Skip to content

Service Agreement

Version 1.0Last updated 15 April 2026

Platform Service Agreement

Last Updated: 12 April 2026

This Platform Service Agreement ("Agreement") describes the terms under which Senhuo Ltd (trading as Senhuo Digital) ("Platform", "we", "us", "our") provides services to the subscribing business ("Client", "you", "your").

By registering for an account or using the Services, you agree to this Agreement.

Our goal is to provide reliable tools that help businesses manage bookings, websites, and customer interactions while maintaining strong data protection and transparency.

What This Agreement Covers — A Plain-Language Summary

This summary is provided for convenience only and is not legally binding. If there is any conflict between this summary and the full terms below, the full terms apply.

What we do for you: We design, build, and host your business website. We also arrange your domain name registration, help you set up a professional business email address, and assist with your Google Business Profile and search listings. Some of these are set up collaboratively with you during onboarding, and we provide ongoing technical support for them. We also provide booking tools and customer management features. Your monthly fee includes third-party services such as domain registration, business email, hosting, SSL, and CDN — no separate subscriptions or hidden extras.

What you pay: A one-off setup fee (paid upfront before we start work) and a monthly service fee (collected by direct debit). All prices include VAT. If a payment is missed, we'll work with you for the first 30 days with no penalties. After that, statutory interest applies. If payment is still outstanding after 60 days, we may pause your website, and after 90 days we may end the agreement.

Your commitment: There is a 6-month minimum term for the monthly service after your website goes live. After that, you can cancel at any time — your service runs until the end of the month you've already paid for.

Your content: You own your branding, text, and images. Your domain name is registered in your business name and belongs to you. Accounts created under your domain (email, Google Business Profile) belong to you. We own the website design, templates, and code we create. While you're a client, you have a licence to use the design through our platform.

Your customers' data: You're responsible for how you collect and use your customers' information. We process it on your behalf and protect it in line with UK data protection law.

If things go wrong: We aim to respond to critical issues within 1 business day. We carry out regular security testing and will notify you within 72 hours of any data breach.

Leaving: You can cancel after the minimum term by giving us notice. Your service continues to the end of the paid month. You'll have 30 days to export your data. We'll remove our administrative access from your domain, email, and other accounts within 30 days — you keep everything registered in your name. You'll be responsible for any third-party subscription costs (such as email and domain renewal) from that point.

Changes to this agreement: If we need to make material changes, we'll email you at least 30 days in advance and ask you to confirm. We won't assume you've agreed just because you kept using the service.

Definitions

For the purposes of this Agreement:

Platform means the website infrastructure, software, analytics systems, and related services operated by the Platform provider.

Client means the business or organisation using the Platform to operate its website or services.

Services means the software, hosting, booking tools, analytics tools, and related platform functionality provided by the Platform.

Client Data means business information, content, and materials uploaded by the Client.

Customer Personal Data means personal data relating to the Client's own customers processed through the Services.

Platform Data means operational, system, or usage data generated by operation of the Platform.

Aggregated Data means anonymised or aggregated data derived from platform usage that does not identify individuals.

Domain Name means the internet domain name registered by the Platform on the Client's behalf as part of the Services (e.g. clientbusiness.co.uk).

Infrastructure Accounts means the third-party accounts created and managed by the Platform on the Client's behalf in order to deliver the Services, including but not limited to domain registrar accounts, DNS and content delivery accounts, and business email accounts.

Infrastructure Services means the domain registration, DNS management, SSL provisioning, email provisioning, content delivery, and related technical services provided by the Platform as part of the Services, delivered through third-party providers on the Client's behalf.

Design & Setup Fee means the one-off fee payable by the Client in full prior to commencement of work for the initial design, development, and configuration of the Client's website and platform setup, as specified in the applicable project proposal or order form.

Monthly Service Fee means the recurring monthly fee payable by the Client for ongoing platform maintenance, hosting, support, and third-party subscription services (including but not limited to domain registration and renewal, business email, and DNS services), collected by direct debit.

Part A — Platform Service Terms

1. Services

The Platform provides a cloud-based business platform including:

  • Website hosting and management\
  • Domain name registration and ongoing management\
  • Professional business email arrangement and support\
  • DNS, SSL, and content delivery network management\
  • Google Business Profile and search engine setup assistance\
  • Online booking and scheduling tools\
  • Payment processing integrations\
  • Customer management features\
  • Business analytics dashboards\
  • Technical infrastructure and security\
  • Ongoing improvements and updates

Some onboarding steps (e.g. Google Business Profile verification, certain email account setup activities) require the Client's participation or third-party verification and may be completed collaboratively during onboarding rather than fully automatically.

