any other channels that may be implemented.

2.1.1. To initiate the accreditation through any of the mentioned means, the Client must provide the Service Provider with all required information and documents, including but not limited to, the designation of its Authorized Representative(s).

2.1.2. The designation made by the Client will be considered a valid grant of powers, in accordance with Article 653 of the Brazilian Civil Code, or according to applicable local legislation, granting the Authorized Representative(s) the authority to act on its behalf within the context of this Agreement, including contracting products and/or services offered by the Service Provider and/or its Affiliates.

2.1.3. The Client must register a personal and exclusive login and password for access to the Cali Website. The Client is fully responsible for maintaining the confidentiality of these credentials, acknowledging that the login and password are personal and non-transferable. The Client will be held accountable to the Service Provider and third parties for any losses arising from the sharing or misuse of these credentials.

2.2. The Client is prohibited from engaging in any activity that would characterize Sub-accreditation under this Agreement. Failure to comply with this obligation will result in immediate termination of the Agreement, in addition to the Client’s responsibility to indemnify the Service Provider for any losses arising from such breach.

2.3. The Client’s accreditation will be subject to a registration analysis to be conducted by the Service Provider. The Service Provider may, at its sole discretion, refuse or cancel the accreditation without the need for justification.

2.4. The completion of the accreditation represents the full, irrevocable, and non-retractable acceptance by the Client of the obligation to pay the Compensation owed to the Service Provider, as set forth in this Agreement.

2.5. The Client may request the inclusion of branches under its ownership in its registration. Such request will be subject to the Service Provider’s evaluation, which may approve or reject it based on its own criteria, at its sole discretion.

2.6. The Client authorizes Cali to, whenever deemed necessary, directly or through third parties designated by it, inspect:

• (i) the regularity and continuity of its activities;
• (ii) the regularity of conducting Transactions with Payment Methods;
• (iii) the functioning of the Equipment; and (v) any activity performed by the Client for the purpose of complying with the Agreement and/or applicable legislation.

3. POS EQUIPAMENT

3.1. The Service Provider may provide the Client with Equipment owned by it through a rental agreement, or may approve Equipment owned by the Client or third parties. In this case, the Service Provider may charge specific Compensation. Any replacement or modification of the approved Equipment must be previously approved, in writing, by the Service Provider.

3.2. The Service Provider will not be responsible for Equipment or operational materials purchased or contracted directly by the Client from third parties, even if these have been accredited or approved by the Service Provider.

3.3. The installation and removal of the Equipment may be carried out by the Service Provider or companies designated by it, at the address provided by the Client. The Service Provider will be responsible for providing preventive, corrective maintenance, or replacement of its own Equipment whenever necessary or upon the Client’s request. If there is any change in the address initially provided for installation, the Client must notify the Service Provider in advance, and the new installation will follow the conditions determined by the Service Provider, with possible additional charges.

3.4. It is exclusively the Client’s responsibility to ensure that the type of Equipment used complies with the applicable legal requirements, and the Client is also responsible for the payment of any taxes or charges arising from the use of the said Equipment.

3.5. The Client agrees to observe the following obligations related to the use of the Equipment:
(i)Verify, at the time of installation and during use, whether the serial number of the Equipment and the Client’s details — such as trade name and CNPJ or TAX ID — are correctly presented both on the Equipment itself and on the sales receipts generated. The Client acknowledges and irrevocably agrees that the Service Provider will not be responsible, under any circumstances, for any failures arising from the use of third-party Equipment, including Transactions with Payment Methods carried out through such Equipment, even if there is intent or negligence;

(ii)When necessary, provide adequate internet access for the installation and operation of the
Equipment, fully covering the costs of connectivity and maintenance;

(iii)Keep the Equipment protected at the location previously indicated for installation, and it is prohibited for the Client, without the prior express authorization of the Service Provider, to transfer, sublease, sell, or move, partially or entirely, the Service Provider’s Equipment to a different address from the one provided, including branches, nor to use Equipment linked to other Clients, assuming responsibility for any damages or penalties arising from such actions;

