Terms of Service

1. Purpose and Effective Date These Terms of Service (the "Terms") govern the conditions of use and the commercial relationship for the ecommerce platform, hosting, server management, on-premise software supply, customization, feature additions, system integration ("SI"), and related support and maintenance services provided by SAEROSOFT INC. (the "Company") to merchants and their personnel. The effective date of these Terms is 2026/4/20, and the current version is v20260420.000. If the commencement date is not separately specified in an individual agreement, these Terms will take effect when the merchant completes the order approval and fee approval process and the Company accepts such order.

2. Order of Precedence of Contract Documents and Service Types These Terms apply together with order forms, proposals, statements of work (SOW), deliverable specifications, invoices, quotations, maintenance terms, service level agreements (SLA), and any additional written or electronic agreements confirmed between the Company and the merchant (collectively, the "Commercial Documents"). In the event of any conflict among documents, the following order of precedence applies: individual Commercial Documents, SOW, order form, SLA, and then these Terms. The services provided by the Company are categorized as follows, and the detailed scope and responsibilities for each type will be specified in the Commercial Documents: (1) "Subscription Service" means access to and use of a platform operated by the Company over a network; (2) "Hosting/Server Management Service" means provision of all or part of infrastructure, monitoring, operations, backup, patching, or incident response; (3) "On-Premise Supply" means installation or deployment of software into an environment designated by the merchant; and (4) "SI/Customization" means delivery of deliverables reflecting individual requirements such as feature additions, integrations, enhancements, UI changes, data migration, and operational automation. As the contracting party in relation to transactions with end users, the merchant bears full responsibility for product descriptions, advertising and disclosures, pricing, inventory, shipping, exchanges, returns, refunds, after-sales service, customer support, statutory ecommerce notices, and consumer disputes. Unless separately agreed in writing, the Company does not assume the legal status of a seller, mail order business operator, or mail order broker in such transactions.

3. Eligibility and Accuracy of Information The services are available only to corporations, sole proprietors, or equivalent entities capable of entering into commercial agreements. The merchant must provide accurate and up-to-date business information, contact details, tax invoice information, settlement account details, technical contact information, and incident response contacts, and must promptly update any changes. The Company is not liable for any delay, misdelivery, tax processing error, security incident, or settlement issue arising from false, inaccurate, or outdated information provided by the merchant. The merchant must provide at least the following contact channels to the Company: help@saerosoft.com, saero@saerosoft.com, and help@saerosoft.com.

4. Accounts, Credentials, and Access Control The merchant must securely manage administrator accounts, passwords, API keys, certificates, two-factor authentication methods, cloud credentials, SSH keys, payment gateway credentials, and any other access rights. The merchant must promptly perform account and permission provisioning, modification, and revocation procedures in the event of hiring, resignation, or role changes. Any loss caused by insufficient access control or misuse by the merchant's personnel or contractors will be the merchant's responsibility. The Company may request or use access rights only to the minimum extent necessary to provide the services or respond to incidents, and ownership of accounts provided by the merchant remains with the merchant. If customer-owned accounts or customer-named cloud accounts are used, the merchant remains responsible for maintaining root access, payment methods, and account ownership. The Company recommends the use of individual accounts instead of shared accounts as a general rule, and records of changes to administrator rights may be retained for 1 year.

5. License and Permitted Use The Company grants the merchant a non-exclusive, non-transferable, non-sublicensable right to use the services during the subscription term or contract term solely for the merchant's internal business operations. Without the Company's prior written consent, the merchant may not resell, re-rent, broker, or provide the services to any third party in a shared-service form, nor reverse engineer, decompile, copy, distribute, bypass security, or generate abnormal traffic for purposes outside the contractual purpose. In the case of on-premise supply, the license scope, installation location, number of permitted users, number of permitted servers, permitted backup copies, use in test environments, source code delivery, and inclusion of maintenance will be separately specified in the Commercial Documents. Unless otherwise agreed, the default basis for the on-premise license shall be term-based and user-based.