We may update or improve the Services from time to time to enhance functionality, reliability, or security.

2. Data Protection Roles

2.1 Customer Personal Data

For personal data relating to your customers that is processed through the Services (such as booking details or contact information):

  • You act as the Data Controller
  • The Platform acts as the Data Processor

This means you determine the purposes for which customer information is collected through your business activities, while the Platform processes that information in order to provide the Services.

The Platform processes such data only as necessary to operate the Services and in accordance with applicable data protection laws.

The detailed obligations of the Platform as Data Processor are set out in Schedule 1 (Data Processing Terms) of this Agreement.

2.2 Platform Operational Data

The Platform acts as the Data Controller for operational and technical data generated through use of the Services. The categories and permitted uses of this data are described in Section 3.

2.3 Aggregated and Anonymised Data

Where data has been irreversibly anonymised so individuals cannot be identified, it is no longer considered personal data under applicable law. The Platform acts as Data Controller for such data. The permitted uses are described in Section 3.

3. Data Rights and Usage

3.1 Client Data

You retain ownership of:

  • customer personal data collected through your business\
  • business information submitted to the Platform\
  • branding, content, and materials you upload

To enable the Platform to provide the Services, you authorise us to process Client Data as necessary to operate, maintain, and improve the Services.

3.2 Platform Data

The Platform collects operational and technical data generated through use of the Services, including system logs, usage patterns, performance metrics, infrastructure and reliability data, and platform interaction events. This data forms part of the Platform's technical infrastructure and may be used for:

  • maintaining system stability, security, and performance\
  • monitoring and improving service quality and reliability\
  • developing new platform features and functionality

3.3 Aggregated and Anonymised Data

The Platform may analyse usage patterns across multiple users in a way that prevents identification of individuals. This aggregated and anonymised information may be used to:

  • improve platform functionality\
  • provide benchmarking insights to Clients\
  • understand service trends\
  • enhance reliability and security\
  • develop analytics features, statistical models, and other improvements that enhance the Services

These improvements form part of the ongoing development of the Platform and its technology and infrastructure.

4. Platform Improvement, Analytics, and Models

As part of the activities described in Sections 3.2 and 3.3, the Platform may develop statistical models, machine learning systems, or other analytical technologies using Platform Data and Aggregated Data. These technologies are developed to improve the Services for all users and form part of the Platform's technology and infrastructure.

5. Fair Use of Platform Insights

The Platform provides analytics tools, operational insights, and benchmarking information to help Clients better understand and improve their businesses.

These insights are intended to support normal use of the Services. Clients agree not to reverse engineer, extract, or misappropriate the Platform's proprietary technology, algorithms, or data structures, or to use access to the Platform to intentionally develop or operate a competing platform or service that replicates the core functionality of the Platform. This restriction applies during the term of this Agreement only.

This provision does not restrict Clients from operating their own businesses, providing services to customers, using their own business data for any purpose, or applying general knowledge and experience gained through normal use of the Services.

6. Client Responsibilities

Clients agree to:

  • comply with applicable laws when operating their business\
  • maintain accurate service information on their website\
  • respond appropriately to customer bookings and communications\
  • use customer information responsibly and lawfully\
  • comply with applicable marketing regulations, including the Privacy and Electronic Communications Regulations 2003 (PECR) as amended by the Data Use and Access Act 2025

Clients remain responsible for the services they provide to their own customers.

7. Customer Data Rights

As Data Controller for Customer Personal Data, the Client is responsible for determining the lawful basis for collecting and using customer information.

Where required by law, the Platform will assist the Client in responding to data subject requests.

Customers may contact either the Client or the Platform regarding privacy concerns, and requests will be handled in accordance with applicable data protection laws.

8. Security

We implement appropriate technical and organisational measures to safeguard data, including:

  • encryption of data in transit and at rest\
  • secure authentication and access controls\
  • monitoring and logging systems\
  • regular security testing and updates\
  • backup and recovery procedures\
  • secure credential storage and access controls for third-party accounts managed on the Client's behalf, including the principle of least privilege

If a data security incident affecting Customer Personal Data occurs, the Platform will notify affected Clients in accordance with the timelines set out in Schedule 1 (Data Processing Terms).

