Legal

Terms of Use

Last updated: 28 May 2026

These Terms of Use govern access to and use of the Carabaas website, sandbox environment, application programming interfaces, hosted platform, administrative interface, documentation and related software and technology services made available by CEX.IO Ltd. trading as Carabaas.

Carabaas is a business-to-business software and infrastructure platform for self-controlled digital asset operations. It is not a consumer service. By accessing the Site, creating an account, creating a sandbox account, clicking to accept these Terms, signing an Order Form, using an API key, or otherwise using the Services, the Customer agrees to be bound by these Terms.

If you access or use the Services on behalf of a company or other legal entity, you represent that you have authority to bind that entity. In that case, “Customer”, “you” and “your” refer to that entity. If you do not have that authority, or if you do not agree to these Terms, you must not access or use the Services.

1. Definitions

1.1. In these Terms, the following expressions have the meanings set out below.

Account means the account, organisation, workspace, tenant, sandbox or other access environment created or made available to the Customer for use of the Services.

Affiliate means, in relation to a person, any entity that directly or indirectly controls, is controlled by, or is under common control with that person.

Applicable Law means all laws, statutes, regulations, regulatory rules, binding guidance, codes, orders, judgments and regulatory or governmental requirements applicable to a Party or to the relevant activity.

Authorised User means any employee, contractor, officer, consultant, agent or representative of the Customer or of a Customer Affiliate who is authorised by the Customer to access and use the Services on the Customer’s behalf.

Carabaas, Provider, we, us or our means CEX.IO Ltd., a company incorporated and registered in England and Wales with company number 08757996 and registered office at 78-79 Pall Mall, London, England, SW1Y 5ES, trading as Carabaas.

Carabaas Platform or Platform means the proprietary software-as-a-service platform, hosted services, APIs, administrative interface, documentation, MPC infrastructure, blockchain connectivity layer, webhook functionality, reporting functionality, sandbox environment, support services and related software and infrastructure made available by or on behalf of Carabaas.

Client-Facing Use means the Customer’s use of the Services to support services provided by the Customer to its own End Clients, where the Customer remains the contracting party, regulated entity, service provider and responsible operator in relation to those End Clients.

Confidential Information means information disclosed by or on behalf of one Party to the other in connection with these Terms or the Services that is marked confidential or that ought reasonably to be understood as confidential, including technical information, security materials, product architecture, pricing, Customer Data, Customer Cryptographic Materials, business information and non-public service information.

Cryptoasset means a cryptographically secured digital representation of value or rights that uses distributed ledger technology and can be transferred, stored or traded electronically.

Customer means the business entity or other legal person accessing or using the Services, creating an Account, entering into an Order Form, or otherwise accepting these Terms.

Customer Cryptographic Materials means any cryptographic key share, encrypted backup, wallet descriptor, recovery artefact, encrypted seed material, protocol-specific signing state or other cryptographic material of, or relating to, the Customer or its digital asset environment that is processed, stored or handled through the Services.

Customer Data means all data, records, files, configurations, instructions, policies, approvals, audit logs, transaction metadata, user data, API data, address data, webhook data and other information submitted to, generated through, stored in or processed by the Services by or on behalf of the Customer, excluding Provider Data.

Distribution Addendum means a written addendum, Order Form, reseller agreement, referral agreement, partnership agreement or other written authorisation signed or otherwise approved by Carabaas that expressly permits the Customer to distribute, resell, refer, market, white-label or otherwise make the Services available to third-party business customers.

Distributor means a Customer or other business partner authorised under a Distribution Addendum to distribute, resell, refer, market, white-label or otherwise make the Services available to third-party business customers.

Documentation means the technical, security, API, user, integration and operational documentation made available by Carabaas for the Services, as updated from time to time.

End Client means a customer, client, merchant, user or other third party to whom the Customer provides its own products or services using, integrating with or relying on the Services.

Fees means the subscription fees, usage-based fees, implementation fees, professional services fees, support fees and any other amounts payable for access to or use of the Services.

MPC means multi-party computation, a cryptographic technique for distributed signing in which multiple parties each hold a mathematical share of a private key and jointly produce signatures without any party holding the complete private key.

Order Form means an online order, subscription checkout, plan selection, written order form, statement of work, invoice, commercial schedule or other written or electronic order document accepted by Carabaas that identifies the Services, plan, term, Fees, usage limits, service configuration or other commercial terms applicable to the Customer.

Provider Data means all data, information, records, telemetry, logs, analytics, know-how and materials relating to the operation, security, performance, improvement and internal functioning of the Services, excluding Customer Data except to the extent aggregated or anonymised so that it does not identify the Customer, any Authorised User or any End Client.

Services means the Site, Carabaas Platform, sandbox environment, APIs, hosted services, administrative interface, Documentation, support, subscription services, professional services and any related products or services made available by Carabaas.

Site means the website available at carabaas.com and any related webpages, landing pages, portals or online properties operated by or on behalf of Carabaas.

Subscription Term means the term of the Customer’s subscription to the Services, as set out in the applicable Order Form or, where no separate term is specified, the monthly or annual subscription period selected by the Customer.

Terms means these Terms of Use, together with any Order Form, policy, schedule, addendum or document incorporated by reference.

1.2. In these Terms, references to “including” mean “including without limitation”. The singular includes the plural and vice versa. Headings are for convenience only and do not affect interpretation. References to written notice include email and in-platform notices.

2. Contract Structure and Order of Precedence

2.1. These Terms govern the Customer’s access to and use of the Services, including use of the Site, sandbox environment and any subscription purchased online or otherwise made available by Carabaas.

2.2. If the Customer enters into a separate written master services agreement, enterprise agreement, data processing agreement, Order Form, service level agreement or other signed agreement with Carabaas, that separate agreement shall govern the matters expressly covered by it. In the event of inconsistency, the following order of precedence shall apply, unless the relevant document expressly states otherwise:

  • a separately signed master services agreement or enterprise agreement;
  • the applicable Order Form;
  • any applicable data processing agreement or data protection addendum, solely in respect of the processing of personal data;
  • these Terms;
  • the Documentation; and
  • any website, marketing, FAQ or help-centre materials.

2.3. Website, marketing, FAQ and help-centre materials are provided for information only and do not override these Terms, any Order Form or any separately signed agreement.

2.4. These Terms do not include financial-sector outsourcing addenda, supervisory access terms, pooled audit provisions or customer-specific regulatory schedules. Any such additional terms apply only if expressly agreed in a separate written agreement signed or otherwise accepted by Carabaas.

3. B2B Eligibility and No Consumer Use

3.1. The Services are made available solely on a business-to-business basis. The Customer represents, warrants and undertakes on a continuing basis that it is accessing and using the Services exclusively in the course of its trade, business or profession and not as a consumer, retail user or individual acting in a personal capacity.

3.2. The Customer represents, warrants and undertakes that:

  • it is duly incorporated, validly existing and in good standing under the laws of its jurisdiction of incorporation or establishment;
  • it has full power, authority and all necessary corporate, internal, legal and regulatory approvals to enter into and perform these Terms;
  • it has obtained and shall maintain all licences, registrations, authorisations, approvals, permissions and consents required for its business, its use of the Services and any services it provides to its End Clients;
  • it shall use the Services solely for legitimate business purposes and in compliance with Applicable Law; and
  • all Authorised Users shall access and use the Services solely in a professional or business capacity.

3.3. Carabaas may refuse, suspend or terminate access to the Services where it reasonably believes that a person is acting as a consumer, is not authorised to act for the Customer, has provided inaccurate onboarding information, or is otherwise ineligible to use the Services.

4. Nature of the Services

4.1. Carabaas provides software, cryptographic tooling, APIs, hosted services and technology infrastructure that enable business customers to configure, administer and operate their own digital asset environment.

