COLLECTNOW TERMS & CONDITIONS (TERMS OF SERVICE)

These Terms & Conditions (the “Terms”) govern access to and use of the CollectNow platform, website(s), applications, APIs, and related services (collectively, the“Service”).

The Service is offered by CollectNow Central Europe s. r. o., with its registered seat and principal place of business atDoležalova 3424/15C, 821 04 Bratislava – mestská časť Ružinov, Slovenská republika, IČO: 57 278 555, registered in the Slovak Commercial Register maintained byMestský súd Bratislava III, SectionSro, Insert No. 192870/B(“CollectNow,” “we,” “us,” or“our”).

CollectNow operates within a group of companies and commercial relationships. The Service (or parts of it) may be provided, operated, supported, billed, or fulfilled by: (i) CollectNow; (ii) any entity that directly or indirectly controls, is controlled by, or is under common control with CollectNow (each, an “Affiliate”); and/or (iii) selected independent partners, resellers, implementation providers, banks, payment providers, communications providers, and integration partners (each, a “Partner”), as applicable (collectively with CollectNow and Affiliates, the “CollectNow Parties” as defined below).

Resolve Technologies Inc. is an affiliated partner company of CollectNow and, together with CollectNow Central Europe s. r. o. and other members of the CollectNow Group, may support, operate, or otherwise contribute to the Service from time to time. All right, title, and interest in and to the Service and its underlying technology—including all software, source code, object code, models, workflows, documentation, designs, trademarks, and other intellectual property—are and shall remain the exclusive property of Resolve Technologies Inc. and/or its licensors, and nothing in these Terms grants Customer any ownership rights therein except for the limited right to access and use the Service as expressly stated.

By clicking “I Agree,” creating an account, signing or accepting an order form, statement of work, or subscription selection (each, an“Order Form”), or otherwise accessing or using the Service, you (“Customer,” “you,” or“your”) agree to be bound by these Terms. If you accept on behalf of an entity, you represent you have authority to bind that entity.

1. KEY DISCLAIMERS AND RISK ALLOCATION (READ CAREFULLY)

1.1 Business-to-Business Only

The Service is intended for business/commercial use. You represent and warrant you are using the Service in a professional capacity and not as a consumer for personal, family, or household purposes.

1.2 No Legal Advice; No Mediation; No Arbitration; No Debt-Collector Role

CollectNow provides software and workflow automation. CollectNow is not a law firm, doesnot provide legal advice, and does notcreate an attorney-client relationship. CollectNow isnot a mediator, arbitrator, judge, tribunal, escrow agent, fiduciary, debt collection agency, or your agent/representative (unless a specific Affiliate is expressly engaged under a separate written agreement that clearly states otherwise).

1.3 No Guarantee of Collection or Outcomes

We do not guarantee payment, recovery, settlement, reduced DSO, improved cashflow, debtor responsiveness, or any specific result. The Service provides tools; results depend on debtor behavior, your contracts, your business practices, and external factors.

1.4 Negotiation Model and “Settlement Summary” Clarification (Your Specific Use Case)

Certain Service features guide two parties (e.g., creditor and debtor) through a structured negotiation flow and may collect information from each party during that process. If the parties indicate agreement, the Service may generate a summarydescribing the terms the parties communicated during the negotiation flow (a “Settlement Summary”).

You acknowledge and agree that a Settlement Summary:

1. is only a record-style summary generated from party-provided inputs and system logs;
   
2. is not legal advice, not a legal opinion, not a notarization, not a qualified timestamp, not an electronic signature service, and not a “certification” of enforceability;
   
3. does not verify identity, authority, capacity, intent, assent, or authenticity of either party;
   
4. does not create a binding agreement unless the parties separately execute a legally valid contract (including any required signatures or formalities); and
   
5. is provided “as is,” with no guarantee that any court, tribunal, regulator, bank, auditor, or third party will accept it, treat it as admissible evidence, or accord it any particular weight.

CollectNow Parties shall have no liability if any Settlement Summary is rejected, disregarded, given limited weight, or otherwise not honored in any actual or potential legal proceeding, investigation, enforcement action, or dispute.

2. DEFINITIONS

• “Account” means your CollectNow account and credentials.
  
• “Admin User” means a user with administrative privileges.
  
• “AI Features” means any automated/AI-assisted drafting, guidance, classification, recommendation, summarization, or negotiation-support feature.
  
• “Affiliate” has the meaning stated above.
  
• “CollectNow Parties” means CollectNow, its Affiliates, its and their respective directors, officers, employees, contractors, agents, licensors, and service providers; and to the maximum extent permitted, any Partners to whom CollectNow provides contractual protections under these Terms.
  
• “Customer Data” means all data, content, invoices, communications, debtor details, documents, and materials submitted to or processed through the Service by or on behalf of you (including personal data).
  
• “Debtor” means any counterparty you contact (or attempt to contact) through the Service regarding payment, disputes, settlement, or a payment plan.
  
• “Order Form” means any ordering document, subscription selection, pricing plan selection, SOW, or similar instrument referencing these Terms.
  
• “Partner” has the meaning stated above.
  
• “Settlement Summary” has the meaning stated above.
  