9. Payment Terms

9.1 Design & Setup Fee

The Client agrees to pay a Design & Setup Fee for the initial design, development, and configuration of the Client's website and platform setup. The amount and scope of work will be specified in the applicable project proposal or order form.

The Design & Setup Fee is payable in full prior to the commencement of work. The Platform may, at its sole discretion, offer alternative payment arrangements for higher-value projects, which will be set out in the applicable project proposal or order form.

The Client's website will not be published or made live until the Design & Setup Fee has been paid in full.

9.2 Monthly Service Fee

Following completion of the initial setup, the Client agrees to pay a Monthly Service Fee for ongoing platform maintenance, hosting, support, and third-party subscription services. The amount of the Monthly Service Fee will be specified in the applicable project proposal or order form.

The Monthly Service Fee is collected by direct debit on a recurring monthly basis. The Client agrees to establish and maintain a valid direct debit instruction for the duration of this Agreement.

9.2.1 Minimum Term

The Monthly Service Fee is subject to a minimum commitment period of 6 months from the date the Client's website is first published ("Minimum Term"). During the Minimum Term, the Client may not terminate the Monthly Service Fee by notice under Section 10.1 (Termination for Convenience).

If the Client terminates this Agreement during the Minimum Term other than under Section 10.2 (Termination for Cause), the Client agrees to pay the remaining Monthly Service Fees due for the balance of the Minimum Term as a lump sum.

After the Minimum Term, the Monthly Service Fee continues on a rolling month-to-month basis and may be terminated by either party in accordance with Section 10.

9.3 Failed and Late Payments

If a direct debit payment fails, the Platform will notify the Client by email and attempt to collect the payment again within 7 days.

The following escalation process applies where payment remains outstanding after the original due date:

1–30 days overdue: The Platform will contact the Client to resolve the issue. No interest is charged and no action is taken against the Client's account during this period.

31–60 days overdue: The Platform will charge interest on the overdue amount at the rate of 8% per annum above the Bank of England base rate, in accordance with the Late Payment of Commercial Debts (Interest) Act 1998. The Platform may also claim the statutory fixed compensation of £40 per overdue payment under the same Act. Interest accrues from day 31 until the date of payment.

Over 60 days overdue: The Platform will provide the Client with 7 days' written notice and may then suspend access to the Services until the outstanding amount (including any accrued interest) is paid in full. The Client's website will be taken offline for the duration of any suspension.

Over 90 days overdue: If payment remains outstanding for more than 90 days after the original due date, the Platform may terminate this Agreement immediately by written notice. Termination under this section is treated as termination for cause, and Section 10.4 (Effects of Termination) applies. If the Client is within the Minimum Term, the remaining Monthly Service Fees for the balance of the Minimum Term become immediately due.

9.4 VAT and Taxes

All fees stated in this Agreement or in any project proposal or order form are inclusive of VAT where applicable. The Platform is responsible for accounting for and remitting VAT to the relevant tax authority.

9.5 Price Changes

The Platform may adjust the Monthly Service Fee by providing the Client with at least 30 days' written notice before the change takes effect. Any price change will apply from the next billing cycle following the notice period.

If the Client does not agree to a price change, the Client may terminate this Agreement in accordance with Section 10 before the new pricing takes effect. For the avoidance of doubt, this right to terminate applies even if the Client is within the Minimum Term, and no early termination fees under Section 9.2.1 will apply in such circumstances.

9.6 Billing Disputes

Where billing disputes arise, the Client must notify the Platform in writing within 30 days of the relevant invoice. The parties will use reasonable efforts to resolve disputes promptly. Undisputed amounts remain due and payable during any dispute.

10. Termination

10.1 Termination for Convenience

Either party may terminate this Agreement by providing written notice to the other party's registered email address. Termination will take effect at the end of the current paid billing month in which the notice is given. For example, if the Client gives notice on the 15th of the month and has paid for that month, the Agreement terminates on the last day of that month.

Termination by the Client under this section is subject to the Minimum Term set out in Section 9.2.1.

10.2 Termination for Cause

Either party may terminate this Agreement immediately by written notice if the other party:

  • commits a material breach of this Agreement and fails to remedy that breach within 14 days of receiving written notice specifying the breach; or
  • becomes insolvent, enters administration, liquidation, or any analogous process under applicable law.

