Exhibit 10.5

THE SYMBOL “[**]” DENOTES PLACES WHERE CERTAIN IDENTIFIED INFORMATION HAS BEEN EXCLUDED FROM THE EXHIBIT BECAUSE IT IS BOTH (i) NOT MATERIAL AND (ii) OF THE TYPE THAT THE REGISTRANT CUSTOMARILY AND ACTUALLY TREATS AS PRIVATE OR CONFIDENTIAL.

MASTER SERVICE AGREEMENT

By this private instrument and in accordance with the law:

XCHANGE INTERMEDIAÇÃO S.A., registered with the National Corporate Taxpayer Registry of the Ministry of Economy (CNPJ/ME) (CNPJ/ME) under No. 41.460.365/0001-86, registered office in the City and State of Rio de Janeiro, at Av. Ataulfo de Paiva, No. 153, Sl. 201, Leblon, CEP (Postal Code) 22440-032, by its legal representatives, hereinafter referred to as “Client”; and

PARFIN PAGAMENTOS LTDA., registered office in the city and state of São Paulo, at Avenida Brigadeiro Faria Lima, 2.369, suite 1.102, CEP (Postal Code) 01452-922, registered with the National Corporate Taxpayer Registry of the Ministry of Economy (CNPJ/ME) under No. 39.806.266/0001-61, by its representatives hereinafter referred to as “Parfin”, collectively referred to as “Parties” and, individually and indistinctly, “Party”.

Resolve to enter into this Service Agreement (“Agreement”), which will be governed by the following sections and conditions:

1.    Definitions

(i) “API”: Acronym for Application Programming Interface (in Portuguese: Interface de Programação de Aplicativos), means an application that allows the integration between the Client’s front-end and the Parfin Platform back-end.

(ii) “Client”: Institutional clients who enter into service provision agreements for the use of the “Parfin Services”, as End Users of the Platform or vendors for third parties.

(iii) “Service Agreement”: Document that lists the legal conditions applicable to the Services contracted by the Client.

(iv) “Cryptoassets”: Virtual assets, protected by cryptography, present exclusively in digital records, whose operations are performed and stored in a computer network.

(v) “Order Form”: Document that details the services contracted by the Client and the applicable commercial conditions.

(vi) “Platform Parfin”: Platform for custody services, storage, management and transaction of cryptoassets offered by virtual means, through the website Parfin.io or any of the websites, mobile applications, APIs associated provided by Parfin.

(vii) “Parfin Service”: Together, all services offered to the Client and Users through the Parfin Platform.

(viii) “Third Party Services”: Third party websites, mobile software applications, products and services that are not owned or controlled by Parfin.

(ix) “Terms”: General Terms and Conditions of Use that govern Parfin’s services.

(x) “Users”: Means users authorized and enabled by the Client to use the Platform.

2.    Purpose

2.1 The purpose of this Agreement is: (i) licensing the use of the software that, together, constitute the Parfin Platform, for internal use by the user or in an integrated manner in the offer of services by the Client to

its end customers; (ii) the provision of intermediation, management and custody services for digital assets, made available through the Parfin Platform to the Client, as detailed in the respective Order Forms entered into between the parties; (iii) the provision of support and maintenance services for the Platform, under the terms described in this Agreement.

2.2 Parfin is a modular Platform that allows the contracting of one or more modules independently, by signing one or more Order Forms. This Master Agreement, together with the Terms, sets out the general conditions applicable to Parfin’s services for all legal purposes, as of its signature. With each new contracting of Services, a new Order Form must be signed, becoming an integral and inseparable part of this Agreement.

2.3 Certain Parfin services are subject to specific Exhibits, supplementary to the Terms. The Client will be informed of the specific Exhibits applicable to each service contracted, and must ensure that all Users of the Platform under its responsibility are legally bound to the conditions applicable to each service.

2.4 The Parties agree that, in the event of a conflict between the provisions of this instrument and any other, the provisions shall prevail, in the following order: (i) Service Agreement; (ii) Order Form; (iii) General Terms and Conditions of Use; (iv) Specific Exhibits.

3.    Price and Form of Payment

3.1 The Platform Fees are payable as provided in the Order Form by issuing a bill to the Client. Unless otherwise agreed in the Order Form, invoices will be due within forty-five (45) days from the bill date.

3.1.1. Cases of disputes relating to the bill amount do not exempt the Client from full payment of the Fees due within the aforementioned period. However, upon notification of the Client to Parfin through the available communication channels, Parfin will analyze the merits of the questioning and any discount/increase will be passed on in the subsequent bill.

3.2 Fees are earned in US Dollars and converted to Reais on the bill, using the monthly average P-TAX rate published by the Central Bank of Brazil for conversion to US Dollars.

3.3 In addition to any other rights or remedies of Parfin, if the Client fails to make any payments on the due date or otherwise in accordance with the Agreement:

(i) Any part of any amounts not paid when due will accrue interest of 1% (one percent) per month, plus adjustment for inflation by the IPCA/IBGE calculated from the due date until the effective payment of the outstanding amounts; and

(ii) Parfin may immediately suspend the provision of any access to the provided services.

3.4 All amounts referred to in the Order Form do not include taxes and fees, which will be added to such amounts on the bill, where applicable.

3.5 In any event of termination of the Agreement, Parfin will issue a final bill to the Client in respect of all outstanding amounts due in respect of services actually performed up to the date of termination. The obligation to pay any final bill under this section survives the expiration or termination of the Agreement.

3.6 Regardless of whether or not Parfin passes on to the Client any fees in connection with the Services or the operation, fees may be charged directly by a Third-Party Service or the applicable blockchain network (“Network”) for operations carried out in connection with the Services of Third Parties (“Third-Party Fees”), for which the Client shall be solely responsible.

3.7 If, during the term of this Master, new taxes, charges and tax contributions are created, or the rates used are modified, the values of the respective fees will be changed to reflect such changes and will be applied from the effective term of the changes.

4.    Term of Effectiveness and Termination

4.1 This instrument will be in force for an indefinite period, counting from the Effective Date of the first Order Form.

4.2 Any Party may terminate the Agreement or an Order Form without reason after 12 (months), counted from the Effective Date of the Agreement or Order Form, without any encumbrances or charges, by sending prior notice to the other Party at least in advance of three (3) months.

4.3 This Agreement and/or Order Form may be terminated for reasons by one of the Parties in the following cases:

(i) Default by the other Party, in whole or in part, of any of the obligations assumed in this Agreement, provided that it is irremediable by its nature or is not remedied within 15 (fifteen) days, counting from the receipt, by the Defaulting PARTY, of written notice from the Non-defaulting Party.

(ii) Extrajudicial or judicial recovery or settlement, request or declaration of bankruptcy or dissolution of either Party.

(iii) Occurrence of an act or fact, including any legal or regulatory provision that makes it impossible to fully perform the obligations set herein;

(iv) Occurrence of proven facts or situations that lead to commercial discredit on the other Party, such as unfair competition, involvement in acts of corruption or legitimate protest of bonds;

(v) Failure to comply with the SLA due to unavailability of the Platform (except in cases of scheduled unavailability previously notified to the client according to section 13) for three (3) subsequent months with a percentage of availability lower than [**]% during each month.

4.4 If there is more than one Order Form in force, the termination of one of them does not imply the termination of the others, nor of this Agreement. If there is only one Order Form in force, its termination will result in the definitive termination of this Agreement and all instruments that comprise it.

4.5 The Parties hereby agree that, in any case of termination, Parfin will be entitled to receive the Services actually provided and the Software actually delivered regularly until the moment of termination.

4.6 In any event of termination, Parfin shall use its best efforts to offer support to the Client to carry out the portability of the Client’s data to any system that replaces Parfin’s, during the period of 60 (sixty) days after the termination.

5.    Confidentiality

5.1 The sharing of data and information between the Parties will be solely and exclusively so that Parfin can make available to the Client the system and/or services object of the Order Forms, requiring the evaluation and knowledge of confidential information. The Parties agree that it will be considered as “Confidential Information” any and all information disclosed by one Party to the other, by any means and in any form, whether electronic, written or verbal, by the representatives of the disclosing party and/or any of its employees, including, among others, all tangible, intangible, visual, electronic, present or future information, such as: (a) trade secrets, financial, personal, cryptoasset market data, including, but not limited to, prices, quotes and traded quantities of Users and Service Clients; (b) financial information, including prices; (c) technical information; including research, development, procedures, eventual algorithms, data, designs and know-how, source codes, code repositories, programming code sets, designs, plans, drawings, data, notes, documents, reports, observations, materials, documents; (d) any inventions, discoveries and improvements, designs, drawings, blueprints, databases, product ideas, concepts, prototypes, features, procedures, training, promotional materials, training courses and other training and instructional materials, and other technical, legal and financial information; and (f) the terms of any agreement, written or otherwise, entered into between the Parties and the discussions, negotiations

and proposals related thereto. Confidential Information will also be considered, for all purposes, the very existence of this instrument and the nature of negotiations and discussions, in addition to any other terms, conditions or other facts relating to such negotiations and discussions.

5.2 By this instrument, the Parties undertake, on an irrevocable and irreversible basis, to:

a) Maintain the confidentiality of any and all Confidential Information received at any time, as well as undertake that its officers, employees, agents or professionals, in any capacity, will also maintain the confidentiality of Confidential Information;

b) Refrain from disclosing or providing, without the prior written consent of the disclosing party, to any individual or legal entity, any Confidential Information;

c) Take all precautions to maintain confidentiality, object of this Agreement, so that the Confidential Information cannot be used for any purposes other than the provision of the Services by Parfin and provided that it is expressly authorized by the disclosing party; and

d) Keep as confidential and not reveal to any individual or legal entity the discussions or negotiations related to this instrument.

5.3 At the request of the disclosing party, the receiving Party shall immediately destroy, or cause to be destroyed, all copies of any analysis, compilation, studies or other documents prepared by said Party or its representatives, or any of them, which contain or reflect Confidential Information.

5.4 The Parties will use Confidential Information for the sole purpose for which it was disclosed. The Parties undertake not to use the Confidential Information for any purpose other than that provided for in this Agreement and in the Order Form, and its use, for their own benefit or for the benefit of third parties, without prior written authorization from the Client, committing to not reproduce, copy, store, give or facilitate access to, assign, share or in any other way transfer or make known to third parties the Confidential Information, without the prior written consent of the other Party.

5.5 For purposes hereof, the following information will not be considered Confidential Information:

a) Information that is in the public domain at the time of signature of this instrument, or becomes public domain after this date, other than for breach of any of the obligations of this instrument or the breach of another contractual or legal obligation, or as a result of an act or omission of any of the Parties;

b) Information obtained as a result of the execution of the work resulting from this instrument, which must be disclosed by the Parties due to a judicial, legal or normative determination;

(c) Information that may become available to any of the Parties in a non-confidential manner by third parties (not related to the Parties and/or the works provided herein), exclusively as long as they are legally or contractually authorized to provide it; or

d) Information that has been developed by one of the Parties independently of any information provided by other Parties.

e) Information that is disclosed as a result of compliance with a legal requirement or requirement of a Governmental Authority, under the terms of the law, or of a self-regulatory entity.

