COMMERCIAL COMMUNICATION AND DATA SECURITY COMPLIANCE ADDENDUM

COMMERCIAL COMMUNICATION AND DATA SECURITY COMPLIANCE ADDENDUM

1. COMMERCIAL ELECTRONIC COMMUNICATION AND IYS COMPLIANCE (For Turkey)

1.1. Permission Obligation: Before sending commercial communications via SMS, E-mail or Voice Message through the Platform, the User declares and undertakes that the recipients have given "Commercial Electronic Communication Consent" within the scope of the Law No. 6563 on the Regulation of Electronic Commerce (ETK). • 1.2. IYS Registration: The User accepts that all technical and legal responsibility belongs to them regarding the control of the messages to be sent through the Message Management System (IYS) and not sending messages to recipients who have exercised their right to refuse. Even if Esinix offers IYS integration, it cannot be held responsible for the accuracy and timeliness of the data. • 1.3. Administrative Fines: Any administrative fines imposed on Esinix due to the User sending unauthorized messages will be recouped from the User.

2. WHATSAPP BUSINESS AND API POLICIES

2.1. Meta Policies: The User must comply with Meta's (Facebook) current "Commerce Policy" and "Business Policy" when using the WhatsApp Business API.

• 2.2. Spam Prohibitions: The User agrees not to send mass messages via WhatsApp without the recipient's consent, otherwise Esinix will not be responsible for the closure of their number or account by Meta.

3. INTERNATIONAL COMMUNICATION STANDARDS (TCPA, CAN-SPAM, GDPR)

3.1. Sending to the US and Canada: The User is obliged to comply with TCPA (Telephone Consumer Protection Act) and CAN-SPAM laws when sending messages to US or Canadian numbers. The user is responsible for ensuring that the "Opt-out" mechanisms (e.g., "STOP" command) are operational.

3.2. Data Protection: The user undertakes that the personal data uploaded to the Platform is collected lawfully in accordance with GDPR (Europe) or KVKK (Turkey) and that the necessary consents have been obtained for the transfer of this data to third-party infrastructure providers (Twilio, Mailgun, etc.).

4. TWILIO AND MAILGUN "AUP" (ACCEPTABLE USE) COMPLIANCE

4.1. Infrastructure Rules: The user agrees to comply with the "Acceptable Use Policy" (AUP) rules of Twilio and Mailgun, Esinix's infrastructure providers. Esinix has no responsibility in the event of service interruption due to content marked as "high risk" or "spam" by these providers. • 4.2. Prohibited Content: According to the rules of the infrastructure providers; Sending messages containing drugs, illegal gambling, sexually explicit content, hate speech, and misleading financial offers (get-rich-quick schemes) is strictly prohibited.

5. MONITORING AND ACCOUNT CLOSURE

5.1. Monitoring Authority: Esinix reserves the right to automatically monitor the "bounce rate" (spam report rate) of sent messages in order to protect system integrity and IP reputation. • 5.2. Threshold Values: If the bounce rate exceeds the threshold values ​​set by the infrastructure providers (e.g., 0.1% spam rate), Esinix may restrict the user's message sending authority or close the account without prior notice.