Master Services Agreement

Technology Continuity, Backup and Disaster Recovery Services

This document is accepted electronically as part of the ROCKAXIOM onboarding process. By accepting this agreement through the onboarding portal, you confirm that you have read, understood, and agreed to the terms set out below.

1. Agreement Structure and Order of Precedence

This Master Services Agreement ("Agreement") establishes the legal framework governing the provision of technology continuity, backup, disaster recovery, and related services delivered under the ROCKAXIOM platform.

Operational and service-specific details are contained in associated documents including:

• Order Forms or Quotes
• Product Schedules
• Service Level Agreements (SLA)
• Shared Responsibility Schedules

If any inconsistency arises between contractual documents, the following order of precedence applies:

• Signed Order Form or Quote
• Product Schedule
• Service Level Agreement (SLA)
• Shared Responsibility Schedule
• This Master Services Agreement

2. Definitions

Agreement — This Master Services Agreement and all associated schedules.

Business Hours — 09:00 to 17:00 AEST Monday to Friday excluding public holidays in Tasmania.

After Hours — Any time outside Business Hours.

Backup Infrastructure — Cloud storage platforms, backup agents, storage repositories, and associated infrastructure used to store protected Customer Data.

Confidential Information — Any information disclosed by one party to the other that is designated as confidential, or that reasonably should be understood to be confidential given the nature of the information and the circumstances of its disclosure. This includes but is not limited to business plans, pricing, technical specifications, customer lists, and Customer Data.

Continuity Event — An incident where a Customer system becomes unavailable due to hardware failure, software corruption, human error, cyber incident, power disruption, or other operational interruption.

Customer — The organisation purchasing services under this Agreement.

Customer Data — Any data, files, databases, or information stored within the Customer Environment and protected by the Services.

Customer Environment — The Customer's systems, devices, infrastructure, and software platforms connected to or protected by the Services.

GST — Has the meaning given in the A New Tax System (Goods and Services Tax) Act 1999 (Cth).

Intellectual Property — All patents, trademarks, service marks, trade names, copyright, moral rights, trade secrets, know-how, methodologies, tools, scripts, processes, and all other intellectual property rights, whether registered or unregistered.

Personal Information — Has the meaning given in the Privacy Act 1988 (Cth).

Services — Technology continuity services delivered under the ROCKAXIOM platform including backup, monitoring, restore assistance, and disaster recovery support.

Supported Systems — Operating systems, applications, and environments defined as supported in the Product Schedule.

3. Scope of Services

Rockley Consulting will provide the Services described in the applicable Product Schedule. Services may include:

• Automated backups
• Database backup protection
• File and folder protection
• System state protection
• Monitoring and alerting
• Restoration assistance
• Disaster recovery support
• Continuity advisory services

The exact scope of Services is defined in the applicable Product Schedule and Order Form.

4. Independent Contractor Relationship

Rockley Consulting provides Services as an independent contractor. Nothing in this Agreement creates an employment relationship, partnership, joint venture, or agency between the parties.

5. Use of Subcontractors and Technology Providers

Rockley Consulting may use subcontractors and technology providers to deliver the Services. These may include backup platform vendors, cloud infrastructure providers, monitoring platforms, hardware vendors, and specialist contractors.

Rockley Consulting remains responsible for managing such subcontractors and will ensure that any subcontractors engaged are bound by obligations equivalent to those imposed on Rockley Consulting under this Agreement, including obligations relating to confidentiality, data security, and privacy.

6. Customer Responsibilities

The Customer agrees to:

• Maintain supported operating systems and infrastructure
• Provide required system access credentials
• Ensure devices remain connected to the network
• Maintain appropriate system security practices
• Notify Rockley Consulting of system incidents or changes

Failure to meet these responsibilities may affect service delivery or recovery outcomes. Detailed responsibilities are defined in the Shared Responsibility Schedule.

7. Customer Environment Changes

The Customer must notify Rockley Consulting of any material changes to the Customer Environment that may impact the Services, including changes to operating systems, database platforms, network architecture, or hardware infrastructure.