4.2. The Services may include, depending on the applicable subscription plan, Order Form, environment and configuration:

  • access to the hosted Platform and administrative interface;
  • sandbox or evaluation environments;
  • API access and integration functionality;
  • webhook notifications and event delivery;
  • organisation, tenant, vault, account, role and permission administration;
  • policy and approval workflow configuration;
  • transaction request creation and transaction workflow management;
  • transaction-specific MPC participation by Carabaas-controlled infrastructure components;
  • blockchain transaction broadcasting through Carabaas-managed connectivity layers;
  • balance, transaction history, reporting, audit trail and monitoring functionality;
  • backup, recovery and resilience functionality to the extent expressly included; and
  • support, implementation, integration, premium support or professional services where expressly included in an Order Form.

4.3. The Services are supplied as software, cryptographic tooling and infrastructure only. They are not supplied as custody, safeguarding, brokerage, exchange, payment, e-money, money transmission, investment, deposit-taking, trust, fiduciary, escrow, compliance, AML, sanctions screening, transaction monitoring, legal, tax or regulatory advisory services.

4.4. Carabaas does not, under these Terms or otherwise in connection with the Services:

  • hold any Cryptoasset of the Customer or any End Client in its own name, on its own account or on behalf of any person;
  • act as custodian, safekeeper, depositary, trustee, bailee, broker, dealer, exchange, money transmitter, payment institution, e-money institution, investment firm, credit institution or regulated financial service provider to the Customer or any End Client;
  • exercise independent signing authority, discretionary approval authority, transfer authority or unilateral control over any Cryptoasset;
  • generate, reconstruct, derive, export, access or use a complete private cryptographic key;
  • independently initiate, approve, reject, redirect, amend, cancel, reverse, freeze or otherwise dispose of Cryptoassets; or
  • perform AML, CFT, sanctions, customer due diligence, travel rule, transaction monitoring, suspicious activity reporting or other regulatory compliance functions for the Customer.

4.5. The Customer retains sole responsibility for, and sole control over, its governance model, transaction approval policies, access controls, internal authorisation procedures, regulatory compliance obligations, digital asset operations, and the custody or safeguarding of its own Cryptoassets and any Cryptoassets held, administered or otherwise dealt with by it for End Clients.

4.6. Nothing in these Terms shall be construed as creating a fiduciary, custody, trustee, agency, depositary, client asset, regulated outsourcing, safeguarding or regulated financial services relationship between Carabaas and the Customer or between Carabaas and any End Client.

5. Account Registration and Sandbox Access

5.1. To access certain Services, the Customer may be required to create an Account, request sandbox access, provide business contact information, provide information about its use case, verify its work email address, accept these Terms and satisfy Carabaas’ onboarding, security and eligibility requirements.

5.2. The Customer shall ensure that all information provided to Carabaas is accurate, complete, current and not misleading. The Customer shall promptly update Carabaas if any information materially changes.

5.3. Carabaas may require additional information before granting, continuing or expanding access to the Services, including information about the Customer’s legal entity, ownership, jurisdiction, business model, regulatory status, intended use case, End Client model, supported jurisdictions, technical environment, security controls and sanctions exposure.

5.4. Sandbox, pilot, proof-of-concept, beta, preview, evaluation or trial environments are provided for evaluation and testing only, unless Carabaas expressly agrees otherwise in writing. The Customer shall not use any sandbox, pilot, beta, preview or evaluation environment for production transactions, live customer operations, mainnet asset movements or regulated business activity unless expressly authorised in writing by Carabaas.

5.5. Carabaas may approve, reject, suspend, restrict or revoke sandbox or Account access at any time where reasonably necessary to protect the Services, comply with Applicable Law, prevent misuse, manage capacity, address security concerns, or enforce these Terms.

6. Subscription Plans, Orders and Commercial Terms

6.1. Access to production Services, premium features, usage allowances, support commitments and professional services may require a paid subscription or Order Form.

6.2. Each Order Form shall specify, as applicable:

  • the subscribed Services, modules, features and environments;
  • the Subscription Term;
  • the billing currency, billing frequency, subscription fee and any usage-based fees;
  • usage limits, transaction limits, API limits, network limits, vault limits, user limits or other plan limits;
  • implementation, onboarding, premium support or professional services fees;
  • supported blockchain networks, token standards and service locations;
  • production, sandbox, pilot or other environment details;
  • support arrangements and any applicable service level terms; and
  • any special commercial terms or deviations approved by Carabaas.

6.3. The Customer’s subscription is non-cancellable during the applicable Subscription Term except as expressly stated in these Terms or the applicable Order Form.

6.4. Unless otherwise stated in the applicable Order Form, subscription Fees are payable in advance, usage-based Fees are payable in arrears or at the intervals specified by Carabaas, and professional services Fees are payable as stated in the applicable Order Form or invoice.

6.5. If the Customer purchases a subscription through an online checkout, payment page or third-party payment processor, the Customer authorises Carabaas and its payment processor to charge the Customer’s selected payment method for all Fees, taxes and other amounts due at the billing frequency selected by the Customer or stated in the applicable Order Form.

6.6. The Customer shall maintain accurate billing information and a valid payment method. Failure to maintain a valid payment method or pay Fees when due may result in suspension or termination of access to the Services.

6.7. Unless expressly stated otherwise, all Fees are exclusive of VAT, sales tax, use tax, goods and services tax, withholding tax, stamp duty, digital services tax and any other applicable taxes, duties or governmental charges. The Customer is responsible for all taxes arising in connection with the Services, other than taxes imposed on Carabaas’ net income.

6.8. If Applicable Law requires the Customer to deduct or withhold tax from any payment to Carabaas, the Customer shall make the required deduction or withholding, pay it to the relevant authority, and increase the amount payable to Carabaas so that Carabaas receives the amount it would have received had no deduction or withholding been required, unless Carabaas is able to obtain a corresponding credit, relief or refund.

6.9. Except as expressly stated in these Terms or the applicable Order Form, Fees are non-refundable, non-cancellable and payable without set-off, counterclaim, deduction or withholding.

6.10. If the Customer fails to pay any amount when due, Carabaas may, without prejudice to any other rights or remedies:

  • charge interest on the overdue amount at the rate of four (4) per cent per annum above the Bank of England base rate, accruing daily from the due date until payment in full;
  • suspend access to the Services;
  • disable paid features, API access, production access or premium support;
  • withhold onboarding, implementation or professional services; and
  • recover reasonable costs of collection.

6.11. Chargebacks, payment disputes or payment reversals made without a good-faith basis constitute a material breach of these Terms. The Customer remains liable for all Fees, taxes, chargeback fees, processor fees and collection costs arising from the relevant transaction.

7. Renewal, Cancellation, Downgrades and Price Changes

7.1. Unless the applicable Order Form states otherwise, each paid subscription shall begin on the service commencement date and continue for the initial Subscription Term selected by the Customer or specified in the Order Form.

7.2. Unless the Customer cancels or gives notice of non-renewal in accordance with the applicable Order Form or the account cancellation process made available by Carabaas, each subscription shall automatically renew for successive periods equal to the expiring Subscription Term or for such renewal period as is specified in the applicable Order Form.

7.3. Unless the applicable Order Form states otherwise, the Customer must give at least thirty (30) days’ notice before the end of the then-current Subscription Term to prevent renewal.

7.4. Cancellation or non-renewal takes effect at the end of the then-current Subscription Term. The Customer shall not be entitled to a refund or credit for unused periods, downgrade requests, unused capacity, unused API calls, unused transaction allowances or unused support, except where expressly stated otherwise in the applicable Order Form.

7.5. Downgrades may result in loss of features, capacity, usage limits, integrations, support levels, reporting, retention functionality or other service elements. Carabaas is not liable for loss arising from any downgrade requested or implemented by the Customer.

