Risk Disclosure

This Risk Disclosure Statement outlines the material risks associated with using FlowApp Studio and its associated services, APIs, and integrations. We are committed to transparency about the limitations and potential failure modes of our platform. By using FlowApp Studio, you acknowledge that you have read, understood, and accepted the risks described herein. This document does not constitute legal or financial advice, and does not override any applicable law that limits our ability to disclaim liability. This disclosure is not exhaustive. New or unforeseen risks may arise as technology evolves. We will update this document to reflect material new risks as they become known.

Our platform depends on complex technology infrastructure, including: • Internet connectivity: Users and end-users require stable internet access. Network outages, latency spikes, or packet loss outside our control can disrupt flow sessions. • Cloud hosting: We rely on third-party cloud infrastructure providers. Hardware failures, software bugs, or datacenter incidents at these providers may cause platform downtime. • Software dependencies: Our platform incorporates open-source libraries and third-party software. Vulnerabilities discovered in these dependencies may create security risks before patches are available. • Capacity limits: During periods of unusually high traffic, API rate limits, session queues, or processing delays may occur. We target 99.9% monthly uptime but do not guarantee uninterrupted service. Scheduled maintenance windows are announced via our status page.

FlowApp Studio enables deployment of interactive flows via USSD and other telecom-mediated channels. These channels introduce specific risks: • Telecom provider reliability: USSD sessions are relayed through mobile network operators (MNOs). Service disruptions at an MNO will directly affect the availability of your USSD flows, regardless of the FlowApp Studio platform status. • Session timeouts: USSD sessions are governed by strict timing constraints enforced by telecom networks, typically 180 seconds. Flow responses that exceed this window will time out without notice to the end-user. • Character and encoding limits: USSD responses are limited in character length. Flows must be designed accordingly; failure to do so may result in truncated or garbled messages displayed to end-users. • MNO API changes: Mobile network operators may change their USSD gateway APIs, shortcode policies, or pricing structures without advance notice, which may require modifications to your flows or integrations. • Regulatory requirements: USSD services are subject to telecommunications regulations that vary by country. You are responsible for ensuring your USSD deployments comply with applicable local laws and operator terms.

Despite comprehensive security measures, the following risks remain: • Account compromise: If your login credentials or API keys are compromised — through phishing, credential stuffing, or insecure storage — unauthorized parties may access your flows, analytics data, and end-user session logs. • End-user data exposure: Flows that collect personally identifiable information from end-users create data responsibility. A misconfigured flow or integration error could inadvertently expose this data. • Data loss: While we maintain backups, software bugs, accidental deletion, or catastrophic infrastructure failure could result in the loss of flow configurations or historical session data. • Transmission interception: While we encrypt all data in transit, data transmitted over USSD networks passes through telecom infrastructure and may be subject to interception by parties with access to that infrastructure. You are responsible for maintaining the confidentiality of your API keys, using strong authentication, and designing flows that handle sensitive data appropriately.

The following factors may impact the availability or performance of FlowApp Studio: • Scheduled maintenance: We perform routine maintenance that may require brief service interruptions. These are announced at least 48 hours in advance on our status page. • Unplanned outages: Unexpected failures in our infrastructure or that of our providers may cause service interruptions without advance warning. • Third-party service failures: Our platform integrates with payment processors, messaging APIs, and analytics providers. Failures in these services may affect specific functionality. • Force majeure: Events outside our control — including natural disasters, government actions, pandemics, or widespread internet disruptions — may affect service availability. For business-critical operations that depend on FlowApp Studio, we recommend maintaining contingency plans and regularly exporting backups of your flow configurations.

Using FlowApp Studio for commercial applications may expose you to regulatory requirements that vary significantly by jurisdiction and industry: • Data protection laws: Collecting personal data through your flows may subject you to obligations under GDPR, the Data Protection Act, or equivalent local laws. You are responsible for ensuring your flows comply with applicable data protection requirements. • Financial services regulation: Flows used to facilitate payments or financial services may be subject to licensing requirements. FlowApp Studio is a technology platform and does not provide financial services compliance guidance. • Telecommunications regulation: USSD and SMS-based services are regulated in most jurisdictions. Shortcode registration, content restrictions, and user consent requirements vary by country and operator. • Consumer protection: Interactive flows used for commerce or marketing may be subject to consumer protection rules regarding disclosures and fair dealing. You should consult qualified legal counsel to ensure your use of FlowApp Studio complies with all applicable laws and regulations in your operating jurisdiction.

By using FlowApp Studio, you acknowledge and accept the following: • You have read and understand the risks described in this disclosure • You accept that FlowApp Studio cannot guarantee uninterrupted service, data security, or the continued availability of third-party integrations • You agree that FlowApp Studio's liability is limited to the extent permitted by applicable law, as further described in our Terms of Service We are committed to minimizing these risks through investment in reliability, security, and compliance. However, we cannot eliminate them entirely. If any of these risks are unacceptable for your use case, you should evaluate whether FlowApp Studio is the right platform for your needs. For questions about this Risk Disclosure, please contact us at legal@flowappstudio.com. For security incidents, contact security@flowappstudio.com.