The deal between
Venue Axis and your venue.

What's in these Terms — a plain-English guide

• 01. Acceptance — clicking accept binds your venue (not just you personally) to these Terms.
• 02. Who is responsible for AML/CTF compliance — your venue, not Venue Axis. Your venue confirms it is the AUSTRAC reporting entity. Those statutory obligations stay with you and cannot be transferred to a software vendor.
• 03. What Venue Axis does — software that helps you record and organise compliance work. We don't act as your Compliance Officer, we don't make compliance decisions for you, and we never lodge reports to AUSTRAC on your behalf without your explicit approval.
• 04. AI features — drafts and suggestions, not decisions. Your authorised staff are the only people who decide what gets lodged.
• 05. Production engagement, fees, and subscription — the commercial terms of your paid subscription: tier, billing, taxes, and how the relationship continues after the pilot.
• 06. Data and records — each side is independently responsible under the Privacy Act 1988 (Cth). AML/CTF record-keeping stays with your venue (seven years under s 107 ↗). Cross-border processing detail sits in the Data Processing Agreement.
• 07. Liability — capped at the greater of A$50,000 or twelve months of fees paid. The cap does not cover fraud, wilful misconduct, or anything the Australian Consumer Law does not let us limit. You indemnify Venue Axis against third-party claims arising from your use.
• 08. Regulator notices — if AUSTRAC or another regulator compels us to produce records, we will tell you when we lawfully can and give you a chance to challenge before we hand anything over.
• 09. Subprocessor changes — we publish a current list of subprocessors and give 30 days' notice before adding or replacing one materially.
• 10. Termination — we can terminate with 90 days' written notice; you can terminate with 30 days' written notice. After termination you have a 30-day window to export your data; then it is deleted.
• 11. Updates to these Terms — material changes get at least 30 days' notice before they take effect.
• 12. Severance from the pilot programme — once these production Terms apply, they replace the pilot Terms. Anything that happened during the pilot stays governed by the pilot Terms.
• 13. Governing law — New South Wales courts.
• 14. Contact — legal@venueaxis.com.au.

---

01. Acceptance of these Terms and your authority to bind the venue

By accessing or using the Venue Axis platform on a production basis, the natural person clicking "I accept" warrants that they are an authorised representative of the registered club or venue (the "Customer") with authority to bind the Customer to these Terms.

"Venue Axis" refers to Venue Axis Pty Ltd ACN [to be inserted before production launch] of Merimbula, New South Wales. "Customer" and "your venue" refer to the registered club or venue whose authorised representative accepts these Terms. "Platform" refers to the Venue Axis compliance software service, including the web application, mobile progressive web app, APIs, integrations, and any related documentation made available by Venue Axis to the Customer.

These Terms supersede the Pilot Programme Terms previously accepted by the Customer (if any) in respect of the Customer's use of the Platform from the date the Customer accepts these Terms. Section 12 (Severance from pilot programme) operates as the load-bearing demarcation between the pilot period and the production engagement.

If you do not accept these Terms, you must not access or use the Platform on a production basis.

02. Reporting-entity relationship

This section is the load-bearing legal allocation between Venue Axis and the Customer. The Customer is asked to read it carefully and to acknowledge it before accepting these Terms.

2.1 Customer warranty

The Customer warrants that:

• The Customer is a "reporting entity" under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) (the "AML/CTF Act") by reason of providing one or more designated services listed in section 6 of the AML/CTF Act, including (where applicable) gaming machine services described in Table 3 items 5 and 10.
• The Customer is responsible for compliance with all of its statutory obligations as a reporting entity, including (without limitation): maintaining an AML/CTF Programme under s 26B ↗, ss 26C–26E ↗, s 26F ↗ and s 26H ↗ of the AML/CTF Act; conducting customer due diligence under s 28 ↗ and s 30 ↗; submitting Threshold Transaction Reports and Suspicious Matter Reports under s 41 ↗ and s 43 ↗; designating and maintaining a Compliance Officer under ss 26J–26M ↗; and retaining records for the minimum periods required by the AML/CTF Act, the AML/CTF Rules 2025, and any AUSTRAC guidance.
• These statutory obligations are non-delegable. The Customer's use of the Platform does not, and is not intended to, transfer, share, outsource, or otherwise reallocate any of those obligations to Venue Axis or to any other vendor.
• The Customer's acceptance of these Terms is consistent with AUSTRAC's published enforcement position that reporting-entity status is not delegable to technology vendors.