• “Third-Party Services” means services or products not owned by CollectNow that interoperate with the Service (e.g., email/SMS/voice providers, accounting tools, CRMs, payment processors, bank APIs).

3. THE SERVICE; LICENSE; RESTRICTIONS

3.1 License

Subject to these Terms and payment of applicable fees, CollectNow grants you a limited, revocable, non-exclusive, non-transferable, non-sublicensable license to access and use the Service for your internal business purposes during the Term.

3.2 Restrictions

You will not (and will not permit any third party to):
a) copy, modify, translate, or create derivative works of the Service;
b) reverse engineer, decompile, disassemble, or attempt to derive source code, underlying models, prompts, or system logic (except to the extent prohibited by mandatory law);
c) bypass security controls, rate limits, access restrictions, or attempt unauthorized access;
d) interfere with, disrupt, or overload the Service;
e) use the Service to transmit unlawful, infringing, misleading, defamatory, abusive, harassing, discriminatory, or deceptive content;
f) use the Service in violation of sanctions, export controls, anti-bribery, or anti-corruption laws;
g) use the Service to build a competing product or to publicly benchmark without our prior written consent;
h) upload special category data (GDPR Art. 9) or similarly sensitive data unless explicitly agreed in writing and legally permitted.

3.3 Beta / Experimental Features

We may label certain features as beta, pilot, experimental, or preview. Such features are provided as is, may be changed or discontinued at any time, and may have additional limitations, reduced support, or increased error risk.

3.4 Suspension

We may suspend or restrict access immediately, without liability, if we reasonably believe:
a) your use poses a security risk;
b) your use violates these Terms or applicable law;
c) you are engaging in abusive, unlawful, or non-compliant debtor contact;
d) fees are overdue; or
e) your use could expose CollectNow Parties to liability, regulatory action, or reputational harm.

4. ACCOUNT; USERS; CUSTOMER RESPONSIBILITY

4.1 Account Security

You are responsible for all activity under your Account, including actions by employees, contractors, agents, and authorized users. You must keep credentials confidential and notify us promptly of suspected compromise.

4.2 Authority

You represent and warrant you have authority to: (i) upload Customer Data; (ii) contact Debtors; and (iii) negotiate, propose, or accept settlement terms consistent with your internal authorizations and applicable law.

5. CUSTOMER COMPLIANCE OBLIGATIONS (YOU BEAR THESE RISKS)

5.1 Lawful Basis; Notices; Consents; Communications Rules

You are solely responsible for compliance with all laws applicable to your use of the Service and your interactions with Debtors, including (where applicable) GDPR, ePrivacy, anti-spam laws, telecom/SMS/voice rules, consumer protection, and debt collection restrictions. This includes ensuring you have all lawful bases, notices, and consents required to:
a) upload and process Debtor personal data;
b) send email, SMS, or phone communications;
c) store, record, or log communications; and
d) honor opt-out/objection requests and “do not contact” restrictions.

5.2 Accuracy; No Misrepresentation

You will not submit fraudulent or knowingly inaccurate invoices, inflate amounts, misrepresent due dates, fabricate disputes, or otherwise mislead Debtors or third parties through the Service.

5.3 Content, Frequency, and Tone

You are solely responsible for the content, timing, frequency, and lawfulness of communications sent through the Service, whether drafted by you or suggested/generated by AI Features. You must implement any required review and approval processes.

5.4 Prohibited Practices

You may not use the Service to harass, threaten, shame, unlawfully pressure, discriminate against, impersonate courts/government/attorneys, or otherwise engage in prohibited collection practices.

6. NEGOTIATION FLOW; SETTLEMENT SUMMARIES; NO RELIANCE

6.1 No Verification; No Duty to Investigate

CollectNow does not verify party identity, authority, capacity, or truthfulness of statements. We do not investigate disputes, assess legal merits, determine fault, or validate contractual enforceability.

6.2 Settlement Summary Is Not a Court-Grade Certification

Settlement Summaries may be used by you for internal recordkeeping or as a reference point; however, you acknowledge:

• courts and authorities apply their own evidentiary rules;
  
• admissibility and weight are jurisdiction-specific;
  
• formalities (signatures, notarization, qualified electronic signatures, consumer disclosures, cooling-off periods, etc.) may be required; and
  
• CollectNow provides no guarantee of admissibility, enforceability, or recognition.

6.3 Your Duty to Formalize

You are solely responsible for converting any negotiated terms into an enforceable agreement (if desired), including signatures, corporate approvals, compliance disclosures, and execution mechanics.

7. AI FEATURES

7.1 AI Outputs Are Not Guaranteed

AI outputs may be inaccurate, incomplete, inconsistent, or unsuitable. You must independently verify outputs and decide whether to use or send them.

7.2 No Professional Reliance

You will not treat AI outputs as legal advice, compliance advice, or definitive evidence of rights, obligations, debtor status, or factual truth.

8. THIRD-PARTY SERVICES; DELIVERABILITY

8.1 Third-Party Services

The Service may rely on Third-Party Services. Those services are governed by their own terms, and CollectNow is not responsible for their outages, policy enforcement, filtering, carrier blocking, delays, or failures.