Rockley Consulting is not responsible for service interruptions, backup failures, or failed recovery outcomes caused by changes to the Customer Environment that were not notified to Rockley Consulting prior to implementation.

8. Customer Endpoint Security

The Customer remains responsible for maintaining appropriate endpoint security measures within the Customer Environment, including:

• Antivirus and anti-malware protection
• Operating system and application patching
• Access controls and user privilege management
• Network perimeter security

Rockley Consulting is not responsible for security incidents, data compromise, or recovery failures arising from inadequate endpoint security practices within the Customer Environment.

9. Acceptable Use

The Customer must not use the Services in violation of applicable law, to store illegal or prohibited content, to intentionally distribute malicious software, or in a manner that threatens platform security. Rockley Consulting may suspend Services where misuse is identified.

10. Customer Data Ownership

The Customer retains full ownership of all Customer Data. Rockley Consulting obtains no ownership rights over Customer Data other than those necessary to provide the Services. Rockley Consulting may access Customer Data only for service delivery, troubleshooting, and restoration operations.

11. Intellectual Property

All Intellectual Property in the ROCKAXIOM platform, tools, scripts, methodologies, software, systems, and any pre-existing materials used in the delivery of the Services remain the sole property of Rockley Consulting.

The Customer is granted a limited, non-exclusive, non-transferable licence to use the Services during the term of this Agreement solely for the Customer's internal business purposes.

Nothing in this Agreement transfers ownership of any Intellectual Property to the Customer. The Customer must not reverse engineer, copy, or attempt to replicate any component of the ROCKAXIOM platform.

12. Confidentiality

Each party agrees to hold the other party's Confidential Information in strict confidence and not to disclose it to any third party without the prior written consent of the disclosing party, except as required by law or with the prior written approval of the other party.

Each party agrees to use the other party's Confidential Information only for the purposes of performing obligations or exercising rights under this Agreement.

These obligations do not apply to information that:

• Was already publicly known at the time of disclosure
• Becomes publicly known through no fault of the receiving party
• Was independently developed by the receiving party without reference to the Confidential Information
• Was received from a third party without restriction on disclosure
• Is required to be disclosed by law, regulation, or court order, provided the receiving party gives prompt written notice to the disclosing party where lawful to do so

The obligations in this clause survive termination or expiry of this Agreement for a period of three (3) years.

13. Data Protection and Storage

Customer Data protected by the Services may be stored in secure cloud infrastructure operated by third-party providers. Where possible, Customer Data will be stored in Australian data centres.

Backup data may be encrypted both in transit and at rest using industry standard encryption technologies.

14. Privacy

Each party agrees to comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs) to the extent they apply to that party in connection with this Agreement.

Rockley Consulting will only collect, use, and disclose Personal Information as necessary for the performance of the Services. Rockley Consulting will not use Personal Information for any other purpose without the prior written consent of the Customer.

In the event of a notifiable data breach involving Personal Information, Rockley Consulting will notify the Customer as soon as practicable and cooperate with the Customer to manage its obligations under the Notifiable Data Breaches scheme.

15. Security and Platform Integrity

Rockley Consulting will implement reasonable administrative, technical, and organisational measures to protect backup infrastructure and Customer Data. However, the Customer acknowledges that no technology system can guarantee absolute protection against all security threats.

16. Infrastructure Dependencies

The Services depend on multiple external systems including cloud infrastructure providers, telecommunications networks, power infrastructure, and third-party software platforms. Rockley Consulting is not responsible for outages or failures caused by these external dependencies.

17. Backup Failure

The Customer acknowledges that backup systems may fail due to factors outside Rockley Consulting's control, including software faults, hardware failures, corruption of source data, or third-party platform issues.

Rockley Consulting will use commercially reasonable efforts to identify and remediate backup failures. Rockley Consulting does not guarantee uninterrupted backup success and is not liable for data loss resulting from backup failures caused by factors outside its reasonable control.