6. Service Scope and Exclusions The basic service scope includes the store operation functions specified in the Commercial Documents, administrator dashboard, product, order, and settlement integration interfaces, standard onboarding, migration guides, standard technical support, and operational recommendations. Even where hosting/server management services are included, the Company's responsibility is limited to the operational items expressly specified in the Commercial Documents, and any work not expressly specified is excluded from the service scope. The following items are subject to a separate agreement or quotation: (1) feature additions, customization, SI development, full UI/UX redesign, large-scale data remediation, new external system integrations, performance improvement projects, and security certification support; (2) legal, tax, accounting, or labor consulting, advertising management, content production, product registration agency services, and end-user customer service agency services; and (3) disaster recovery center construction, dedicated infrastructure configuration, dedicated staff allocation, on-site support, training material creation, and separate quality assurance procedures. The default included scope of hosting/server management shall be including OS, middleware, and application deployment, and any operational work beyond that scope may be separately charged. The Company may engage affiliates or external specialists in performing the services, and the Company shall remain contractually responsible for the overall performance.

7. Fees, Billing, and Payment Terms Fees shall follow the subscription fees, setup fees, development fees, operating fees, maintenance fees, overage charges, pass-through costs, and invoice terms specified in the Commercial Documents. Unless otherwise agreed, subscription services and recurring operational services may be billed in advance, while SI, customization, and on-premise supply may be billed based on down payment, milestone payment, interim payment, and final payment. Taxes are exclusive, and any value-added tax or other statutory taxes shall be borne by the merchant. Unless otherwise agreed, the default billing currency shall be USD, and invoices shall be due within 14 days from the invoice date. If additional work becomes necessary due to the merchant's requested changes, scope expansion, shortened schedule, additional interfaces, data correction, on-site response, night or holiday work, re-testing, or adaptation to changes in third-party policies, the Company may require corresponding schedule and fee adjustments. If the number of users, traffic, storage capacity, order volume, server specifications, number of operating stores, domains, or administrator accounts increases such that the project or operational scale is upgraded or requires a higher plan, additional infrastructure, separate server management, or additional hosting resources, the Company may charge increased subscription fees, operating fees, hosting fees, server management fees, overage fees, or separate expansion fees accordingly. The merchant may not withhold, offset, or deduct any payment without the Company's prior written approval.

8. Late Payment, Suspension, and Recovery Measures If the merchant fails to pay any amount by the due date, the Company may issue a written or electronic demand for payment within a reasonable cure period, and if non-payment continues, the Company may restrict all or part of the services, suspend new work, or withhold delivery or deployment. The merchant shall bear all notice costs, recovery costs, legal costs, third-party collection fees, and late payment charges resulting from delinquency. Unless otherwise agreed, late payment charges shall accrue at 12% per annum or in accordance with daily accrual on the overdue amount from the day after the due date until payment in full, to the extent permitted by applicable law. Notwithstanding the foregoing, the Company may immediately restrict access or suspend work without prior cure notice where necessary to address material information security risks, legal compliance risks, or threats to service continuity.

9. Third-Party Services, External Accounts, and Additional Costs The use of third-party services such as payment gateways, card issuers, courier services, SMS or messaging providers, email delivery services, CDN providers, domain registrars, cloud infrastructure providers, analytics tools, ERP, WMS, CRM, marketplaces, and social login services is subject to the terms, policies, and technical limitations of those third parties. The Company may support integration with such services, but unless directly attributable to the Company's fault, the Company is not responsible for outages, policy changes, API restrictions, account suspensions, approval refusals, delivery failures, billing errors, exchange rate fluctuations, or termination of such third-party services. If domains, certificates, external cloud accounts, third-party licenses, or external service accounts are opened in the merchant's name, ownership and management responsibility remain with the merchant, and the Company will exercise operational rights only within the delegated scope. Unless otherwise agreed, bank transfer fees, currency exchange fees, payment processing fees, telecommunication costs, cloud usage fees, and any other third-party pass-through costs are borne by the merchant. Even where the Company assists with integration or migration involving third-party providers, the relevant provider's conditions, data format, transferability, and support window may impose limitations.

10. Data Ownership, Content Responsibility, and Record Management All rights in product information, pricing, inventory, orders, member information, customer support records, banners, images, text, reviews, and logs that are entered, uploaded, integrated, or transmitted by the merchant and are owned or controlled by the merchant (collectively, "Merchant Data") remain with the merchant. The Company is granted only a limited right to process Merchant Data as necessary for contract performance, service operations, incident response, backup, security, billing, legal compliance, and customer support. The merchant is responsible for the legality, accuracy, timeliness, advertising compliance, non-infringement of intellectual property rights, lawful personal data processing, and compliance with statutory retention obligations relating to Merchant Data. The merchant must independently manage and back up its business and transaction records, and any backup or snapshot functionality provided by the Company is only a convenience feature and does not replace the merchant's independent backup and retention obligations. The default backup cycle and retention period shall be daily and 30 days, respectively, unless otherwise specified in the Commercial Documents or SLA.