7.6. Carabaas may change Fees, usage metrics, plan inclusions and pricing methodology for future subscription periods by giving notice before renewal or otherwise making the updated pricing available to the Customer. If the Customer does not agree to the revised Fees, the Customer may elect not to renew the affected subscription before the renewed term begins.

7.7. Carabaas may introduce new features, paid add-ons, usage limits, rate limits or service packages from time to time. Unless expressly stated otherwise, access to new features, additional capacity or premium support may require additional Fees.

8. Licence Grant

8.1. Subject to these Terms, the applicable Order Form, the Documentation, timely payment of all Fees and the Customer’s continued compliance with these Terms, Carabaas grants to the Customer, during the applicable Subscription Term, a limited, non-exclusive, non-transferable, non-sublicensable, revocable right to access and use the Services solely for the Customer’s internal business purposes and permitted Client-Facing Use.

8.2. The licence granted under Clause 8.1 permits the Customer to allow Authorised Users to access and use the Services on the Customer’s behalf, provided that:

  • access is limited to Authorised Users who require access for the Customer’s legitimate business purposes;
  • the Customer remains responsible and liable for all acts and omissions of Authorised Users as if they were acts and omissions of the Customer; and
  • the Customer ensures that all Authorised Users comply with these Terms, the Documentation and all applicable security and access-control requirements.

8.3. The Services are licensed, not sold. Except for the limited rights expressly granted under these Terms, no right, title or interest in or to the Services, Platform, Software, APIs, Documentation, MPC infrastructure or any Carabaas intellectual property is granted, assigned or transferred to the Customer.

8.4. All rights not expressly granted to the Customer are reserved by Carabaas and its licensors.

9. B2B Distribution, Resale and Client-Facing Use

9.1. Subject to these Terms and any applicable Order Form, the Customer may use the Services to support the Customer’s own products or services provided to End Clients, provided that such use remains Client-Facing Use and not an unauthorised resale, sublicence or distribution of the Services.

9.2. In any Client-Facing Use:

  • the contractual relationship with each End Client shall remain solely between the Customer and the relevant End Client;
  • Carabaas shall have no contractual, fiduciary, custody, regulatory, advisory or service-provider relationship with any End Client by reason only of the Customer’s use of the Services;
  • the Customer shall remain solely responsible for the legality, suitability, regulatory classification, consumer disclosures, financial promotions, marketing, onboarding, AML/CFT, sanctions screening, customer due diligence, travel rule compliance, transaction monitoring, record-keeping, complaint handling, tax reporting and all other obligations arising in connection with the Customer’s services to End Clients;
  • the Customer shall not represent that Carabaas acts as custodian, safekeeper, depositary, fiduciary, regulated intermediary, wallet provider, payment provider, exchange, broker, money transmitter, trust company or service provider to any End Client;
  • the Customer shall not represent that Carabaas has approved, endorsed, guaranteed, supervised or assumed responsibility for the Customer’s products, services, controls, risk disclosures, financial promotions, regulatory status or End Client terms;
  • the Customer shall be solely responsible for all End Client communications, onboarding, contractual terms, disclosures, support, complaints and regulatory reporting; and
  • the Customer shall ensure that all use of the Services in connection with End Clients complies with the Documentation, these Terms and Applicable Law.

9.3. The Customer shall not resell, distribute, market, white-label, sublicense, make available or otherwise commercially exploit the Services as a standalone product or service for any third-party business customer unless expressly authorised under a Distribution Addendum.

9.4. A Distribution Addendum is required for any arrangement under which the Customer or another partner:

  • markets, refers, introduces, resells or distributes Carabaas-branded services to third-party businesses;
  • offers the Services under a white-label, embedded, co-branded, powered-by or platform-as-a-service model;
  • grants or facilitates direct access to the Services, dashboard, sandbox, API, Documentation or support channels to a third-party business customer;
  • acts as a referral partner, channel partner, reseller, implementation partner, managed service provider or integration partner for the Services; or
  • receives referral fees, revenue share, commissions, rebates or other compensation linked to third-party subscriptions, introductions, usage or commercial activity involving the Services.

9.5. Unless expressly stated in a Distribution Addendum, a Distributor:

  • acts as an independent contractor and not as an agent, representative, broker, distributor with authority, partner, joint venturer, employee or fiduciary of Carabaas;
  • has no authority to bind Carabaas, vary these Terms, grant warranties, make commitments, provide discounts, approve onboarding, accept orders, settle claims or make regulatory statements on behalf of Carabaas;
  • shall not make any statement about the Services except statements expressly approved by Carabaas in writing or contained in current Carabaas-approved marketing materials;
  • shall comply with Carabaas’ brand, marketing, security, onboarding, referral and technical requirements notified from time to time;
  • shall ensure that all third-party business customers are approved by Carabaas before receiving direct access to the Services, unless the Distribution Addendum expressly states otherwise; and
  • shall not appoint sub-distributors, agents, introducers or resellers without Carabaas’ prior written consent.

9.6. A Distributor shall ensure that each third-party business customer or End Client, as applicable, receives and accepts legally enforceable terms that are no less protective of Carabaas than these Terms and that include, at a minimum:

  • clear disclosure that Carabaas is a software and infrastructure provider only;
  • no representation that Carabaas provides custody, safeguarding, financial services, compliance services or regulated services to that third party;
  • restrictions on unlawful use, reverse engineering, security testing, benchmarking, scraping, misuse, resale and circumvention;
  • blockchain network risk disclosures;
  • allocation of responsibility for regulatory status, licences, AML/CFT, sanctions, customer due diligence, consumer protection, financial promotions and End Client disclosures to the relevant customer or service provider and not to Carabaas;
  • limitations of liability, warranty disclaimers and indemnities in favour of Carabaas to the fullest extent permitted by Applicable Law; and
  • recognition that Carabaas may enforce the relevant provisions as an intended third-party beneficiary where necessary to protect the Services, its intellectual property, confidential information or legal position.

9.7. A Distributor shall not market or make the Services available:

  • to consumers or individuals acting in a personal capacity;
  • in any jurisdiction, sector or business model prohibited by Carabaas;
  • to any person subject to applicable sanctions or trade restrictions;
  • for unlawful, fraudulent, misleading, abusive, high-risk or prohibited activity;
  • in a manner that would require Carabaas to obtain a financial services, custody, payment, e-money, money transmission, trust, broker-dealer, investment, banking, AML or similar licence, registration or authorisation; or
  • in a manner that may materially increase legal, regulatory, security or reputational risk for Carabaas.

9.8. The Customer and any Distributor shall maintain complete, accurate and current records relating to its distribution, referral, marketing, End Client, onboarding and compliance activities involving the Services and shall provide reasonable information to Carabaas upon request to verify compliance with these Terms and any Distribution Addendum.

9.9. The Customer shall indemnify Carabaas, its Affiliates and their respective directors, officers, employees, contractors and agents against all losses, liabilities, damages, costs, expenses and claims arising out of or in connection with any Client-Facing Use, distribution, resale, referral, marketing, End Client relationship, unauthorised representation, regulatory breach, or allegation that Carabaas is responsible for the Customer’s or Distributor’s products, services, clients, marketing, licensing status or regulated activity.

10. Customer Responsibilities

10.1. The Customer is solely responsible, at its own cost and risk, for all decisions, actions and omissions relating to its use of the Services and for all activity conducted through its Account, organisation, workspace, vaults, policies, APIs, credentials and Authorised Users.