18. Ransomware and Corrupted Source Data

Rockley Consulting is not responsible for corruption, encryption, or deletion of Customer Data that occurs prior to the backup process, including incidents caused by malware, ransomware, or user actions within the Customer Environment.

If encrypted or corrupted data is successfully backed up prior to detection, restoration of that data may reproduce the corrupted or encrypted state. Rockley Consulting will use reasonable efforts to assist the Customer in identifying clean recovery points where available, but does not guarantee the availability of unaffected backup data in such circumstances.

19. Disaster Recovery Limitations

The Customer acknowledges that disaster recovery services depend on multiple factors including system integrity, availability of backup data, infrastructure availability, network connectivity, and third-party service availability. Accordingly:

• Rockley Consulting does not guarantee that all data will be recoverable or that systems can be restored to a specific point in time
• Recovery services are performed on a best efforts basis using reasonable skill and care

20. Service Availability

Rockley Consulting will use commercially reasonable efforts to maintain availability of the Services. Service response targets and operational procedures are defined in the Service Level Agreement (SLA).

21. Warranties

Rockley Consulting warrants that Services will be delivered with reasonable skill and care consistent with industry practice. Except as expressly stated in this Agreement, all other warranties are excluded to the maximum extent permitted by law.

Nothing in this Agreement is intended to exclude, restrict, or modify any right or remedy the Customer may have under the Australian Consumer Law (Schedule 2 of the Competition and Consumer Act 2010 (Cth)) or any other applicable legislation that cannot be excluded by agreement.

22. Limitation of Liability

To the maximum extent permitted by law, Rockley Consulting's total liability arising out of or in connection with this Agreement is limited to the total fees paid by the Customer for the Services during the twelve (12) months preceding the event giving rise to the claim.

23. Exclusion of Consequential Loss

To the maximum extent permitted by law, Rockley Consulting is not liable for indirect or consequential losses including:

• Loss of profit or revenue
• Business interruption or operational downtime
• Reputational damage or loss of goodwill
• Loss of business opportunity
• Loss of data

24. Service Credits

Where applicable, service credits described in the Service Level Agreement represent the Customer's sole and exclusive remedy for service level failures.

25. Insurance

Rockley Consulting maintains the following insurance coverage:

• Public Liability Insurance: AUD $10,000,000
• Professional Indemnity Insurance: AUD $5,000,000

Certificates of currency may be provided upon reasonable request.

The Services provided under this Agreement do not constitute insurance against data loss, business interruption, or cyber incidents. Customers should maintain appropriate cyber and business interruption insurance coverage independent of the Services.

26. Fees, GST and Payment

Fees are defined in the applicable Order Form, Quote, or Product Schedule.

Unless otherwise stated, all fees are exclusive of GST. Where GST is payable on a taxable supply made under or in connection with this Agreement, the Customer must pay an additional amount equal to the GST payable on that supply, at the same time as the fee is payable.

Rockley Consulting will issue valid tax invoices in accordance with GST legislation. Invoices are payable within 14 days of the invoice date unless otherwise agreed in writing.

Rockley Consulting may suspend Services where payment obligations are not met within the payment period and a further 7 days written notice has elapsed without resolution.

27. Term and Termination

This Agreement begins on the Effective Date and continues until terminated. Minimum service terms are defined in the applicable Product Schedule.

Either party may terminate this Agreement by providing 30 days written notice to the other party, subject to any minimum term commitments in the applicable Product Schedule.

28. Termination for Cause

Either party may terminate this Agreement immediately upon written notice if the other party:

• Commits a material breach and fails to remedy the breach within 14 days of receiving written notice of the breach
• Becomes insolvent, is placed into administration or receivership, or ceases to carry on business

29. Post-Termination Data Handling

Upon termination or expiry of this Agreement:

• Rockley Consulting will retain Customer Data in the backup infrastructure for a period of 30 days following the effective date of termination (the Retention Period)
• During the Retention Period, the Customer may request a copy of their data in a format reasonably determined by Rockley Consulting
• At the end of the Retention Period, Rockley Consulting will securely delete or destroy all Customer Data from the backup infrastructure
• Upon request, Rockley Consulting will provide written confirmation that Customer Data has been deleted

The Customer remains responsible for obtaining any required data exports prior to the effective date of termination. Rockley Consulting is not obligated to retain Customer Data beyond the Retention Period.