(iv)Ensure that the Equipment is used appropriately and exclusively by authorized individuals, following the rules established by the Service Provider, fully assuming responsibility for the installation, maintenance, and repair costs of its own Equipment, as well as those supplied by the Service Provider, in case they suffer damages due to misuse, incorrect installation, or improper handling by its employees or representatives;

(v)Take all necessary measures to ensure the proper conservation, operation, and integrity of the Service Provider’s Equipment, safeguarding and properly using it;

(vi)Acknowledge that all software and applications provided or installed on the Equipment by the Service Provider, whether free or paid, are the exclusive property of the Service Provider or third parties, as the case may be, including for copyright and intellectual property purposes;

(vii) Immediately notify the Service Provider of any suspicion or confirmation of fraud involving the Equipment, as well as any data breach or leakage of information from Cardholders, including a complete description of the characteristics of the Equipment involved;

(viii)Bear all costs and expenses arising from improper, inefficient, or non-compliant use of the Equipment, as well as its respective software, hardware, and other associated materials.

3.6. The Equipment shall remain in the Client’s possession for the duration of the Agreement, and the Client shall be responsible, before the Service Provider and any third parties, for the safekeeping and maintenance of the Equipment.

3.7. The Client acknowledges and agrees that the operation and processing of Transactions using Payment Methods may occasionally be suspended due to technical reasons or Equipment maintenance. Therefore, the Service Provider does not guarantee continuous and uninterrupted provision of the services described in this Annex II, nor the absence of failures or errors in the services provided.

3.8. In the event of termination or cancellation of the Agreement, the Client undertakes to return the Service Provider’s Equipment, in the same condition as received — except for wear resulting from regular use — within a maximum period of seven (7) Business Days. If the Equipment is not returned or is lost, the Client shall be deemed automatically in default and must fully reimburse the Service Provider for the value of the Equipment, in addition to any other losses and damages incurred. The Service Provider may, for such purposes, deduct or withhold amounts owed to the Client, without prejudice to the collection of the applicable Fees, until full reimbursement is made.

4. TRANSACTIONS USING PAYMENT METHODS

4.1. The Client undertakes to strictly comply with all operational and security rules established in this Annex, the Agreement, and other guidelines issued by the Service Provider, including but not limited to:

(i) Ensuring the correct reading of the Card chip for in-person Transactions involving Chip Cards, using only Equipment authorized by the Service Provider;

(ii) Providing the Cardholder with their copy of the Sales Receipt, without exception;

(iii) Promptly reporting any attempt or indication of fraud detected, using the Customer Service Channels provided, in accordance with contractual rules;

(iv) Providing Cardholders with clear and objective information about the payment terms for the acquisition of products or services;

(v) Checking the information on the Card, when applicable, including:

• (a) the Card’s expiration date;
• (b) the physical integrity of the Card;
• (c) the name and, if present, the Cardholder’s signature;
• (d) the Brand authentication marks;
• (e) the last four digits of the Card number, which must match those on the Sales Receipt;
• (f) the three-digit security code on the back; and
• (g) the Authorization Codes generated by the Service Provider;

(vi) Not intentionally splitting a single purchase into multiple Transactions on the same Card, such as dividing a R$ 10,000.00 (ten thousand reais) purchase into ten R$ 1,000.00 (one thousand reais) Transactions;

(vii) Requiring, in cases involving Cards without a chip or when no PIN is entered, the verification of the name and signature on the Sales Receipt with those on the Card and an official identification document of the Cardholder;

(ix)Refraining from providing or returning cash to Cardholders, whether in the form of physical currency, checks, money orders, or any other type of credit instrument, without the express prior authorization of the Service Provider

4.2. The Client acknowledges that it is solely responsible for resolving directly with Cardholders any disputes or inquiries regarding the quality, characteristics, quantity, origin, price, defects, or warranties of the products and services purchased, releasing the Service Provider from any liability. The Client agrees to hold the Service Provider harmless from any issues related to these matters and shall indemnify the Service Provider for any resulting losses.

4.3. The Service Provider shall not be held liable for Payment Method Transactions carried out in violation of the Agreement or that fail to comply with applicable laws, regulations, or the Brand rules, and such Transactions may be subject to non-processing or non-payment.

