Terms of Service

1. Definitions

• “Authorised User”means any individual whom the Customer permits to access the Service under the Customer’s account, subject to the permissions and roles assigned by the Customer.
• “Customer Data” means all data, content, and information that the Customer or its Authorised Users upload, submit, or otherwise transmit to or through the Service, including End Customer records, transaction data, inventory records, and compliance documentation.
• “End Customer” means a customer of the Customer whose personal data or transaction data is processed through the Service.
• “Intellectual Property Rights” means all patents, copyrights, trademarks, trade secrets, database rights, design rights, and all other intellectual property rights, whether registered or unregistered, together with all applications for any of the foregoing.
• “Tenant”means the organisational account created for the Customer within the Service, through which the Customer’s data is logically isolated from all other Tenants.
• “Service Level Agreement” or “SLA” means the uptime and performance commitments set out in Section 7.
• “Subscription Term” means the period during which the Customer has a valid, paid subscription to the Service, as specified in the applicable order or billing agreement.

2. The Service

2.1 Service Description

Orosphinx provides a cloud-based enterprise resource planning platform designed for the jewelry and precious metals industry, including modules for retail and point-of-sale, inventory management, manufacturing execution, treasury and bullion management, omnichannel commerce, customer relationship management, compliance and KYC, financial reporting, and related functions.

2.2 Access and Accounts

To use the Service, you must create a Tenant account and provide accurate, complete registration information. You are responsible for maintaining the confidentiality of your account credentials and for all activities that occur under your account. You must promptly notify us of any unauthorised use of your account by emailing security@orosphinx.com or through the security section of your Tenant account settings.

You are responsible for managing Authorised Users within your Tenant, including assigning appropriate roles and permissions, ensuring each Authorised User complies with these Terms, and promptly revoking access for individuals who should no longer have it.

2.3 Tenant Isolation

Each Tenant’s data is logically isolated within our infrastructure using database-level Row-Level Security. No Tenant may access, view, or modify another Tenant’s data. Tenant identification is derived from authenticated session context and cannot be overridden by client-side input.

2.4 Service Modifications

We may update, modify, or enhance the Service from time to time. We will provide reasonable advance notice of any changes that materially reduce the functionality available to you under your current subscription tier. We will not remove core features from your subscription tier during a paid Subscription Term without offering a commercially reasonable alternative or adjustment.

3. Subscription, Fees, and Payment

3.1 Subscription Plans

Access to the Service is provided on a subscription basis. The features, usage limits, and pricing applicable to your subscription are set out in the plan selected at the time of purchase or as subsequently agreed in writing.

3.2 Fees and Billing

All fees are as stated at the time of purchase or on the applicable invoice. Unless otherwise agreed:

• Fees are invoiced in advance for the applicable billing period (monthly or annual).
• Payment is due within 30 days of the invoice date.
• All fees are stated exclusive of applicable taxes. You are responsible for all applicable VAT, sales tax, withholding tax, or other taxes, excluding taxes on our net income.

3.3 Price Changes

We may adjust pricing for future Subscription Terms. We will provide at least 60 days’ written notice before any price increase takes effect. The new pricing will apply at the start of your next renewal period following the notice period.

3.4 Late Payment

If payment is not received within 15 days of the due date, we may (a) charge interest on the outstanding amount at 3% per annum above the Bank of England base rate, and (b) suspend access to the Service upon 10 days’ further written notice if the overdue amount remains unpaid. Suspension does not relieve your obligation to pay outstanding fees.

3.5 Refunds

Pre-paid annual subscription fees are non-refundable except where we materially breach these Terms and fail to cure the breach within the period specified in Section 11. Monthly subscriptions may be cancelled at any time; no refund is provided for the remaining portion of the then-current billing period.

4. Customer Data

4.1 Ownership

You retain all rights, title, and interest in your Customer Data. We claim no ownership over Customer Data. We will not access, use, or disclose Customer Data except as necessary to provide and maintain the Service, to comply with applicable law, or as otherwise permitted by these Terms or your written instructions.

4.2 Licence to Process

You grant us a non-exclusive, worldwide, royalty-free licence to host, store, process, and display Customer Data solely for the purpose of operating and improving the Service in accordance with these Terms and our Privacy Policy.