Rockley Consulting may charge reasonable professional service fees for assistance with data export or recovery requests following termination. Any such fees will be communicated to the Customer in advance.

30. Suspension of Services

Rockley Consulting may suspend Services where payment obligations are not met, where systems pose a security risk to the platform or other customers, or where Services are being misused. Rockley Consulting will provide reasonable written notice prior to any suspension where it is safe to do so.

31. Dispute Resolution

If a dispute arises out of or in connection with this Agreement, the parties agree to the following process before commencing legal proceedings:

• The party claiming the dispute must issue a written notice to the other party setting out the nature of the dispute in reasonable detail
• The parties must meet (in person, by telephone, or by video conference) within 10 Business Days of the notice to attempt to resolve the dispute in good faith
• If the dispute is not resolved within 20 Business Days of the written notice, either party may refer the dispute to mediation administered by the Australian Disputes Centre
• If the dispute is not resolved through mediation, either party may commence legal proceedings

This clause does not prevent either party from seeking urgent injunctive or other interlocutory relief from a court where necessary to protect their rights.

32. Notices

Any notice or other communication required or permitted under this Agreement must be in writing and delivered by:

• Email with delivery and read receipt requested
• Registered post
• Hand delivery

Notices to Rockley Consulting must be directed to the following contact details, or as otherwise notified in writing:

• General: info@rockaxiom.au
• Support: support@rockaxiom.au
• Phone: 0432 30 76 25
• Website: https://rockaxiom.au

Notices to the Customer must be addressed to the contact details set out in the applicable Order Form.

A notice is deemed received: if by email, at the time of confirmed delivery (provided no error or bounce message is received); if by post, three Business Days after posting; if by hand, at the time of delivery.

33. Variation of Agreement

Rockley Consulting may amend this Agreement by providing 30 days written notice to the Customer. Continued use of the Services after the notice period constitutes acceptance of the amended terms.

Any variation agreed between both parties must be recorded in writing and confirmed by authorised representatives of each party.

34. Force Majeure

Neither party will be liable for failure to perform obligations due to events beyond reasonable control including natural disasters, major infrastructure failures, cyber incidents, government actions, or telecommunications outages. The affected party must notify the other party as soon as practicable.

35. Assignment

Rockley Consulting may assign this Agreement to a related entity, successor organisation, or acquiring entity without the Customer's consent, provided that the assignee assumes all obligations under this Agreement. The Customer may not assign this Agreement without prior written consent from Rockley Consulting.

36. Governing Law

This Agreement is governed by the laws of Tasmania, Australia. The parties submit to the non-exclusive jurisdiction of the courts of Tasmania. Nothing in this clause prevents either party from seeking relief from a Federal Court where appropriate.

37. Entire Agreement

This Agreement and all associated schedules represent the entire agreement between the parties with respect to the subject matter and supersede all prior communications, representations, and agreements, whether oral or written.

No party has relied on any representation or warranty in entering into this Agreement other than as expressly set out in this Agreement.

38. Severability

If any provision of this Agreement is found to be invalid, illegal, or unenforceable, that provision will be severed from the Agreement and the remaining provisions will continue in full force and effect.

39. Acceptance

This Agreement is entered into as of the Effective Date. Acceptance of this Agreement is recorded electronically through the ROCKAXIOM onboarding process.

Clause Index

ROCKAXIOM is a trading name of Rockley Consulting Pty Ltd | ABN 78 673 819 773 | Tasmania, Australia | rockaxiom.au

Document version: v2 2026.03.04