This Legal Terms document ("Legal Terms") forms an integral and binding part of Sibasi Ltd's contractual framework and applies to all customers, users, partners, and counterparties engaging with Sibasi Ltd ("Sibasi", "we", "us", or "our").

These Legal Terms supplement and form an extension of:

• Terms of Use / Terms & Conditions
• Privacy Policy
• Master Services Agreements (MSAs)
• Statements of Work (SOWs)

In the event of conflict, Kenyan law prevails, and the hierarchy of documents shall be:

1. Signed contract (if any)
2. These Legal Terms
3. Terms of Use
4. Privacy Policy

Sibasi Ltd is a company incorporated in the Republic of Kenya and may operate through:

• Regional offices
• Affiliated or subsidiary entities
• Authorized partners and distributors

References to "Sibasi" include Sibasi Ltd and its affiliates acting within the scope of their authorization.

Nothing herein creates a partnership, agency, or joint venture unless expressly agreed in writing.

• Client is the Data Controller
• Sibasi acts as Data Processor when processing personal data on documented Client instructions

Sibasi does not determine the purpose or means of processing Client data except as required to deliver agreed services.

Client warrants that:

• It has lawful authority to process all data
• Data subjects have been informed and consent obtained where required
• Instructions provided to Sibasi are lawful

Sibasi is not responsible for unlawful instructions or Client misuse of systems.

Sibasi implements commercially reasonable administrative, technical, and organizational safeguards, including:

• Encryption in transit and at rest (where feasible)
• Role-based access control
• Logical environment segregation
• Monitoring and logging
• Backup and disaster recovery

No system is perfectly secure; absolute security is not guaranteed.

Sibasi may engage sub-processors to deliver services.

All sub-processors are contractually bound to confidentiality and data protection obligations.

A current sub-processor list is provided in Part E.

Sibasi will notify Client of a confirmed personal data breach without undue delay after becoming aware, where legally required.

Client remains responsible for regulatory notifications unless otherwise agreed.

Upon termination, Sibasi will delete or return Client data in accordance with contractual terms, subject to legal retention requirements.

Unless expressly agreed in writing:

• Services are provided on an "as-available" basis
• No guaranteed uptime is provided

Sibasi is not liable for service interruptions caused by:

• Cloud provider outages (Azure, AWS, Google Cloud)
• Internet or telecommunications failures
• Force majeure events
• Client misconfiguration or misuse
• Third-party services or integrations

Where an SLA is expressly agreed:

• Client's sole remedy is service credits
• No refunds or damages apply

Clients and users must not:

• Use services unlawfully
• Upload malicious code
• Attempt unauthorized access
• Abuse system resources
• Infringe IP or privacy rights

Sibasi adopts a defense-in-depth approach:

• Secure development lifecycle practices
• Access controls and audit logs
• Cloud security best practices
• Incident response readiness

Security measures vary by service model and contract scope.

• Confidentiality agreements for all staff
• Security awareness training
• Segregation of duties
• Ethical and operational governance frameworks

Sibasi may update sub-processors without notice unless where legally required.

Sibasi maintains internal procedures to:

• Detect and contain incidents
• Assess impact
• Mitigate harm
• Prevent recurrence

Client agrees to cooperate during investigations and mitigation efforts.

All platforms, software, methodologies, frameworks, tools, configurations, documentation, and derivatives remain exclusive intellectual property of Sibasi, unless expressly agreed otherwise.

Clients receive a limited, non-exclusive, non-transferable license for internal use only.

Clients retain ownership of their data and grant Sibasi a limited license to process such data solely to provide services.

Sibasi solutions may integrate with or rely on third-party platforms and partners, including cloud providers, distributors, and software partners.

Such partners operate under their own agreements.

Sibasi:

• Does not control third-party platforms
• Is not liable for their actions, outages, or compliance
• Disclaims warranties relating to partner services

Client indemnifies Sibasi against claims arising from:

• Client data
• Client misuse
• Third-party integrations enabled by Client
• Breach of these Legal Terms

These Legal Terms are governed exclusively by the laws of the Republic of Kenya.

Invalid provisions do not affect enforceability of remaining terms.