8.2 No Deliverability Guarantee

We do not guarantee that email/SMS/phone messages will be delivered, received, read, or acted upon.

9. FEES; BILLING; TAXES

9.1 Fees; Non-Refundable

Fees are stated in the applicable Order Form or plan selection. Unless expressly stated otherwise, fees arenon-refundable.

9.2 Taxes

Fees exclude taxes. You are responsible for applicable taxes, duties, and governmental charges (except taxes on CollectNow’s net income).

9.3 Late Payments

We may suspend access for overdue amounts. Overdue balances may accrue interest at the lesser of 1.5% per month or the maximum permitted by law, plus reasonable collection costs.

10. DATA PROTECTION; PRIVACY; DPA

10.1 Roles (Typical)

For Account data (e.g., your user profiles, login details, billing contacts), CollectNow typically acts as a data controller.
For Customer Data uploaded or processed for invoice chasing/negotiation (including Debtor personal data), CollectNow typically acts as a data processor on your instructions, and you typically act as the data controller.

10.2 Data Processing Addendum

Where required, the parties will enter into a Data Processing Addendum (“DPA”). If you process EEA/UK personal data through the Service, you agree to execute CollectNow’s DPA upon request and before or as part of onboarding.

10.3 Privacy Policy Included

Because you requested an immediate solution, a recommended privacy policy is included as Exhibit C below and forms part of these Terms for publication purposes. It should still be reviewed and tailored (especially around sub-processors, retention periods, cookies/trackers actually used, and international transfer mechanisms).

11. INTELLECTUAL PROPERTY; FEEDBACK

The Service and all associated IP belong to CollectNow and/or its licensors. You receive only the license granted above. If you provide feedback, you grant CollectNow a perpetual, irrevocable, worldwide, royalty-free right to use it without compensation.

12. CONFIDENTIALITY

Each party will protect the other’s Confidential Information using reasonable care and use it only as necessary to perform under these Terms. Standard exclusions apply (publicly known, independently developed, rightfully received). Disclosures required by law may be made where permitted, with notice where lawful.

13. WARRANTIES; DISCLAIMERS

13.1 Limited Warranty

We will provide the Service in a professional and workmanlike manner. Your exclusive remedy is re-performance or, if we cannot, refund of the unused portion of fees for the affected period (at our option).

13.2 Broad Disclaimer

EXCEPT AS EXPRESSLY STATED, THE SERVICE (INCLUDING AI FEATURES AND ANY SETTLEMENT SUMMARY) IS PROVIDED “AS IS” AND“AS AVAILABLE.” TO THE MAXIMUM EXTENT PERMITTED BY LAW, COLLECTNOW DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, NON-INFRINGEMENT, ACCURACY, AND ANY WARRANTIES ARISING FROM COURSE OF DEALING OR USAGE OF TRADE.
WE DO NOT WARRANT THAT THE SERVICE WILL BE UNINTERRUPTED, ERROR-FREE, SECURE, OR THAT AI OUTPUTS, DELIVERABILITY, OR SETTLEMENT SUMMARIES WILL BE ACCURATE, COMPLETE, ENFORCEABLE, OR ADMISSIBLE.

14. INDEMNIFICATION (CUSTOMER → COLLECTNOW)

You will defend, indemnify, and hold harmless the CollectNow Parties from and against any and all claims, demands, proceedings, damages, losses, liabilities, fines, penalties, costs, and expenses (including reasonable attorneys’ fees) arising out of or related to:
a) Customer Data (including legality, accuracy, and your rights to use it);
b) your communications with Debtors (including spam/telecom violations, harassment claims, unlawful collection practices, misrepresentations);
c) your failure to obtain required notices/consents/lawful bases;
d) disputes between you and any Debtor regarding any invoice, alleged debt, settlement, payment plan, or performance;
e) your creation, use, distribution, or reliance on any Settlement Summary;
f) your breach of these Terms or violation of law.

You may not settle any claim imposing liability or obligations on any CollectNow Party without our prior written consent.

15. LIMITATION OF LIABILITY (MAXIMUM PROTECTION)

15.1 Exclusion of Damages

TO THE MAXIMUM EXTENT PERMITTED BY LAW, NO COLLECTNOW PARTY SHALL BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES, OR FOR LOSS OF PROFITS, REVENUE, BUSINESS, GOODWILL, DATA, OR USE, EVEN IF ADVISED OF THE POSSIBILITY.

15.2 Liability Cap

TO THE MAXIMUM EXTENT PERMITTED BY LAW, THE TOTAL AGGREGATE LIABILITY OF THE COLLECTNOW PARTIES ARISING OUT OF OR RELATING TO THE SERVICE OR THESE TERMS SHALL NOT EXCEED THE AMOUNTS PAID (OR PAYABLE) BY YOU FOR THE SERVICE IN THE TWELVE (12) MONTHS PRECEDING THE EVENT GIVING RISE TO THE CLAIM.

15.3 Specific Carve-Out: Courts and Settlement Summaries

WITHOUT LIMITING THE FOREGOING, NO COLLECTNOW PARTY SHALL HAVE ANY LIABILITY FOR:
a) any court/tribunal/regulator decision to reject, limit, or disregard any Settlement Summary;
b) any failure by you to formalize a settlement into an enforceable agreement;
c) your reliance on AI outputs or summaries.