11. Personal Data Processing, Outsourcing, Security, and Incident Response Where the merchant entrusts the Company, as a processor, with personal data processing activities, the Company shall process such personal data only within the documented instructions and scope delegated by the merchant and shall not use such data for purposes other than the entrusted purpose or provide it to third parties except as permitted by law or contract. The purpose of the entrustment, categories of data, retention period, access rights, subprocessors, technical and organizational safeguards, inspection and supervision, return and deletion obligations, and liability shall be set forth in a separate data processing agreement or applicable Commercial Documents. The Company shall apply reasonable technical and organizational safeguards to protect personal data and service-related information, and upon becoming aware of an actual or suspected breach or incident, shall notify the merchant without undue delay in accordance with applicable law and contract and cooperate with necessary investigation, remediation, notification, and reporting activities. The default notification channels shall be help@saerosoft.com and help@saerosoft.com. The merchant remains solely responsible for maintaining its own privacy policy, obtaining any required notices and consents for collection, use, provision, or cross-border transfer, responding to data subject requests, and fulfilling its own statutory reporting obligations.

12. Availability, Maintenance, Emergency Measures, and Recovery The Company targets monthly availability of 99.5%, excluding maintenance, emergency response, third-party outages, force majeure events, DDoS attacks, network degradation, merchant-caused issues, or out-of-scope work. Scheduled maintenance will be notified in advance where reasonably practicable, but urgent security or stability measures may be performed first with notice provided afterward. If monthly availability due to reasons attributable to the Company falls below 99.0%, the Company shall provide service credits for the following month as follows: 5% of the subscription fee where availability is below 99.0% and at or above 98.0%; 10% where availability is below 98.0% and at or above 97.0%; and 20% where availability is below 97.0%. Credits shall not exceed 15% per incident or 25% of the monthly subscription fee in aggregate, and will be granted only after incident analysis and objective confirmation of root cause. Backup, recovery, reprocessing, or workaround measures will be provided only to the extent technically feasible and contractually agreed, and the Company does not guarantee complete real-time recovery or point-in-time recovery of all data. The standard recovery targets shall be 24 hours and 48 hours, unless a separate SLA applies.

13. Support Scope and Response Levels Support levels, support channels, support hours, target response times, priority classification, inclusion of on-site support, and allocation of dedicated personnel shall be governed by the subscribed plan and the applicable SLA or Commercial Documents. Standard support includes first-level intake of operational issues, log analysis, reasonable investigation for root cause identification, recommended actions, and issue resolution within the Company's control. Unless a separate SLA provides otherwise, the standard support hours shall be 09:00-18:00 on business days (KST, excluding public holidays in Korea), and the target first response times shall be 4 hours for critical issues and 1 business day for general issues. Outages of external systems, malicious attacks, unauthorized changes, errors in merchant code or modules directly installed by the merchant, lack of access to third-party accounts, issues that cannot be reproduced, and requests of a training or consulting nature may be excluded from standard support or separately charged.

14. Merchant Cooperation, Testing, Acceptance, and Change Management The merchant shall provide in a timely manner all materials, accounts, access rights, DNS settings, SSL certificate cooperation, integration specifications, test data, decision-making support, designated personnel feedback, and legally required notices necessary for service delivery and project execution. Any schedule delay or additional cost arising from the merchant's delay, omission, incorrect information, delayed approval, lack of cooperation from third parties, or insufficient preparation shall be borne by the merchant. The testing and acceptance criteria, method, period, and approving authority for onboarding, launch, SI, or customization deliverables shall be specified in the Commercial Documents. Reproducible defects that deviate from expressly agreed requirements shall be deemed defects, whereas requirement changes, requests for new features, changes in operational preference, or adjustments due to changes in third-party policies shall be deemed change requests rather than defects. If the merchant does not provide specific written notice of defects during the acceptance period or begins live operation of the deliverables, acceptance may be deemed complete, and subsequent requests shall be handled under maintenance or separate development procedures. Unless otherwise specified, the default acceptance period shall be 7 business days from the date the deliverables are provided. Any change to scope, schedule, fees, deliverables, or delivery method shall be valid only if approved in writing by the Company or documented in a signed change order.