In the event of a legal determination, and provided that it is not prevented by such order or applicable regulation, either Party shall notify the other as soon as possible so that it has time to adopt all measures it deems necessary to prevent the disclosure of Confidential Information, under penalty of being liable for damages.

5.6 The confidentiality obligation set forth herein will survive for a period of five (5) years after the expiration or termination of this Agreement and/or the Order Forms.

6.    Non-Solicitation

6.1 During the term of this Agreement and after [**] ([**]) months from the end of the services, the Client and/or the group companies may not, in any way, directly or indirectly, on their own behalf or on behalf of third parties, or in conjunction with any other individuals or legal entities, of which they are partners or not, to employ or attempt to employ or offer any type of service to any administrator, employee or service provider of Parfin who are under their respective management, work or provision of services in force, as the case may be, except with the prior and express agreement and consent of Parfin.

6.2 Notwithstanding the foregoing, the Client may freely hire any person who: (i) starts discussions about such hiring with the Client or (ii) responds to a public announcement made by the Client or third parties engaged by the Client; in both cases, the Client must inform the Contractor within 48 hours of the start of the candidate’s participation in the vacancy filling process.

7.    Compliance and anti-money laundering

7.1 The Parties are aware of their duty to comply with all laws, rules and regulations applicable to the fight against corruption and money laundering practices, including, without limitation, Law No. 12.846/2013 (Anticorruption Law). The Parties undertake to comply with, or enforce, by themselves, their affiliates or their owners, shareholders, employees, or eventual subcontracted, the rules that apply to them and deal with acts of corruption and harmful acts against the government, pursuant to Law No. 12.846/13 and other applicable rules, and must (i) maintain internal policies and procedures that ensure full compliance with such rules; (ii) give full knowledge of such rules to all its professionals who may have a relationship with the other Party, prior to the beginning of their performance under this Agreement; (iii)refrain from corruption or acting in a manner harmful to the Brazilian or a foreign government, in the interest or for the benefit, whether exclusive or otherwise, from the other Party; and (iv) if it becomes aware of any act or fact that violates the aforementioned rules, immediately notify the other Party, which may take all the measures it deems necessary.

7.2 Except for cases in which Parfin is hired specifically for the provision of identity verification and “KYC” (know your customer) services, for the purpose of complying with Law No. 9.613/1998 and other provisions of financial market standards, for the purposes of preventing and combating money laundering and the financing of terrorism, the Client will be fully responsible for the adoption of compliance measures and verification of its customers who will have access to the Platform. By making the Parfin Platform available to third parties, the Client undertakes, throughout the term of this agreement, to:

a) have an Anti-Money Laundering and Anti-Terrorism Financing Policy, adopting the procedures and internal controls aimed at preventing the use of the financial system for the practice of crimes of laundering or concealment of assets, rights and values, which it deals with Law No. 9,613, of March 3, 1998, and on the financing of terrorism, provided for in Law No. 13,260, of March 16, 2016.

b) Develop AML/KYC policies and processes, internally or through third parties, parameterized according to the needs of its business, to be carried out monthly, assuming responsibility for reporting to Parfin any and all transactions that may constitute evidence of laundering money and other white-collar crimes, including those provided for in Federal Law No. 9.613/98, and paying special attention to situations and transactions that have evidence or that may constitute evidence of money laundering and other white-collar crimes;

c) Adopt the best practices for verifying the identity of Users, not inferior to the practices foreseen in Parfin’s Anti-Money Laundering policies. Parfin will not be held accountable for actions or omissions related to KYC procedures, unless it has been specifically hired to perform such services, by signing the relevant documentation, not being responsible, however, for actions and/or omissions by part of the Client’s employees responsible for conducting the KYC process with Parfin.

d) To be solely and exclusively responsible for managing the receipt and transfers of the Client’s resources made by the Users, for meeting the respective legal and regulatory requirements of its

Users, especially the AML/KYC processes, which it undertakes to comply with, and the maintenance and updating of these processes, providing Parfin with documents and evidence related to these diligences whenever requested;

e) Require Users, whenever requested by Parfin, for additional information, documents and vouchers from Users that relate to AML/KYC policies and other compliance and regulatory policies typical of the financial and digital assets market, as well as make available to Parfin when required, within up to five (5) days of the request, access to compliance policies, information security, AML/KYC, monitoring of suspicious transactions, code of ethics and conduct and other procedures and policies adopted by the Client that aim to ensure security in transactions with third parties.

8.    Data Protection

8.1 The Parties undertake to process the personal data to which they have access as a result of this Agreement, solely and exclusively to fulfill the purpose for which their treatment is intended and in compliance with all applicable legislation on information security, privacy and protection data, including Federal Law No. 13.709/2018 - Brazilian General Data Protection Law (“LGPD”), without excluding other sectorial or general rules on the topics (“Applicable Legislation”).

8.2 The Parties undertake to restrict processing to the minimum number of personal data necessary to achieve the purpose of the Agreement.

8.3 The Parties shall treat personal data as confidential information, being responsible for whoever may access them, mutually guaranteeing that such persons are subject to the same duty of confidentiality and to rules no less stringent than those established under this instrument.

8.4 Purpose. In the cases of treatment in which Parfin acts as Operator, it will carry out the personal data processing according to the Client’s instructions solely for the scope of the purposes defined in the agreement, and it shall not be liable to the holder of the personal data, nor to the Brazilian Data Protection Authority, within the scope of any administrative, arbitration and/or judicial procedure, except in the event of non-compliance with the Applicable Legislation or the legal instruction of the Controller, and the Controller, in all other cases, make the necessary efforts in order to exempt Parfin from any legal action or administrative or arbitration procedure that may be proposed as a result of the processing of personal data to which it had access as a result of the execution of the Agreement, provided that Parfin’s complete absence of responsibility in the scope of any breach that has taken place.

8.4.1. If Parfin bears any of the aforementioned procedures, its right of recourse against the Controller is protected, without prejudice to the reimbursement of expenses arising from the process, in addition to other measures, such as denunciation to the dispute, arising from any breach of personal data that will be imputed to him.

8.4.2. Parfin reserves the right to refuse, by means of written notice, any instruction from the Controller that involves the processing of personal data in violation of the Applicable Legislation.

8.4.3. If Parfin acts in violation of this Section 8, of the provisions of the LGPD, or, when acting as OPERATOR, of the treatment guidelines given by the CLIENT, Parfin will assume full responsibility for any and all sanctions, indemnities or losses incurred by the Client directly and demonstrably due to its attitudes, and the Client is also responsible for the right of recourse with Parfin, in cases of joint and several liability provided for by law.

8.5. Subcontracting. Parfin may subcontract third parties, in whole or in part, to carry out the data processing activities necessary for the execution of the object of this agreement, remaining fully responsible for the acts of the subcontracted third party.

8.6 The Parties, individually or jointly, shall keep updated the records of the Personal Data Processing operations, under the terms defined by the LGPD, carried out under this Agreement, which will contain the category of data processed, the subjects involved in the activity, which purpose of the various

processing activities carried out and for how long the Personal Data will be processed and stored after fulfilling its original purpose.

8.7 The Parties shall guarantee the fulfillment of requests made by data subjects, in accordance with the law, undertaking to communicate the other party about the request, if the order has an impact on the other party’s operation.

8.8 International transfer: If the international transfer of Personal Data is necessary for the fulfillment of this Agreement, Parfin will define, in the agreement, the limits to the use of the Personal Data transferred, preventing any deviation from the purpose of the Personal Data shared, and guarantee the implementation of measures of security necessary to guarantee the confidentiality, integrity and availability of the transferred personal data, as well as compliance with the requirements stipulated in article 33 of the LGPD. Parfin states that, when acting as Operator, it will not carry out the international transfer of personal data without prior notice of the Controller, and must refrain from carrying out any transfer operation if requested by the Controller. In this case, the Client will be responsible for informing its end customers of the existence of data transfer procedures for the purpose of fulfilling the agreement.

8.9 Incidents. Incidents are understood to mean any loss, deletion, or improper or accidental exposure of personal information. If you become aware of the occurrence of any unauthorized access, undue disclosure, unwanted exposure and/or accidental or intentional situation of destruction, deletion, loss, alteration (“Incident”) involving the personal data processed as a result of this contractual relationship, a Party shall notify the other, within a period of up to 24 (twenty-four) hours, bringing at least the following information: (i) date and time of the Incident; (ii) date and time of the awareness; (iii) list of the types of data affected by the Incident; (iv) number of users affected (Incident volume); (v) information regarding the affected data subjects; (vi) risks related to the Incident; (vii) measures that have been or will be adopted to reverse or mitigate the effects of the Incident; (viii) contact details of the Person in Charge (DPO - Data Protection Officer) or, if there is no Person in Charge, the other person from whom it is possible to obtain further information about what happened;

8.9.1. In the event that a party does not have all the information at the time of sending the communication, it must transmit it gradually, committing to speed up the fulfillment of the contractual provisions.

8.10 For incidents involving Personal Data caused by the sole and exclusive conduct of one of the Parties, the latter will be responsible for complying with any sanctions and fines set by the Brazilian Data Protection Authority.

8.11 If one of the Parties exclusively undertakes such sanctions and fines, without having given rise to the fact, it may exercise the right of recourse against the others, with this contractual instrument being constituted as an extrajudicial enforceable instrument.

8.12 Notwithstanding anything to the contrary, the obligations of the Parties related to data protection and confidentiality defined in this Agreement will last as long as a Party continues to have access, is in possession of or performs any processing operation on the personal data obtained as a result of the contractual relationship with the other Party, even if all the agreement between the Parties has expired or been terminated.

8.13 Security. The Parties undertake to adopt security, technical and administrative measures capable of protecting data against unauthorized access and accidental or unlawful situations of destruction, loss, alteration, communication, or any form of inappropriate or unlawful processing of personal data.

8.14 Parfin will document and file the Client’s instructions regarding the processing of personal data necessary for the execution of this Agreement, for a period sufficient to protect itself, in the event of any administrative or judicial proceeding due to non-compliance with the applicable legislation.

8.15 Termination of the contractual relationship. Upon termination of the contractual relationship established as a result of the execution of this instrument, Parfin shall return or delete the entirety of the personal data processed under this agreement, as instructed by the Client, within five (5) business days, unless

legal and regulatory obligations apply that require continued storage or if otherwise permitted by Applicable Law. Parfin will provide the Client with a written statement signed by its representatives indicating the fulfillment of any obligation to delete/discard processed personal data that will not be kept to comply with a legal obligation, under penalty of full liability for maintaining the processing of any personal data without proper legal basis.