15.4 Mandatory Law

Nothing in these Terms limits liability to the extent such limitation is prohibited by mandatory applicable law.

16. TERM; TERMINATION; DATA

These Terms begin upon acceptance and continue until terminated. Either party may terminate in accordance with an Order Form or for material breach (if uncured after notice where legally required). Upon termination, your license ends and you must stop using the Service. We may delete or de-identify Customer Data consistent with our retention practices and applicable law, unless an Order Form or DPA provides otherwise.

17. NOTICES; LEGAL CONTACT

Legal notices to CollectNow must be sent to:peter@collectnow.info (and may also be sent to the registered address stated above). Notices to you may be sent to the email address associated with your Account.

18. GOVERNING LAW; DISPUTE RESOLUTION; OPTIONAL ARBITRATION AT COLLECTNOW’S ELECTION

18.1 Governing Law

These Terms are governed by the laws of the Slovak Republic, excluding conflict-of-laws principles.

18.2 Courts by Default

Unless CollectNow elects arbitration under Section 18.3, the parties agree that disputes shall be resolved by the competent courts of the Slovak Republic, with venue in Bratislava, to the maximum extent permitted by law.

18.3 Arbitration Option (Choice of Rules and Seat at CollectNow’s Election)

At CollectNow’s sole election, any dispute, claim, or controversy arising out of or relating to these Terms or the Service may be resolved by binding arbitration instead of court litigation.

• Election mechanism: CollectNow may elect arbitration by providing written notice to you at any time before (or, where legally permitted, after) court proceedings are initiated.
  
• Rules and institution: The arbitration shall be conducted under the arbitration rules and/or administered by the arbitral institution specified by CollectNow in the election notice, or, if CollectNow specifies no institution, then as anad hoc arbitration under rules specified by CollectNow (including, if stated, UNCITRAL Arbitration Rules).
  
• Seat: The arbitration seat (legal place) shall bethe seat specified by CollectNow in the election notice.
  
• Language: Unless CollectNow specifies otherwise in the notice, the language shall be English.
  
• Arbitrator(s): One arbitrator unless CollectNow specifies otherwise in the notice or the chosen rules mandate a different number.

Fallback: If any part of this Section 18.3 is found unenforceable as drafted, the parties agree it shall be enforced to the maximum extent permitted, and any dispute not capable of being arbitrated shall be resolved under Section 18.2 (courts in Bratislava).

18.4 Injunctive Relief

Nothing prevents either party from seeking injunctive or equitable relief in any competent court to protect intellectual property, Confidential Information, or to prevent unauthorized access or misuse of the Service.

19. CHANGES TO THE SERVICE OR TERMS

We may update the Service and these Terms. Material changes will be effective upon posting or notice. Continued use after the effective date constitutes acceptance. If you do not agree, you must stop using the Service.

20. MISCELLANEOUS

• Assignment: You may not assign without our consent. CollectNow may assign to an Affiliate or in connection with a restructuring, merger, acquisition, or sale of assets.
  
• Force Majeure: No liability for events beyond reasonable control (including provider outages, carrier disruptions, governmental actions).
  
• Severability: Unenforceable provisions will be modified to the maximum extent lawful; the remainder remains in effect.
  
• No Waiver: Failure to enforce is not a waiver.
  
• Entire Agreement: These Terms plus any Order Form, DPA, and referenced policies are the entire agreement. Order of precedence: Order Form → DPA → Terms → Exhibits/Policies.
  
• Third-Party Beneficiaries: The CollectNow Parties are intended beneficiaries of disclaimers, indemnities, and limitations of liability and may enforce them directly.

EXHIBIT A — ACCEPTABLE USE POLICY (AUP)

You agree not to use the Service to:

1. send unlawful, misleading, harassing, discriminatory, or threatening messages;
   
2. violate privacy, data protection, or communications laws;
   
3. transmit malware, phishing, or deceptive content;
   
4. impersonate persons/entities (including courts, agencies, attorneys);
   
5. scrape, crawl, probe, or stress infrastructure;
   
6. process special category data without explicit written agreement and lawful basis;
   
7. contact Debtors who opted out or where contact is prohibited;
   
8. violate “do not contact/do not call” rules;
   
9. engage in prohibited debt collection practices.

EXHIBIT B — SETTLEMENT SUMMARY DISCLAIMERS (SERVICE-SPECIFIC)

1. Summary Only: A Settlement Summary reflects party-provided inputs and system logs; it is not a certification of truth or completeness.
   
2. No Identity/Authority Check: CollectNow does not verify identity, authority, capacity, or assent.
   
3. No Enforceability/Admissibility Guarantee:CollectNow makes no representation that a Settlement Summary is enforceable, admissible, or sufficient for any legal purpose.
   
4. Customer Responsibility: You are responsible for formalizing any settlement into a binding agreement and complying with execution formalities.
   
5. No Liability for Proceedings: CollectNow has no liability for any court/regulator decision regarding the weight or admissibility of a Settlement Summary.
   