10.3 Termination by the Platform

The Platform may suspend or terminate the Services immediately if the Client uses the Services in violation of Part C (Acceptable Use) of this Agreement.

Where the Client fails to pay any fees due under this Agreement, the escalation process set out in Section 9.3 (Failed and Late Payments) applies, including suspension after 60 days and termination after 90 days.

10.4 Effects of Termination

Following termination of this Agreement:

  • the Client's website may be taken offline at the end of the final paid billing month;
  • the Client will have a period of 30 days from the effective date of termination to export its Customer Personal Data and Client Data. The Platform will provide reasonable assistance with data export during this period;
  • the Platform will delete or return Customer Personal Data in accordance with Schedule 1 (Data Processing Terms), subject to the Data Retention provisions of this Agreement;
  • the Platform may retain operational and Aggregated Data for system integrity and improvement purposes;
  • the Platform will remove its administrative access from all Infrastructure Accounts within 30 days of the effective date of termination, at no additional charge. The Platform will provide reasonable handover assistance during this period;
  • the Platform's obligation to fund third-party subscription costs associated with Infrastructure Accounts (including but not limited to business email and domain renewal) ceases on the effective date of termination. Where the Platform continues to fund such costs during the handover period as a courtesy, this does not create an obligation to continue doing so beyond 30 days. The Platform accepts no responsibility for any interruption or loss of third-party services resulting from the Client's failure to assume billing responsibility within the handover period;
  • any fees already paid for the current billing period are non-refundable, and any outstanding fees become immediately due.

10.5 Survival

The following provisions survive termination of this Agreement: Definitions, Section 3 (Data Rights and Usage), Section 11 (Intellectual Property, including Section 11.6 to the extent it relates to the handover of Infrastructure Accounts), Section 12 (Warranties and Disclaimers), Section 13 (Indemnification), Section 14 (Limitation of Liability), Section 15 (Governing Law and Jurisdiction), Schedule 1 (Data Processing Terms) to the extent the Platform continues to hold Customer Personal Data, and the Confidentiality and Data Retention provisions.

10.6 Consumer Cooling-Off Right and Waiver

This section applies where the Client is a consumer (as defined in the Consumer Rights Act 2015) purchasing the Services through a distance contract.

Under the Consumer Contracts (Information, Cancellation and Additional Charges) Regulations 2013, the Client has a right to cancel this Agreement within 14 days of the day the Agreement is formed (the "Cancellation Period"), without giving any reason.

Because the Platform begins work on the Client's website, infrastructure setup, and Google Business Profile claim immediately upon payment of the Setup Fee, the Client expressly acknowledges the following when accepting this Agreement at checkout:

  • the Client requests that the Platform begin performing the Services during the Cancellation Period;
  • the Client understands and acknowledges that, once the Services are fully performed, the Client's right to cancel under these Regulations will be lost;
  • if the Client exercises the right to cancel during the Cancellation Period after the Services have partially begun, the Client will be liable to pay the Platform a reasonable amount for the Services supplied up to the point of cancellation, proportionate to the full price of the Services. This typically includes, at a minimum: any third-party costs already incurred on the Client's behalf (for example, domain registration, non-refundable email provisioning) plus a pro-rata share of the Setup Fee reflecting work completed.

If the Client wishes to exercise the right to cancel during the Cancellation Period, the Client must notify the Platform in writing via the registered email address before the end of the 14-day Cancellation Period. The Platform will acknowledge receipt without undue delay.

This Section does not affect the Client's statutory rights as a consumer where those rights cannot be excluded by contract.

11. Intellectual Property

11.1 Platform IP

The Platform retains all rights, title, and interest in and to:

  • platform software and infrastructure\
  • technical systems supporting the Services\
  • platform improvements and developments\
  • all website templates, designs, layouts, page structures, and code created by the Platform in the course of providing the Services, including any custom design work produced for the Client

11.2 Client IP

Clients retain ownership of their branding, logos, images, text content, and other materials provided by the Client or uploaded to the Platform.

11.3 Licence to Client

During the term of this Agreement, the Platform grants the Client a non-exclusive, non-transferable, revocable licence to use the website design and related materials created by the Platform solely for the purpose of operating the Client's website through the Services. This licence does not include the right to copy, reproduce, modify, or distribute the website design or any underlying code outside of the Platform.