15. Intellectual Property, Third-Party Software, and Ownership of Deliverables All rights in the platform, framework, shared modules, templates, operational tools, documents, know-how, interfaces, and any improvements thereto that were owned or developed by the Company prior to the agreement remain with the Company. The merchant retains ownership of its own trade names, trademarks, domains, product names, design assets, content, data, and materials provided by the merchant. The ownership, usage rights, source code delivery, delivery format, and reuse rights for any SI deliverables, customizations, on-premise supply, or other deliverables shall be specified in the Commercial Documents. Unless otherwise agreed, the Company may freely continue using common technology, generic logic, and reusable components used in performing the contract. Unless otherwise agreed, the default ownership policy for deliverables provided by the Company shall be a non-exclusive internal-use license for specified deliverables upon full payment. Where open-source software or third-party software is included, the applicable license terms of the relevant rights holders shall apply, and the Company is not liable for any use in violation of those license terms.

16. Confidentiality Each party shall keep confidential all prices, quotations, operational plans, infrastructure configurations, account information, source code, deliverables, security information, trade secrets, customer information, and any other non-public information learned in connection with the execution and performance of the contract, and shall not use or disclose such information to any third party except for the purpose of performing the contract. However, disclosure may be made to the extent required by applicable law or by a lawful request of a court, regulator, or law enforcement authority, and the disclosing party shall, where practicable, notify the other party in advance. The confidentiality obligation shall survive for one year after termination of the contract, provided that where applicable law requires a longer protection or retention period, such longer period shall apply. If a separate non-disclosure agreement or security addendum exists, that document shall prevail over this clause.

17. Prohibited Conduct and Response to Security Violations The merchant shall not engage in fraud, phishing, sale of illegal goods, sale of adult materials or prohibited goods, false advertising, deceptive discounting, infringement of others' rights, malware distribution, unauthorized access, service overload, security circumvention, unlawful collection of personal data, or any conduct in violation of applicable law. The Company may, where there is a material violation, urgent security risk, legal prohibition order, or a reasonable claim of infringement by a third party, take necessary emergency measures without prior notice, including suspension of accounts, blocking access, de-listing or deletion of content, traffic blocking, or withholding deployment. The Company will notify the merchant of such action and the reasons therefor to the extent reasonably possible, and may review whether to resume the service if the merchant remedies the violation and demonstrates adequate preventive measures against recurrence.

18. Term, Renewal, and Termination The contract term shall be the period specified in the applicable Commercial Documents, and automatic renewal of subscription services shall apply only if separately agreed in writing. If automatic renewal applies, the Company may notify the merchant of the renewal or revised conditions at least 30 days before the renewal date. Either party may terminate all or part of the contract if the other party materially breaches these Terms or the Commercial Documents and fails to cure such breach within a reasonable cure period after notice. Unless otherwise specified, the default cure period shall be 14 days. Immediate termination shall be permitted in cases of insolvency, bankruptcy or rehabilitation filing, suspension of business, material legal violations, creation of security risks, repeated non-payment, or conduct that poses a significant risk to the Company or other users. Upon termination, fees for services already provided, completed setup fees, development fees, milestone payments, pass-through costs, costs already incurred to third parties, and applicable taxes shall not be refunded. Where on-premise supply was fully paid and expressly granted on a perpetual use basis, the granted usage right may survive, but maintenance, updates, hosting, technical support, and access rights shall terminate unless separately agreed.

19. Post-Termination Data Transfer, Deletion, and Handover Upon expiration or termination of the contract, the merchant may request post-termination procedures within the period specified in the Commercial Documents, including data transfer, provision of backup copies, account handover, transfer of domains or certificates, delivery of source materials or deliverables, and revocation of administrator rights. The Company may provide data in a commonly used format to the extent technically feasible, but large-scale extraction, format conversion, reprocessing, validation, redistribution, on-site support, or assistance with transfer to a third party may incur additional fees. Unless otherwise specified, the merchant must request data export within 30 days from the effective termination date, and the Company's default export format shall be CSV or JSON. Unless retention is required by law or reasonably necessary for dispute response, the Company may delete or disable Merchant Data and access rights within a reasonable period after completion of termination procedures. Information remaining in backup media or logs may continue to exist until the end of the ordinary backup retention cycle.