8.16 The Client, when acting as Controller, is authorized to take all appropriate judicial or extrajudicial measures in relation to an Operator to enforce its guidelines regarding the processing of personal data.

8.17 If there is a change in the laws applicable to the matter that might require changes in the structure of the scope of this Agreement or in the performance of activities related to it, the Parties undertake to adapt to the conditions in force. If there is any provision preventing the continuance of this Agreement, Client may terminate it without any burden, penalties, or charges, and shall only determine the services and/or products provided until the date of termination and, consequently, cause the payment of the amounts due, if any.

8.18 Survival of Obligations of the Parties. Even after the expiration of this Agreement, the obligations of the Parties, as data processing agents, will last as long as any of them performs personal data processing activities to which they had access as a result of this Agreement.

9.    Intellectual Property

9.4 The Client acknowledges that all Intellectual Property rights over the Platform are the exclusive property of Parfin, or of third parties who have licensed the rights to it. The Client, through its partners, representatives, agents, employees, attorneys or interested third parties, is not allowed to: assign, sublicense, sell, lease or guarantee, donate, dispose of in any way, transfer, in whole or in part, the rights to the Platform object of this license for use, as well as its manuals and any information related thereto.

9.5 The execution of this Agreement does not transfer or confer any Intellectual Property rights from one Party to the other, other than those expressly indicated in this instrument. Thus, this Agreement does not imply the assignment of any rights to use the intangible property owned by one Party to the other, such as trademarks or other distinctive signs, patents, know-how, source codes, among others, unless otherwise described here.

9.6 The Client shall be subject to the rules and restrictions provided for in the Terms, ensuring that its Users and end customers are subject to the same rules when using the Platform.

9.7 Parfin guarantees that the Services to be provided, including the materials, equipment, computer programs, execution processes and methodologies used, do not infringe any copyright, intellectual and industrial property, patents or trade secrets of third parties. The right of recourse against Parfin is ensured, if the Client is held responsible for acts of violation of Intellectual Property Rights attributable to the Client, through a final unappealable court decision.

10.    Indemnification and Limitations of Liability

10.1 The Client agrees to indemnify Parfin, its affiliates and service providers, and each of their respective officers, directors, agents, employees and representatives, against any damages and costs (including attorneys’ fees and any fines, fees or penalties imposed by any regulatory authority) that are incurred in connection with any claims, demands or damages arising out of or relating to your breach of the Terms or your breach of any law, rule or regulation, or the rights of any third party.

10.2 In cases where the Client uses the Platform to offer services to its end customers, the Client must maintain a contingency plan and redundancy mechanisms that allow the continuity of the processes of receiving and executing orders by end customers, with the objective of to preserve the service in case of unavailability on the Platform. Parfin will not be liable for any losses and damages caused to third parties by the impossibility of transmitting orders, if the Client has not correctly activated its contingency mechanisms.

10.3 Parfin will be liable for direct losses or damages caused by the breach of the Terms and will have its limited liability, as set out in the rest of this section, without prejudice to additional limitations in the General Terms and Conditions and in the specific Exhibits referring to each contracted service.

10.4 Parfin, its affiliates or service providers, or any of our or their respective officers, directors, agents, employees or representatives will not be liable for any amount in excess of the total amount that the Client or its end customer has transferred to an account and which is maintained by Parfin in connection with use of the Services. In the event of a claim relating to a specific transaction, Parfin’s liability will be limited to the amount of the transaction in dispute.

10.5 Parfin will not be responsible for: (i) any unavailability or failure resulting from connection or infrastructure problems of the Client or any end customer; (ii) any error or inaccuracy in information provided by third parties, over which Parfin has no power of interference or interference; (iii) any unavailability or failure resulting from the malfunction of APIs, applications and third-party software not provided and/or not under the responsibility of Parfin; (iv) acts of God or events of force majeure, pursuant to article 393 of the Civil Code; (vi) pain and suffering, loss of profit, loss of chance or indirect damages arising from the use of the Platform by the Client and the end customers who make use of the Platform; (vii) outages on the Platform that do not exceed the contracted SLA.

11.    Services of third parties

11.1 In providing the Services, Parfin may be required to interact with links, websites, applications, products and services of third parties that are not owned or controlled by Parfin. Parfin will not be responsible for the execution of Third-Party-Service orders, content, security or privacy practices. The Client must read and agree to the terms, conditions and privacy policies of each Third-Party Service with which the Client chooses to interact and Parfin will not, in any event, be responsible for any Third-Party Service.

11.2 Parfin undertakes to disclose and display the values of cryptoassets from the Client’s connected accounts in an exact and complete manner in relation to the information received by it, being liable to the Client, the User and third parties for any delays, inaccuracies, errors or omissions in the provision, reception and/or distribution provided for in this Agreement or for damages arising from these events or caused by them, provided that they arise from any lapse, failure, stoppage or error resulting from the exclusive fault of Parfin Services. Parfin cannot, under any circumstances, be held liable for damages arising from Third Party Services caused to the Client and third parties, especially in the services of quotation and execution of orders with cryptoasset liquidity providers, regardless of the value and/or nature, being certain that, for the purposes of this Section 10, Parfin will be solely and exclusively responsible for the damages resulting from its exclusive and duly proven fault, observing the indemnification limits of Section 10.4 above.

11.3 If the Client chooses to connect Parfin with a Third-Party Service, the Client shall grant Parfin the right to access that Third-Party Service account. Additionally, the Client will authorize Parfin to use its credentials to access and control the Third-Party Service API platform, in order to allow the transactions and other operations requested by the Customer to be performed by Parfin before its partners, subject to the guidelines and information that may be transmitted by the Contracting Party to Parfin.

11.4 In the event that the Client grants express permission for a third party to connect to its account, whether through the third-party product or Parfin, the Client acknowledges that granting permission to a third party to perform specific actions on its behalf does not exempt it from any of your responsibilities under this Agreement. Furthermore, the Client acknowledges and agrees that he will not hold Parfin liable and will indemnify Parfin from any liability arising from the actions or omissions of this third party in connection with the permissions that the Client grants.

12.    Service Level Agreement

12.1 The Parfin Platform makes use of advanced features of modern cloud solutions to provide state-of-the-art scalability, security and reliability.

12.2 During the Terms, Parfin will provide a percentage of availability of the Services of [**]% (the “Service Level Agreement” or “SLA“).

12.3 This percentage of uptime is valid for all times and all days of the year. Scheduled maintenance is not considered system unavailability, provided they are communicated in advance to the User.

12.4 The scheduled maintenance of the Services will be communicated to the Client at least five (5) days in advance. Scheduled maintenance communications will be carried out through Parfin’s “Status Page” (http://status.parfin.io), which will also indicate the status of each stage of maintenance, including, but not limited to, information on the start, estimated time, possible delay and completion, which will be communicated to the Client in real time on Parfin’s “Status Page”.

12.5 To keep up-to-date on scheduled maintenance, the Client must subscribe to the preferred contact channel available on Parfin’s “Status Page”, such as e-mail, slack and RSS feed.

12.6 If Parfin fails to meet the availability SLA, and if the Client fulfills its obligations under the Terms, the Client will be entitled to receive financial credits for the unavailable service in accordance with the table below (“Financial Credits”)

Total Time of Unavailability in the Month	Financial Credit Percentage
Less than 99.8% but greater than or equal to 99%	[**]%
Less than 99% but greater than or equal to 95%	[**]%
Less than 95%	[**]%

12.7 The Financial Credit percentage will always be applied to the monthly amount issued on the bill (excluding applicable taxes and fees due to third parties). The credits have a compensatory nature, and the client has nothing more to claim.

12.8 In order to receive any of the Financial Credits described above, the Client must notify Parfin’s technical support within 30 (thirty) days from the moment it becomes eligible to receive a Financial Credit. Failure to comply with this requirement will mean the loss of the right to receive the Financial Credit.

12.9 Financial Credits may be used at the Contractor’s sole discretion during the term of the Order Form, made in the form of monetary credit applied to the future use of the Service, made available to the Client within a period of 60 (sixty) days after requesting the Credit Financial.

12.10 Financial Credits will be in the form of monetary credit applied to the future use of the Service and will be applied within 60 days of applying for the Financial Credit.

13.    Technical Support

13.1 Parfin will provide technical support to the Client during the term of these Terms. The service time will be determined by the priority of the occurrence according to the following factors:

Severity	Definition
P1	Total unavailability of the Services with no immediate possible workarounds.
P2	Partial unavailability of the Services (for multiple customers or just one Client), where the operation can be reestablished with contingency actions to circumvent or the operation continues normally with little loss of quality.
P3	Unavailability of the Services only for one Client, where the operation can be re-established with contingency circumvention actions or the operation continues normally with little loss of quality.

13.2. According to the priority determined through the matrix above, the times and goals for support by Parfin are stipulated as shown below:

14.    Business Continuity and Disaster Recovery.

Priority	Service time	Period	Service Target Percentage
P1	<[**] hours	24 x 7	[**]%
P2	<[**] hours	24 x 7	[**]%
P3	<[**] hours	Mon-Fri – 8am to 6pm	[**]%

14.1. Business Continuity Plans

(i) Parfin, at its own expense, must keep Business Continuity Plans updated for the services within the scope of this Agreement and all the Parfin’s internal infrastructure that supports it (“Business Continuity Plans”), which must include (1) disaster recovery plans for critical infrastructure and technology, including communication capabilities and networks; (2) appropriate risk control, in the event of disaster, that allows the continuous delivery of the services scope of this Agreement and (3) proven ability to provide the contracted services during an eventual disaster and within the recovery time objectives agreed between the Parties, always committing to make the best efforts to meet the necessary turnaround time stipulated by the Client.

(ii) The Business Continuity Plans must include information and procedures developed and maintained for use in case of disaster. The Business Continuity Plans must focus on the main business processes, facilities, communication networks, supply line, information technology systems, infrastructure and related staff necessary for the delivery of the Services to Client within the established SLA.

(iii) Parfin shall notify the Client as soon as practicable in the event that the Business Continuity Plan is activated.

(iv) CONTRACTOR must participate in tests and business continuity training organized by CLIENT, whenever necessary and with 30 (thirty) days’ notice, in order to ensure that the procedures described in the business continuity plans are feasible and appropriate.

14.2 Parfin will guarantee support and availability for the development of the services within the scope of this Agreement, in case of interruptions and critical incidents that affect the CLIENT’s business continuity, by means of the existing communication channels. Confirmation of the Plans Provided to the CLIENT

15. Where applicable, due to the nature of the service provision and the essentiality of Parfin’s services to Client, Parfin must deliver to Client’s Representative, at least once a year and whenever requested by Client, (1) proof of the Disaster Recovery Tests; (2) a statement certifying that the tests were carried out and the guarantee that the Business Continuity Plans underwent testing and are sufficient to ensure the services will not stop during a disaster.