11.4 Domain Management

Where the Platform registers a Domain Name on the Client's behalf, the domain is registered in the Client's business name and the Client is the legal registrant. The Platform provides domain management services — including DNS configuration, SSL provisioning, email routing, and renewal management — during the term of this Agreement.

The Platform holds operational and administrative access to the domain registrar account and DNS settings solely for the purpose of delivering the Services. This access does not constitute an ownership claim over the Domain Name.

During the term, the Client must not modify DNS records, registrar settings, or nameserver configurations associated with the Domain Name without the Platform's prior written consent, as unauthorised changes may disrupt the website and email services. The Platform accepts no liability for any disruption to the Services resulting from the Client's unauthorised modification of DNS records, registrar settings, or nameserver configurations.

Domain registration and renewal costs are included in the Monthly Service Fee during the term of this Agreement.

On termination, the Platform will remove its administrative access in accordance with Section 10.4. No transfer fee or administrative charge applies to this handover, as the Domain Name is already registered in the Client's name.

11.5 Termination of Licence

On termination of this Agreement, the licence granted under Section 11.3 ends immediately. The Client must not continue to use, copy, or replicate the website design, templates, or code created by the Platform after termination.

11.6 Infrastructure Accounts and Third-Party Services

The Platform arranges and manages Infrastructure Accounts on the Client's behalf as part of the Services. These accounts — including but not limited to business email, domain registrar, DNS provider, and Google Business Profile — are created under the Client's domain or business identity and belong to the Client. Setup of some Infrastructure Accounts may require the Client's participation or third-party verification (for example, Google Business Profile verification by phone, postcard, or video) and may be completed collaboratively during onboarding.

The Platform holds administrative access to Infrastructure Accounts solely for the purpose of delivering the Services. This access does not constitute an ownership claim over the accounts or their contents.

Infrastructure Accounts are governed by the respective third-party provider's own terms of service and data processing agreements. The Client is the contracting party with those providers. The Platform selects third-party providers using reasonable skill and care but is not liable for any third-party provider's handling of data, service availability, or changes to their terms.

The Client must maintain the Platform's administrative access to all Infrastructure Accounts for the duration of this Agreement. Removal of the Platform's administrative access without prior written consent may constitute a material breach under Section 10.2 and may result in disruption to the Services for which the Platform accepts no liability.

On termination, the Platform will remove its administrative access in accordance with Section 10.4.

12. Warranties and Disclaimers

12.1 Platform Warranty

The Platform warrants that it will perform the Services with reasonable skill and care in accordance with generally accepted industry standards.

12.2 Client Warranty

The Client warrants that:

  • it has the authority to enter into this Agreement;
  • its use of the Services will comply with all applicable laws;
  • any content or materials it uploads to the Platform will not infringe the intellectual property rights or other rights of any third party.

12.3 Disclaimer

Except as expressly set out in this Agreement, to the maximum extent permitted by applicable law:

  • the Services are provided on an "as is" and "as available" basis;
  • the Platform disclaims all other warranties, conditions, and representations, whether express, implied, statutory, or otherwise, including any implied warranties of merchantability, satisfactory quality, fitness for a particular purpose, or non-infringement;
  • the Platform does not warrant that the Services will be uninterrupted, error-free, or free from harmful components;
  • the Platform does not warrant that any data stored on the Platform will not be lost or corrupted, and the Client is responsible for maintaining its own backups of critical data.

Nothing in this section excludes or limits any warranty or obligation that cannot be excluded or limited under applicable law, including the implied term of reasonable skill and care under the Supply of Goods and Services Act 1982 and the reasonableness requirements of the Unfair Contract Terms Act 1977.

13. Indemnification

13.1 Client Indemnification

The Client agrees to indemnify, defend, and hold harmless the Platform and its officers, directors, employees, and agents from and against any third-party claims, actions, proceedings, losses, liabilities, damages, costs, and expenses (including reasonable legal fees) arising out of or in connection with:

  • any content, data, or materials uploaded by the Client to the Platform;
  • the Client's breach of this Agreement, including any breach of the Client's warranties;
  • the Client's violation of applicable law, including data protection laws in the Client's capacity as Data Controller;
  • any dispute between the Client and its own customers relating to services provided by the Client.