20. Warranties The Company warrants that it will provide the services and perform the work with the care of a prudent manager and in accordance with commercially reasonable technical standards. However, the Company does not warrant any increase in the merchant's sales, search ranking, advertising efficiency, full legal compliance, uninterrupted operation, continuous availability of third-party services, approval within any specific schedule, or achievement of any particular business outcome expected by the merchant. For SI, customization, or on-premise supply, where a material defect from the agreed specification is identified at the time of acceptance, the Company may provide correction or workaround measures within the scope of the agreed maintenance or defect remedy obligations. Issues arising from the merchant's environment, third-party modules, unauthorized modifications, negligent use, or use outside the contractual scope are excluded from warranty coverage. Unless otherwise specified, the default defect remedy period or maintenance commencement basis shall be 30 days from acceptance.

21. Limitation of Liability Except for willful misconduct, gross negligence, bodily injury, or matters for which liability cannot be excluded or limited under applicable law, each party's aggregate liability for damages shall be limited to the lesser of (i) the total amount of paid fees actually paid by the merchant to the Company during the twelve months immediately preceding the event giving rise to the claim, or (ii) the total amount paid under the relevant contract term. To the extent permitted by law, no separate minimum liability floor shall apply. Indirect, special, incidental, consequential, exemplary, or punitive damages, loss of profits, loss of anticipated savings, diminution in data value, reputational harm, and liability to third parties are excluded to the fullest extent permitted by law. Where service credits are expressly agreed as the remedy for availability shortfalls, the merchant's remedy for such shortfalls shall, to the extent permitted by law, be limited to such credits.

22. Indemnity and Third-Party Claims The merchant shall indemnify, defend, and hold harmless the Company and its personnel from and against any third-party claims, complaints, disputes, administrative sanctions, fines, damages, losses, and expenses arising from the merchant's products, pricing policy, advertising, sales activities, shipping, returns or refunds, customer service, Merchant Data, text, images, code, modules, account information provided by the merchant, the merchant's personal data processing activities, or violation of applicable law. Where there is a final determination or reasonable substantiation that the Company's pre-existing platform or deliverables created solely by the Company directly infringe a third party's intellectual property right, the Company shall respond within the liability limits set forth in these Terms and the Commercial Documents, provided that the merchant gives prompt notice and grants the Company control over the defense and settlement. Claims arising from modifications made by the merchant, materials provided by the merchant, third-party software, or combined use are excluded from the Company's responsibility.

23. Audit, Evidence, and Legal Compliance Cooperation The Company may request submission of access records, approval records, work history, account change history, payment materials, and related evidence to the extent necessary for tax, billing, security, SLA verification, incident analysis, dispute response, personal data protection, and verification of contract performance, and the merchant shall cooperate within a reasonable scope in accordance with applicable law and contract. The merchant is responsible for complying with ecommerce, personal data protection, advertising, consumer protection, export/import, electronic financial transaction, licensing, and permit requirements directly applicable to its own business activities, and the Company shall not become the principal obligated party for legal obligations beyond ordinary technical support.

24. Amendments to the Terms The Company may amend these Terms where necessary due to changes in law, service structure, security threats, pricing policy, feature changes, or operational needs. If there is a material amendment, the Company will provide advance notice of the effective date and key changes through the service notice board or policy board and email or other agreed means. If the amended Terms materially and adversely affect the merchant's paid service conditions, the merchant may object in writing before the effective date and request termination of the relevant service or contract. If the merchant continues to use the service without objection after the effective date, the merchant shall be deemed to have agreed to the amended Terms. However, where applicable law requires explicit consent, such consent shall be obtained.

25. Governing Law and Dispute Resolution These Terms and the Commercial Documents shall be governed by and construed in accordance with the laws of the Republic of Korea. In the event of any dispute, the parties shall first attempt to resolve the matter through good-faith consultation and negotiation, and if such efforts fail, the court of first instance shall be the Seoul Central District Court or another court having jurisdiction under applicable civil procedure law. The Company's official contact details are as follows: - Legal Name: SAEROSOFT INC. - Korean Company Name: 주식회사 새로소프트 - General Contact Email: saero@saerosoft.com - General Contact Phone Number: +82-10-9438-7376 - Principal Office Address: 396, Seocho-daero, Seocho-gu, Seoul, Republic of Korea - Phnom Penh Sales/Support Office: 257 Unit, Boryeong/Boyoung Town, Phnom Penh, Cambodia