Data Processing and Cloud Computing

15.1. For the purposes of this Agreement, Cloud Computing Services are deemed to be the following services: data processing, data storage, network infrastructure and other computing resources allowing to implement or execute software, which may include operating systems and applications developed by or acquired by it; implementation or execution of applications developed or acquired by Parfin, using the computer resources of the service provider; execution, through the Internet, of the applications implemented or developed by service provider, using the computing resources of service provider itself.

15.2. Parfin represents that it complies with all requirements of the Brazilian laws applicable to Cloud Computing Services, subject matter of the Agreement, particularly Resolution 4.893, and undertakes to observe and comply with the following requirements:

(i) Provide unrestricted access to data and information stored or to be processed by Parfin, according to the specific services defined in this Agreement, ensuring confidentiality, integrity, availability and recovery capacity of such data and information;

(ii) Provide visibility to the procedures and controls used by Parfin for the rendering of services, as described in item (i) above, in particular, for the identification and separation of the data from clients of the Client, by means of physical or logical controls;

(iii) Ensure that Parfin has the highest capacity level in the provision of information and management resources to monitor the services to be rendered, as well as to ensure compliance with legislation and regulations in force, besides adhering to all the certifications required by the Client and/or BACEN for the performance of the services rendered.

(iv) Prevent, detect, and reduce vulnerability to incidents connected to the cybernetic environment, making every effort by using procedures and controls that cover, at least, the authentication, encryption, intrusion prevention and detection, information leakage prevention, periodic testing and scans for detection of vulnerabilities, protection against malware, establishment of traceability mechanisms, access and computer network segmentation control, and maintenance of data and information backup copies.

a. Ensure, in the cases of execution, via the Internet, applications installed or developed by Parfin, using its own computing resources, that it adopts controls that reduce the effects of any vulnerabilities in the release of new versions of the application.

(v) Provide, when requested, information related to the number of incidents relevant to the Client that occurred in the 12-month period, provided that these are not confidential and do not violate the confidentiality imposed on Parfin’s or third parties’ information

(vi) Inform the Client about any limitations that may affect the provision of services or compliance with legislation and regulations in force.

(vii) Inform and provide to the Client, whenever requested, about (a) necessary certifications for the provision of the services, as well as the reports regarding the controls used in the provision of the services engaged, prepared by a specialized independent audit company, when available, (b) the management resources appropriate to the monitoring of the services engaged and (c) safety measures for the transmission and storage of the data and information.

(viii) Notify, as soon as possible, the CLIENT, about the subcontracting of relevant services to the CLIENT related to Data Processing and Cloud Computing. Whenever the cloud computing and/or data storage services directly hired by Parfin are rendered in primary locations abroad, comply with existing agreement between BACEN and the inspection authorities of the countries in which the services may be rendered, ensuring that the provision of the mentioned services will not cause harm to its operation, or pose obstacles to the activities of BACEN;

a. Parfin must ensure that the legislation and regulations of the countries and regions in each country in which the services will be rendered do not restrict or prevent it and BACEN from accessing data and information;

b. Parfin shall indicate the countries and regions in each country where services may be rendered and data may be stored, processed and managed.

(ix) In cases of termination of the provision of services established between the Parties, Parfin shall transfer/distribute the stored data and information to the new provider appointed by the Client within the period stipulated in section 4.6 and/or to the Client, excluding them after the transfer/distribution has been carried out, except for items where there is a legal requirement to maintain information.

(x) In the event BACEN declares the resolution regime for the Client, Parfin must provide full and unrestricted access, to the person responsible for the resolution regime, to the Agreements, contracts, documentation and information regarding the services rendered, data stored and information about its processing, data and information backup copies, as well as access codes.

(xi) Parfin, upon the receipt of previous notification from the responsible person for the resolution regime, undertakes to carry on with the services for thirty (30) days more, and must accept an order for thirty (30) days additional extension, if necessary, before interrupting the services. The acceptance of the order mentioned in this item must also take place in cases of interruption due to default.

(xii) At any time, in case of a request from BACEN, provide it with full and unrestricted access to the data and information stored or processed of the Client maintained by Parfin, including, but not limited to, backup copies and access codes that are on Parfin’s power, besides Agreements and definitions of the services rendered, as well as the adoption of measures determined by BACEN.

(xiii) Ensure quality and maintenance of the separation of data and access controls for the protection of information from the Client’s customers.

15.3. All the procedures must be documented, including the information related to the verification of (a) compliance with the legislation and regulations in force, (b) access by Client to data and information processed and stored by Parfin, (c) confidentiality, integrity, availability, and recovery of data and information processed or stored by Parfin, (d) adherence to the required certifications, (e) access by Client to the reports prepared by the specialized independent auditor, regarding the procedures and controls used in the rendering of services, (f) provision of information and management resources for the monitoring of the services to be provided, (g) identification and separation of the data of Client’ customers, by means of physical and logical controls, and (h) quality of the access controls designed to protect the data and information of Client’s customers.

16.    Communications

16.1. Any communication regarding this Agreement must be in writing and sent to the email addresses for notifications set out in the respective Order Form.

16.2. Notices will be deemed received at the time of transmission as noted by the sender’s records (or if sent outside of business hours, at 9:00 am on the first business day after submission).

16.3. The Parties may change the contact details provided in the Order Form upon written notice.

16.4. Communications between Parfin and the User may take place through the Platform itself, e-mail or other communication channels approved by Parfin.

17.    Dispute Resolution

17.1. Jurisdiction. Any dispute originating in or related to this agreement, including its interpretation or execution, will be definitively resolved by the Court of Justice of the City of São Paulo.

18.    General Provisions

18.1. If any commitment or other provision of this instrument is held to be illegal or unenforceable, in whole or in part, in accordance with any enactment or principle of law, such commitment or other provision or part thereof shall be deemed not to form part of this instrument, but the validity of the remainder of the commitments and other provisions of this instrument will not be affected.

18.2. Any omission by either Party regarding compliance with this instrument will constitute mere tolerance and will not result in waiver, novation, amendment or modification of contractual sections.

18.3. This Agreement obliges the Parties and their successors, in any capacity, and the assignment or transfer, in whole or in part, of the rights and obligations arising therefrom, without the prior written authorization of the other Party, is prohibited.

18.4. A Party may not assume any obligation on behalf of the other or, in any way or condition, oblige the other Party to third parties.

18.5. By virtue of this instrument, no form of company, association, mandate, representation, agency, consortium, joint venture, joint liability and/or employment relationship is established between the Parties.

18.6. Obligations that, by their nature, have a perennial character will remain in effect after the termination or termination of this Agreement, for any reason.

18.7. The Parties acknowledge the veracity, authenticity, integrity, validity and effectiveness of this Agreement, in accordance with the provisions of article 219 of the Civil Code, in electronic format and/or signed by the Parties through electronic certificates, even if they are electronic certificates not issued by ICP-Brasil, as provided for in article 10, paragraph 2 of Provisional Presidential Decree No. 2.220-2, of August 24, 2001, such as, for example, by uploading and existing this Agreement on platforms such as DocuSign or similar.

And, in witness whereof, the Parties sign this Agreement with two (2) witnesses.

São Paulo, 04/25/2022.

By:	[**]
	Name: [**]
	Title: [**]
By:	[**]
	Name: [**]
	Title: [**]

CONTRACTOR

By:	[**]
	Name: [**]
	Title: [**]
By:	[**]
	Name: [**]
	Title: [**]

CLIENT

Witnesses:

By:	[**]
	Name: [**]
	Title: [**]
By:	[**]
	Name: [**]
	Title: [**]

ORDER FORM

This Order Form (“Order Form”) presents the commercial conditions agreed between the Parties indicated below regarding the Service Agreement entered into between the parties.

The Client declares that he is aware of the entire content of the Master Agreement, the General Terms and Conditions of the Service and the Specific Terms applicable to the contracted services, assuming all his obligations and responsibilities as Client, for himself and for the Users authorized by him to use the Services.

Client’s name/corporate name:	Contractor’s Name/Corporate Name:
[blank]	Parfin Pagamentos Ltda.
INDIVIDUAL TAXPAYER’S REGISTER (CPF)/NATIONAL CORPORATE TAXPAYER’S REGISTER (CNPJ):	INDIVIDUAL TAXPAYER’S REGISTER (CPF)/NATIONAL CORPORATE TAXPAYER’S REGISTER (CNPJ):
[blank]	[**]
Full address	Full address:
[blank]	Avenida Brigadeiro Faria Lima, 2.369, suite 1.102
	São Paulo - State of São Paulo, Brazil
	CEP (Postal Code) 01452-922
Client’s Legal Representative(s)	Contractor’s Legal Representative(s)
Name: [blank]	Name: [blank]
Email: [blank]	Email: [**]
Responsible for billing:	Responsible for billing:
Name: [blank]	Name: [blank]
Email: [blank]	Email: [blank]
Effective Date: April 30, 2022
First bill due on: [**]
Initial Term of Effectiveness: thirty (30) months
Renewal Term: twelve (12) months

Services offered: By the present instrument Parfin will provide the Client, in accordance with the Terms and Conditions, the following services:

Crypto Plug & Play Full Service:

· Integration service by APIs and white-label

· Execution of purchase and sale of Digital Assets

· OTC Desk Plugin

· OTC Desk Settings

· FX Liquidity Provider - Execution with Integrated Banks

· Trade & Position Ledger - execution of spot Crypto trades on integrated counter-parties

· Customer Fund and Configuration Management

· OEMS / SOR (onshore and offshore)

· Report Suite for operational and financial data

· Management console for position, trades and commissions per user

· Priority operational support

· Custody of Digital Assets

· Treasury Management

· Generation of operational, financial and tax reports

· AML/TF Control for Digital Assets

· Position, operations and commission management per user

· Priority operational support

MPC Custody:

· Custody of Cryptoassets in MPC Wallets

· Compliance Controls (KYC/AML/KYT) for Digital Assets

· Defi / Staking Support (roadmap for Q2/22)

· Creation, operation and control of unlimited custody addresses

· Policies & Rules Engine for transferring digital assets

· Unlimited number of users on the platform

· APIs for integration, including: creating addresses, checking balances, signing transactions, temporary limitation and unlocking escrow addresses, among others

· Backup and Disaster Recovery System

· SaaS, Hybrid, or OnP deployment options

Parfin Terminal (included with MPC Custody):

· Treasury management

· Reporting and Billing

· Portfolio consolidation and Risk Management

· User management

· Advanced Operational Reports

· Integration thru APIs

· Operational support

Applicable fees:

· Minimum Monthly Fee: [**] dollars (US$[**])

Crypto Plug & Play Full Service:

· Implementation Fee: [**]

· Transaction Volume Fee: rate levied on the [**] volume of purchase and sale operations according to the following table:

· Up to USD[**]M: [**]%

· USD[**]M to USD[**]M: [**]%

· USD[**]M to USD[**]M: [**]%

· Higher than USD [**]M: [**]%

MPC Custody (includes Parfin Terminal):

· Implementation Fee: [**]

· Transaction Volume Fee: annual fee levied on the [**] volume of assets under custody (AUC), according to the following table:

· Up to USD[**]M: [**]%

· USD[**]M to USD[**]M: [**]%

· USD[**]M to USD[**]M: [**]%

· Higher than USD[**]M: [**]%

Parfin’s billing model is based on the PAYG (“pay as you go”) model with a minimum consumption commitment. The sum of the aforementioned Minimum Monthly Fees form the minimum monthly commitment and will be due by the Client to Parfin after the start of production regardless of the use of the platform. The minimum monthly consumption commitment is shared by the volume of both products. If one of the products alone exceeds the [**] thousand dollars (USD[**]) minimum commitment, no minimum fee will be charged.