13.2 Platform Indemnification

The Platform agrees to indemnify, defend, and hold harmless the Client from and against any third-party claims that the Platform's technology, as provided to the Client, infringes the intellectual property rights of a third party, provided that the Platform shall have no obligation under this section to the extent that the claim arises from: (a) the Client's content or data; (b) modifications made by the Client; or (c) the Client's use of the Services in combination with third-party products or services not provided by the Platform.

13.3 Indemnification Procedure

The indemnified party must: (a) promptly notify the indemnifying party in writing of any claim; (b) give the indemnifying party sole control of the defence and settlement of such claim; and (c) provide reasonable cooperation at the indemnifying party's expense. The indemnifying party shall not settle any claim in a manner that imposes obligations on the indemnified party without the indemnified party's prior written consent.

13.4 Relationship to Limitation of Liability

The indemnification obligations in this section are subject to the limitations set out in Section 14 (Limitation of Liability), except to the extent that the underlying claim arises from the indemnifying party's wilful misconduct or fraud.

14. Limitation of Liability

To the maximum extent permitted by law, the Platform's total liability arising from or relating to the Services will not exceed the total fees paid by the Client during the six months preceding the event giving rise to the claim.

The Platform will not be liable for any indirect, incidental, or consequential losses, including loss of profits, revenue, data, or business opportunities.

Nothing in this Agreement excludes or limits liability for death or personal injury caused by negligence, fraud or fraudulent misrepresentation, or any liability that cannot be excluded under applicable law.

15. Governing Law and Jurisdiction

This Agreement is governed by the laws of England and Wales.

Any dispute, claim, or controversy arising out of or relating to the Services or this Agreement shall be subject to the exclusive jurisdiction of the courts of England and Wales.

16. Data Processing

The full Data Processing Terms are set out in Schedule 1 at the end of this Agreement. Schedule 1 forms an integral part of this Agreement and sets out how the Platform processes your customers' personal data on your behalf in accordance with UK data protection law.

Part C — Acceptable Use

17. Prohibited Activities

Clients may not use the Platform to:

  • host illegal or unlawful content
  • distribute malware or harmful software
  • send unsolicited spam communications
  • interfere with platform security systems
  • scrape or extract platform data without permission
  • attempt to disrupt or overload platform infrastructure

Fair Use

To maintain reliable service for all users, Clients agree not to:

  • generate excessive automated traffic
  • bypass technical usage limits
  • operate bots or scripts that create abnormal system load

Where usage materially impacts platform performance, the Platform may apply reasonable technical measures including:

  • rate limiting
  • temporary restrictions
  • requests to adjust usage patterns

These measures are intended solely to maintain stable and fair access to the Services for all users.

General Provisions

Notices

The Platform may provide notices relating to this Agreement through:

  • email to the Client's registered account email address
  • the Client dashboard within the Platform

Material changes to this Agreement will be notified by email to the Client's registered email address at least 30 days before taking effect. The Client must confirm acceptance of any material change by replying to the notification email or acknowledging the change through the Platform dashboard. If the Client does not accept the changes, or does not respond within the 30-day notice period, the Client may terminate this Agreement in accordance with Section 10 before the effective date. If the Client neither accepts the changes nor terminates the Agreement within the notice period, the Platform may terminate the Agreement on the effective date of the proposed change.

Non-material notices (such as maintenance schedules, feature updates, or operational communications) may be delivered through the dashboard or email and take effect when delivered.

For privacy-related enquiries or data protection concerns, contact: hello@senhuo.co.uk

Confidentiality

Each party agrees to keep confidential any information received from the other party that is not publicly available, including business plans, pricing, client lists, technical details, and platform processes ("Confidential Information").

Confidential Information may only be used for the purposes of this Agreement and must not be disclosed to any third party without the disclosing party's prior written consent, except:

  • to the receiving party's employees, contractors, or professional advisers who need to know it and are bound by appropriate confidentiality obligations;
  • where disclosure is required by law, regulation, or court order, provided the receiving party gives the disclosing party reasonable advance notice where permitted.

This obligation does not apply to information that: (a) is or becomes publicly available through no fault of the receiving party; (b) was already known to the receiving party before disclosure; (c) is independently developed by the receiving party without reference to the Confidential Information; or (d) is received from a third party who is not bound by confidentiality obligations.