10.2. Without limitation, the Customer is solely responsible for:

  • determining, documenting, implementing and maintaining its own regulatory framework, regulatory perimeter analysis, governance arrangements, licences, registrations, authorisations, permissions and approvals required for the Customer to operate its business, including where the Customer provides or holds itself out as providing custody, safeguarding, wallet, cryptoasset, payment, money transmission, exchange, brokerage, investment, AML/CFT, sanctions, client asset or other regulated services to its End Clients; and
  • custody, safeguarding, control, segregation, reconciliation, protection and lawful management of its own Cryptoassets and any Cryptoassets held, administered or otherwise dealt with by it for End Clients;
  • the accuracy, completeness, legality and integrity of all Customer Data, instructions, policies, approvals, configurations, wallet parameters, destination data, address book entries and other information submitted to, processed by or generated through the Services;
  • establishing, maintaining and operating its governance model for use of the Services, including approval workflows, quorum rules, role assignments, segregation of duties, authorisation thresholds and approval logic;
  • selecting, appointing, training, supervising and removing Authorised Users, administrators, operators, approvers, viewers, security officers, unsealers and other persons granted access to or authority within the Services;
  • securing its infrastructure, systems, devices, endpoints, browsers, credentials, API keys, authentication mechanisms, identity and access-management systems, networks and operational procedures;
  • generating, protecting, retaining, backing up, recovering and securely handling the Customer’s own MPC shares, recovery credentials, decryption materials, backup artefacts and Customer Cryptographic Materials under its control;
  • initiating, validating and periodically testing backup, business continuity, disaster recovery, recovery and exit procedures in respect of the Services and the Customer’s Cryptoassets;
  • the legality, content, destination, amount, fee parameters, timing and purpose of any transaction, message, API call, instruction, address or transfer request initiated by or on behalf of the Customer through the Services;
  • ensuring that all approvals, instructions and authorisations submitted through the Services are valid, duly authorised and compliant with the Customer’s internal governance and Applicable Law;
  • maintaining sufficient internal records to evidence the basis on which transactions and other actions are approved and undertaken through the Services; and
  • obtaining professional legal, regulatory, tax, accounting, technical, risk and security advice as it considers necessary.

10.3. Carabaas is entitled to rely on the validity and authenticity of any instruction, approval, request, transaction, configuration change or other action made through the Services using the Customer’s credentials, access rights, approval workflows, API keys or other access-control mechanisms unless and until the Customer has notified Carabaas of a compromise or other issue affecting them.

10.4. Carabaas has no responsibility to monitor or assess the Customer’s compliance with Applicable Law, the suitability of any transaction or destination, the appropriateness of any governance configuration, the authority of any person acting for the Customer, the lawfulness of the Customer’s business model, or the adequacy of the Customer’s regulatory framework, licensing, registration, authorisation, custody, safeguarding, client asset, AML/CFT, sanctions or other regulated-service arrangements except to the extent expressly agreed in writing. .

11. Customer Cryptographic Materials and Recovery

11.1. To the extent contemplated by the applicable plan, Order Form or Documentation, the Services may process or host encrypted Customer Cryptographic Materials and related protocol-specific signing state required for operation of the Services.

11.2. Any such processing or hosting is performed solely as a software, data-hosting, resilience or technology infrastructure function and does not constitute custody, safekeeping, administration or safeguarding of any Cryptoasset.

11.3. Carabaas shall not have unilateral technical means to decrypt, reconstruct, export or independently use any Customer Cryptographic Materials or any complete private cryptographic key.

11.4. The Customer shall remain solely responsible for preserving, protecting, testing and maintaining its own backup, recovery credentials, decryption materials, recovery procedures and continuity arrangements necessary to recover Customer Cryptographic Materials and restore its own signing capability independently of Carabaas.

11.5. Nothing in these Terms confers on Carabaas any right, title, interest, authority or practical ability to use, sign with, transfer, dispose of, encumber or otherwise deal with any Cryptoasset.

11.6. Carabaas shall have no liability for loss arising from the Customer’s failure to maintain, protect or test backup, recovery, decryption, authorisation or continuity arrangements.

12. API Access, Webhooks and Technical Integrations

12.1. API access, webhook functionality and other technical integrations are provided subject to the Documentation, applicable rate limits, authentication requirements, security controls and usage restrictions notified by Carabaas.

12.2. The Customer shall protect all API keys, signing credentials, webhook secrets, private credentials, access tokens, certificates and integration secrets and shall not share them except in accordance with its internal controls and the Documentation.

12.3. The Customer is solely responsible for its integration code, API calls, webhook endpoints, endpoint availability, message processing, retry logic, validation of webhook signatures, transaction reconciliation and downstream systems.

12.4. Carabaas may impose, change or enforce rate limits, usage limits, capacity controls, authentication requirements, IP allowlisting, whitelisting, security controls or other technical restrictions where reasonably necessary to protect the Services, manage capacity, prevent abuse, address security risks, or enforce the applicable plan.

12.5. The Customer shall not use the API or webhook functionality in a manner that overloads, disrupts, degrades, bypasses, scrapes, probes, reverse engineers, stress tests or otherwise interferes with the Services.

13. Restrictions on Use

13.1. The Customer shall not, and shall ensure that its Authorised Users, Affiliates, contractors, agents, Distributors and any person acting on its behalf do not, directly or indirectly:

  • access or use the Services in any manner that is unlawful, fraudulent, deceptive, misleading or otherwise in breach of Applicable Law;
  • access or use the Services in a manner that would cause Carabaas to breach Applicable Law or incur legal, regulatory, security or reputational risk;
  • resell, sublicense, lease, rent, timeshare, distribute, assign, bureau-host, outsource, white-label or otherwise make the Services available to any third party except as expressly permitted under these Terms or a Distribution Addendum;
  • copy, reproduce, modify, adapt, translate, create derivative works from, frame, mirror, republish, download, display, transmit or distribute any part of the Services except as expressly permitted;
  • reverse engineer, decompile, disassemble or otherwise attempt to derive source code, underlying ideas, algorithms, cryptographic protocols, data structures, trade secrets or proprietary know-how from any part of the Services;
  • circumvent, disable, interfere with or compromise any authentication measure, security control, access restriction, rate limit, licence control or protective mechanism;
  • probe, scan, test or assess the vulnerability, performance or security of the Services, or conduct penetration testing, vulnerability assessment, benchmarking, comparative analysis or other technical evaluation without Carabaas’ prior written consent;
  • publish, disclose or provide to any third party, including any competitor, benchmark results, performance data, comparative analysis, technical findings or evaluation results relating to the Services without Carabaas’ prior written consent;
  • use the Services to build, train, improve or validate any competing product or service, or to develop, test, train or fine-tune any artificial intelligence, machine learning or similar model, system or dataset, without Carabaas’ prior written consent;
  • interfere with, overload, impair or disrupt the integrity, performance or proper operation of the Services or related systems or networks;
  • upload, introduce, transmit or make available through the Services any virus, malware, trojan, worm, logic bomb, ransomware, spyware or other malicious code or harmful material;
  • use the Services in connection with unlawful market conduct, market abuse, insider dealing, sanctions evasion, money laundering, terrorist financing, fraud, scams, ransomware, darknet activity or other illegal activity;
  • impersonate any person or entity, misrepresent identity or affiliation, or falsify any transaction, instruction, approval, audit record or operational record;
  • use the Services to operate or support any exchange, brokerage, dealing, payment, money transmission, investment, custody, safeguarding or other regulated activity unless the Customer is duly authorised to do so under all Applicable Laws and remains fully responsible for such activity;
  • remove, obscure or alter any copyright notice, trade mark, proprietary notice or other notice appearing in or on the Services or Documentation;
  • use the Services in a manner inconsistent with the Documentation or the service characterisation set out in these Terms; or
  • use the Services for any prohibited jurisdiction, prohibited person, prohibited business or prohibited activity notified by Carabaas from time to time.

13.2. Any breach of this Clause 13 constitutes a material breach of these Terms and may result in immediate suspension or termination.

14. Security Obligations

14.1. Carabaas shall implement and maintain appropriate administrative, technical and organisational measures designed to protect the confidentiality, integrity and availability of the Provider-controlled elements of the Services.

