# Master Subscription Agreement (MSA) **Aquil — ISO 27001 ISMS Management Service** **Version:** 1.1 **Effective date:** 2026-04-16 This Master Subscription Agreement ("**Agreement**") is entered into between **Sokigo AB**, org.nr 556550-6309, with registered office in Sweden ("**Sokigo**"), and the legal entity identified at signup or in the applicable Order Form ("**Customer**"). Sokigo and Customer are each a "**party**" and together the "**parties**". By accepting this Agreement (whether by clicking "I accept" at signup, by signing an Order Form, or by using the Service), Customer agrees to be bound by it. The individual accepting on Customer's behalf represents that they have authority to bind Customer. **B2B only.** The Service is offered solely to legal entities acting in the course of their trade, business, craft or profession. By accepting this Agreement, Customer represents that it is not a natural person acting for purposes outside its trade, business or profession, and that mandatory consumer-protection rules (including the Swedish Distansavtalslagen 2005:59, Konsumentköplagen 2022:260, and the EU Consumer Rights Directive) do not apply to this Agreement. ## 1. Definitions - **Service**: the Aquil ISMS management software-as-a-service operated by Sokigo, including all features, AI functionality, documentation and updates made generally available. - **Order Form**: an ordering document or self-service signup record specifying the subscription plan, term, fees, and authorised users. - **Customer Data**: data uploaded, generated, or otherwise submitted to the Service by Customer or its Authorised Users. - **Authorised User**: an individual employee, contractor or agent of Customer authorised by Customer to access the Service. - **Documentation**: the user-facing documentation made available at https://aquil.se/docs. - **Subscription Term**: the period during which Customer is entitled to access the Service, as set out in the Order Form. - **Fees**: the fees payable by Customer as set out in the Order Form or pricing page. - **DPA**: the Data Processing Agreement at https://aquil.se/legal/dpa, incorporated by reference. - **AUP**: the Acceptable Use Policy at https://aquil.se/legal/aup, incorporated by reference. - **SLA**: the Service Level Agreement at https://aquil.se/legal/sla, incorporated by reference. - **AI Addendum**: the AI Usage Addendum at https://aquil.se/legal/ai-addendum, incorporated by reference. ## 2. The Service - **Provision**. Sokigo grants Customer a non-exclusive, non-transferable, non-sublicensable right during the Subscription Term to access and use the Service for Customer's internal business purposes, subject to this Agreement. - **Authorised Users**. Customer is responsible for its Authorised Users' compliance with this Agreement and for all activity under their accounts. - **Modifications**. Sokigo may modify the Service from time to time, provided that Sokigo will not materially reduce the core functionality during the Subscription Term. - **Beta features**. Sokigo may make beta or preview features available "AS-IS" without any warranty or SLA. Customer's use of beta features is voluntary. ## 3. Customer obligations Customer shall: a) Comply with the AUP, AI Addendum and DPA. b) Use the Service only in accordance with applicable law. c) Maintain the security of its Authorised User credentials and notify Sokigo without undue delay of any unauthorised access. d) Ensure it has all necessary rights, lawful bases and consents for Customer Data submitted to the Service. e) Not upload to the Service any data subject to legal or contractual restrictions inconsistent with this Agreement, including but not limited to: personal data of categories listed in GDPR art. 9 unless Customer has a valid art. 9(2) basis; payment card data; credentials or secrets; classified or export-controlled information. ## 4. Fees and payment - **Fees**. Customer shall pay the Fees set out in the Order Form or the self-service signup flow. All Fees are stated and charged in **Swedish kronor (SEK)** unless another currency is expressly specified on the Order Form. **Fees are stated exclusive of VAT and any other applicable taxes, duties or levies**, which will be added to invoices at the statutory rate and paid by Customer in addition to the Fees. - **VAT and reverse charge**. For Customers established in Sweden, Swedish VAT will be added at the applicable rate. For Customers established in another EU Member State who supply Sokigo with a valid VAT identification number, the **reverse charge mechanism** under