4.3 Data Processing Roles

For the purposes of applicable data protection legislation:

• You are the Data Controller for Customer Data, including End Customer personal data, that you upload or cause to be processed through the Service.
• We are the Data Processor acting on your behalf and in accordance with your documented instructions.

Our obligations as Data Processor are set out in the Data Processing Addendum (Appendix A to these Terms), which is incorporated by reference and forms part of these Terms.

4.4 Customer Responsibilities

You are responsible for:

• Ensuring that your collection and use of Customer Data complies with all applicable laws, including obtaining any necessary consents from End Customers
• The accuracy, quality, and legality of Customer Data
• Providing notice to and obtaining consent from End Customers as required by applicable data protection law
• Responding to data subject requests from your End Customers (we will assist as set out in the Data Processing Addendum)
• Ensuring that no Customer Data contains malicious code, infringing content, or data that you are not authorised to process

4.5 Data Export and Portability

You may export your Customer Data at any time during the Subscription Term through our built-in export functionality in JSON, CSV, or PDF format. Upon termination of the Subscription Term, we will make your Customer Data available for export for 30 days. After the 30-day post-termination period, we will delete your Customer Data from our active systems and, within a further 60 days, from our backup systems, unless retention is required by applicable law.

4.6 Aggregated and Anonymised Data

We may create aggregated, de-identified data derived from Customer Data for the purpose of improving the Service, generating industry benchmarks, or conducting research. Such data will not identify you, any Authorised User, or any End Customer, and will not be considered Customer Data.

5. Intellectual Property

5.1 Orosphinx IP

We retain all Intellectual Property Rights in and to the Service, including all software, documentation, APIs, user interfaces, designs, algorithms, and any improvements, modifications, or derivative works thereof. These Terms do not transfer to you any ownership interest in the Service.

5.2 Licence to Use the Service

Subject to your compliance with these Terms and payment of applicable fees, we grant you a limited, non-exclusive, non-transferable, non-sublicensable, revocable licence to access and use the Service during the Subscription Term solely for your internal business purposes.

5.3 Restrictions

You shall not, and shall not permit any third party to:

• Copy, modify, adapt, or create derivative works of the Service or any component thereof
• Reverse engineer, decompile, disassemble, or otherwise attempt to derive the source code of the Service
• Sublicence, lease, rent, loan, sell, or otherwise distribute the Service or access thereto to any third party
• Remove, alter, or obscure any proprietary notices on the Service
• Use the Service to develop a competing product or service
• Access the Service for the purpose of benchmarking or competitive analysis

5.4 Feedback

If you provide us with suggestions, ideas, or feedback regarding the Service (“Feedback”), you grant us an unrestricted, irrevocable, worldwide, royalty-free licence to use, modify, and incorporate such Feedback without obligation to you.

6. Acceptable Use Policy

6.1 Prohibited Activities

You agree not to use the Service to:

• Violate any applicable law, regulation, or third-party right
• Facilitate or conceal money laundering, terrorist financing, sanctions evasion, trade-based money laundering, or any other financial crime
• Process, store, or transmit data that you do not have the lawful right to process
• Upload or transmit malicious code, viruses, or other harmful software
• Attempt to gain unauthorised access to other Tenants’ data, our infrastructure, or third-party systems
• Interfere with or disrupt the integrity or performance of the Service
• Use the Service to send unsolicited communications (spam) to End Customers
• Circumvent usage limits, rate limits, or access controls
• Resell, redistribute, or commercially exploit access to the Service without our written authorisation
• Use the Service in connection with the trade of conflict minerals, sanctioned goods, or goods of illicit origin
• Falsify or manipulate gold prices, inventory quantities, transaction records, cost calculations, or any other data that is required to be accurate for legal or regulatory compliance

6.2 Anti-Money Laundering Compliance

Given the elevated AML risk profile of the precious metals industry, you acknowledge and agree that:

• You will comply with all applicable AML and counter-terrorist financing laws and regulations, including the UK Money Laundering Regulations 2017 (as amended) and Egyptian AML Law No. 80 of 2002
• You will use the Service’s KYC features in good faith to verify the identity of End Customers where required by law
• You will not knowingly use the Service to facilitate transactions involving the proceeds of crime
• We may suspend your account if we have reasonable grounds to believe it is being used in connection with financial crime, pending investigation

6.3 Enforcement

We reserve the right to investigate suspected violations of this Acceptable Use Policy. If we determine that a violation has occurred, we may take any action we deem appropriate, including issuing warnings, suspending access (with notice where practicable), or terminating your account. Where a violation involves suspected criminal activity, we may report the matter to law enforcement.