14.2. The Customer acknowledges that the Services operate on a shared-responsibility basis. Carabaas is responsible only for Provider-controlled components of the Services. The Customer is responsible for Customer-controlled environments, users, roles, policy settings, customer-side cosigners, endpoints, devices, credentials, integrations, identity providers, networks and operational controls.

14.3. The Customer shall:

  • implement and maintain appropriate security measures in its own environment;
  • use strong authentication and access controls;
  • grant access on a least-privilege and need-to-know basis;
  • promptly revoke access for persons who no longer require it;
  • protect API keys, credentials, recovery materials and Customer Cryptographic Materials;
  • monitor activity within its Account;
  • maintain incident response and recovery procedures appropriate to its use of the Services; and
  • promptly notify Carabaas of any actual or suspected unauthorised access, credential compromise, security incident, misuse or material vulnerability affecting the Services or the Customer’s use of the Services.

14.4. Nothing in these Terms is a warranty that the Services will be immune from all security threats, vulnerabilities, incidents or unlawful attacks.

15. Platform Changes, Maintenance and Support

15.1. Carabaas may update, upgrade, modify, enhance, patch, replace, suspend, deprecate or discontinue any part of the Services from time to time, including the software, APIs, administrative interface, supported networks, integrations, features, Documentation and infrastructure.

15.2. Carabaas may perform scheduled or emergency maintenance. Emergency maintenance may be carried out without prior notice where reasonably necessary to protect security, integrity, availability or lawful operation of the Services.

15.3. Carabaas shall use commercially reasonable efforts to avoid materially reducing the core functionality of paid production Services during the applicable Subscription Term, except where a change is required or justified by Applicable Law, security necessity, product lifecycle management, third-party dependency changes, blockchain network conditions, deprecation of unsupported technology, or the Customer’s breach of these Terms.

15.4. Unless a separate service level agreement applies, the Services are provided on an “as is” and “as available” basis, and Carabaas does not guarantee uninterrupted availability, error-free operation, successful transaction confirmation, blockchain settlement or availability of any public blockchain network.

15.5. Support is provided in accordance with the applicable plan, Order Form, support policy or Documentation. Unless expressly agreed otherwise, support does not include custom development, bespoke integrations, support for Customer-controlled systems, legal or regulatory advice, AML/CFT support, transaction monitoring, on-site support or support for unauthorised modifications.

16. Third-Party Services and Blockchain Networks

16.1. The Services may interoperate with or depend on third-party services, infrastructure, cloud providers, payment processors, communications providers, node providers, identity providers, wallet infrastructure, blockchain networks, validators, miners, bridges, or other third-party systems.

16.2. Public blockchain networks are decentralised, autonomous and third-party systems not owned, operated or controlled by Carabaas. Carabaas does not represent, warrant or undertake that any blockchain network will remain available, functional, secure, stable, interoperable or economically viable, or that any transaction will be confirmed, finalised, settled or processed within any particular timeframe or at all.

16.3. Carabaas is not liable for any loss, damage, delay, cost or other consequence arising out of or in connection with blockchain network conditions, including congestion, forks, chain splits, reorganisations, halts, consensus failures, validator outages, fee spikes, smart-contract defects, protocol defects, network upgrades or other events affecting a public blockchain network.

16.4. Once a transaction has been validly signed and broadcast to the relevant blockchain network, Carabaas has no ability to cancel, reverse, rebroadcast, fee-adjust, alter or otherwise control the treatment of that transaction by the relevant network.

16.5. The risk of blockchain network behaviour, transaction finality, confirmation timing, asset value, asset liquidity, asset legal status, gas fees, network fees and protocol conditions remains solely with the Customer.

17. Data Protection and Privacy

17.1. Each Party shall comply with its respective obligations under applicable data protection laws in connection with these Terms.

17.2. Carabaas’ processing of personal data for its own website, marketing, billing, account administration, service security, legal compliance and general business administration purposes is described in the Carabaas privacy notice or other privacy materials made available by Carabaas from time to time.

17.3. To the extent Carabaas processes personal data on behalf of the Customer as a processor in connection with the Services, the Customer and Carabaas shall enter into, or shall be deemed to incorporate, the data processing agreement or data protection addendum made available by Carabaas, unless the Parties have signed a separate data processing agreement.

17.4. The Customer warrants and undertakes that it has all necessary rights, lawful bases, notices, consents and permissions required for Carabaas to process Customer Data and personal data in accordance with these Terms.

17.5. The Customer shall not use the Services to store or process special category personal data, criminal offence data, government identity documents, payment card data, seed phrases, complete private keys or other highly sensitive data unless expressly agreed in writing by Carabaas.

17.6. The Customer acknowledges the public and potentially immutable nature of blockchain networks and shall not knowingly place personal data into on-chain fields, notes, labels or transaction content unless it has separately assessed the legal implications and determined that such use is lawful and strictly necessary.

18. Customer Data

18.1. As between the Parties, the Customer retains all right, title and interest in and to Customer Data and Customer Cryptographic Materials.

18.2. The Customer grants Carabaas a non-exclusive, worldwide, royalty-free licence to host, copy, store, transmit, process, use and display Customer Data and Customer Cryptographic Materials solely to the extent necessary to:

  • provide, operate, maintain, secure and support the Services;
  • perform these Terms and any Order Form;
  • prevent, detect, investigate and remediate fraud, abuse, security incidents or technical issues;
  • comply with Applicable Law, court orders and lawful governmental or regulatory requests; and
  • generate aggregated or anonymised operational, statistical or analytical information, provided that it does not identify the Customer, any Authorised User or any End Client.

18.3. The Customer is solely responsible for the accuracy, quality, integrity, legality, reliability and appropriateness of Customer Data and for maintaining copies, backups and records necessary for its business, legal and regulatory purposes.

18.4. Following termination or expiry of the applicable Services, Carabaas may delete Customer Data in accordance with its standard retention and deletion processes, subject to any retrieval period, backup cycle, legal retention requirement or separate written agreement applicable to the Customer.

19. Confidentiality

19.1. Each Party shall keep the other Party’s Confidential Information confidential and shall protect it using at least reasonable care.

19.2. A receiving Party shall use the disclosing Party’s Confidential Information solely to perform its obligations or exercise its rights under these Terms and shall not disclose it to any third party except to its Affiliates, employees, officers, contractors, professional advisers, service providers and representatives who need to know it and are subject to confidentiality obligations no less protective than those set out in these Terms.

19.3. Confidentiality obligations do not apply to information that the receiving Party can demonstrate is publicly available other than through breach, was lawfully known before disclosure, is lawfully received from a third party without confidentiality restrictions, or is independently developed without use of the disclosing Party’s Confidential Information.

19.4. A Party may disclose Confidential Information to the extent required by Applicable Law, a court, regulator, governmental authority or stock exchange rule, provided that, where legally permitted, it gives prompt notice and reasonable cooperation to the disclosing Party.

19.5. The confidentiality obligations in this Clause 19 survive termination for five years, except in respect of trade secrets, Customer Cryptographic Materials and information that by its nature should remain confidential for longer, in which case the obligations continue for so long as the information remains confidential.

20. Intellectual Property and Feedback

20.1. Carabaas and its licensors own and retain all right, title and interest in and to the Services, Platform, Site, software, APIs, Documentation, user interface, workflows, product design, technical architecture, MPC infrastructure, Provider Data, methodologies, processes, templates, know-how, trade secrets, improvements, updates, modifications, derivative works and all related intellectual property rights.

20.2. Except for the limited licence expressly granted to the Customer, the Customer acquires no right, title or interest in or to the Services or any Carabaas intellectual property.

20.3. If the Customer or any Authorised User provides suggestions, ideas, enhancement requests, recommendations, corrections, improvement proposals, comments or other feedback relating to the Services, Carabaas may use, reproduce, modify, develop, commercialise and otherwise exploit that feedback for any purpose without restriction, attribution or compensation.