2.2 Customer acknowledgement of statutory position

The Customer acknowledges that the AML/CTF Act allocates reporting-entity obligations by statute and that this Agreement does not, and could not, modify that statutory allocation. The acknowledgement and warranty in this section operate as a contractual estoppel between Venue Axis and the Customer: the Customer will not later assert against Venue Axis that the Platform's use converted Venue Axis into a reporting entity in respect of any of the Customer's designated services.

2.3 Venue Axis is not a reporting entity for the Customer

Venue Axis is a software vendor. Venue Axis does not, and does not represent that it does, undertake the Customer's AML/CTF obligations, substitute for the Customer's Compliance Officer, make compliance decisions on the Customer's behalf, or lodge any report to AUSTRAC on the Customer's behalf.

03. Venue Axis's role

3.1 What Venue Axis provides

Venue Axis provides the Customer with access to the Platform in accordance with the subscription plan selected by the Customer. Without limiting the scope of the Platform, features include:

• Compliance workflow tooling: structured recording of compliance events including incidents, welfare checks, inspector arrivals, machine malfunctions, and self-exclusion events.
• Customer due diligence and threshold monitoring support: tools to help the Customer's authorised staff identify when a patron's gambling transactions reach the post-31 March 2026 initial-CDD floor of A$5,000 or the Threshold Transaction Report threshold of A$10,000, and to record CDD interactions in structured form. Final determination of whether any transaction is reportable remains with the Customer's authorised staff.
• Suspicious Matter Report and Threshold Transaction Report drafting assistance.
• Training register management.
• Audit log and evidence trail.
• Document generation assistance.
• Integrations with the Customer's gaming machine and facial-recognition systems via documented adapters, where the Customer has configured such integrations.

3.2 What Venue Axis does not undertake

The Customer acknowledges and agrees that Venue Axis does not:

• Undertake any of the Customer's AML/CTF obligations under the AML/CTF Act or the AML/CTF Rules 2025.
• Act as Compliance Officer for the Customer or any venue.
• Lodge any report to AUSTRAC, the NSW Independent Liquor & Gaming Authority, NSW Police, the Office of the Australian Information Commissioner, or any other regulator without the explicit review and approval of the Customer's authorised staff.
• Make compliance decisions on the Customer's behalf.
• Provide legal advice or compliance advice. Nothing in the Platform, its documentation, or these Terms constitutes legal advice and the Customer must not rely on the Platform as such.
• Make any representation that the Customer's use of the Platform satisfies any specific regulatory obligation.

3.3 Compliance Officer designation

The AML/CTF Act requires each reporting entity to designate a natural person as its Compliance Officer (sections 26J–26M). The Customer is responsible for making and maintaining that designation, for notifying AUSTRAC, and for ensuring that the designated person meets the statutory requirements. The Platform's tools that support the Compliance Officer's workflow are support tools, not a substitute for the Compliance Officer.

3.4 Feature availability is not a regulatory obligation

The availability of a Platform feature, alert, calendar reminder, or notification does not create any regulatory obligation on the Customer to use that feature, nor any representation by Venue Axis that the feature's use satisfies any regulatory obligation. Conversely, the Customer's use or non-use of a feature does not affect the Customer's underlying statutory obligations.

04. AI features

The Platform includes features that use artificial intelligence and machine learning to generate draft documents, suggested classifications, summaries, and other outputs ("AI Output"). The Customer acknowledges and agrees as follows.

4.1 AI Output is decision-support, not a decision

All AI Output is decision-support material. The Customer's authorised user is the sole decision-maker on whether to adopt, modify, or reject any AI Output. No AI Output is automatically lodged with any regulator or treated as a decision by Venue Axis on behalf of the Customer.

4.2 Per-feature carve-out

For each AI feature on the Platform, including (without limitation):

• AML/CTF Programme draft documents
• Suspicious Matter Report drafts
• Threshold Transaction Report drafts
• Customer due diligence record drafts
• Board commentary drafts
• Anomaly classification suggestions
• Document data extraction

the Customer acknowledges and agrees that:

• The output is generated by a computer program;
• Venue Axis makes no representation that the output is correct, complete, regulatorily compliant, or fit for any specific purpose;
• The Customer's authorised user is the sole decision-maker on whether to adopt, modify, or reject the output;
• No AI Output is automatically lodged with any regulator.

4.3 APP 1.7 and APP 1.8 — Customer is the APP entity

Where any AI feature involves a decision that significantly affects an individual within the meaning of APP 1.7 of Schedule 1 to the Privacy Act 1988 (Cth) (as amended by the Privacy and Other Legislation Amendment Act 2024 (Cth) commencing 10 December 2026), the Customer is the APP entity making the decision and is responsible for any APP 1.8 disclosures. Venue Axis provides the AI Output as decision-support material only.