4.4. The Client agrees that irregular Transactions, whether intentional or not, that involve suspected fraud or aim to obtain unlawful advantages, may be rejected. This includes Transactions that are inconsistent with the terms of the Agreement, the Brand rules, or applicable legislation.

4.5. If the Client exceeds the threshold of irregular or suspicious Transactions established by the Service Provider in accordance with its monitoring policies, the Client may be disqualified, in line with the criteria required by the Brands.

4.6. The Client is aware that the Service Provider may implement specific methods to detect and prevent fraud or illegal activities. The Client undertakes to cooperate with the Service Provider, provide the requested information, and monitor its employees, under penalty of being liable for any losses caused and being subject to immediate termination of the Agreement.

5. CARD-NOT-PRESENT TRANSACTIONS

5.1. The Client acknowledges that, in order to carry out Payment Method Transactions without the physical presence of the Card, it must obtain the prior and express authorization of the Service Provider. The Client assumes full responsibility for the Transaction, including in cases of Dispute and/or Cancellation, and the corresponding charge will always be debited directly from the Client, in accordance with the procedures described in this Annex.

5.2. In the case of Card-Not-Present Transactions, if the Cardholder does not recognize or disagrees with the Transaction amount reported to the Issuer, the Service Provider may refrain from making the payment to the Client. If the payment has already been made, the Service Provider may, at its sole discretion, adopt any of the collection methods established in the Agreement, even if the Client presents documents proving the execution of the Transaction, such as the Sales Receipt, with or without the Cardholder’s signature.

6. PAYMENT OF TRANSACTIONS WITH PAYMENT METHOD TRANSACTIONS TO THE CLIENT

6.1. The Client authorizes the Service Provider to pay the Net Amount of the Payment Method Transactions, in accordance with the deadlines and conditions defined by the Service Provider, by means of a credit of the due amount to the Cali Account, when applicable, or any other payment method agreed upon between the Parties and provided for in this Annex 1.

6.1.1. Payment shall be made within the period established from the date of capture of the Payment Method Transaction, subject to the terms and conditions defined in this Annex and the Agreement, as
well as the applicable rules of the Card Brands or regulatory authorities.

6.1.2. If the expected payment date for the Net Amount falls on a holiday or a day when banks are not operating, payment will be made on the next Business Day.

6.1.3. In the event of a technical and/or operational failure in the systems and/or breakdown of Equipment, the Service Provider may, at its sole discretion and without incurring any costs or penalties, extend the expected payment deadline for the Net Amount.

6.2. The Client will have up to 20 (twenty) days from the expected payment date by the Service Provider to report any discrepancies regarding the amounts paid. After this period, no claims from the Client will be accepted, and the payment will be deemed settled automatically, irrevocably, irreversibly, and definitively with respect to the amounts in question.

6.3. The Service Provider will make the Sales Statement of the Transactions available to the Client through access to the Merchant Portal or by sending it to the email address provided by the Client.

6.4. The payment of Payment Method Transaction amounts to the Client will be subject to the normal operating conditions of the centralized settlement system used, in accordance with applicable regulations. Interruptions or failures in the system may affect the Client’s payment schedule, without generating any costs or penalties for the Service Provider.

6.5. After the credit of the Net Amount of the Payment Method Transactions to the Settlement Institution designated by the Client has been made, any interruption or system failure at such Institution that affects the Client’s access to the funds shall not generate any liability or penalties for the Service Provider.

6.6. In cases of illiquidity, insolvency, request for judicial or extrajudicial reorganization, pre-bankruptcy condition, cessation of activities, or any other situation in which, at the sole discretion of the Service Provider, the Client’s difficulty in fulfilling its contractual and/or legal obligations is verified, the Service Provider reserves the right to withhold amounts owed to it, in order to ensure the fulfillment of the Client’s contractual obligations.

7. PROCESSING, CANCELLATION, AND DISPUTE/CHARGEBACK OF. PAYMENT METHOD TRANSACTIONS

7.1. A Payment Method Transaction, even if authorized, may not be processed and settled or may be canceled by the Service Provider, at its sole discretion, under the following circumstances, including but not limited to:

(i) If simulated or fictitious transactions are identified.