20.4. The Customer shall not use the Carabaas name, logo, trade mark, domain name or other brand feature without Carabaas’ prior written consent, except to the limited extent expressly permitted in a Distribution Addendum or brand guidelines issued by Carabaas.

20.5. Carabaas shall not publish a press release, case study or public customer reference identifying the Customer without the Customer’s prior consent, except where the Customer has expressly opted into a public reference programme or the use is otherwise permitted in the applicable Order Form.

21. Website Content and Marketing Materials

21.1. The Site and related materials are provided for general business information only. They do not constitute financial, investment, legal, tax, accounting, regulatory, custody, safeguarding, security or technical advice.

21.2. Carabaas may update, correct, withdraw or modify website content, product descriptions, use cases, network lists, feature lists, roadmap information and marketing materials at any time.

21.3. Any statements concerning supported networks, features, integrations, security functionality, deployment models, recovery functionality, service levels, support or compliance alignment are subject to the applicable plan, Order Form, Documentation, technical configuration and separate written agreement.

21.4. The Customer shall not rely on website materials as a substitute for its own legal, regulatory, technical, security, financial, tax or operational assessment.

21.5. While we use reasonable care to keep the Site content accurate and up to date, the Site content may be incomplete, may contain errors or omissions, and may become out of date. To the fullest extent permitted by Applicable Law, no warranty, representation, condition or undertaking is given as to the accuracy, completeness, timeliness, reliability, non-infringement or fitness for any purpose of the Site Content, and Carabaas shall have no liability arising from any reliance on the Site content.

21.6. The Site may contain links to third-party websites, materials or resources that are not owned or controlled by us. We do not endorse and are not responsible for the content, accuracy, availability, security, privacy practices, terms, or business practices of any third-party websites or resources. Access to any third-party website or resource is at the Customer’s own risk, and the Customer is solely responsible for reviewing and complying with any third-party terms and policies.

21.7. Carabaas may, at any time and in its discretion, modify, suspend, discontinue, remove, or restrict access to the Site or any Site content, with or without notice, including to reflect product lifecycle changes, security considerations, operational requirements, changes in third-party dependencies, capacity constraints, or Applicable Law.

22. Representations and Warranties

22.1. Each Party represents and warrants that:

  • it has the power and authority to enter into and perform these Terms;
  • its entry into and performance of these Terms do not materially violate Applicable Law or any agreement by which it is bound; and
  • it shall comply with Applicable Law in performing these Terms.

22.2. The Customer represents, warrants and undertakes that:

  • it has obtained and shall maintain all licences, registrations, authorisations, approvals, permissions and internal consents necessary to receive and use the Services and carry on its business lawfully;
  • its receipt and use of the Services and all activities carried out by it through or in connection with the Services shall comply with Applicable Law and these Terms;
  • it is and shall remain solely responsible for its legal and regulatory obligations in connection with its business, End Clients, Cryptoassets, client assets and use of the Services;
  • all Customer Data, instructions, approvals, transactions, policy settings, governance rules, wallet configurations, destination data and other inputs submitted to or generated through the Services shall be accurate, complete, lawful and appropriately authorised; and
  • it shall not represent that Carabaas is acting as custodian, safekeeper, depositary, fiduciary or provider of regulated financial services to the Customer or any End Client.

22.3. Carabaas represents and warrants that it will provide paid production Services with reasonable skill and care, subject to these Terms, the Documentation, any applicable Order Form and any permitted maintenance, updates, limitations, exclusions and dependencies.

23. Disclaimer

23.1. Except as expressly set out in these Terms or a separately signed agreement, and to the fullest extent permitted by Applicable Law, the Services are provided on an “as is” and “as available” basis and Carabaas gives no representation, warranty, condition or undertaking of any kind, whether express, implied, statutory or otherwise.

23.2. Carabaas expressly disclaims all implied warranties, conditions and other terms, including as to merchantability, satisfactory quality, fitness for a particular purpose, non-infringement, uninterrupted availability, error-free operation, security against all threats, suitability for any regulatory perimeter, or compatibility with any business model, operational environment, third-party system or blockchain network.

23.3. Without limitation, Carabaas does not represent or warrant that:

  • the Services will be uninterrupted, secure, free from defects or available at all times;
  • the Services will meet all of the Customer’s requirements or be suitable for the Customer’s legal, regulatory, prudential, operational or commercial circumstances;
  • any public blockchain network will remain available, secure, stable, interoperable or economically viable;
  • any transaction initiated, signed, submitted or broadcast through the Services will be confirmed, finalised, settled or processed by any blockchain network within any particular timeframe or at all;
  • the Customer’s use of the Services will satisfy any legal or regulatory obligation applicable to the Customer; or
  • the Services will prevent fraud, internal misconduct, unauthorised instructions, mistaken transfers, phishing, social engineering, governance failures or operational errors by or affecting the Customer.

23.4. The Customer acknowledges that digital asset operations involve substantial risks, including loss of assets, irreversible transactions, governance failures, market volatility, network failures, cyber incidents, smart-contract vulnerabilities, legal uncertainty and operational errors. The Customer assumes those risks in connection with its use of the Services.

24. Limitation of Liability

24.1. Nothing in these Terms excludes or limits liability for death or personal injury caused by negligence, fraud or fraudulent misrepresentation, wilful misconduct, wilful default, or any liability that cannot lawfully be excluded or limited.

24.2. Subject to Clause 24.1, Carabaas shall not be liable, whether in contract, tort, negligence, breach of statutory duty, misrepresentation, restitution or otherwise, for:

  • loss of profit, revenue, income, business, contracts, anticipated savings, goodwill or reputation;
  • loss of opportunity, loss of use, loss of production or business interruption;
  • loss, corruption or restoration of data, except to the extent caused by Carabaas’ breach of a mandatory legal duty that cannot be excluded;
  • loss of Cryptoassets, loss of value, loss of access, misdirected transactions, failed transactions, delayed transactions or irreversible transactions;
  • indirect, consequential, incidental, special, exemplary or punitive loss or damage; or
  • any loss arising from circumstances for which the Customer is responsible under these Terms.

24.3. Subject to Clause 24.1, Carabaas shall not be liable for any loss, damage, liability, cost or expense arising out of or in connection with:

  • blockchain network conditions;
  • fluctuation in the value, liquidity, marketability or legal or regulatory treatment of any Cryptoasset;
  • any act, omission, instruction, approval, configuration, policy setting, wallet set-up, governance arrangement or decision made by or on behalf of the Customer;
  • Customer-controlled systems, credentials, devices, infrastructure, recovery arrangements, personnel, contractors, third-party tools or integrations;
  • unauthorised access caused by the Customer’s failure to secure credentials, devices, API keys, authentication controls or recovery materials;
  • use of the Services in breach of these Terms, the Documentation or Applicable Law;
  • unsupported integrations, unauthorised modifications or failure to implement updates, patches, mitigations or workarounds made available or recommended by Carabaas; or
  • lawful suspension or termination of the Services.

24.4. Subject to Clauses 24.1, 24.2 and 24.3, Carabaas’ aggregate liability arising out of or in connection with these Terms, any Order Form and the Services shall not exceed:

  • in respect of paid Services, the total Fees paid or payable by the Customer for the affected Services in the twelve months immediately preceding the event giving rise to the claim; or
  • in respect of free, sandbox, trial, beta, preview or evaluation Services, one hundred pounds sterling.

24.5. The limitations and exclusions in this Clause 24 apply in the aggregate and not on a per-claim, per-incident, per-user or per-service basis and apply notwithstanding any failure of essential purpose of any limited remedy.

24.6. The Customer acknowledges that the Fees reflect the allocation of risk on the basis that blockchain network risk, market risk, custody risk, client asset risk, regulatory risk and the Customer’s own operational risk remain with the Customer.