Mervärdesskattelagen (2023:200) / Council Directive 2006/112/EC applies and invoices will be issued at 0% VAT marked "Reverse charge". For Customers established outside the EU, supplies are generally outside the scope of Swedish VAT. Customer is responsible for providing and keeping up to date its VAT identification number, organisation number and billing address, and for any tax consequences of providing inaccurate information. - **Payment processor**. For self-service and card-paid plans, Sokigo uses **Stripe Payments Europe Ltd** (Ireland) as its payment processor. Customer's acceptance of this Agreement includes acknowledgement that billing and payment data will be processed by Stripe in accordance with Sokigo's Sub-processor list and Stripe's own terms and privacy notice. Card data is handled directly by Stripe and is never stored by Sokigo. - **Invoicing**. For self-service plans, Fees are charged in advance for each billing period via the payment processor. Receipts and invoices are made available electronically through the Service or by email. For sales-led plans, invoices are payable within 30 days net from invoice date unless otherwise agreed. - **Auto-renewal and price changes**. Subscriptions renew automatically on the terms set out in Section 5. Sokigo may change Fees for a renewal term on at least **60 days' written notice** to the Customer's billing contact before the start of that renewal term. If Customer does not agree to the revised Fees, Customer may terminate the subscription effective at the end of the then-current term by giving written notice of non-renewal in accordance with Section 5. Continued use of the Service after the effective date of a notified price change constitutes acceptance of the revised Fees for the renewal term. - **Late payment**. Overdue amounts bear interest at the rate set out in the Swedish Räntelagen (1975:635) plus statutory collection costs. - **Suspension for non-payment**. Sokigo may suspend the Service after 14 days' written notice for unpaid undisputed Fees. - **No general right of refund**. Except for the express pro-rata refund rights set out in Section 9 (Warranties), Section 10 (Indemnity) and Section 13 (Material changes), Fees are **non-refundable**, and Customer is not entitled to a refund or credit for unused portions of a paid-up term, unused Authorised User seats or partial billing periods following a cancellation initiated by Customer for convenience. - **Statutory accounting retention**. Sokigo retains invoices, payment records and related accounting verifications for **7 years from the end of the relevant calendar year** in accordance with Bokföringslagen (1999:1078) kap. 7 § 2. This statutory retention applies regardless of termination of this Agreement and overrides erasure requests for the data concerned. - **Free tier**. Sokigo may offer a free tier with limited functionality. The free tier is provided "AS-IS" without warranty or SLA, and Sokigo may modify or discontinue it at any time on reasonable notice. ## 5. Term and termination - **Term**. This Agreement commences on the effective date and continues for the Subscription Term, automatically renewing for successive periods of equal length unless either party gives written notice of non-renewal at least 30 days before the end of the then-current term. - **Termination for cause**. Either party may terminate this Agreement on written notice if the other party: (i) materially breaches this Agreement and fails to cure within 30 days of written notice; (ii) becomes insolvent, files for bankruptcy, or ceases business operations. - **Termination by Sokigo for unlawful use**. Sokigo may suspend or terminate immediately if Customer's use of the Service violates applicable law, infringes third-party rights, or poses a security risk. - **Effect of termination**. Sections 7 (IP), 8 (Confidentiality), 9 (Warranties), 10 (Indemnity), 11 (Liability), 14 (Governing law) and any provisions which by their nature should survive shall survive. - **Data export and deletion**. Per Section 12 of the DPA. ## 6. Service Levels The SLA applies to paid subscriptions. The free tier is excluded from SLA. The current SLA is: **99.0% availability during the Service Window (Mon–Fri 08:00–17:00 Europe/Stockholm, excluding Swedish public holidays)**, with service credits as Customer's sole and exclusive remedy for breach. See https://aquil.se/legal/sla. ## 7. Intellectual property - **Sokigo IP**. Sokigo and its licensors retain all right, title and interest in and to the Service, including all software, documentation, user