The obligations in this section survive termination of this Agreement for a period of 2 years.

Force Majeure

The Platform will not be liable for failure or delay in performing obligations where such failure results from events beyond reasonable control, including but not limited to:

  • natural disasters
  • internet or telecommunications failures
  • cloud infrastructure outages
  • cyber attacks
  • government actions
  • labour disputes

The Platform will make reasonable efforts to restore service as soon as practicable.

Order of Precedence

In the event of any inconsistency between sections of this Agreement, the following order of precedence will apply:

  1. Data Processing Terms (Schedule 1)
  2. Authorised Sub-Processors (Schedule 2)
  3. Platform Service Terms (Part A)
  4. Acceptable Use Policy (Part C)

Data Retention

Following termination of the Services, the Platform may retain Customer Personal Data for a limited period where necessary for:

  • legal compliance
  • accounting obligations
  • fraud prevention
  • security monitoring

Where retention is not legally required, Customer Personal Data will normally be deleted within 90 days after termination of the Services, subject to the Client's rights under Schedule 1, Section 11.

Aggregated or anonymised Platform Data may be retained indefinitely for analytics and service improvement purposes.

Support Scope

The Platform provides support on a reasonable efforts basis. Support requests may be submitted through the Platform or designated support email channels.

The Platform aims to respond to support requests within the following timeframes, based on the severity of the issue:

  • Critical (website down, data breach, or complete loss of service) — 1 business day
  • High (booking system failure or significant feature unavailability) — 2 business days
  • Normal (general queries, minor issues, or configuration requests) — 5 business days
  • Low (feature requests, non-urgent questions, or cosmetic issues) — 10 business days

The Platform will determine the severity classification of each request in good faith. Response times are targets and are not guaranteed, but the Platform will use reasonable efforts to meet them.

Export and Compliance

Clients agree not to use the Platform in violation of applicable export laws, sanctions regulations, or other legal restrictions.

The Platform may suspend or terminate Services where required to comply with applicable law or regulatory obligations.

Entire Agreement

This Agreement constitutes the entire agreement between the Platform and the Client regarding the Services and supersedes all prior agreements, communications, or understandings.

Severability

If any provision of this Agreement is held to be invalid or unenforceable, the remaining provisions will remain in full force and effect.

Waiver

Failure by the Platform to enforce any provision of this Agreement will not constitute a waiver of that provision or the right to enforce it in the future.

Schedule 1 — Data Processing Terms

This Schedule sets out the terms on which the Platform (as Data Processor) processes Customer Personal Data on behalf of the Client (as Data Controller) for the purposes of the UK General Data Protection Regulation ("UK GDPR"), the Data Protection Act 2018, and the Data Use and Access Act 2025 (to the extent in force). This Schedule will be reviewed and updated as necessary to reflect any further guidance issued by the Information Commissioner's Office in connection with the Data Use and Access Act 2025.

1. Scope and Purpose of Processing

The Platform will process Customer Personal Data solely for the purpose of providing and operating the Services as described in this Agreement and in accordance with the Client's documented instructions.

The categories of data subjects, types of personal data, and nature of processing are determined by the Client's use of the Services, which may include customer names, contact details, booking information, and payment references.

2. Client Instructions

The Platform will process Customer Personal Data only on the Client's documented instructions, unless required to do so by applicable law. Where the Platform is required by law to process Customer Personal Data otherwise than in accordance with the Client's instructions, the Platform will inform the Client of that legal requirement before processing, unless prohibited from doing so by law.

If the Platform considers that an instruction from the Client infringes applicable data protection law, the Platform will promptly inform the Client.

3. Confidentiality

The Platform will ensure that all personnel authorised to process Customer Personal Data are subject to appropriate obligations of confidentiality.

4. Security Measures

The Platform will implement and maintain appropriate technical and organisational measures to protect Customer Personal Data against unauthorised or unlawful processing and against accidental loss, destruction, or damage. These measures are described in Section 8 (Security) of the main Agreement.

5. Sub-processors

The Client provides general authorisation for the Platform to engage third-party sub-processors to assist in providing the Services, including cloud hosting, payment processing, and communication services.