7. Service Level Agreement

7.1 Uptime Commitment

We will use commercially reasonable efforts to maintain the Service with a monthly uptime of at least 99.5%, measured as the percentage of total minutes in the calendar month during which the Service is available and operational (“Uptime Percentage”). Uptime is measured by our internal monitoring systems.

7.2 Scheduled Maintenance

Planned maintenance windows will be communicated at least 48 hours in advance through our status page or email notification. Scheduled maintenance periods are excluded from the Uptime Percentage calculation.

7.3 Exclusions

The Uptime Percentage calculation excludes downtime caused by:

• Scheduled maintenance notified in advance
• Force majeure events (see Section 14)
• Your acts or omissions, including misconfiguration or misuse
• Failures of your internet connectivity or equipment
• Third-party services or integrations not under our control
• DDoS attacks or other external security threats, provided we respond with commercially reasonable diligence

7.4 Service Credits

If we fail to meet the 99.5% Uptime Percentage in any calendar month, you may request a service credit as follows:

Service credits must be requested within 30 days of the end of the affected month. Credits are applied to future invoices and do not entitle you to a cash refund. Service credits are your sole and exclusive remedy for failure to meet the uptime commitment.

8. Warranties and Disclaimers

8.1 Our Warranties

We warrant that:

• The Service will substantially conform to the documentation made available to you during the Subscription Term.
• We will provide the Service with reasonable skill and care in accordance with generally accepted industry standards.
• We have the legal right and authority to enter into these Terms and to provide the Service.
• The Service, as provided by us, will not infringe the Intellectual Property Rights of any third party (subject to Section 9).
• We will implement and maintain appropriate technical and organisational security measures as described in our Privacy Policy, including rotation of encryption keys at least annually with semi-annual testing of zero-downtime rotation capability.

8.2 Disclaimers

Except for the express warranties set out in Section 8.1, the Service is provided “as is” and “as available.” To the maximum extent permitted by applicable law, we disclaim all other warranties, whether express, implied, statutory, or otherwise, including warranties of merchantability, fitness for a particular purpose, title, non-infringement, and any warranties arising from course of dealing or usage of trade.

We do not warrant that the Service will be uninterrupted, error-free, or free of harmful components, or that all errors will be corrected. We do not warrant that the Service will meet all of your requirements or expectations.

The Service relies on third-party gold and precious metal price feeds. We do not warrant the accuracy, completeness, or timeliness of third-party price data and are not liable for losses arising from reliance on such data.

8.3 Consumer Protection Savings

Nothing in these Terms excludes or limits any rights that you may have under the Consumer Rights Act 2015 or other mandatory consumer protection legislation that cannot be excluded or limited by contract.

9. Indemnification

9.1 Our Indemnification of You

We will defend, indemnify, and hold you harmless from and against any third-party claims, damages, losses, and expenses (including reasonable legal fees) arising from allegations that the Service, as provided by us and used in accordance with these Terms, infringes the Intellectual Property Rights of a third party (“IP Claim”). Our obligations under this section are contingent upon you: (a) promptly notifying us in writing of the IP Claim, (b) granting us sole control of the defence and settlement, and (c) providing reasonable cooperation at our expense.

If the Service becomes, or in our reasonable opinion is likely to become, the subject of an IP Claim, we may at our option and expense: (i) procure the right for you to continue using the Service, (ii) replace or modify the Service to make it non-infringing, or (iii) if neither (i) nor (ii) is commercially practicable, terminate the affected portion of the Service and refund any pre-paid fees for the unused remainder of the Subscription Term.