05. Production engagement, fees, and subscription

5.1 Subscription plan and fees

The Customer's subscription plan, fees, and billing cycle are set out in the order form, invoice, or Stripe checkout session accepted by the Customer at the time of subscription. Fees are payable in advance of each billing period. Venue Axis may adjust the fees for subsequent billing periods by giving the Customer at least thirty (30) days' written notice before the start of the next billing period.

5.2 Service availability

Venue Axis provides the Platform on a target availability of 99.5% per calendar month, measured against the production endpoint at https://app.venueaxis.com.au, excluding scheduled maintenance windows announced at least seven (7) days in advance. Service-level commitments and remedies (if any) above this floor are set out in a separate service agreement between Venue Axis and the Customer where one is executed.

5.3 Continuity obligation

Notwithstanding the availability target in section 5.2, the Customer is responsible for maintaining offline or alternative procedures for recording compliance events during any Platform outage. Venue Axis is not responsible for any regulatory consequence arising from a Platform outage or unavailability where the Customer has failed to maintain reasonable continuity procedures.

5.4 Customer responsibility for use

The Customer is responsible for the conduct of its authorised users on the Platform, including (without limitation) the accuracy of records entered, the timeliness of actions taken, and the regulatory decisions made by its authorised staff. The Customer's continued use of the Platform constitutes the Customer's affirmation that the Platform's features are operating in a manner the Customer considers fit for the Customer's purposes.

06. Data and records

6.1 Each party is an APP entity

Each of Venue Axis and the Customer is an APP entity under the Privacy Act 1988 (Cth) in its own right and is independently responsible for compliance with the Australian Privacy Principles. The Customer is responsible for any APP 5 collection notices it provides to patrons and staff in respect of personal information collected through the Platform.

6.2 Cross-border processing

Venue Axis processes personal information on the Customer's behalf in Australia (Supabase ap-southeast-2, Sydney) with limited cross-border processing for specific service components disclosed in the Data Processing Agreement at Schedule 1. The Customer's APP 5 collection notices to patrons and staff must reflect the cross-border arrangements set out in the DPA.

6.3 Notifiable Data Breaches

The Data Processing Agreement at clause 7 sets out the parties' agreed allocation of Notifiable Data Breach handling under Part IIIC of the Privacy Act 1988 (Cth), including mutual 24-hour notification, joint assessment under section 26WH, and the default that Venue Axis prepares the statement under section 26WM where the breach affects personal information held on Venue Axis infrastructure.

6.4 Record retention by the Customer

The Customer is responsible for retaining records for the minimum periods required by applicable law, including (without limitation):

• Seven (7) years for AML/CTF records under section 107(1) of the AML/CTF Act;
• Three (3) years for gaming incident records under clause 50K of the Gaming Machines Regulation 2019 (NSW); and
• Three (3) years for the Liquor Act 2007 (NSW) section 72L incident register where applicable.

Venue Axis provides export tooling and reasonable assistance to support the Customer's retention obligations, but the legal obligation to retain rests with the Customer.

07. Liability

7.1 Liability cap

To the extent permitted by law, Venue Axis's total aggregate liability to the Customer under or in connection with these Terms or the Customer's use of the Platform is limited to the greater of:

• A$50,000; or
• the fees paid by the Customer to Venue Axis in the twelve (12) months preceding the event giving rise to the claim.

7.2 Exclusions from the cap

The limitation in section 7.1 does not apply to: liability for fraud or wilful misconduct; liability for misleading or deceptive conduct under section 18 of the Australian Consumer Law; or any other liability that cannot be excluded by law (including liability that cannot be excluded under the Australian Consumer Law).

7.3 Consequential and indirect losses excluded

To the extent permitted by law, Venue Axis is not liable to the Customer for any consequential, indirect, special, or punitive loss or damage, including loss of profits, loss of business, loss of data, loss of goodwill, loss of opportunity, or loss of regulatory licences, accreditations, authorisations or approvals, however arising. This exclusion is prominent, intentional, and intended to apply to all categories of loss other than those that cannot be excluded by law.

7.4 Customer indemnity

The Customer indemnifies Venue Axis against:

• Third-party claims (including claims by patrons, employees, contractors, agents, or visitors of the Customer) arising from or in connection with the Customer's use of the Platform; and
• Reasonable legal costs and document-production costs incurred by Venue Axis in responding to any notice, summons, or compulsory production demand issued to Venue Axis by AUSTRAC, the NSW Independent Liquor & Gaming Authority, NSW Police, the Office of the Australian Information Commissioner, or any other Australian regulator, where the notice, summons, or demand arises from or relates to the Customer's acts or omissions.