The Platform will:

  • maintain a list of current sub-processors, which will be made available to the Client on request;
  • notify the Client in writing at least 14 days before engaging any new sub-processor or replacing an existing sub-processor;
  • provide the Client with the opportunity to object to the appointment of a new sub-processor on reasonable grounds within 14 days of notification. If the Client objects and the parties are unable to resolve the objection, the Client may terminate the affected Services by written notice;
  • ensure that each sub-processor is bound by data protection obligations no less protective than those set out in this Schedule.

6. Data Breach Notification

In the event of a personal data breach affecting Customer Personal Data, the Platform will:

  • notify the Client without undue delay and in any event within 72 hours of becoming aware of the breach;
  • provide the Client with sufficient information to enable the Client to fulfil its own breach notification obligations under applicable law, including the nature of the breach, the categories and approximate numbers of data subjects affected, the likely consequences, and the measures taken or proposed to address the breach;
  • cooperate with the Client and take reasonable steps to assist in the investigation, mitigation, and remediation of the breach.

7. Data Subject Rights

The Platform will assist the Client, by appropriate technical and organisational measures, in responding to requests from data subjects exercising their rights under applicable data protection law, including rights of access, rectification, erasure, restriction, portability, and objection.

8. Data Protection Impact Assessments

Where reasonably required, the Platform will provide the Client with reasonable assistance in carrying out data protection impact assessments and prior consultations with supervisory authorities, taking into account the nature of the processing and the information available to the Platform.

9. Audit and Inspection

The Platform will make available to the Client all information reasonably necessary to demonstrate compliance with this Schedule and will allow for and contribute to audits, including inspections, conducted by the Client or an auditor mandated by the Client, subject to:

  • reasonable prior written notice of at least 30 days;
  • audits being conducted during normal business hours and in a manner that does not unreasonably disrupt the Platform's operations;
  • the Client bearing its own costs in connection with any audit;
  • confidentiality obligations applying to any information accessed during the audit.

The Platform may satisfy its audit obligations under this section by providing relevant third-party audit reports or certifications (such as SOC 2 or ISO 27001) where available.

10. International Transfers

The Platform will not transfer Customer Personal Data outside the United Kingdom unless appropriate safeguards are in place in accordance with applicable data protection law, including the use of standard contractual clauses approved by the UK Information Commissioner's Office, adequacy decisions, or other lawful transfer mechanisms.

11. Deletion and Return of Data

On termination of this Agreement, the Platform will, at the Client's election:

  • return all Customer Personal Data to the Client in a commonly used, machine-readable format; or
  • delete all Customer Personal Data in its possession,

within 30 days of the effective date of termination, unless applicable law requires continued storage.

Where the Platform retains backup copies of Customer Personal Data beyond the 30-day period described above, such retention is limited to the purposes and timescales set out in the Data Retention provisions of the main Agreement (ordinarily no more than 90 days after termination). Backup copies will be protected by the security measures described in this Schedule and will not be actively processed for any other purpose.

The Platform may retain Customer Personal Data beyond this period only as set out in the Data Retention provisions of the main Agreement.

12. Records of Processing

The Platform will maintain records of processing activities carried out on behalf of the Client in accordance with Article 30(2) of the UK GDPR. These records will be made available to the Client or to the Information Commissioner's Office on request.

Schedule 2 — Authorised Sub-Processors

Last updated: 12 April 2026

The following third-party sub-processors are authorised to process Customer Personal Data in connection with the Services, as described in Schedule 1, Section 5.

| Sub-Processor | Purpose | Data Processed | Location | |---|---|---|---| | Google LLC (Google Workspace) | Business email hosting and calendar services provisioned on the Client's domain | Customer names, email addresses, email content, calendar entries | EU/UK (Google Cloud europe-west2 or nearest region) | | Cloudflare, Inc. | DNS resolution, CDN, SSL termination, DDoS protection, email routing | IP addresses, HTTP request metadata, email routing headers | Global edge network (data processed at nearest PoP, no persistent storage outside EU/UK per Cloudflare DPA) | | Amazon Web Services (SES) | Transactional email delivery (booking confirmations, notifications) | Customer names, email addresses, email content | EU (eu-west-2, London) | | Google LLC (Cloud Run / Cloud SQL) | Website hosting and database | All Customer Personal Data processed through the Services | EU (europe-west2, London) |

The Platform will notify the Client at least 14 days before adding or replacing any sub-processor, in accordance with Schedule 1, Section 5.

Contact

Senhuo Ltd (trading as Senhuo Digital) Email: hello@senhuo.co.uk Company number: 16761659