9.2 Your Indemnification of Us

You will defend, indemnify, and hold us harmless from and against any third-party claims, damages, losses, and expenses (including reasonable legal fees) arising from: (a) your or your Authorised Users’ breach of these Terms, including the Acceptable Use Policy, (b) Customer Data that infringes the rights of a third party or violates applicable law, (c) your failure to comply with applicable data protection, AML, or KYC obligations with respect to your End Customers, or (d) disputes between you and your End Customers.

10. Limitation of Liability

10.1 Cap on Liability

To the maximum extent permitted by applicable law, the total aggregate liability of either party under or in connection with these Terms, whether in contract, tort (including negligence), breach of statutory duty, or otherwise, shall not exceed the greater of: (a) the total fees paid or payable by you in the 12 months immediately preceding the event giving rise to the claim, or (b) £10,000.

10.2 Exclusion of Consequential Damages

To the maximum extent permitted by applicable law, neither party shall be liable for any indirect, incidental, special, consequential, or punitive damages, including loss of profits, loss of revenue, loss of data (except as required under data protection law), loss of business opportunity, cost of procurement of substitute services, or business interruption, however caused and regardless of the theory of liability.

10.3 Exceptions to Limitations

The limitations in Sections 10.1 and 10.2 shall not apply to:

• Either party’s indemnification obligations under Section 9
• Liability arising from wilful misconduct or fraud
• Your obligation to pay fees owed under Section 3
• Liability that cannot be excluded or limited under applicable law, including liability for death or personal injury caused by negligence
• Breaches of confidentiality obligations (Section 12)
• Liability arising from a party’s breach of applicable data protection law, up to a maximum of twice the cap specified in Section 10.1

10.4 Acknowledgement

Each party acknowledges that the limitations of liability set out in this Section 10 reflect a reasonable and fair allocation of risk between the parties, and that in the absence of these limitations, the fees and economic terms of these Terms would be substantially different.

11. Term and Termination

11.1 Term

These Terms commence on the date you first access or use the Service and continue for the duration of your Subscription Term, including any renewal periods.

11.2 Auto-Renewal

Unless you notify us in writing of your intention not to renew at least 30 days before the end of the then-current Subscription Term, your subscription will automatically renew for successive periods of the same length as the initial Subscription Term, at the then-current pricing (subject to any price change notice under Section 3.3).

11.3 Termination for Convenience

Either party may terminate these Terms by providing at least 30 days’ written notice to the other party, effective at the end of the then-current billing period.

11.4 Termination for Cause

Either party may terminate these Terms immediately upon written notice if:

• The other party commits a material breach of these Terms and fails to cure such breach within 30 days of receiving written notice specifying the breach
• The other party becomes insolvent, enters administration, liquidation, or receivership, or makes an assignment for the benefit of creditors

We may also terminate or suspend your access immediately, without a cure period, if:

• We have reasonable grounds to believe your account is involved in financial crime, fraud, or a serious violation of the Acceptable Use Policy
• Continued provision of the Service would violate applicable law
• Your use poses a security risk to the Service or other Tenants

11.5 Effect of Termination

Upon termination:

• Your right to access and use the Service ceases immediately (or at the end of the notice period, as applicable).
• You must pay all fees accrued up to the effective date of termination.
• We will make your Customer Data available for export for 30 days following the effective date of termination, after which it will be deleted in accordance with Section 4.5.
• The following sections survive termination: 4.1 (Ownership), 4.6 (Aggregated Data), 5 (Intellectual Property), 8.2 (Disclaimers), 9 (Indemnification), 10 (Limitation of Liability), 12 (Confidentiality), 13 (Governing Law), and this Section 11.5.

12. Confidentiality

12.1 Definition

“Confidential Information” means all non-public information disclosed by one party (the “Discloser”) to the other (the “Recipient”) in connection with these Terms that is identified as confidential or that a reasonable person would understand to be confidential given the nature of the information and circumstances of disclosure.