25. Indemnities

25.1. The Customer shall indemnify, defend and hold harmless Carabaas, its Affiliates and their respective directors, officers, employees, contractors and agents from and against all losses, liabilities, damages, costs, expenses and claims, including reasonable legal fees, arising out of or in connection with:

  • the Customer’s breach of these Terms;
  • the Customer’s failure to obtain or maintain any licence, registration, authorisation, approval or permission required for its business or lawful use of the Services;
  • any claim by an End Client or other third party arising from the Customer’s business, products, services, marketing, regulated activity or use of the Services;
  • custody, safeguarding, transfer, loss, impairment, unavailability, misdirection or recovery of any Cryptoasset by or for the Customer or any End Client;
  • Customer Data, Customer Cryptographic Materials, instructions, approvals, transactions, configurations or other inputs provided, uploaded, initiated or authorised by or on behalf of the Customer;
  • any allegation that Carabaas is acting as custodian, safekeeper, depositary, fiduciary or provider of regulated financial services to the Customer or any End Client, to the extent arising from any statement, representation, conduct or omission of the Customer or any person acting on its behalf;
  • the Customer’s breach of Applicable Law, including AML/CFT, sanctions, licensing, client asset, consumer protection, financial promotion, privacy or data protection laws; and
  • infringement or alleged infringement of third-party rights arising from Customer Data or from the Customer’s use of the Services otherwise than in accordance with these Terms.

25.2. Carabaas shall indemnify the Customer against any final award of damages or settlement amount payable to a third party arising from a claim that the Customer’s authorised use of paid production Services in accordance with these Terms infringes that third party’s intellectual property rights.

25.3. Carabaas shall have no liability under Clause 25.2 to the extent the claim arises from:

  • modification to the Services not made or authorised by Carabaas;
  • combination of the Services with software, hardware, data, network, system or service not supplied or approved by Carabaas;
  • use of the Services other than in accordance with these Terms or the Documentation;
  • Customer Data, Customer Cryptographic Materials or other materials, instructions or inputs provided by or on behalf of the Customer; or
  • the Customer’s failure to implement an update, modification or replacement made available by Carabaas to avoid or mitigate the alleged infringement.

25.4. If the Services become, or in Carabaas’ reasonable opinion are likely to become, the subject of an infringement claim, Carabaas may procure the right for the Customer to continue using the affected Services, modify or replace the affected Services so that they become non-infringing without materially reducing their core functionality, or terminate the affected Services and refund prepaid Fees for the unused part of the then-current Subscription Term.

25.5. This Clause 25 sets out Carabaas’ sole and exclusive liability, and the Customer’s sole and exclusive remedy, in respect of infringement claims.

26. Suspension

26.1. Carabaas may suspend all or any part of the Services, with immediate effect or with such notice as the circumstances reasonably permit, where:

  • the Customer is in breach of these Terms;
  • the Customer fails to pay Fees when due;
  • Carabaas reasonably believes that continued provision of the Services would create a material risk to security, integrity, availability or lawful operation of the Services or any Carabaas environment;
  • Carabaas reasonably believes that the Services are being used unlawfully, fraudulently, misleadingly, abusively or in breach of Applicable Law;
  • suspension is required by Applicable Law, court order, governmental request, regulator, law enforcement authority or sanctions requirement;
  • Carabaas reasonably considers suspension necessary to contain, investigate, remediate or prevent a security incident, operational incident, data compromise, service abuse or other material threat; or
  • the Customer’s use exceeds applicable plan limits, rate limits, security thresholds or technical restrictions.

26.2. Carabaas shall use reasonable efforts, where practicable, to limit the scope and duration of a suspension and to restore the affected Services once the grounds for suspension have been resolved.

26.3. Suspension does not relieve the Customer of its obligation to pay Fees where the suspension arises from the Customer’s act, omission, breach, systems, personnel, environment or use of the Services.

26.4. Carabaas shall not be liable for loss, delay, interruption or unavailability arising from a suspension implemented in accordance with these Terms.

26.5. Suspension of the Services shall not cancel, pause, extend or otherwise modify the applicable Subscription Term, Order Form, billing cycle, renewal date, usage limits or the Customer’s obligation to pay Fees, except to the extent expressly agreed in writing by Carabaas or required by Applicable Law.

26.6 Where the suspension arises from the Customer’s breach of these Terms, non-payment, suspected unlawful use, security risk, sanctions risk, misuse of the Services, Customer-controlled systems, Customer personnel, Authorised Users, Distributors, End Clients or any other circumstance within the Customer’s responsibility, all Fees shall continue to accrue and remain payable during the suspension period, and the Customer shall not be entitled to any refund, credit, service credit, extension of term or other compensation in respect of the suspension.

26.7 Where the suspension is implemented solely for reasons within Carabaas’ control and not due to any act, omission, breach, risk, systems, use case or circumstance attributable to the Customer, Carabaas may, as the Customer’s sole financial remedy, provide a prorated service credit for the affected paid Services for the period of suspension, unless the applicable Order Form or service level agreement provides a different remedy.

27. Termination and Effect of Termination

27.1. Either Party may terminate these Terms or any affected Order Form if the other Party commits a material breach and, where capable of remedy, fails to remedy it within thirty days after written notice requiring it to do so.

27.2. Carabaas may terminate these Terms or any affected Services immediately by notice if:

  • the Customer fails to pay Fees and such failure continues for thirty days after notice;
  • the Customer breaches the eligibility, licence, restricted use, distribution, sanctions, security, confidentiality or regulatory responsibility provisions of these Terms;
  • Carabaas is required to do so by Applicable Law, sanctions, court order or governmental, law enforcement or regulatory request;
  • continued provision of the Services would cause Carabaas to breach Applicable Law or materially increase legal, regulatory, security or reputational risk; or
  • the Customer becomes insolvent, enters liquidation, administration, receivership or an analogous process, ceases business, or is subject to a legal restriction materially preventing continued performance.

27.3. Upon termination or expiry of the applicable Services:

  • the Customer’s right to access and use the affected Services shall cease;
  • the Customer shall cease all use of the affected Services, except to the limited extent permitted under Clauses 27.9 to 27.12 for post-termination data retrieval and transition;
  • all Fees and other amounts accrued up to the effective date of termination shall become immediately payable;
  • each Party shall return or destroy Confidential Information of the other Party upon request, subject to legal retention requirements and routine backup cycles;
  • Carabaas may delete Customer Data in accordance with these Terms and its retention processes; and
  • provisions intended by their nature to survive shall continue in force, including provisions relating to regulatory characterisation, customer responsibilities, payment, confidentiality, intellectual property, disclaimers, limitation of liability, indemnities, governing law and dispute resolution.

27.4. Termination or expiry is without prejudice to rights, remedies, obligations or liabilities accrued before termination or expiry.

27.5 If the Customer terminates for convenience, cancels renewal, downgrades, ceases to use the Services, or elects not to renew the Services, the subscription shall continue until the end of the then-current Subscription Term unless Carabaas agrees otherwise in writing. The Customer shall remain liable for all Fees for the then-current Subscription Term and shall not be entitled to any refund, credit or reduction for unused Services, unused capacity, unused API calls, unused transaction allowances, unused support or early cessation of use.

27.6 If Carabaas terminates these Terms, an Order Form or any affected Services due to the Customer’s breach, non-payment, unlawful use, sanctions risk, security risk, misuse of the Services, unauthorised distribution, or other circumstance within the Customer’s responsibility, all unpaid Fees for the remainder of the then-current Subscription Term shall become immediately due and payable, and any prepaid Fees shall be non-refundable.

27.7 If the Customer validly terminates an affected paid subscription for Carabaas’ uncured material breach in accordance with Clause 27.1, the Customer’s sole financial remedy in respect of prepaid Fees shall be a prorated refund or credit for the unused portion of the affected paid Services after the effective date of termination. No refund or credit shall be due in respect of any period before the effective date of termination, any Services not affected by the breach, any usage-based Fees already incurred, or any professional services already performed.