(ii) If the Cardholder does not recognize the Payment Method Transaction.

(iii) If the Client fails to comply with the terms of the Agreement and/or the rules established by the
Card Brands, in addition to the applicable legislation.

(iv) If irregularities and/or circumstances suggesting fraud are detected, in accordance with the
provisions of this Annex and/or the Agreement.

(v) If vulnerabilities are found in the Client’s environment.

7.2. In the event of a Dispute, the Service Provider will receive information from the Issuer and may request the Client to provide evidence that the Transaction was properly carried out, as requested.

7.3. The Client may request the Cancellation of Transactions made using credit or debit Cards, following the deadlines and procedures to be communicated by the Service Provider, in accordance with the rules established by the Central Bank, the Card Brands, and the Brazilian payment system regulations.

7.4. Whenever requested by the Service Provider, the Client agrees to provide proof of the completed sales, with or without the Cardholder’s signature, as well as any other documentation necessary to confirm the delivery of products or performance of services. If the Client fails to submit the requested documentation within the established deadline, the Service Provider may withhold payment of the Net Transaction Amount.

7.5. To ensure compliance with the procedure, the Client must retain the sales receipts and any
documentation related to product delivery or services rendered for a minimum period of 24 months from
the Transaction date.

7.6. The Client authorizes the Cancellation of the Transaction, provided that there are sufficient funds in its Cali Account to cover the amount of the Cancellation. If there are no funds or they are insufficient, the Client shall be solely responsible for arranging the refund with the Cardholders. After the Cancellation, the Service Provider is authorized to stop the financial settlement of the Transaction without the need for prior notice or notification.

7.7. If a Transaction has already been settled by the Service Provider to the Client and is later disputed or canceled, the Client must reimburse the Service Provider by a method of the Service Provider’s choosing, which may include:

(i) offsetting against amounts owed by the Service Provider to the Client;

(ii) reversal or debit from the Client’s Cali Account within up to 36 months, with prior notice to the Client; or

(iii) administrative or judicial collection, in which case the Client shall be responsible for reimbursing the collection costs, referred to as the “Dispute Cost.”

7.8. If the above options are not viable due to insufficient funds on the part of the Client, the Service Provider may adopt any collection method permitted under local law. The Client must pay the updated value of the Transaction, including any collection costs, within a maximum period of 5 Business Days after the Cancellation or chargeback, or upon request by the Service Provider, whichever occurs first. Failure to comply will result in immediate termination of the Agreement and reimbursement of any Losses incurred by the Service Provider.

7.9. The amount of a disputed or canceled Transaction shall be adjusted according to the IPC/FGV index
(or any replacement index), from the settlement date, plus interest of 1% per month or a fraction
thereof, in addition to operational charges and any Losses incurred by the Service Provider.

7.10. The Client must confirm or cancel any pending Payment Method Transaction on the Equipment within the following deadlines: 20 days for credit Payment Method Transactions and 5 days for debit Payment Method Transactions. If the deadline is not met, the Transaction will be automatically canceled without the need for prior notice from the Service Provider

7.11. Even in the event of the cancellation or reversal of a Payment Method Transaction, whether due to a Dispute or for any other reason, the Remuneration owed to the Service Provider will continue to be charged.

7.12. If a Client presents an excessive volume of canceled, disputed, or unrecognized Payment Method Transactions, according to the criteria of the Service Provider or the Card Brands, or in accordance with determinations from the Card Brands, a penalty may be imposed on the Client in the form of a fine. Additionally, the Service Provider may modify the Remuneration, terminate the Agreement immediately, and demand compensation for any Losses. If the Service Provider is responsible for paying the fine, the Client authorizes the Service Provider to debit or block amounts in the Client’s account with Cali as necessary.

8. COMPENSATION

8.1. In consideration for the services provided under this Agreement, as well as for any other contractual relationships that may exist between the Parties, the Service Provider shall be entitled to receive Compensation, as per the amounts and conditions agreed upon by the Parties. The Compensation may be charged by debiting the Client’s Cali Account.