12.2 Obligations

The Recipient shall: (a) use the Discloser’s Confidential Information solely for the purposes of performing its obligations or exercising its rights under these Terms, (b) not disclose the Confidential Information to any third party except to employees, contractors, and advisors who have a need to know and are bound by obligations of confidentiality at least as protective as these Terms, and (c) protect the Confidential Information using at least the same degree of care it uses for its own confidential information, and in no event less than reasonable care.

12.3 Exceptions

Confidentiality obligations do not apply to information that: (a) is or becomes publicly available through no fault of the Recipient, (b) was known to the Recipient prior to disclosure, (c) is independently developed by the Recipient without use of the Discloser’s Confidential Information, or (d) is lawfully received from a third party without restriction.

12.4 Duration

Confidentiality obligations under this Section 12 shall survive termination of these Terms for a period of 5 years, except that obligations with respect to trade secrets shall survive for as long as the information remains a trade secret under applicable law.

13. Governing Law and Dispute Resolution

13.1 Governing Law

These Terms shall be governed by and construed in accordance with the laws of England and Wales, without regard to conflict of laws principles.

13.2 Dispute Resolution

In the event of any dispute arising out of or in connection with these Terms, the parties shall first attempt to resolve the dispute through good-faith negotiation between senior representatives of each party for a period of not less than 30 days. If the dispute is not resolved through negotiation, either party may submit the dispute to mediation administered by the Centre for Effective Dispute Resolution (“CEDR”) in London.

14. Force Majeure

Neither party shall be liable for any delay or failure to perform its obligations under these Terms (other than payment obligations) to the extent that such delay or failure is caused by circumstances beyond the party’s reasonable control, including natural disasters, acts of government, pandemic, epidemic, war, terrorism, civil unrest, labour disputes, power failures, internet service provider failures, or denial-of-service attacks (“Force Majeure Event”). If a Force Majeure Event continues for more than 90 consecutive days, either party may terminate the affected portion of these Terms upon written notice.

15. General Provisions

15.1 Entire Agreement

These Terms, together with the Privacy Policy, Data Processing Addendum, and any applicable order form or subscription agreement, constitute the entire agreement between the parties with respect to the subject matter hereof and supersede all prior or contemporaneous understandings, agreements, or communications, whether written or oral.

15.2 Export Compliance

You agree to comply with all applicable export control laws and regulations. You shall not use the Service in, or export Customer Data to, any country or territory that is subject to comprehensive sanctions administered by the United Kingdom, the European Union, or the United States, except in compliance with applicable licences.

16. Contact

For questions regarding these Terms:

Appendix A: Data Processing Addendum

This Data Processing Addendum (“DPA”) forms part of the Terms of Service between Orosphinx LTD (“Processor”) and the Customer (“Controller”) and governs the processing of personal data by the Processor on behalf of the Controller in connection with the Service.

A.3 Processing Details

A.4 Processor Obligations

The Processor shall:

1. Process personal data only on documented instructions from the Controller, unless required by applicable law.
2. Ensure that personnel authorised to process personal data are bound by confidentiality obligations.
3. Implement and maintain appropriate technical and organisational security measures as described in the Privacy Policy.
4. Not engage a sub-processor without prior written authorisation from the Controller. The current list of sub-processors is maintained at orosphinx.com/sub-processors.
5. Assist the Controller in responding to data subject requests.
6. Assist the Controller in ensuring compliance with obligations under Data Protection Law regarding security, breach notification, data protection impact assessments, and prior consultation with supervisory authorities.
7. At the choice of the Controller, delete or return all personal data upon termination of the Service.
8. Make available to the Controller all information necessary to demonstrate compliance with the obligations set out in this DPA, and allow for and contribute to audits.

A.6 Data Breach Notification

The Processor shall notify the Controller without undue delay (and in any event within 24 hours) after becoming aware of a personal data breach affecting the Controller’s data.

A.7 Egyptian PDPL-Specific Obligations

Where personal data processed under this DPA is subject to the Egyptian PDPL and its Executive Regulations, the Processor shall comply with all applicable PDPC licensing requirements, maintain consent chain documentation, and report any personal data breach to both the Controller (within 24 hours) and the PDPC (within 72 hours).

This Terms of Service document is provided in English. Where a translated version is provided for convenience, the English version shall prevail in the event of any inconsistency.