Consumption fees linked to the execution of purchase and sale operations or AUC (“assets under custody”), specified above, will be calculated according to the rule established in the respective systems of “tiers” (or bands). Execution costs are not included in Parfin’s fees. Applicable execution costs include, but are not limited to, [**].

Other provisions:

Parfin will grant a contractual “waiver” (discount) of [**]% on the Minimum Monthly Rate for a period of [**] months from the signing of the agreement. During this period, only the fees per volume used will be considered.

The calculation of the aforementioned Fees will be done every calendar month, by sending the corresponding tax invoice for the provision of services to the Client.

The Client may terminate the agreement after the twelfth month at any time without contractual penalty, subject to a minimum notice of [**] days. If the Client terminates the Agreement before [**] ([**]) months (considering [**] months of waiver), the respective Minimum Monthly Fee pending until the [**] month will automatically expire, and the Client will be obliged to credit Parfin with this remaining balance at the time of termination.

Notwithstanding Parfin’s obligations contained in this agreement, Parfin undertakes to:

1) Obtain SOC 2 Type 2 approval by September 2022;

2) Ensure the restriction of access via API to only the IP’s of Internet output from XP (White List) - It is already implemented

3) Integrate the access control and logins of the Platform with one of the Client’s access control systems (Azure AD or Office 365 or SAML) by June 2022. The integration in question covers:

(a) Integration between Parfin Platform with XP’s Azure AD via SAML;

(b) Creating a user on the Parfin Platform that is linked to XP’s Azure AD; and

(c) Parfin Platform login authentication based on XP’s Azure AD credentials.

The Client undertakes to make resources available and allocate professionals in a timely manner for the execution of items 2 and 3 above within the agreed deadlines.

The Parties acknowledge the veracity, authenticity, integrity, validity and effectiveness of this instrument, in electronic format and/or signed by the Parties through electronic certificates, even if they are electronic certificates not issued by ICP-Brasil, as provided for in article 10, paragraph 2 of Provisional Presidential Decree No. 2.220-2, of August 24, 2001, such as, for example, by uploading and existing this instrument on platforms such as DocuSign or similar.

São Paulo, April 25, 2022

By:	[**]
	Name: [**]
	Title: [**]
By:	[**]
	Name: [**]
	Title: [**]

CONTRACTOR

By:	[**]
	Name: [**]
	Title: [**]
By:	[**]
	Name: [**]
	Title: [**]

CLIENT

Witnesses:

By:	[**]
	Name: [**]
	Title: [**]

By:	[**]
	Name: [**]
	Title: [**]

EXHIBIT I: CRYPTO PLUG & PLAY

The purpose of this term is to establish the terms and conditions in order to regulate the rights and duties between Parfin and the Client in order to facilitate the structuring, development, implementation and maintenance of the Crypto Plug&Play system to be offered by Parfin to the Client in accordance with Parfin’s Terms and Conditions of Use, in addition to the specific conditions set out below:

1.    From Crypto Plug&Play Service

1.1. Parfin has developed a technological integration solution that allows it to act in the form of Crypto Plug&Play, making it available to its customers, through a service provided 100% (one hundred percent) through APIs (Application Programming Interface), so that customers can offer its users (“Users”), directly on the Customer’s front-end, the service of purchase and sale of digital assets by its Users.

1.2. Through the Crypto Plug&Play modality, Parfin will act as an agent for the purchase, sale and custody of digital assets for Users, in accordance with the specific conditions agreed in the form of the Summary Table of the Service Agreement.

1.3. Parfin, through this instrument and observing the specific conditions defined in the Summary Table of the Service Agreement, undertakes to provide Crypto Plug&Play services and solutions to the Client, undertaking to provide development, implementation and maintenance services purchase, sale and custody services of digital assets through APIs owned by Parfin.

1.4. The Client may, at any time, request the expansion, customization and/or development of new functionalities of the Crypto Plug&Play system, in which case Parfin will evaluate the Client’s requests and formulate a specific proposal for the provision of services to the Client, in which the commercial conditions, deadlines and other specific rules for the adjustment requested by the Client remain agreed. Thus, Parfin will only be obliged to make the adjustments requested by the Client in the form and term of the specific contractual instrument that will be entered into between Parfin and the Client.

2.    System Integration

2.1. For the correct provision and availability of the Crypto Plug&Play Services by Parfin, it is essential to integrate Parfin’s systems with the Client’s, which is why the Client undertakes to:

a. Integrate your solutions with Parfin’s APIs, in accordance with the technical and security standards established by Parfin, and be responsible for the correct use of all software and hardware necessary for the use of the Crypto Plug&Play service and other systems made available by Parfin within the scope of this instrument;

b. Dedicate the necessary resources for the correct implementation and/or integration with Parfin’s APIs, as well as for the development of the front-end that will be integrated with Parfin’s APIs;

c. Be responsible for the use of the Crypto Plug&Play system, APIs and other systems offered by Parfin, adapting its operational structure to the APIs and systems adopted by Parfin;

d. Comply with all rules established by Parfin under the terms and deadlines of the Summary Table and/or this instrument, especially those related to the security of API integration systems, technical standards, functionalities and other procedures related to the Crypto Plug&Play system, using methods that guarantee a security level, including compliance with specific policy regarding the security of API integration systems;

e. Be responsible for Parfin’s full reimbursement in case of systemic errors by the Client that will result in financial losses for Parfin;

2.2. In turn, in order to enable the correct integration of the Client’s systems for the provision of Crypto Plug&Play services, Parfin undertakes to:

a. Make available, implement and be responsible for maintaining the APIs necessary for the Crypto Plug&Play service;

b. Implement the improvements, adjustments and customizations requested by the Client in the form of the instruments that may be entered into;

3.    Compliance Policy - AML/KYC

3.1. Parfin values the highest standards and best practices in terms of Compliance and protection against money laundering and terrorist financing, which is why, throughout the term of this Agreement, the Client undertakes to:

a. To be solely and exclusively responsible for managing the receipt and transfers of resources from Users to themselves and from themselves to Users, for meeting the legal and regulatory requirements of its Users, especially the AML/KYC processes, which it undertakes to comply with, and to maintain and update these processes, providing Parfin with documents and evidence related to these diligences whenever requested;

b. Require Users, whenever requested by Parfin, for additional information, documents and vouchers from Users that relate to AML/KYC policies and other compliance and regulatory policies typical of the financial and digital assets market, as well as making them available to Parfin when required, within up to five (5) days of the request, access to compliance policies, information security, AML/KYC, monitoring of suspicious transactions, code of ethics and conduct and other procedures and policies adopted by the Client that aim to guarantee security in transactions with third parties;

c. Develop AML/KYC policies and processes, internally or through third parties, parameterized according to the needs of their business, to be carried out monthly, assuming responsibility for reporting to Parfin any and all transactions that may constitute evidence of money laundering and other white collar crimes, including those provided for in Federal Law No. 9.613/98 and/or the UK Bribery Act, with special attention being paid to transactions that have substantial evidence or that money and other white collar crimes;

4.    Operating Obligations

4.1. In addition to the systems integration provided for in item 2 above, in order for Parfin to correctly provide the Crypto Plug&Play Services, the Customer undertakes to:

a. Inform Users of the risks associated with investments in cryptoassets and request their consent before allowing them to carry out purchase and sale operations of these assets through Parfin, ensuring that they have access according to the risk profile (suitability);

b. Ensure that Users have a financial balance with the necessary volume to carry out the intended purchase of digital assets, before sending the purchase order to Parfin;

c. Ensure that Users have a balance of digital assets with the necessary volume for the intended transaction, before sending the sales order to Parfin;

d. Ensure that Users authorize, if necessary, the opening by Parfin of payment accounts held by Users with Parfin to enable the execution of purchase and sale orders of Users’ Digital Assets, ensuring that the account in question will be controlled by Parfin and will have the sole and exclusive purpose of making payments, credits or debits related to the financial settlements necessary for the execution of the purchase and sale orders of Digital Assets transmitted by the Users;

e. Comply with the automation of transfers of financial resources for the purpose of financial settlement of digital asset purchase transactions carried out by Users, ensuring that the amount related to the purchase is immediately transferred from the User’s account to an account held by

Parfin (“Operating Account”) or, in the event mentioned in item “d” above, that the amount related to the purchase be transferred to the User’s payment account with Parfin;

f. If the Operating Account is held by the Client, give Parfin the respective access to control the Operating Account, either through an API or web interface.

g. Ensure that all Users have adhered to Parfin’s Terms and Conditions of Use and Privacy Policy, in addition to the specific terms of the Crypto Plug&Play service, which must be replicated by the Client to users, in order to ensure complete awareness and agreement by Users with the terms set forth in this instrument;

h. Ensure that, in the event mentioned in item “d” above, in the Digital Asset sales operations, Users authorize Parfin to proceed with the transfer of funds from the User’s Payment Account with Parfin to the User’s account with the Client.