6. No Qualified Trust Service: Unless expressly stated in a separate written agreement, CollectNow does not provide qualified electronic signatures, qualified timestamps, or other qualified trust services under eIDAS (or any successor regime).

EXHIBIT C — PRIVACY POLICY (FOR PUBLICATION)

CollectNow Privacy Policy
Effective Date: February 6, 2026

This Privacy Policy explains how CollectNow Central Europe s. r. o. (“CollectNow,” “we,” “us”) processes personal data in connection with the Service and our website(s).

C1. Who We Are (Controller Contact)

Controller (for website and account administration data): CollectNow Central Europe s. r. o., Doležalova 3424/15C, 821 04 Bratislava – Ružinov, Slovak Republic, IČO: 57 278 555. (orsr.sk)
Privacy contact:peter@collectnow.info

If you are a Debtor or other counterparty interacting with the Service at the request of a Customer, you should also review the Customer’s privacy notices (the Customer is typically the data controller for the underlying invoice/collection activity).

C2. Processing Roles (Controller vs. Processor)

• Account and website data: CollectNow typically acts as controller for user/admin/billing/contact data and website analytics data.
  
• Customer Data (invoice/debtor data): CollectNow typically acts as processor processing personal data on the Customer’s documented instructions. In those situations, the Customer is typically the controller.

C3. Personal Data We Collect

Depending on your relationship to CollectNow, we may collect:

1. Account data: name, business email, phone number, role/title, login credentials (hashed), user activity logs.
   
2. Billing data: billing contact details, invoicing details, payment status (payment card data is typically processed by our payment processor, not stored by us).
   
3. Customer Data uploaded by Customers: Debtor names, emails, phone numbers, company details, invoice details, communications, dispute narratives, uploaded documents, and negotiation inputs.
   
4. Technical data: IP address, device identifiers, browser type, timestamps, log data, security events.
   
5. Communications: emails or messages you send to us, support tickets, and call notes (if applicable).

C4. Sources of Data

We collect personal data:

• directly from you (e.g., when you create an account or contact support);
  
• from Customers (e.g., when a Customer uploads debtor data or invites a counterparty to a negotiation flow);
  
• from integrations (e.g., accounting/CRM tools) as configured by the Customer;
  
• from service providers (e.g., communications and hosting providers) as necessary to provide the Service.

C5. Purposes and Legal Bases

Where CollectNow acts as controller, we process data for:

• Providing the Service and support (performance of a contract);
  
• Security, fraud prevention, abuse detection(legitimate interests);
  
• Billing and accounting (legal obligation; performance of a contract);
  
• Product improvement and analytics (legitimate interests; and consent where required for cookies/trackers);
  
• Legal claims and compliance (legal obligation; legitimate interests).

Where CollectNow acts as processor, our legal basis and purpose are determined by the Customer as controller, and we process data on the Customer’s instructions (subject to applicable law).

C6. Sharing and Disclosure

We may share personal data with:

• Affiliates for internal administration, security, and support;
  
• Service providers (hosting, email/SMS/voice delivery, analytics, error monitoring, customer support tools, payment processors) to provide the Service;
  
• Partners only as necessary for delivery of the Service or where you/Customer request integration or referral handling;
  
• Authorities where required by law or to protect rights and safety.

C7. International Transfers

If personal data is transferred outside the EEA/UK, we will use appropriate safeguards where required (e.g., Standard Contractual Clauses or other valid mechanisms), subject to applicable law and contractual arrangements (including any DPA).

C8. Retention

We retain personal data for as long as necessary to provide the Service, meet legal/accounting requirements, resolve disputes, enforce agreements, and maintain security. Retention periods may vary by data type and Customer instructions (where we act as processor).

C9. Security

We implement reasonable technical and organizational measures to protect personal data. No system is 100% secure; you and Customers must also take appropriate security measures (strong passwords, access controls, limited user permissions).

C10. Your Rights

Where CollectNow is the controller, you may have rights under applicable law (e.g., access, rectification, deletion, restriction, portability, objection). To exercise rights, contactpeter@collectnow.info.

If you are a Debtor whose data is processed via the Serviceon behalf of a Customer, the Customer is typically the controller. In many cases, your request should be directed to the Customer first; CollectNow will assist the Customer as required by the DPA and applicable law.

C11. Cookies and Tracking

Our website(s) may use cookies and similar technologies for:

• essential site functionality;
  
• security;
  
• analytics and performance measurement.

Where required by law, we will seek consent for non-essential cookies and provide a cookie preference mechanism.

C12. Children

The Service is not directed to children, and we do not knowingly collect children’s data.

C13. Updates

We may update this Privacy Policy periodically. The updated version will be effective as of the “Last Updated” date.

Below are two separate, publishable documents that align with your Terms: (1) a GDPR Data Processing Addendum (DPA) for B2B customers, and (2) a Cookie Policy (with a cookie-table template you can fill once you know exactly which cookies you deploy).