interface, branding, templates, frameworks, AI prompts and prompt engineering, and all improvements, derivatives and modifications thereto. Nothing in this Agreement transfers ownership of the Service to Customer. - **Customer Data**. Customer retains all right, title and interest in and to Customer Data. Customer grants Sokigo a non-exclusive, royalty-free, worldwide licence to host, copy, transmit, display and process Customer Data solely as necessary to provide and improve the Service in accordance with this Agreement and the DPA. Sokigo will not use Customer Data to train any machine learning model. - **Feedback**. Customer grants Sokigo a perpetual, irrevocable, royalty-free licence to use any feedback, suggestions or ideas Customer provides about the Service. ## 8. Confidentiality - Each party will protect the other's Confidential Information with the same degree of care it uses to protect its own confidential information of like importance, and at least with reasonable care. - Confidential Information may be used only in connection with this Agreement and disclosed only to personnel with a need to know who are bound by confidentiality. - Exclusions: information that is or becomes public through no fault of the receiving party, was lawfully known prior to disclosure, is independently developed, or is rightfully received from a third party. - This Section survives termination for **3 years**, except that trade secrets are protected for as long as they remain trade secrets under Lagen (2018:558) om företagshemligheter. ## 9. Warranties and disclaimers - **Mutual**. Each party warrants that it has the legal authority to enter into this Agreement. - **Sokigo warranty**. Sokigo warrants that the Service will perform materially in accordance with the Documentation during the Subscription Term. Customer's exclusive remedy for breach of this warranty is correction or, if Sokigo fails to correct within a reasonable time, termination with a pro-rata refund of prepaid fees for the unused portion of the term. - **Disclaimer**. EXCEPT AS EXPRESSLY SET OUT IN THIS AGREEMENT, THE SERVICE IS PROVIDED "AS-IS" AND "AS-AVAILABLE", AND SOKIGO DISCLAIMS ALL OTHER WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND THAT THE SERVICE WILL BE UNINTERRUPTED OR ERROR-FREE. - **AI output disclaimer**. AI-generated output is informational and is **not** legal, audit, regulatory or compliance advice. Customer is solely responsible for reviewing, validating and applying AI output. Sokigo does not warrant the accuracy, completeness or fitness for purpose of any AI output. See the AI Addendum. ## 10. Indemnity - **Sokigo IP indemnity**. Sokigo will defend Customer against any third-party claim that the Service, when used in accordance with this Agreement, infringes such third party's intellectual property rights, and will indemnify Customer for damages finally awarded by a court of competent jurisdiction or agreed in settlement, provided that Customer (i) promptly notifies Sokigo in writing, (ii) gives Sokigo sole control of the defence and settlement, and (iii) provides reasonable cooperation. Sokigo's obligation does not apply to claims arising from: Customer Data; modifications not made by Sokigo; combination with non-Sokigo products; or use other than as permitted. - If the Service is or, in Sokigo's opinion, is likely to become subject to an infringement claim, Sokigo may, at its option: (i) procure the right for Customer to continue using the Service; (ii) modify the Service to be non-infringing; or (iii) terminate the affected subscription with a pro-rata refund. - **Customer indemnity**. Customer will defend and indemnify Sokigo against any third-party claim arising from Customer Data, Customer's breach of Section 3 or the AUP, or Customer's violation of applicable law. - This Section is the parties' sole and exclusive remedy for third-party claims of the type described. ## 11. Limitation of liability - **EXCLUSION OF INDIRECT DAMAGES**. To the maximum extent permitted by applicable law, neither party will be liable for any indirect, incidental, consequential, special, exemplary or punitive damages, including loss of profits, loss of business, loss of revenue, loss of goodwill or loss of anticipated savings, arising out of or in connection with this Agreement, even if advised of the possibility of such damages. - **LIABILITY CAP**. To the maximum extent permitted by applicable law, each party's aggregate liability arising out of or in connection with this Agreement is limited to the **fees paid or payable by Customer for the Service in the twelve (12) months immediately preceding the event giving rise to the claim**. - **EXCLUSIONS FROM CAP**. The cap and exclusion of indirect damages do not apply to: (i) Customer's payment obligations; (ii) liability for death or personal injury caused by negligence; (iii) intentional misconduct or gross negligence (grov vårdslöshet); (iv) infringement of the other party's intellectual property rights; (v) breach of confidentiality; (vi) Customer's indemnity obligations under Section 10; or (vii) liability that cannot be limited or excluded under mandatory applicable law, including liability towards Data Subjects under GDPR art. 82. - **GDPR allocation**. Each party is liable for its own role under the GDPR (controller / processor). Where one party has paid compensation to a Data Subject under GDPR art. 82 and the other party is responsible in whole or in part, the parties shall settle as between themselves in proportion to their respective responsibility, subject to this Section 11. - This allocation reflects the parties' bargain on the allocation of risk and the price of the Service. ## 12. Force majeure Neither party is liable for failure or delay in performance (other than payment obligations) caused by events beyond its reasonable control, including acts of God, war, terrorism, riots, labour disputes, government orders, internet or telecommunications failures, and pandemics. The affected party will use reasonable efforts to mitigate. ## 13. Changes to this Agreement Sokigo may update this Agreement, the DPA, the AUP, the SLA or the AI Addendum from time to time. For material changes, Sokigo will give at least 30 days' notice by email to the Customer's billing contact and by posting a notice in the Service. Continued use after the effective date of changes constitutes acceptance. If Customer reasonably objects to a material change, Customer may terminate the affected subscription within 30 days with a pro-rata refund of prepaid fees. ## 14. Governing law and disputes - **Governing law**: This Agreement is governed by Swedish law, excluding its conflict-of-laws rules and the UN Convention on Contracts for the International Sale of Goods (CISG). - **Jurisdiction**: The parties submit to the exclusive jurisdiction of the Swedish courts, with **Stockholms tingsrätt** as court of first instance. - For sales-led contracts, the parties may agree in the Order Form to submit disputes to arbitration under the Rules of the Arbitration Institute of the Stockholm Chamber of Commerce (SCC), with seat in Stockholm, language English, single arbitrator unless the amount in dispute exceeds 1 MSEK. ## 15. General - **Notices**. Legal notices must be sent in writing to infosec@sokigo.com (Sokigo) or to the Customer's billing contact and primary administrator (Customer). Notices are effective on the next business day after sending. - **Assignment**. Neither party may assign this Agreement without the other party's prior written consent, except that either party may assign to an affiliate or in connection with a merger, acquisition or sale of substantially all assets, on written notice. - **Subcontracting**. Sokigo may use subcontractors and Sub-processors as set out in the DPA. - **Independent contractors**. The parties are independent contractors. Nothing in this Agreement creates a partnership, agency, joint venture or employment relationship. - **Entire agreement**. This Agreement, together with the Order Form, DPA, AUP, SLA, AI Addendum and any other documents incorporated by reference, constitutes the entire agreement between the parties and supersedes all prior agreements on the subject matter. - **Order of precedence**: (1) Order Form (for terms specifically negotiated and signed); (2) DPA; (3) this MSA; (4) AI Addendum; (5) SLA; (6) AUP; (7) Documentation. - **Severability**. If any provision is held invalid or unenforceable, the remaining provisions remain in force, and the parties will replace the invalid provision with a valid one that achieves as nearly as possible the original intent. - **No waiver**. Failure to enforce any provision is not a waiver. - **Counterparts and electronic signature**. This Agreement may be executed in counterparts and by electronic signature, each of which constitutes an original. --- **[End of MSA]** **For sales-led signing**: **Sokigo AB** Name: ______________________ Title: _____________________ Date: ______________________ Signature: _________________ **[Customer legal name, org.nr]** Name: ______________________ Title: _____________________ Date: ______________________ Signature: _________________