27.8 If termination is required by Applicable Law, court order, governmental authority, sanctions requirement or regulatory direction, the consequences for the subscription shall depend on the cause of the termination. Where the termination arises from the Customer’s business, regulatory status, use of the Services, jurisdiction, End Clients, sanctions exposure, breach or other circumstance within the Customer’s responsibility, Clause 27.6 shall apply. Where the termination arises solely from Carabaas’ inability to continue providing the Services lawfully for reasons not attributable to the Customer, Carabaas may provide a prorated refund or credit for prepaid Fees relating to the unused portion of the affected paid Services, unless prohibited by Applicable Law.

27.9 Following termination or expiry of the applicable Services, the Customer shall have a period of thirty (30) days from the effective date of termination or expiry to export, collect, retrieve or otherwise migrate Customer Data and any Customer-controlled configuration records made available through the Services, to the extent such data and records remain available in the ordinary functionality of the Services or are otherwise made available by Carabaas for retrieval. During this period, Carabaas may provide limited access to the affected Services or to a data export mechanism solely for the purpose of data retrieval and orderly transition, and not for continued production use, new transaction activity, onboarding of new users, creation of new wallets, expansion of usage, or any other operational use of the Services.

27.10 The Customer is solely responsible for completing any export, retrieval, migration, backup or transition of Customer Data, Customer Cryptographic Materials, configuration records, audit records and related materials within the thirty (30) day period referred to in Clause 27.9. Carabaas may provide reasonable transition support during that period in accordance with the applicable Order Form, Documentation and then-current support arrangements, provided that any professional services, bespoke migration assistance, custom export, extended access, technical assistance outside standard support, or assistance requested after expiry of the thirty (30) day period may be subject to additional Fees and separate written agreement.

27.11 After expiry of the thirty (30) day post-termination retrieval period, Carabaas may disable access to the affected Services and may delete, anonymise or retain Customer Data, Customer Cryptographic Materials and related records in accordance with these Terms, the applicable data processing addendum, Carabaas’ standard retention and deletion procedures, backup cycles, and Applicable Law. Carabaas shall not be liable for any loss arising from the Customer’s failure to export, collect, retrieve or migrate such data or materials within the applicable retrieval period.

27.12 The post-termination retrieval period does not extend the Subscription Term, revive any licence, create any right to continued production use of the Services, suspend payment obligations, or entitle the Customer to any refund, credit, service credit or other compensation.

28. Sanctions, Export Controls and Anti-Bribery

28.1. The Customer shall comply with all Applicable Law relating to sanctions, export controls, anti-bribery and anti-corruption in connection with the Services.

28.2. The Customer represents and warrants on a continuing basis that neither it, nor any person owning or controlling it, nor any Authorised User, Distributor or End Client receiving access to or benefit from the Services, is subject to applicable sanctions or trade restrictions.

28.3. The Customer shall not access, use, export, re-export, transfer or otherwise make available the Services in breach of applicable sanctions, export control, anti-bribery or anti-corruption laws.

28.4. Carabaas may suspend or terminate the Services immediately if required by Applicable Law or if Carabaas reasonably considers that continued provision of the Services would expose it to sanctions, export control, anti-bribery, anti-corruption or related legal risk.

29. Changes to these Terms

29.1. Carabaas may update these Terms from time to time by posting an updated version on the Site, notifying the Customer by email, providing in-platform notice, or otherwise making the updated Terms available.

29.2. Updated Terms shall take effect on the date stated in the notice or, if no date is stated, when posted or made available.

29.3. Changes that materially and adversely affect the Customer’s rights or obligations under a paid subscription shall apply from the next renewal term, unless the change is required earlier by Applicable Law, security necessity, third-party dependency changes, or to address misuse, fraud or legal risk.

29.4. Continued access to or use of the Services after the effective date of updated Terms constitutes acceptance of those updated Terms. If the Customer does not agree to the updated Terms, it must stop using the Services and, where applicable, cancel renewal of the affected subscription.

30. Notices

30.1. Notices to the Customer may be given by email to the contact details associated with the Account, through the Services, through the Customer’s billing portal, by posting on the Site, or by other reasonable written means.

30.2. Notices to Carabaas must be sent to the legal or notice contact made available by Carabaas on the Site, in the Order Form, in the Customer’s account, or by other written notice.

30.3. Operational, security, support and incident communications may be handled through support channels, in-platform channels, designated contacts or other communication methods notified by Carabaas.

31. Force Majeure

31.1. Neither Party shall be liable for failure or delay in performing obligations, other than payment obligations, to the extent caused by circumstances beyond its reasonable control, including acts of God, flood, fire, earthquake, epidemic, pandemic, war, terrorism, civil unrest, labour disputes not involving the affected Party’s own personnel, interruption or failure of utilities, telecommunications or internet services, cyber-attacks, denial-of-service attacks, failures of third-party infrastructure, or governmental, regulatory or law enforcement actions.

31.2. The affected Party shall use reasonable efforts to mitigate the effects of the event and resume performance as soon as reasonably practicable.

31.3. Blockchain network conditions are allocated under the blockchain risk provisions of these Terms and do not, of themselves, constitute a force majeure event for the purposes of relieving the Customer from payment obligations.

32. Assignment

32.1. The Customer shall not assign, transfer, novate or subcontract its rights or obligations under these Terms without Carabaas’ prior written consent.

32.2. Carabaas may assign, transfer or novate its rights and obligations under these Terms to an Affiliate or in connection with a merger, reorganisation, financing, corporate restructuring, sale of shares, sale of assets or transfer of business, provided that such assignment does not materially reduce the Customer’s rights under these Terms.

33. Governing Law and Dispute Resolution

33.1. These Terms and any non-contractual obligations arising out of or in connection with them shall be governed by and construed in accordance with the laws of England and Wales.

33.2. Any dispute, controversy or claim arising out of or in connection with these Terms, including any question regarding their existence, validity, interpretation, performance, breach or termination, shall be referred to and finally resolved by arbitration under the Rules of the London Court of International Arbitration, which Rules are deemed incorporated by reference into this Clause.

33.3. The seat, or legal place, of arbitration shall be London, England. The tribunal shall consist of one arbitrator unless the LCIA Court determines that three arbitrators are appropriate. The language of the arbitration shall be English.

33.4. The Parties shall keep the existence of the arbitration, the proceedings, materials submitted or produced, and any award confidential, except to the extent disclosure is required by Applicable Law or necessary to enforce an award or protect a legal right.

33.5. Nothing in these Terms prevents either Party from seeking interim, conservatory or injunctive relief from any court of competent jurisdiction.

34. Miscellaneous

34.1. These Terms, together with the applicable Order Form and any document incorporated by reference, constitute the entire agreement between the Parties in relation to their subject matter and supersede all prior agreements, understandings, negotiations, representations and communications relating to that subject matter.

34.2. Nothing in these Terms creates any partnership, joint venture, fiduciary relationship, employment relationship or agency between the Parties.

34.3. No waiver is effective unless given in writing by the Party granting the waiver. Failure to enforce any provision is not a waiver.

34.4. If any provision of these Terms is held invalid, unlawful or unenforceable, it shall be severed to the minimum extent necessary and the remaining provisions shall remain in full force.

34.5. No person other than the Parties has rights under the Contracts (Rights of Third Parties) Act 1999 to enforce these Terms, except that Carabaas’ Affiliates, directors, officers, employees, contractors and agents may enforce provisions intended to benefit them, including indemnities, limitations of liability and protections relating to intellectual property, confidentiality, distribution and End Client claims.

34.6. These Terms are drafted in English. If they are translated into any other language, the English language version shall prevail.

34.7. Any purchase order, procurement portal term, vendor onboarding term or other Customer document is for administrative convenience only and shall not amend or override these Terms unless expressly agreed in writing by Carabaas.