1) COLLECTNOW DATA PROCESSING ADDENDUM (DPA)

Effective Date: February 6, 2026
This Data Processing Addendum (the “DPA”) forms part of and is incorporated into the CollectNow Terms & Conditions (the“Agreement”) entered into by and between:

(A) CollectNow Central Europe s. r. o., Doležalova 3424/15C, 821 04 Bratislava – mestská časť Ružinov, Slovenská republika, IČO: 57 278 555, registered in the Slovak Commercial Register maintained by Mestský súd Bratislava III, Section Sro, Insert No. 192870/B (“Processor”); and

(B) The Customer entity that accepted the Agreement (“Controller”).

Processor and Controller are each a “Party” and together the “Parties.”

1. Purpose and Scope

1.1 Scope. This DPA applies only to Processing ofCustomer Personal Data (defined below) by Processoron behalf of Controller in connection with the Service, to the extent the EU General Data Protection Regulation 2016/679 (“GDPR”) and/or applicable data protection law applies.

1.2 Controller/Processor roles. For the Processing covered by this DPA, Controller is the data controllerand Processor is the data processor. Controller determines the purposes and means of Processing; Processor Processes Customer Personal Data only on Controller’s documented instructions as set out in this DPA and the Agreement.

1.3 Excluded processing. This DPA doesnot govern situations where CollectNow acts as an independent controller (e.g., account administration, billing contacts, website analytics for CollectNow’s own website). Those activities are addressed in the CollectNow Privacy Policy and applicable law.

2. Definitions

2.1 “Customer Personal Data” means any Personal Data (as defined in GDPR) included in Customer Data that Processor Processes on behalf of Controller through the Service (e.g., Debtor contact details, invoice-related personal data, communications, negotiation inputs).

2.2 “Processing,” “Personal Data,” “Controller,” “Processor,” “Data Subject,” “Personal Data Breach,” and“Supervisory Authority” have the meanings given in GDPR.

2.3 “Sub-processor” means any Processor-appointed processor that Processes Customer Personal Data to help provide the Service.

2.4 “Security Incident” means a confirmed Personal Data Breach relating to Customer Personal Data as defined under GDPR.

3. Processing Details (Article 28(3) GDPR)

3.1 Subject matter, duration, nature, and purpose.As described in Annex 1.

3.2 Categories of Personal Data and Data Subjects.As described in Annex 1.

3.3 Controller instructions. Controller instructs Processor to Process Customer Personal Data:

• to provide, operate, maintain, secure, and support the Service;
  
• to implement and apply configured workflows and features (including messaging, reminders, negotiation guidance, and Settlement Summaries) as initiated by Controller;
  
• to troubleshoot, prevent abuse/fraud, and ensure platform security; and
  
• as further documented in the Agreement, the Service’s technical documentation, Controller’s configuration choices, and any Order Form.

3.4 Instruction limitations. Processor will notify Controller (to the extent permitted by law) if Processor believes an instruction violates GDPR or other applicable law.

4. Processor Obligations

4.1 Processing on instructions. Processor will Process Customer Personal Data only on Controller’s documented instructions, unless required to do so by applicable law. If a legal requirement compels Processing, Processor will notify Controller in advance (unless prohibited).

4.2 Confidentiality. Processor ensures that persons authorized to Process Customer Personal Data are under appropriate confidentiality obligations (contractual or statutory).

4.3 Security. Processor implements appropriate technical and organizational measures (“TOMs”) designed to protect Customer Personal Data as described in Annex 2. Processor may update TOMs to maintain or improve security, provided changes do not materially reduce protection.

4.4 Assistance with Data Subject requests. Processor will provide reasonable assistance to Controller (by appropriate technical and organizational measures) to enable Controller to respond to Data Subject requests (Articles 12–23 GDPR), to the extent Controller cannot fulfill requests through the Service’s functionality.

4.5 Assistance with compliance. Taking into account the nature of Processing and information available, Processor will provide reasonable assistance to Controller with:

• security obligations under Articles 32–36 GDPR (including DPIAs and prior consultation where applicable), and
  
• demonstrating compliance under Article 28 GDPR,
  to the extent such assistance relates to Processor’s Processing of Customer Personal Data.

4.6 Personal Data Breaches.

• 1. Processor will notify Controller without undue delay after becoming aware of a Security Incident affecting Customer Personal Data.
     
• 2. Processor will provide information reasonably required for Controller to meet breach notification obligations, to the extent known or reasonably available to Processor.
     
• 3. Processor will take reasonable steps to contain, remediate, and investigate the Security Incident.

4.7 Deletion or return. Upon termination or expiration of the Agreement, Processor will, at Controller’s choice and where feasible:

• 1. return Customer Personal Data to Controller (e.g., via export functionality), and/or
     
• 2. delete Customer Personal Data,
     unless applicable law requires retention. Processor may retain limited copies for legal compliance, dispute resolution, or backup retention cycles, and will protect retained data.

5. Controller Obligations

5.1 Lawful basis and transparency. Controller is solely responsible for:

• establishing a lawful basis for Processing (including communications to Debtors),
  
• providing required notices to Data Subjects,
  
• obtaining consents where required (e.g., for certain marketing or telecom rules),
  
• honoring opt-outs/objections and contact restrictions, and
  
• ensuring the accuracy and lawfulness of Customer Personal Data.