The indemnity does not extend to any civil penalty, fine, infringement notice, or other regulatory penalty issued against Venue Axis for Venue Axis's own conduct.

The indemnity survives termination of these Terms and is time-limited to six (6) years from termination, consistent with the limitation period under section 14 of the Limitation Act 1969 (NSW).

08. Regulator notices

Where Venue Axis receives a notice, summons, or compulsory production demand from an Australian regulator that relates to or compels production of the Customer's data or Venue Axis's records of the Customer's use of the Platform:

• Venue Axis will notify the Customer of the notice as soon as legally permissible, except where notification is prohibited by law (for example, in connection with a tipping-off restriction under section 123 of the AML/CTF Act).
• Where legally permissible and where the regulator's timeframe permits, Venue Axis will give the Customer reasonable opportunity to challenge or respond to the notice before Venue Axis produces any material.
• Where notification to the Customer is prohibited, or where the regulator's timeframe is shorter than the Customer's challenge cycle, Venue Axis will produce the material as required by law without further Customer consent. The Customer's consent to such production is deemed given by acceptance of these Terms.
• Venue Axis will provide the Customer with a copy of the material produced as soon as legally permissible.

09. Subprocessor changes

Venue Axis may add, remove, or change subprocessors involved in the processing of Customer personal information. Venue Axis will give the Customer at least thirty (30) days' written notice before any new subprocessor begins processing Customer personal information. The Customer may object in writing within fourteen (14) days of the notice. Where an objection is made and the parties cannot agree a resolution within thirty (30) days, the Customer's sole remedy is to terminate these Terms under section 11. The full subprocessor change mechanic is set out in the Data Processing Agreement at clause 5.2.

10. Termination

10.1 Termination by the Customer

The Customer may terminate these Terms by giving Venue Axis at least thirty (30) days' written notice, with termination effective at the end of the Customer's current billing period or at the end of the notice period, whichever is later.

10.2 Termination by Venue Axis

Venue Axis may terminate these Terms by giving the Customer at least ninety (90) days' written notice, except where the termination is for the Customer's material breach (in which case Venue Axis may terminate immediately on written notice, subject to any cure period set out in the breach notice).

10.3 Effect of termination

On termination of these Terms for any reason:

• Venue Axis will preserve the Customer's data for a thirty (30) day export window, during which the Customer may request a copy or initiate an in-app export.
• After the export window, the Customer's data is deleted from Venue Axis's systems, subject only to retention obligations imposed by law or compulsory regulator process.
• Outstanding fees up to the termination date remain payable.
• Sections that by their nature survive termination (including sections 02, 04.3, 06, 07, 08, and 12) survive termination.

11. Updates to these Terms

If Venue Axis materially changes these Terms, Venue Axis will give the Customer at least thirty (30) days' written notice before the changes take effect. Minor changes (formatting, clarifications, placeholder details) may be made without advance notice. Continued use of the Platform after the effective date of a material change constitutes the Customer's acceptance of the updated Terms. Prior versions are available on request.

12. Severance from the pilot programme

This section is a load-bearing demarcation between the pilot programme and the production engagement. The Customer acknowledges and agrees that:

• The pilot programme ended on the date the Customer accepted these Terms (the "Conversion Date").
• No representation, warranty, statement, communication, or platform output made or generated by Venue Axis during the pilot programme is incorporated into or carried forward to this Agreement.
• The Customer's continued use of the Platform from the Conversion Date is on the terms of this Agreement only and constitutes the Customer's independent decision to proceed with full knowledge of the Platform's features and limitations as represented in this Agreement.
• The Customer's pilot programme data is governed by the pilot programme termination provisions (export window, deletion). Any data the Customer elects to carry forward into the production engagement is the Customer's responsibility to import, transcribe, or otherwise migrate, and the Customer warrants that any such data is appropriate for production use under these Terms.
• The Customer waives any claim against Venue Axis based on pre-Conversion-Date pilot conduct that might otherwise survive into the production relationship under equitable estoppel, misleading-conduct doctrines, or analogous principles, except where such waiver is prohibited by law (including under the Australian Consumer Law).

13. Governing law

These Terms are governed by the laws of New South Wales, Australia. Each of Venue Axis and the Customer submits to the exclusive jurisdiction of the courts of New South Wales.

14. Contact

For questions about these Terms:

Email: legal@venueaxis.com.au Post: Venue Axis Pty Ltd, Merimbula, New South Wales

Signed for and on behalf of Venue Axis Pty Ltd: John Kosteroski, Director