4.2. In turn, in order to maintain adequate operational levels, Parfin undertakes to:

a. Maintain a level of support adequate to the Client’s demands, observing the SLO standards set forth in the Terms and Conditions of Use;

b. Ensure the security of digital assets that belong to Users and are in the custody of Parfin, subject to the provisions of the Terms and Conditions of Use of the Service Agreement;

c. Provide the Client and Users with adequate financial, operational and tax reports for the development of the service;

d. Comply with Normative Instruction No. 1.888/2019 of the Brazilian Federal Revenue Office, providing the Federal Revenue Office of Brazil with all information related to the operations of Users carried out by the Parfin platform under the terms of said normative instruction, being the responsibility of the Client and/or the User is responsible for the correct and punctual collection of any taxes levied on the operations carried out;

e. Ensuring the Client access to Parfin’s platform for consultation and visualization of purchase and sale transactions, balances and custody holdings and extraction of adequate reports for the development of the service;

f. Comply with the automation of transfers of financial resources for the purpose of financial settlement of digital asset sales transactions carried out by Users, ensuring that the amount related to the sale is transferred from an account held by Parfin (“Operating Account”) to the account of the User, or, in the event mentioned in item “d” of item 4.1 above, that the amount related to the sale be transferred from the Operating Account to the User’s payment account with Parfin, to then be transferred to the User’s Account of the User with the Customer.

g. Observe, respect and comply with all laws, regulations and instructions applicable to its activities, including, but not limited to, consumer protection rules, the Brazilian General Data Protection Law, as well as those issued by the competent regulatory bodies, in particular the Securities and Exchange Commission, the Federal Revenue Office and the Central Bank

5.    Purchase and Sale Execution

5.1. For the provision of Crypto Plug&Play Services, Parfin will be responsible for executing the purchase and sale orders of digital assets requested by the User, observing the following premises:

a. The execution of purchase and sale orders for Digital Assets sent by the User will follow the following process:

i. User will select the type of Digital Assets he wants to quote, the type of operation (purchase or sale), and the desired number of Digital Assets or the equivalent amount in reais;

ii. User will send orders according to the price quote of the Digital Asset presented by Parfin’s platform;

iii. Parfin will execute the order sent by the User to buy or sell the Digital Asset at partner broker dealers and by the quotation presented by the platform at the time of sending the order by the User;

iv. In the case of purchase, the User will send the purchase value of the Digital Assets to Parfin, and in the case of sale, Parfin will send the sale value to the User to the accounts previously informed in the registration.

v. Parfin will keep records of the executed purchase and sale orders, in particular the amount of assets that the User will be entitled to in the case of executed purchase orders, as well as the amount of assets that the User will be available in the case of executed sale orders.

b. Parfin may refuse to process the User’s purchase or sale orders in the following cases:

i. If there is not the necessary quantity of the Digital Asset available on the market to execute the User’s complete order;

ii. If Parfin’s partner Digital Assets broker dealer is not available at the time of sending the order by the User;

iii. If Parfin has any suspicion that the purchase or sale order is being carried out for illegal activities (such as fraud);

iv. If Parfin suspects that the purchase or sale instruction may have an adverse effect on Parfin’s reputation; and

v. If Parfin identifies a volatility of the Digital Assets outside the expected patterns, which may imply a drop in liquidity, at Parfin’s sole discretion.

c. Parfin will execute orders to buy and sell digital assets under conditions favorable to Users, using its best efforts to obtain the best relationship between asset price, liquidity, market and counterparty risks;

d. Parfin will manage and use its own capital, limits and other resources necessary to execute orders to buy and sell Digital Assets at partner broker dealer firms.

5.2. Parfin will not be held responsible for the refusal to execute the orders sent by the User in the event of any of the hypotheses provided for in item “b” above, recognizing the Client that both he and the User will not, under any circumstances, be entitled to any kind of indemnity, fine and/or loss of loss of profit.

6.    Market Information

6.1. Parfin compiles and publishes Digital Assets market data. The Client understands, acknowledges and agrees that the values of the digital assets displayed by Parfin may be lagging behind the market and, therefore, may not reflect the market value of the Digital Assets at that exact moment. In any case, the Client agrees that such market data will be used for the purposes of managing the Client’s and Users’ wallet and for executing orders to buy and sell Digital Assets.

6.2. The Customer agrees that Parfin will not be responsible for any adverse consequences that the Customer and/or the User may experience, regardless of the value and/or nature, as well as for the costs that may be incurred, arising from any lapse, failure, stoppage or error. regarding Digital Assets market data compiled and published by Parfin.

6.3. Parfin may share (including by sale or license) market data with third parties. This market data will not identify any specific customer, nor will it attribute transactions to a particular customer, so any data shared will be anonymized.

6.4. The Client will not be able to store the market data provided by Parfin, being only allowed the consultation of such data by the Client via API or web consultation, the Client may not store and/or use such data for any purpose other than calculating the profitability of the Users.

7.    Extraordinary Services

7.1. In case the User requests a service not included as part of Crypto Plug&Play, directly to Parfin, Parfin undertakes to consult and obtain prior authorization from the Client to provide the direct service.

8.    Custody by Parfin

8.1. For the correct provision of Crypto Plug&Play Services, the Client appoints Parfin as its custody services provider in accordance with the rules and conditions set forth in this Section 8, in addition to those provided for in Parfin’s Terms and Conditions of Use and Privacy Policy.

8.2. Parfin will provide the Client with segregated and controlled custody wallets to store certain digital assets supported by Parfin (“Wallets”) on behalf of the Client. The Digital Assets in the Client’s Wallets are not treated as general assets of Parfin, serving Parfin as a trustee and custodian on behalf of the Client, and the Digital Assets in the Client’s Wallets are considered to be fiduciary assets that remain in the possession of the Client and are held by Parfin in custody for the Client.

8.3. Parfin will store Digital Assets that require high availability in partner broker dealer firms and/or the Client’s online Wallets (Warm) as working capital to comply with the Users’ execution requirements. The Digital Assets that Parfin requires high availability will be stored in the Client’s offline Wallets (AirGap), in the minimum proportion to be decided by mutual agreement between the Parties.

8.4. Parfin securely stores all Supported Cryptoassets private keys associated with its Parfin Wallets. Client accepts and agrees that Parfin will retain full ownership and control of the Private Keys associated with its Parfin Wallets and that Client will have no control, access or ability to use such Private Keys.

8.5. Parfin has a partnership with Coincover for the recovery of Digital Assets from the Client’s Wallets, in case Parfin’s systems are compromised. In this case, the back-up private key stored by Coincover together with non-sensitive Client information stored offline by Parfin or by the Client, may be used to recover the private keys belonging to the Client’s Wallets. The Wallet recovery procedure must be consulted by the Client with Parfin.

9.    Network Protocol and Operating Rules

9.1. The underlying software protocols that govern the operation of Supported Cryptoassets are open source. Thus, anyone can use, copy, modify and distribute them and Parfin has no domain or control over these protocols. By contracting the Crypto Plug&Play Service, you accept and agree that:

a. Parfin is not responsible for the operation of any underlying software protocols of the cryptoasset network and makes no guarantee as to their availability, security or functionality;

b. The underlying software protocols are subject to sudden changes in operational rules (known as “forks”) and that such forks can materially affect the value, function and/or name of any cryptoassets you store in your Parfin Wallets. In the event of a fork, Parfin may, with or without notice, temporarily suspend our operations and, in our sole discretion, decide whether or not to support any branch of the forked protocol;

c. Parfin has no control over, nor accepts any responsibility for, any underlying blockchain network issues, including but not limited to forks, double spend and 51% attacks, for which Parfin cannot be held liable, the Client being aware of such premise; and

d. If Parfin decides not to support a forked protocol branch, you will not have access to the assets of that fork after the date Parfin ceases to support such fork. These assets will be held securely by

Parfin and we will not buy or sell them. We may agree to transfer these assets to you or make them available to you, but we reserve the right to charge fees in connection therewith.

10.    Intellectual Property

10.1. The intellectual property rights of the brands and programs related to Parfin, to this instrument, to the Crypto Plug&Play services are the exclusive property of Parfin, and the use of any of them does not confer any ownership right or license to use such rights, brands and programs for the Client and/or its Users.

10.2. Likewise, Client acknowledges that all systems, including but not limited to APIs made available by Parfin for the purposes of Crypto Plug&Play, as well as any enhancements, enhancements, new developments and/or releases, even if arising from Client’s requests, belong solely and exclusively to Parfin, which is the sole and legitimate holder of any and all intellectual and/or industrial property rights related to these products and services resulting from this instrument, notably the property rights relating to the economic and commercial exploitation of the products that belong exclusively to Parfin.

11.    Data Protection

11.1. Parfin declares that it is aware of and in compliance with the rules applicable to privacy and data protection, including, but not limited to, the Brazilian General Data Protection Law (Law 13.709/2018 - “LGPD”), Consumer Protection Code (Law 8.078 /1990), the Civil Code (Law 10.406/2002), the Marco Civil da Internet (Law 12.965/2014), the Federal Constitution and other related rules, especially regarding the rights of the holder of personal data provided for in art. 18 of the LGPD and the general principles listed in art. 6 of the same legal provision.

11.2. The Client is aware that, in order to enable the correct provision of Crypto Plug&Play services, Parfin performs data processing operations, both for the Client and its Users, as expressed in its Privacy Policy, the Client being aware that should consult it and, where applicable, reproduce it to its Users, being obliged to act in accordance with it.

11.3. Parfin shall not process sensitive or personal data, use or disclose them in any way and for any purpose other than that which justified their access, being obliged only to share them if the due legal basis is observed.

11.4. Without prejudice to the above provisions, the Parties mutually undertake to comply with any justified request from Party to Party regarding information regarding the processing of personal data carried out pursuant to this instrument.

11.5. If either Party performs data processing operations in disagreement with the obligations assumed herein, or in case of non-compliance with any legitimate request for information or data deletion, under the terms of this instrument and the applicable rules, the defaulting Party will be the solely and exclusively responsible for any consequences arising from the fact.

11.6. The Client declares, for all due purposes, that it has the proper legal basis and/or authorization of its Users to share their personal data with Parfin, so that Parfin can provide the Crypto Plug&Play service, taking full responsibility for any questions of Users in relation to any personal data shared with Parfin.

12.    Confidentiality and No Solicitation

12.1. The Parties agree, by mutual agreement, to maintain confidentiality in accordance with the following sections and conditions:

12.2. The sharing of data and information will be solely and exclusively so that Parfin can make the Crypto Plug&Play system available to the Client, requiring the evaluation and knowledge of confidential information. The Parties expressly agree that “Confidential Information” will be considered as any and all information disclosed by one Party to the other, by any means and in any form, whether electronic, written or verbal, by the representatives of the disclosing party and/or any of its collaborators, including

but not limited to all tangible, intangible, visual, electronic, present or future information, such as: (a) trade secrets; (b) financial information, including prices; (c) technical information; including research, development, procedures, eventual algorithms, data, designs and know-how, source codes, code repositories, programming code sets, designs, plans, drawings, data, notes, documents, reports, observations, materials, documents; (d) any inventions, discoveries and improvements, designs, drawings, blueprints, databases, product ideas, concepts, prototypes, features, procedures, training, promotional materials, training courses and other training and instructional materials; and (f) the terms of any agreement, written or otherwise, entered into between the Parties and the discussions, negotiations and proposals related thereto. Confidential Information will also be considered, for all purposes, the very existence of this instrument and the nature of negotiations and discussions, in addition to any other terms, conditions or other facts relating to such negotiations and discussions.