8.1.1. The Service Provider reserves the right to adjust the amounts of its Compensation by providing prior notice to the Client at least 30 days in advance, either by email or through publication on the Cali Website. If the Client does not agree with the new amount, they may request clarification and, if the disagreement persists, may request termination of the Agreement at no additional cost. Failure to request termination shall be interpreted as acceptance of the newly established amounts.

8.1.2. During the term of the Agreement, the Service Provider’s Compensation may be reviewed at any time, including but not limited to the following situations:

• (i) changes in tax and/or fiscal conditions applicable to the Service Provider;
• (ii) adjustments to amounts charged by Issuers and Payment Arrangement Institutions for processing Payment Method Transactions;
• (iii) changes in the economic, political, or regulatory environment;
• (iv) changes in the inputs required for performing the services described in the Annex;
• (v) changes that alter the financial, commercial, or economic balance of the Annex and/or Agreement;
• (vi) evidence of detrimental changes or vulnerabilities in the Client’s situation, whether technical, operational, financial, or otherwise.

8.2. The Service Provider’s Compensation may be adjusted every 12 (twelve) months based on the IGPM-FGV (General Market Price Index of the Getúlio Vargas Foundation), with the Parties hereby committing to maintaining the economic balance of the Agreement. Cali may, at its sole discretion, choose not to apply the adjustment referred to in this clause.

8.3. The Service Provider may introduce new forms of Compensation, provided that prior written notice is given to the Client.

8.4. In order to collect the Compensation and/or any amounts due, including those related to indemnification events or breach of this Agreement, the Service Provider may, at its sole discretion, adopt one of the following alternatives:

(i) Offset the amount due with any current or future credits the Client may have with the Service Provider;

(ii) Debit the amount from the Client’s Cali Account;

(iii) If there are no credits for offsetting or if debiting a freely accessible account is not possible, the Service Provider may allow the Client to make the payment via DOC, TED, bank slip, or identified deposit, provided such method is previously agreed between the parties;

(iv) Initiate judicial or extrajudicial collection proceedings, including through third parties, using all legal means available to ensure payment of the debt, such as:

• (a) online garnishment of the Client’s or its partners’ bank accounts through the BACEN JUD system, in accordance with applicable law;
• (b) seizure of the Client’s or, when permitted, its partners’ assets to secure fulfillment of the obligation; and/or
• (c) other legal means of collection available at the time.

8.5. In the event of a delay in the full or partial payment of any amount due, a late payment penalty of 2% will be applied to the unpaid amount, along with interest on overdue payments of 1% per month and monetary correction based on the IPC/FGV or the legally applicable substitute index, calculated proportionally to the number of days of delay.

8.6. If the Client has amounts to pay or receive in relation to companies controlled or affiliated with the Service Provider, as defined in Article 243 of Law No. 6,404/1976 or any other applicable local legislation, the compensation of such amounts is hereby authorized to be made directly in the Client’s Cali Account.

8.7. Furthermore, the Client expressly agrees, definitively and irrevocably, that the Service Provider may offset any debtor or creditor balances linked to different registration records of the Client and/or its subsidiaries maintained with the Service Provider.

9. FRAUD PREVENTION

9.1. The Service Provider will adopt preventive measures aimed at identifying and mitigating fraud risks and unlawful conduct. The Client undertakes to instruct its team on compliance with these guidelines and to promptly provide any information that may be requested by the Service Provider.

9.2. In the event of indications or suspicions of irregular Transactions with Payment Methods, the Client hereby authorizes the Service Provider to conduct an audit to investigate such occurrences.

9.3. The Client shall fully cooperate during any audit processes conducted by the Service Provider and/or the Card Networks, providing all required documents and evidence, including Sales Receipts. The Client also agrees to implement the recommendations provided within the specified timeframe. The Service Provider may, at its discretion, conduct inspections of the Client’s premises, the Equipment used, and any relevant documents, on business days during normal working hours, even without prior notice.

9.4. During audit processes related to suspected fraud or other irregular conduct, the Service Provider may, at its sole discretion, temporarily suspend the provision of the contracted services, as well as suspend financial transfers to the Client and retain amounts from Transactions with Payment Methods, from the start of the investigation until its conclusion, without this measure resulting in any penalties or charges for the Service Provider.

