LEGAL

PCI Compliance Onboarding Assistance Policy

Nautical Payments Platform

Nautical Payments (“Nautical”) may provide merchants with limited administrative support in connection with their obligations under the Payment Card Industry Data Security Standard (“PCI DSS”), including general guidance related to the completion of the applicable Self-Assessment Questionnaire (“SAQ”).

Merchant Responsibility

Merchant acknowledges and agrees that it is solely and exclusively responsible for:

(a) Determining the applicability of PCI DSS requirements to its business operations

(b) Selecting, accurately completing, and timely submitting the appropriate SAQ

(c) Implementing, maintaining, and validating all required PCI DSS controls

(d) Ensuring ongoing compliance with all PCI DSS requirements and any applicable card network rules

No Advisory or Certification Role

Any materials, guidance, or assistance provided by Nautical are for informational purposes only and do not constitute legal, regulatory, cybersecurity, or compliance advice. Nautical does not validate, audit, certify, or warrant Merchant’s PCI DSS compliance, nor does it complete or submit SAQs on Merchant’s behalf.

Disclaimer of Liability

To the fullest extent permitted by applicable law, Nautical shall have no responsibility or liability for:

(i) Merchant’s failure to achieve or maintain PCI DSS compliance

(ii) Errors, omissions, or inaccuracies in any SAQ or related documentation

(iii) Any data breach, security incident, fines, penalties, assessments, or losses arising out of or related to Merchant’s non-compliance with PCI DSS or card network requirements

Indemnification

Merchant agrees to indemnify, defend, and hold harmless Nautical, its affiliates, officers, directors, employees, agents, and service providers from and against any and all claims, demands, losses, liabilities, damages, fines, penalties, costs, and expenses (including reasonable attorneys’ fees) arising out of or related to:

(i) Merchant’s failure to comply with PCI DSS or applicable card network rules

(ii) Any breach or alleged breach of Merchant’s data security obligations

(iii) Inaccuracies or misrepresentations in Merchant’s SAQ or related submissions

(iv) Any security incident involving Merchant systems, networks, or data

Third-Party Consultation

Merchant is solely responsible for obtaining independent legal, regulatory, or cybersecurity advice as necessary to meet its PCI DSS obligations.

Reservation of Rights

Nautical reserves the right, in its sole discretion, to modify, limit, or discontinue any guidance or support provided under this policy at any time without notice.

Support

For general questions regarding SAQ procedures, Merchant may contact Nautical Payments support; however, such support does not alter or reduce Merchant’s obligations as set forth herein.