12.3. By this instrument, the Parties undertake, on an irrevocable and irreversible basis, to:

a. Maintain the confidentiality of any and all Confidential Information received at any time, as well as undertake that its officers, employees, agents or professionals, in any capacity, will also maintain the confidentiality of Confidential Information;

b. Refrain from disclosing or providing, without the prior written consent of the disclosing party, to any individual or legal entity, any Confidential Information;

c. Take all precautions to maintain confidentiality, object of this Agreement, so that Confidential Information cannot be used for any purposes other than the provision of Crypto Plug&Play services by Parfin and provided that it is expressly authorized by the disclosing party;

d. Return to the other Party, at the end of negotiations regarding a possible partnership, or immediately, if requested, any Confidential Information in tangible form, without keeping copies of such information, as well as other materials, whether in digital or physical format, even if prepared or developed by the receiving party and/or that include any part of the Confidential Information; and

e. Keep as confidential and not reveal to any individual or legal entity the discussions or negotiations regarding this instrument.

12.4. The Parties will use Confidential Information for the sole purpose for which it was disclosed.

12.5. For purposes hereof, the following information will not be considered Confidential Information:

a. Information that is in the public domain at the time of signature of this instrument, or becomes public domain after this date, other than for breach of any of the obligations of this instrument or the breach of another contractual or legal obligation, or as a result of an act or omission of any of the Parties;

b. Information obtained as a result of the execution of the work resulting from this instrument, which must be disclosed by the Parties due to a judicial, legal or regulatory determination;

c. Information that may become available to any of the Parties in a non-confidential manner by third parties (not related to the Parties and/or the works provided herein), exclusively as long as they are legally or contractually authorized to provide it; or

d. Information that has been developed by one of the Parties independently of any information provided by other Parties.

12.8. Additionally, during the term of this instrument and after 12 (twelve) months from the end of the services offered under this term, Parfin may not try to attract, for itself or for third parties, any User, nor try to persuade any individual or legal entity that is a Client’s user to cease doing business or to reduce the amount of business that such person normally does or intends to do with Client.

13.    Representations and Warranties

13.1. Parfin has implemented and will maintain in place an information security program that includes the adoption of policies and procedures reasonably designed to protect Parfin’s electronic systems and Clients’ confidential information.

13.2. Parfin declares and warrants that:

a. It will hold the Digital Assets and segregate all digital assets both (i) owned by Parfin and (ii) from the assets of other Parfin customers;

b. Has no right, interest or title in Client’s digital assets;

c. Will not loan, pledge or mortgage any digital assets of Clients;

d. It will maintain adequate capital and reserves to the extent required by applicable law; and

e. It will not make any public statement, including any press release, media release or blog post that mentions or refers to Client or a partnership between Parfin and Client, without Client’s prior written consent.

14.    General Provisions

14.1. Nothing in this instrument shall be construed as granting an implied license or ownership of any other nature, nor rights of any kind over the Confidential Information or intellectual property rights of one Party to the other. Thus, at the request of the disclosing party, the receiving party shall immediately, upon receipt, destroy or return, as indicated by the disclosing party, all Confidential Information that is in its custody, including, but not limited to, documents, analyzes or any other written materials that are delivered or generated by virtue of the terms and conditions embodied in this instrument, without a copy of such information being kept.

14.2. The Parties declare and agree that the breach of this instrument may cause losses, damages and irreparable harm to the other Party. Thus, in case of violation of any provision of this instrument, the defaulting Party shall indemnify the other for any losses, damages and losses caused directly or indirectly, and the indemnity will only be due after a court decision, subject to the provisions of the Terms and Conditions of Use.

14.3. Parfin is not responsible for the tax obligations of the Users and/or the Client arising from the purchase and sale of digital assets carried out through Parfin’s platform, as well as the collection thereof, being obliged to inform the user about their tax liabilities arising from the transactions carried out. Additionally, the Client is aware that all transactions carried out by the Client and/or user will be duly communicated by Parfin to the Brazilian Federal Revenue Office, in strict compliance with Normative Instruction No. 1.888/2019 of the Brazilian Federal Revenue Office, which is not any assumption of tax liability on the part of Parfin in relation to the operations carried out by the Client and/or the user.

14.4. If any commitment or other provision of this instrument is held to be illegal or unenforceable, in whole or in part, in accordance with any enactment or principle of law, such commitment or other provision or part thereof shall be deemed not to form part of this instrument, but the validity of the remainder of the commitments and other provisions of this instrument will not be affected.

14.5. Any omission by either Party regarding compliance with this instrument will constitute mere tolerance and will not result in novation, alteration or modification of contractual sections.

14.6. This instrument will be interpreted in under the laws and will be subject to the jurisdiction of Brazilian courts.

14.7. The jurisdiction of the Judicial District of São Paulo, State of São Paulo, is elected as the only one competent to eliminate doubts arising from this instrument, with express waiver of any other, however privileged it may be.

EXHIBIT II: CUSTODY

The purpose of this term is to establish the terms and conditions in order to regulate the rights and duties between Parfin and the Client in order to facilitate the structuring, development, implementation and maintenance of a Cryptoasset custody system to be offered by Parfin to the Client of in accordance with Parfin’s Terms and Conditions of Use, in addition to the specific conditions set out below:

1.    Custody Service

a. The Client appoints Parfin as its Custody Services provider in accordance with the rules and conditions set forth in these terms, in addition to those set out in Parfin’s Terms and Conditions of Use and Privacy Policy.

b. Parfin will provide Client with a segregated and controlled custody wallet by Parfin to store certain Parfin-supported digital assets as defined below on behalf of Customer (“Custody Services”). The Digital Assets in the Client’s Custody Account are not treated as general assets of Parfin, Parfin serving as a trustee and custodian on behalf of the Client, and the Digital Assets in the Client’s custody wallet are considered to be fiduciary assets that remain the property of the Client and are held by Parfin in custody for the Client.

c. Parfin will charge the fees specified in the Summary Table for custody services. Parfin may propose changes in the value of fees at any time, at least 30 (thirty) days in advance of such changes to the Client. If the Client does not agree with the new fees imposed by Parfin, the Client may choose to terminate the custody services, without any cost and/or penalty.

d. By maintaining its wallet, the Client authorizes Parfin to automatically debit from its wallet the amounts due as fees arising from the Custody Services as agreed in the Summary Table.

e. Digital assets are stored in the Client’s wallet in accordance with these terms and are not mixed with other clients’ digital assets. Parfin reserves the right to refuse to process or cancel any outstanding escrow transaction as required by law or in response to a subpoena, court order or other binding government order or to impose transaction limits or if Parfin reasonably believes that the Custody Transaction may violate or facilitate the violation of an applicable law, regulation or rule of a governmental authority or self-regulatory organization.

f. Parfin cannot reverse a Custody Transaction that has been transmitted to a Digital Asset network.

2.    Wallet

2.1 Parfin wallets allow you to send, receive and store certain cryptoassets (together, “Parfin Wallet(s)”).

2.1.1 We reserve the right to provide support for specific cryptoassets (“Supported Cryptoassets”). Information about Supported Cryptoassets can be found on the Parfin Support Portal (support.parfin.io). We may change Supported Cryptoassets from time to time without notice, in which case we will notify you to withdraw within ten (10) days. After this period, the balance will be unavailable for withdrawal. Under no circumstances should you attempt to trade on the Parfin Wallet in relation to a cryptoasset that is not a Supported Cryptoasset. Before completing any operation on the Parfin Wallet, you must therefore ensure that cryptocurrencies are on the updated list of Supported Cryptoassets. Including, but not limiting the generality of the foregoing, you accept and agree that you will have no access, right or claim to:

a. Any cryptoasset sent to a receiving address associated with your Parfin Wallet, where that cryptocurrency is not a Supported Cryptoasset; or any cryptoasset sent to a receiving address associated with your Parfin Wallet, where that receiving address is associated with another cryptoasset. For example, you will not have access, right or claim to any Bitcoin Cash (BCH) sent to a Bitcoin (BTC) receiving address.

2.1.2. We will process Parfin Wallet transactions in accordance with your instructions, subject to the provisions of these Terms. You accept and agree that Parfin will not:

(i) guarantees the identity of any user, judicial depositary or other party to a Parfin Wallet transaction. You are solely responsible for ensuring that all permitted addresses or details of the operation of the Third-Party Service are correct, and you must carefully verify all transaction information before submitting the transaction instructions to Parfin, and you acknowledge that entering of incorrect operations for Parfin may result in loss to you for which Parfin bears no responsibility;

(ii) have any control over or any responsibility for the delivery, quality or any other aspect of any goods or services that you may buy or sell to any third party. Parfin will not be responsible for, and will not take any action in relation to, ensuring that any buyer or seller with whom you transact using your Parfin Wallet completes the relevant transaction or has the necessary competence to do so;

(iii) has control, nor does Parfin accept any liability with respect to any underlying blockchain network issues, including but not limited to forks, double spend and 51% attacks.

2.2 You may receive Supported Cryptoassets in your Parfin Wallet by providing the sender with the receiving address of your Parfin Wallet. Your Parfin Wallet will only be credited with Supported Cryptoassets sent to the receiving address of your Parfin Wallet and associated with such Supported Cryptoassets. For example, your Parfin Wallet will be credited with ETH when it is sent to an ETH receiving address from your Parfin Wallet. Likewise, the Parfin Wallet will only allow you to send Supported Cryptoassets to other wallets previously registered by you on the Parfin Platform, which will depend on KYT analysis and Parfin’s approval.

3.    Wallet Security

3.1 Parfin securely stores all Supported Cryptoassets private keys (“Private Keys”) associated with its Parfin Wallets. You accept and agree that Parfin will retain full ownership and control of the Private Keys associated with your Parfin Wallets and that you will have no control, access or ability to use such Private Keys. For example, but without limiting the generality of the foregoing, Parfin will not:

a. accept or comply with any instruction to sign any data with a Private Key;

b. give access to any funds associated with your private keys, other than those of Supported Cryptoassets associated with your Parfin Wallet;

c. allow the creation of any deposit address associated with a Private Key, except the receiving addresses associated with your Parfin Wallet.

3.2 When you select a Wallet protected by Digital Asset Services Ltd. (“Coincover”) (“Coincover Protection”), you agree that we may share your information with Coincover so that they can provide you with a personalized certificate of coverage (“Coincover Protection Certificate”). By selecting Coincover Protection, you confirm that you have read and understood Coincover’s Coverage Document and Terms and Conditions, and agree that coverage is appropriate for your circumstances. Coverage begins on the start date indicated on your Coincover Protection Certificate.

3.3 Parfin has a partnership with Coincover for the recovery of Digital Assets from the Client’s Wallets, in case Parfin’s systems are compromised. In this case, the back-up private key stored by Coincover together with non-sensitive Client information stored offline by Parfin or by the Client, may be used to recover the private keys belonging to the Client’s Wallets. The Wallet recovery procedure must be consulted by the Client with Parfin.