9.5. If the investigations do not confirm the existence of irregularities in the Transactions with Payment Methods and as long as the Contract remains in effect, the Service Provider will make the due payments to the Client without the imposition of additional charges.

9.6. If fraud or irregular operations are confirmed or suspected to have been carried out by the Client, the Service Provider may immediately take measures such as blocking Transactions with Payment Methods, modifying the contracted Remuneration, deactivating the Client, terminating the Contract, and retaining any amounts that have not yet been settled, for the time required to investigate the damages incurred. After the investigation is concluded, the retained amounts may be used to offset damages or losses caused to the Service Provider, the Issuers, and/or the Cardholders.

9.7. Cali may establish, at its discretion, a financial limit for the operations conducted by the Client within the scope of the contracted services, providing prior notice of such restrictions. If the volume of Transactions with Payment Methods reaches this limit within a certain period, the Client agrees to obtain prior authorization from Cali to proceed with sending new Transactions for the purpose of capture, processing, and settlement.

GLOSSARY

By means of this Annex, the following glossary shall apply to the Agreement and all of its Annexes.

DEFINITIONS

The interpretation of this Agreement and its Annexes shall observe the following guidelines:

(i) Any reference to documents or instruments includes any amendments, replacements, consolidations, or supplements thereto, unless expressly stated otherwise in this Agreement;

(ii) References to legal norms should be understood as referring to the respective norms in their updated, consolidated form or as modified in the future, affecting their application;

(iii) For the purposes of this Agreement:

• (a) the term “or” does not have an exclusive meaning unless the context requires otherwise;
• (b) “including” should be understood as “including, without limitation”;
• (c) terms in the singular also include the plural, and vice versa;
• (d) terms related to a gender apply to all genders;
• (e) expressions such as “in this instrument,” “of this instrument,” “by this instrument,” or similar refer to this Agreement in its entirety, including the Annexes;
• (f) the terms “Clause” and “Annex” refer to the sections and annexes of this Agreement; and
• (g) expressions such as “according to,” “as provided in,” or equivalent references refer to the corresponding Clause of this Agreement;

(iv) References to any person include their successors and permitted assignees;

(v) The reference to “days” refers to calendar days, unless specified as “Business Days”;

(vi) The Annexes mentioned in this instrument are integral parts of this Agreement for all purposes; and

(vii) All time periods set forth herein shall be counted by excluding the initial day and including the final day. If the due date falls on a Saturday, Sunday, or national holiday, the period will automatically be extended to the next Business Day.

The defined terms in capital letters below will have the following meanings:

“Affiliates” refers to all companies belonging to the economic group of the Service Provider, including but not limited to CALI INSTITUIÇÃO DE PAGAMENTO S.A, its strategic partners, and any subcontractors.

“Authorized Representative(s)” refers to (i) in the case of a corporate Client, the individual(s) appointed by the Client to represent it before the Service Provider, including for the purpose of contracting additional products and services; and (ii) in the case of an individual Client, the Client itself. The Client may designate its Authorized Representative(s) through the customer support channels provided by the Service Provider.

“Account Institution” refers to the financial or payment institution that participates in the Payment Arrangement and holds the account for ordinary credit of the Client’s authorized receivables within the scope of the Payment Arrangement. It is worth noting that the Account Institution for the Client may be the Service Provider itself.

“Central Bank” refers to the Central Bank of Brazil.

“Client” means the entity or individual identified in the Master Services Agreement (“MSA”) executed between the parties.

“Card Network” or “Payment Arrangement Provider” refers to the entities responsible for creating and managing Payment Arrangements, holding ownership rights over their brands and responsible for the regulation and management of payment services under their control.

“Card” or “Cards” refers to the identification and/or payment instruments, whether physical or virtual, provided by Issuers, for the personal and non-transferable use of Cardholders, accepted at establishments authorized by the Service Provider.

“Customer Support Channels” refers to the communication means provided by the Service Provider to address the needs of the Client

“Chip” refers to the microprocessor inserted into the Cards, containing the programming and memory data of the Cardholder, whose information is read by the Equipment using the Cardholder’s password or signature.

