1. Agreement to Terms

These Terms of Service (“Terms”) are a legally binding agreement between SyncWave Technologies Ltd (“Company”, “we”, “us”) and any entity or individual (“Client”) that engages our services. By signing a Statement of Work, accessing our client portal, or using any service we provide, you confirm that you have authority to bind your organisation to these Terms.

2. Definitions

• Services — Professional, managed, or subscription services delivered by SyncWave Technologies, including Cloud & Platform Engineering, Cybersecurity, DevOps & CI/CD, Software Development, and AI & Agentic AI solutions.
• Statement of Work (SOW) — A written document executed by both parties specifying scope, deliverables, timelines, and fees for a particular engagement.
• Deliverables — Code, configurations, models, architecture designs, documentation, and other outputs produced under an SOW.
• Client Data — Any data, credentials, or information provided by the Client to enable delivery of Services.
• Confidential Information — Non-public information disclosed by either party that is marked as, or should reasonably be understood to be, confidential.

3. Our Services

SyncWave Technologies provides the following service lines to enterprise, financial, healthcare, government, and technology organisations across Kenya and East Africa:

• Cloud & Platform Engineering — Infrastructure architecture and management on AWS, Azure, and GCP; Kubernetes and container orchestration; hybrid and multi-cloud design; data platform engineering and migration.
• Cybersecurity Services — Penetration testing, vulnerability assessments, SIEM deployment, incident response, zero-trust network design, security architecture, and compliance readiness (ISO 27001, PCI-DSS, CBK guidelines).
• DevOps & CI/CD — Build pipeline automation, Infrastructure-as-Code (Terraform, Ansible, Pulumi), GitOps workflows, container registries, and release engineering.
• Custom Software Development — Full-stack web and mobile development, SACCO management system integration, Frappe/ERPNext implementations, API design, and legacy system modernisation.
• AI & Agentic AI Solutions — AI workflow automation, LLM integrations, agentic pipelines, predictive analytics, and AI-augmented business process optimisation.

Scope, timelines, and fees for each engagement are governed by individual Statements of Work.

4. Project Engagements & Statements of Work

Every engagement begins with a mutually executed Statement of Work (SOW) that defines scope, deliverables, acceptance criteria, timelines, milestones, fees, and Client dependencies. Changes require a written Change Order agreed by both parties. We may adjust timelines and fees proportionately for approved scope changes. Oral instructions or email requests do not constitute authorised scope changes without a corresponding Change Order.

5. Intellectual Property Rights

Pre-Existing IP: Each party retains ownership of its pre-existing intellectual property. We retain ownership of our proprietary tools, frameworks, methodologies, templates, and know-how used in delivering services.

Deliverables: Subject to full payment, we assign to the Client all rights in custom-developed Deliverables created specifically for that engagement, excluding any embedded SyncWave IP, open-source components, or third-party licensed elements.

Open-Source Components: Deliverables may incorporate open-source software licensed under MIT, Apache 2.0, GPL, LGPL, or similar licences. Such components remain subject to their respective licences, and the Client assumes ongoing compliance responsibility.

6. Confidentiality & Non-Disclosure

Both parties agree to hold each other’s Confidential Information in strict confidence and not to disclose it to any third party without prior written consent. This obligation survives termination for three (3) years. Exceptions apply to: (a) information already public through no fault of the receiving party; (b) information known prior to disclosure; (c) information independently developed; and (d) disclosures required by law or court order, provided prompt written notice is given. Where we process personal data on the Client’s behalf, a Data Processing Agreement (DPA) will be executed in compliance with the Kenya Data Protection Act 2019.

7. Acceptable Use Policy

Clients must not use our services, or any platform, environment, or tool we manage, to:

Violation may result in immediate service suspension and may attract legal liability under Kenyan law.

8. Service Level Agreements

Managed service engagements include SLAs as specified in the relevant SOW. Standard response and resolution targets for incidents are:

• Critical (P1) — Production Down: Initial response within 1 hour; target resolution within 4 hours.
• High (P2) — Major Degradation: Response within 4 hours; target resolution within 8 business hours.
• Medium (P3) — Partial Impairment: Response within 1 business day; resolution within 3 business days.
• Low / Advisory (P4): Response within 2 business days; resolution per agreed schedule.

SLAs exclude scheduled maintenance windows (communicated in advance), force majeure events, and incidents caused by Client-side actions, misconfigurations, or third-party provider outages. SLA credits, where applicable, are defined in the SOW.

9. Payment, Billing & Taxes

• Fees are invoiced in Kenya Shillings (KES) unless otherwise agreed; international engagements may be billed in USD.
• Invoices are due within 14 calendar days of the invoice date.
• Overdue balances attract interest at 2% per month on the outstanding amount, compounded monthly.
• Services may be suspended if any invoice remains unpaid for more than 30 days after the due date, without prejudice to any other remedy available to us.
• All fees are exclusive of applicable taxes. VAT is charged at the prevailing statutory rate. Clients are responsible for withholding tax obligations where applicable and must provide proof of remittance upon request.
• A deposit of up to 50% of the total SOW value may be required before commencement of work on new engagements.

10. Subscription & Retainer Services

Managed cloud operations, cybersecurity monitoring, DevOps retainers, and ongoing AI platform support are offered on monthly or annual subscription plans. Subscription fees are billed in advance at the start of each billing cycle. Annual plans receive a discount as specified in the SOW. Subscriptions auto-renew unless written cancellation notice is received at least 30 days before the renewal date. Unused service hours or credits do not roll over unless explicitly stated in the SOW. We may adjust subscription pricing on renewal with 60 days’ prior written notice.