5.2 Special categories and sensitive data.Controller will not submit special category data (GDPR Art. 9) or similarly sensitive data unless:

• 1. strictly necessary,
     
• 2. Controller has a valid legal basis and implements additional safeguards, and
     
• 3. the Parties have expressly agreed in writing (including appropriate TOMs and instructions).

5.3 Configuration and access control. Controller is responsible for user permissions, credential management, and appropriate configuration of workflows, including frequency/content of communications.

6. Sub-processors

6.1 General authorization. Controller grants Processor a general authorization to engage Sub-processors to provide the Service.

6.2 List and updates. A list (or categories) of Sub-processors is set out in Annex 3. Processor may update Sub-processors by providing notice (e.g., via website posting, in-product notice, or email to the Account admin).

6.3 Objection right. Controller may object to a new Sub-processor on reasonable data protection grounds within ten (10) days of notice. If the Parties cannot resolve the objection, Processor may, at its option:

• 1. not use the new Sub-processor for Controller’s data (where reasonably feasible), or
     
• 2. allow Controller to terminate the affected Service component (or the Agreement) without penalty for the remaining prepaid term (refund limited to unused prepaid fees for the affected portion), as Controller’s sole and exclusive remedy.

6.4 Flow-down terms. Processor will impose data protection obligations on Sub-processors that are no less protective than those in this DPA.

6.5 Liability for Sub-processors. Processor remains responsible for Sub-processor performance to the extent required by GDPR.

7. International Transfers

7.1 Transfers. Customer Personal Data may be transferred outside the EEA/UK/Switzerland if Controller uses the Service in a manner that requires such transfers (e.g., use of global infrastructure, communications providers, support tools).

7.2 Transfer safeguards. Where GDPR applies and a transfer mechanism is required, the Parties agree that Processor will use an appropriate transfer mechanism, which may include:

• 1. the EU Standard Contractual Clauses (“SCCs”) (Commission Implementing Decision (EU) 2021/914) and, where applicable, the UK Addendum; and/or
     
• 2. another valid mechanism recognized by applicable law.

7.3 SCC incorporation. The SCCs are incorporated by reference and, where applicable, deemed executed by the Parties as follows:

• Module Two (Controller → Processor) applies for Customer Personal Data processed under this DPA.
  
• The Annexes to the SCCs are completed by reference to Annex 1–3 of this DPA.
  
• Optional SCC clauses may be applied as reasonably necessary to reflect the Parties’ relationship.

8. Audit and Compliance

8.1 Audit reports. Upon written request not more than once annually, Processor will provide Controller with reasonable information necessary to demonstrate compliance (e.g., summaries of security controls, policies, or third-party audit attestations, where available).

8.2 On-site audits (restricted). If Controller reasonably requires an on-site audit due to:

• 1. a confirmed Security Incident affecting Controller’s Customer Personal Data, or
     
• 2. a documented, material compliance concern not resolvable through written information,
     Controller may conduct an audit subject to:
     
• 1. at least 30 days’ prior written notice,
     
• 2. audit conducted during normal business hours,
     
• 3. reasonable confidentiality and security constraints,
     
• 4. use of an independent auditor bound by confidentiality if requested by Processor,
     
• 22. scope limited to systems relevant to Controller’s data, and
      
• 6. Controller bears its audit costs and agrees to reimburse Processor’s reasonable costs of cooperation.

8.3 No access to other customers’ data. Audits must not compromise other customers’ confidentiality or security.

9. Liability and Order of Precedence

9.1 Liability. Each Party’s liability is subject to the limitations, exclusions, and allocation of risk in the Agreement, unless mandatory law requires otherwise.

9.2 Order of precedence. If there is a conflict:

1. SCCs (if applicable, to the extent required for transfers),
   
2. this DPA,
   
3. the Agreement.

10. Term and Termination

This DPA remains in effect for as long as Processor Processes Customer Personal Data on behalf of Controller under the Agreement.

11. Contact

All privacy-related requests under this DPA should be sent to:peter@collectnow.info.

ANNEX 1 — DETAILS OF PROCESSING

A. Subject matter: Provision of accounts-receivable automation, messaging workflows, negotiation guidance, and generation of Settlement Summaries based on party-provided inputs and system logs, together with platform administration and support.

B. Duration: For the term of the Agreement plus any retention period required for technical backups, legal compliance, dispute resolution, or as instructed by Controller, subject to the Agreement and applicable law.

C. Nature of Processing: Collection, recording, structuring, storage, retrieval, consultation, use, disclosure by transmission, alignment/combination, restriction, and deletion of Customer Personal Data, including communication delivery and interaction logging.

D. Purpose(s):

1. to provide and operate the Service;
   
2. to execute configured workflows (emails/SMS/calls via Third-Party Services as enabled by Controller);
   
3. to support negotiation flows and generate Settlement Summaries;
   
4. to secure, maintain, debug, and improve Service reliability; and
   
5. to prevent fraud/abuse and ensure platform security.

E. Categories of Data Subjects:

• Controller’s representatives (users/admins);
  
• Debtors and their representatives;
  
• other individuals included in invoices/communications uploaded by Controller.