“Cali Account” refers to the payment account provided by Cali or its partners.

“Chargeback” refers to the process of reversing a Payment Transaction, due to a dispute by the Cardholder, the Card Network, or the Issuer, in accordance with the rules and timelines established by the Card Networks and/or Acquirers.

“Acquirer” or “Acquirers” refers to the payment institution responsible for merchant acquiring and participating in the settlement process of payment transactions, as per the Central Bank’s regulations.

“Business Days” or “Business Day” refers to any day other than Saturday, Sunday, or a national holiday.

“Confidential Information” or “Confidential Information” refers to any and all information, whether verbal, written, printed, or electronic, of any nature, that may be considered confidential, regardless of being classified as such or not. This includes, but is not limited to, information related to transactions conducted, the conditions resulting from such transactions, or generated from them or the Agreement, the technology used by the Parties, as well as technical procedures, business processes, financial strategies, and information security policies of the Parties, which may take the form of documents, technical specifications, know-how, patents, data, drawings, plans, process flowcharts, photographs, databases, hardware, software, as well as descriptions, presentations, and oral observations.

“Cardholders” refers to individuals or representatives of legal entities who hold a Card and/or other Payment Method and are authorized to carry out Transactions with these means.

“Intellectual Property Rights” refers, individually or collectively, to:

• (i) industrial property rights under Law No. 9.279, of May 14, 1996, including trademarks and trademark applications, distinctive signs, patents, industrial designs, and inventions;
• (ii) copyrights as defined by Law No. 9.610, of February 19, 1998;
• (iii) software rights protected by Law No. 9.609, of February 19, 1998; and
• (iv) other intellectual property rights protected both domestically and internationally.

“Issuer” refers to payment or financial institutions, whether national or foreign, authorized by the Card Networks to issue and provide Cards and/or Products for use in Brazil or abroad.

“Gross Amount” refers to the total value of Payment Transactions conducted by the Client before educting the Remuneration and any other discounts owed to the Service Provider as stipulated in the Agreement and/or Annex.

“IPC/FGV” refers to the Consumer Price Index published by the Fundação Getúlio Vargas or any other index that may replace it.

“Payment Methods” refers to the instruments, whether physical or electronic, that have payment functions and are accepted or may be accepted by the Service Provider at any time.

“Payment Arrangement” defines the set of rules and procedures established by the Card Network, enabling the provision of payment services to the general public through the interaction between Issuers, the Service Provider, Account Institutions, Acquirers, and Subacquirers.

“Loss” refers to any type of loss, obligation, demand, liability, requirement, restriction, damage, fine, penalty, harm, burden, expense, cost, or disbursement, including direct, indirect, consequential damages, moral damages, lost profits, attorneys’ fees and other specialists’ fees, legal fees, or any interest, whether already incurred or future, incurred by the Service Provider and/or third parties, directly or indirectly due to the object of the Agreement and/or Annex, or the breach of obligations assumed by the Client, whether toward third parties or in the course of its activity, even after the termination of the Agreement or Annex. This includes, without limitation, those arising from fines, penalties, complaints, administrative, extrajudicial, and judicial proceedings filed by third parties and/or arising from the Client’s actions, regardless of fault or intent.

“Products” refers to any product or service provided or to be provided by the Service Provider, whose characteristics, specifications, usage conditions, and acceptance are detailed in the Agreement and/or Annexes, as determined by the Service Provider and accepted by the Client.

“IP” refers to CALI INSTITUIÇÃO DE PAGAMENTO S.A, registered under CNPJ/MF No. 55.650.381/0001 46, or the payment institution participating in the Cali economic group that is present in the country of execution of this Agreement.

“Cali Website” or “Merchant Portal” refers to the webpage developed, maintained, updated, and made available by the Service Provider at the address www.cali.li, where the Client can obtain information, contract services provided by the Service Provider, and access Customer Support Channels or the exclusive Client environment.

“Subacquirer” refers to a participant in the Payment Arrangement who enables the end-user recipient to accept the payment instrument provided by the Issuer, but who does not directly participate in the settlement process of Payment Transactions, acting only as an intermediary