4.    Operation in Cryptoassets Networks

4.1 When you use your Parfin Account to send or receive cryptoasset, the transaction must be confirmed and recorded in the public ledger associated with the corresponding cryptoasset network (e.g., the Bitcoin network or the Ethereum network). This cryptoasset network is solely responsible for verifying and confirming such operations. Parfin cannot confirm, cancel or reverse operations on a cryptoasset network, except to confirm to you that the network has completed the operation. You accept and agree that:

a. Once submitted to a cryptoasset network, an operation will be pending for a period of time awaiting proper confirmation of the operation by the network. An operation will not be completed while it is pending. The funds associated with transactions that are pending will be designated accordingly and will not be included in your Parfin Wallet balance or will be available for you to carry out transactions;

b. When you send cryptoassets from your Parfin Wallets, you are authorizing us to send your transaction request to the corresponding cryptoasset network. Once the trade request has been sent to the corresponding cryptoasset network, the network will automatically complete or reject the request and neither you nor Parfin will be able to cancel or modify your trade, even if you have incorrectly entered the recipient’s wallet details; and

c. Cryptoasset networks are operated by decentralized networks of independent third parties. They are not owned, controlled or operated by Parfin. Therefore, we cannot guarantee that any transaction details you submit will be confirmed by the cryptoasset network in question. You agree that any transaction details you submit may not be completed, or may be materially delayed, by the cryptoasset network used to process the transaction and Parfin is not responsible for any delay.

4.2 If any instruction received by Parfin is ambiguous, Parfin will refuse to carry out such instructions until such ambiguity has been resolved to Parfin’s satisfaction. Likewise, Parfin may refuse to carry out instructions if, in Parfin’s opinion, such instructions are outside the scope of its obligations under this Agreement or are contrary to any applicable law, rule or other regulatory requirement (whether arising from any authority government or self-regulatory organization)

4.3 Client must manage and secure any and all information or devices associated with deposit and withdrawal verification procedures, including two-factor authentication and passwords or other security or confirmation information.

4.4 Parfin reserves the right to charge network fees (mining fees) to process a digital asset transaction on behalf of the Client. Parfin will calculate the network fee, if any, seeking to optimize costs while maintaining a high level of preference in processing the transaction on the network. Parfin will make the network fee available for consultation by the Client on the platform after the completion of any transaction.

4.5 The network fees (mining fees) referred to in item 4.4 above are dynamic, and may vary depending on the volume and/or moment of the transaction carried out, and Parfin is hereby authorized to deduct from the Client and/or User’s balance network fees (mining fee) if the intended transaction amount is less than the network fees (mining fee). In the event of such a situation and, if the Client and/or User does not have sufficient balance to cover the network fees (mining fee), the operation will not be processed by Parfin, without any right to fine, indemnity and/or claim on the part of the Client and/or User, regardless of value or nature.

5.    Network Protocols and Operating Rules

5.1 The underlying software protocols governing the operation of Supported Cryptoassets are open source. Thus, anyone can use, copy, modify and distribute them and Parfin has no domain or control over these protocols. By using the Parfin Account, you accept and agree that:

a. Parfin is not responsible for the operation of any underlying software protocols of the cryptoasset network and makes no guarantee as to their availability, security or functionality;

b. The underlying software protocols are subject to sudden changes in operational rules (known as “forks”) and that such forks can materially affect the value, function and/or name of any cryptoassets you store in your Parfin Wallets. In the event of a fork, Parfin may, with or without notice, temporarily suspend our operations and, in our sole discretion, decide whether or not to support any branch of the forked protocol; and

c. If Parfin decides not to support a forked protocol branch, you will not have access to the assets of that fork after the date Parfin ceases to support such fork. These assets will be held securely by Parfin and we will not buy or sell them. We may agree to transfer these assets to you or make them available to you, but we reserve the right to charge fees in connection therewith.

5.2 In the case of Parfin Wallets with offline subscription (“AirGap Cards”), once the withdrawal is approved by a User of the Client, Parfin will ask the approving user to schedule a video conference with Parfin for operational verification of the withdrawal and identity of the approver, without limiting other additional verifications at Parfin’s discretion. Once the verification has been completed, Parfin will have a period of up to 24 (twenty-four) hours to process transactions with the withdrawal of digital assets from the Client’s wallet and submission of the withdrawal to the network of digital assets in question. Parfin keeps one of the pieces of the private key required to complete the signature of the digital asset transaction offline, which is why Parfin needs the deadline in question.

5.3 Customer acknowledges and agrees that a custodial transaction in relation to AirGap Wallets may be delayed, and that transactions may take up to 24 (twenty-four) hours, in accordance with the above clause, to be effected from the Customer’s wallet.

6.    Representations and Warranties

6.1. Parfin has implemented and will maintain in place an information security program that includes the adoption of policies and procedures reasonably designed to protect Parfin’s electronic systems and Clients’ confidential information.

6.2 Parfin declares and warrants that:

a. Parfin will hold the Digital Assets and segregate all digital assets both (i) owned by Parfin and (ii) from the assets of other Parfin customers;

b. Parfin has no right, interest or title in Client’s digital assets;

c. Parfin will not loan, pledge or mortgage any digital assets of Clients;

d. Parfin will maintain adequate capital and reserves to the extent required by applicable law; and

e. Parfin will not make any public statement, including any press release, media release or blog post that mentions or refers to Client or a partnership between Parfin and Client, without Client’s prior written consent.

CONSENT TO ELECTRONIC RECEIPT OF ELECTRONIC RECORDS AND SIGNATURE DISCLOSURES

Electronic Registration and Disclosure of Signature

From time to time, XPI Suprimentos may be legally obligated to provide you with certain written notices or disclosures. Described below are the terms and conditions for providing you with such notices and disclosures electronically through the DocuSign, Inc. electronic signature system. (DocuSign). Please read the information below carefully and thoroughly, and if you can satisfactorily access this information electronically and agree to these terms and conditions, please confirm your acceptance by clicking on the “I agree” button at the bottom of this document.

Obtaining hard copies

At any time, you may request from us a hard copy of any record provided or made available electronically by us to you. You will be able to download and print documents that we send you through the DocuSign system during and immediately after the signing session, and if you choose to create a DocuSign user account, you will be able to access them for a limited period of time (generally 30 days) after the date of first mailing to you. After this period, if you would like us to send hard copies of any of these documents from our office to you, we will charge you a fee of BRL 0.00 per page. You may request delivery of such hard copies from us by following the procedure described below.

Revocation of your consent

If you choose to receive notices and disclosures from us electronically, you may at any time change your mind and inform us at a later date that you wish to receive only printed notices and disclosures. The manner in which you must inform us of your decision to receive future notices and disclosures in print and withdraw your consent to receive notices and disclosures is described below.

Consequences of consent withdrawal

If you choose to receive the required notices and disclosures in paper form only, this will delay the speed at which we are able to complete certain steps in transactions involving you and the delivery of services to you, as we will first need to send the required notices and disclosures in printed format, and then wait until we receive back confirmation that you have received such notices and disclosures in print. To indicate to us that you have changed your mind, you must revoke your consent by completing the DocuSign “Consent Withdrawal” form on the signature page of a DocuSign envelope, instead of signing it. This will indicate that you have revoked your consent to receive notices and disclosures electronically and you will no longer be able to use the DocuSign system to receive necessary notices and consents from us electronically or to electronically sign documents submitted by us.

All notices and disclosures will be sent to you electronically.

Unless you inform us otherwise, in accordance with the procedures described herein, we will electronically provide you, through your DocuSign user account, with all necessary notices, disclosures, authorizations, confirmations and other documents that must be provided or made available. to you during our relationship. To mitigate the risk of you inadvertently failing to receive any notices or disclosures, we prefer to provide all notices and disclosures by the same method and to the same address that you provided to us. Thus, you will be able to receive all disclosures and notices electronically or in print, through the mail. If you do not agree with this process, please let us know as described below. Please also see the paragraph immediately above, which describes the consequences of your choice not to receive notices and disclosures electronically from us.

How to contact XPI Suprimentos:

You may contact us to inform us of your changes to how we may contact you electronically, request hard copies of certain information, and revoke your prior consent to receive notices and disclosures in electronic form as follows:

To contact us by email send messages to: [**]

To contact us by email, send messages to: XPI Suprimentos

To inform XPI Suprimentos your new email address:

To inform us of a change in your email address, to which we must electronically send notices and disclosures, you must send us an email message to [**] and inform, in the message body: your previous email address, your current email address. We do not ask for any other information to change your email address.

Additionally, you must notify DocuSign, Inc to arrange for your new email address to be reflected in your DocuSign account by following the DocuSign email change process.

To order hard copies from XPI Suprimentos:

To request the delivery of hard copies of notices and disclosures previously provided by us electronically, you must send an email message to [**] and inform, in the body of the message: your email address, full name, postal address in Brazil and telephone number. We will charge you the cost of the copies at this time, if any.

To withdraw your consent to XPI Suprimentos:

To let us know that you no longer wish to receive future notices and disclosures in electronic form, you may:

(i) refuse to sign a document from your DocuSign session, and on the next page, tick the box indicating your intention to revoke your consent; or

(ii) send an e-mail message to [**] and inform, in the body of the message, your e-mail address, full name, postal address in Brazil and telephone number. We do not need any other information from you to withdraw your consent. As a consequence of revoking your consent for online documents, transactions will take longer to process.

Required hardware and software**:

(i) Operating Systems: Windows® 2000, Windows® XP, Windows Vista®; Mac OS®

(ii) Browsers: Final versions of Internet Explorer® 6.0 or higher (Windows only); Mozilla Firefox 2.0 or higher (Windows and Mac); Safari™ 3.0 or higher (Mac only)

(iii) PDF Readers: Acrobat® or similar software similar may be required to see and print PDF files.

(iv) Screen Resolution: Minimum 800 x 600

(v) Enabled Security Settings: Allowing cookies per session

** These minimum requirements are subject to change. In the event of a change, you will be asked to accept the disclosure again. Trial versions (e.g.: beta) of operating systems and browsers are not supported.

Confirmation of your access and consent to receive materials electronically:

To confirm that you can access this information electronically, which will be similar to other electronic notices and disclosures that we may send you in the future, please verify that you have been able to read this electronic disclosure and that you have also been able to print or electronically save this page for future use reference and access; or that it was possible to send this disclosure and consent, via e-mail, to an address through which it is possible for you to print or save it for future reference and access. In addition, if you agree to receive notices and disclosures exclusively in electronic form under the terms and conditions described above, please let us know by clicking on the “I agree” button below.

By selecting the “I agree” field, I confirm that:

(i) I can access and read this electronic document, called CONSENT FOR ELECTRONIC RECEIPT OF ELECTRONIC REGISTRATION AND SIGNATURE DISCLOSURE; and

(ii) I may print or save or email this disclosure to where I can print it for future reference and access; and (iii) Until or unless I notify XPI Suprimentos as described above, I consent to receive exclusively in electronic form, all notices, disclosures, authorizations, acceptances and other documents that are to be provided or made available to me by XPI Suprimentos during my relationship with you.