F. Categories of Personal Data (non-exhaustive):

• identification and contact data (name, email, phone, company, role);
  
• invoice and payment context (invoice references, amounts, due dates, payment status);
  
• communications content (email/SMS body, negotiation messages, metadata);
  
• dispute narratives and negotiation inputs;
  
• technical logs (IP address, timestamps, device/browser data, access logs);
  
• where uploaded by Controller: documents or attachments that may include personal data.

G. Special categories: Not intended. If processed, only upon explicit written agreement and lawful basis with enhanced safeguards.

H. Processing operations: Hosting; workflow execution; message dispatch through providers; logging; support access where necessary; export/deletion.

ANNEX 2 — TECHNICAL AND ORGANIZATIONAL MEASURES (TOMs)

Processor maintains a security program designed to be appropriate to the risks presented. Measures may include, as applicable:

1. Access Control
   

• role-based access control (RBAC) within the Service;
  
• least-privilege principles for internal access;
  
• MFA for privileged internal accounts (where feasible);
  
• secure credential storage and password policies.
  

2. Data Security
   

• encryption in transit (e.g., TLS) where applicable;
  
• encryption at rest for production systems where feasible;
  
• separation of environments (prod/staging/dev) where feasible;
  
• secure key management practices (where applicable).
  

3. Operational Security
   

• logging and monitoring of security-relevant events;
  
• vulnerability management and patching processes;
  
• incident response procedures and escalation paths;
  
• backups and disaster recovery practices (scope may vary by plan).
  

4. Organizational Measures
   

• confidentiality obligations for personnel;
  
• security training appropriate to role;
  
• vendor risk considerations for Sub-processors.
  

5. Availability and Resilience
   

• reasonable redundancy measures (where feasible);
  
• rate limiting / abuse prevention controls;
  
• service continuity practices.
  

6. Support Access Controls
   

• support access limited to what is necessary;
  
• audit logging of elevated access where feasible.

(Controller acknowledges that exact measures may evolve as the Service develops and will be maintained at a level appropriate to risk.)

ANNEX 3 — SUB-PROCESSORS (CATEGORIES)

1. Cloud infrastructure and hosting providers(compute, storage, networking).
   
2. Email delivery providers (transactional email APIs).
   
3. SMS/telephony/voice providers (SMS gateways, call routing).
   
4. Analytics, monitoring, and error tracking providers(performance and reliability).
   
5. Customer support tooling (ticketing, chat, CRM support).
   
6. Payment processing providers (if payment features enabled).
   
7. AI model/API providers (to enable AI Features, where configured).
   
8. Security tooling (WAF, DDoS protection, identity tooling).
   
9. Affiliate support/operations entities within the CollectNow Group, to the extent involved in providing the Service (e.g., support, engineering, billing).

Upon request, Processor may provide a current named list of Sub-processors used for the Service plan in effect.

2) COLLECTNOW COOKIE POLICY

Effective Date: February 6, 2026
This Cookie Policy explains how CollectNow Central Europe s. r. o. (“CollectNow,” “we,” “us”) uses cookies and similar technologies on our websites and web-based application interfaces that link to this Policy (collectively, the “Sites”).

Contact: peter@collectnow.info

1. What Cookies Are

Cookies are small text files stored on your device when you visit a website. Similar technologies include pixels, SDKs, local storage, and device identifiers. For simplicity, we refer to all such technologies as “cookies.”

2. Why We Use Cookies

We use cookies to:

1. Operate the Sites (core functionality and security);
   
2. Remember preferences (language, session state);
   
3. Measure performance and reliability(analytics);
   
4. Improve user experience (e.g., error reporting);
   
5. Comply with legal obligations and enforce our Terms.

3. Cookie Categories

Depending on your configuration and our current stack, cookies may fall into these categories:

3.1 Strictly Necessary Cookies (Always On)

These cookies are required for the Sites to function and cannot be switched off without breaking core functionality (e.g., authentication, security, load balancing).

3.2 Functional Cookies (Optional)

These cookies remember choices (e.g., language, region) and enhance usability.

3.3 Analytics/Performance Cookies (Optional)

These cookies help us understand how visitors use the Sites and where the Sites can be improved (e.g., page views, feature usage, performance). Where required by law, we will only set these cookies with your consent.

3.4 Marketing Cookies (Optional; Recommended Default: Off)

These cookies track browsing activity to deliver or measure marketing communications. Recommendation: keep these disabled unless you have a clear marketing need and a compliant consent setup.

4. Managing Cookies and Consent

4.1 Cookie Banner / Preferences

Where required by law (e.g., in the EU/EEA), we provide a cookie banner and preference tool that allows you to accept or reject non-essential cookies.

4.2 Browser Controls

You can also manage cookies through browser settings (block, delete, or restrict). Note that blocking strictly necessary cookies may prevent login and core functionality.

5. Retention

Cookies may be session-based (deleted when you close the browser) or persistent (remain until expiration or deletion). Exact durations appear in the cookie table below (once finalized).

6. Third-Party Cookies

Some cookies may be set by third parties when we embed their services (e.g., analytics, error tracking). These third parties may act as independent controllers for their own purposes. We recommend reviewing their policies once you finalize vendors.

7. Updates

We may update this Cookie Policy to reflect changes in technology, law, or our Sites. The “Effective Date” will reflect the latest version.