11. Client Data & Data Processing

We process Client Data solely to deliver the agreed Services. We apply technical and organisational security measures proportionate to the data’s nature and sensitivity. Access is restricted to authorised personnel on a strict need-to-know basis. Clients in regulated sectors (banking, insurance, healthcare, government) must inform us of applicable regulatory requirements, data residency mandates, or sector-specific handling obligations before the engagement commences. Upon termination or expiry, we will return or securely destroy Client Data within 30 days as directed, unless retention is required by applicable law.

12. Security Responsibilities

Our obligations: We maintain an information security programme aligned with ISO/IEC 27001 principles, incorporating encryption in transit (TLS 1.2+) and at rest (AES-256), role-based access controls, MFA enforcement, vulnerability management, and documented incident response procedures. We will notify Clients within 72 hours of confirming a breach that affects their data.

Client obligations: Clients must safeguard all access credentials and API keys, notify us immediately upon discovering unauthorised access within their environment, ensure their own systems comply with applicable standards, and not share credentials with unauthorised individuals.

13. Third-Party Services & Open Source

Service delivery may involve third-party cloud platforms (AWS, Azure, GCP), monitoring and observability tools, CI/CD platforms, LLM APIs, and open-source frameworks including Kubernetes, Docker, Frappe, and various AI/ML libraries. We are not liable for outages, policy changes, price increases, or data loss attributable to third-party providers. Where we provision third-party services on the Client’s behalf, those services additionally remain subject to those providers’ own terms of service. We will notify Clients of material changes that directly affect agreed deliverables or ongoing SLAs.

14. Warranties & Disclaimers

We warrant that: (a) Services will be performed with reasonable skill and care by qualified professionals; (b) we have the right to provide the services and grant the rights described herein; and (c) we will comply with all applicable Kenyan laws in delivering the services. Except as expressly stated, services are provided “as is”. We disclaim all implied warranties, including those of merchantability or fitness for a particular purpose.

15. Limitation of Liability

Our total aggregate liability arising from or in connection with any engagement shall not exceed the total fees paid by the Client under the relevant SOW in the three (3) months immediately preceding the claim. Neither party shall be liable for indirect, special, consequential, incidental, or punitive damages — including loss of profits, loss of data, business interruption, or reputational harm — even if advised of the possibility of such losses. These limitations do not apply in cases of gross negligence, wilful misconduct, fraud, or personal injury caused by negligence.

16. Indemnification

The Client agrees to indemnify and hold harmless SyncWave Technologies and its employees, contractors, and agents from and against any claims, damages, losses, and legal costs arising from: (a) the Client’s misuse of our services or violation of these Terms; (b) the Client’s infringement of third-party intellectual property rights; (c) regulatory breaches originating within the Client’s own organisation; and (d) inaccurate or incomplete information provided by the Client that materially affects our service delivery.

17. Termination

For Cause: Either party may terminate an SOW immediately on written notice if the other materially breaches these Terms and fails to cure within 14 days of written notice of the breach.

For Convenience: Either party may terminate an ongoing managed service engagement with 30 days’ written notice. The Client remains liable for all fees for work completed or in progress up to the effective termination date.

Effect of Termination: Each party will return or securely destroy the other’s Confidential Information within 30 days of termination. Clauses 5, 6, 9, 11, 15, 16, 19, and 20 survive termination of any SOW or these Terms.

18. Force Majeure

Neither party is liable for delays or failures in performance caused by events beyond its reasonable control, including natural disasters, acts of government or regulatory authority, civil unrest, power grid failures, backbone Internet provider outages, or third-party cyber attacks. The affected party must provide written notice within 5 business days of the event and must make commercially reasonable efforts to mitigate the impact and resume performance.

19. Dispute Resolution

In the event of a dispute, the parties agree to the following escalation process before resorting to litigation:

• Good-Faith Negotiation: Senior representatives of both parties will attempt to resolve the dispute by negotiation within 15 business days of written notice of the dispute.
• Mediation: If negotiation is unsuccessful, either party may refer the matter to a mutually agreed mediator. Costs of mediation are shared equally.
• Binding Arbitration: Disputes not resolved through negotiation or mediation shall be finally settled by binding arbitration under the rules of the Nairobi Centre for International Arbitration (NCIA), conducted in English, seated in Nairobi, Kenya.

20. Governing Law

These Terms and all Statements of Work are governed by and construed in accordance with the laws of the Republic of Kenya, including the Kenya Information and Communications Act (Cap. 411A), the Kenya Data Protection Act 2019, the Business Laws (Amendment) Act 2020, and applicable sector-specific regulations — including Central Bank of Kenya (CBK) guidelines for financial sector clients, the Health Act 2017 for healthcare clients, and Communications Authority regulations for ICT engagements.

21. Amendments & General Provisions

Amendments: We may update these Terms at any time. Material changes will be communicated with 30 days’ notice via email or website notice. Continued engagement after the notice period constitutes acceptance.

Entire Agreement: These Terms, all executed SOWs, and any Data Processing Agreements constitute the complete agreement and supersede all prior negotiations, representations, and agreements relating to the subject matter.

Severability: If any provision is found unenforceable by a competent court or arbitral tribunal, the remaining provisions continue in full force.

Waiver: Failure to enforce any provision on any occasion does not constitute a waiver of that provision.

Assignment: Clients may not assign rights or obligations without our prior written consent. We may assign in connection with a merger, acquisition, or sale of substantially all of our business assets.