B2C Mandate Agreement
Between the Operating Partner and the End User
Adhesion document incorporated by reference in the Terms and Conditions of Use of the Zabio Platform (www.zabio.com)
Version 2.0 – May 2026
This B2C Mandate Agreement (hereinafter, the "Agreement") is the generic contractual instrument through which the END USER confers upon the OPERATING PARTNER a mandate for the execution of operations involving digital assets or fiat resources. ZABIO S.A.S. intervenes as the successive mandatary of the OPERATING PARTNER for the backend execution of operations, under the terms of the B2B Master Mandate Agreement entered into between ZABIO S.A.S. and the OPERATING PARTNER.
This Agreement is deemed incorporated by reference in the Terms and Conditions of Use of the Zabio Platform. Its acceptance is materialized by adhesion at the time of the END USER's onboarding or first operation at the OPERATING PARTNER's counter or through enabled channels, by suitable mechanisms (handwritten signature, electronic signature, OTP, biometrics, verbal acceptance supported by the corresponding Mandate Certificate, or any other suitable mechanism). Consequently, it does not require the individual recording of the END USER's data in the body of this Agreement.
1. Identification of the Parties
THE MANDATARY (OPERATING PARTNER): any legal entity linked as an Operating Partner to the Zabio Platform, by virtue of the B2B Master Mandate Agreement entered into with ZABIO S.A.S., that operates in person through a counter or through electronic channels serving END USERS. The identity and contact information of the OPERATING PARTNER applicable to a specific operation are communicated to the END USER at the time of onboarding or operation, pursuant to the Mandate Certificate.
THE PRINCIPAL (END USER): any natural or legal person who onboards with the OPERATING PARTNER for the execution of operations involving digital assets and/or fiat resources. The END USER's identity is established by the information validated by the OPERATING PARTNER (with the support of ZABIO S.A.S. in its capacity as successive mandatary) during the Know Your Customer (KYC) and onboarding process. Consequently, it is not necessary to record such data in the body of this Agreement; the same are reflected in the OPERATING PARTNER's operational records and, when appropriate, in the Mandate Certificate issued in favor of the END USER.
INTERVENTION OF ZABIO S.A.S. The END USER's identity may be validated by the OPERATING PARTNER and/or by its successive mandataries, including ZABIO S.A.S. (Tax ID 901.818.731-6, with domicile at Carrera 15 # 95-35, Office 205, Bogotá D.C., Colombia, www.zabio.com), through in-person or remote mechanisms, including counter validation, technological, biometric, documentary tools, or any other suitable means. The END USER authorizes the consultation of restrictive lists and other verifications necessary for compliance with legal obligations and risk management.
The Parties agree that the mechanisms for identification, authentication, and validation of the END USER's intent shall be governed by the principle of technological neutrality, and any technically suitable means that reasonably accredits their identity and expression of intent may be used.
2. Recitals
FIRST. The END USER has an interest in instructing the OPERATING PARTNER to, on their behalf and by their order, execute operations involving digital assets and/or fiat resources, in accordance with the conditions, limits, and mechanisms defined in this Agreement.
SECOND. The OPERATING PARTNER has an operational, technological, and compliance structure that allows it to execute the mandate through enabled channels, authorized platforms, and previously defined operational protocols.
THIRD. For the execution of the mandate, the OPERATING PARTNER may rely on specialized third parties, technology providers, or successive mandataries, including ZABIO S.A.S. or its successor entity, without prejudice to the contractual responsibility assumed by the OPERATING PARTNER vis-à-vis the END USER.
FOURTH. The Parties acknowledge that operations with digital assets may involve technological, operational, regulatory, and market risks, and therefore the execution of the mandate shall be subject to the validation, blocking, suspension, deferral, termination, and risk management mechanisms provided for in this Agreement and applicable regulations.
3. Definitions
The definitions contained in the Terms and Conditions of Use of the Zabio Platform apply supplementarily to this Agreement. For clarity, the following are incorporated:
Digital Assets: virtual goods or crypto-assets that have economic value and may be subject to purchase, sale, tokenization, detokenization, exchange, transfer, or settlement operations through the Zabio Platform or through authorized third parties.
Mandate Certificate: a physical or electronic receipt delivered to the END USER as informational proof of acceptance of this Agreement and of the execution of a specific operation.
Economic Conditions of the Operation: specific terms applicable to a particular operation, including the amount, applicable rate or price, the Fiat Currency involved, the corresponding Digital Asset or Stablecoin, as well as commissions, fees, margins, and other economic variables disclosed and accepted at the time of the operation.
Compliance Event: any alert, inconsistency, match on restrictive lists, lack of information, authority requirement, or legal, reputational, operational, or regulatory risk situation that authorizes the MANDATARY to refrain from executing, or to suspend, block, or defer operations.
Valid Instruction: an express, clear, complete, and verifiable order issued by the END USER to the MANDATARY, through the enabled channels, containing the information necessary to execute the requested operation.
Mandate: the authority conferred by the END USER upon the OPERATING PARTNER, in its capacity as MANDATARY, to act on behalf of and by order of the former in the execution of operations involving Digital Assets or Fiat Currency resources.
Fiat Currency: legal tender currency issued by a monetary authority, including, among others, Colombian peso (COP) and United States dollar (USD).
Authorized Platforms: exchanges, wallets, operational accounts, technology providers, blockchain infrastructures, channels, and other mechanisms previously approved by the MANDATARY or its successive mandataries.
Operational Protocols: a set of technical, documentary, validation, security, compliance, and risk management procedures defined by the MANDATARY for the execution of the mandate.
Stablecoin: a type of Digital Asset whose value seeks to remain relatively stable by being referenced to a fiat currency or other underlying asset.
Counter: a physical point of service through which services are provided to the END USER.
4. Clauses
4.1. Purpose.
The END USER confers upon the MANDATARY, and the latter accepts, a mandate to execute on behalf of and by order of the END USER purchase, sale, conversion, tokenization, detokenization, delivery, receipt, transfer, and/or settlement operations of digital assets or fiat resources as expressly instructed, in writing or verbally, through the platform, by electronic means, or in person at the counter.
For the purposes of executing the instruction, ZABIO S.A.S. shall act as successive mandatary under the terms of the B2B Master Mandate Agreement entered into between ZABIO S.A.S. and the OPERATING PARTNER.
The MANDATARY shall execute the mandate within the limits of diligence, validation, control, and risk management that it can reasonably exercise in accordance with its internal policies, operational availability, and applicable regulations. It shall not be obligated to execute ambiguous, incomplete, inconsistent, unverifiable, or unlawful instructions.
4.2. Documentation and due diligence.
The END USER undertakes to deliver in a complete, truthful, sufficient, accurate, and timely manner all information and documentation required for the execution of this Agreement, including that necessary for KYC purposes, source of funds verification, due diligence, transaction monitoring, tax, accounting, and regulatory compliance. The correct execution of the mandate shall depend on the truthfulness, sufficiency, and timeliness of the information provided.
4.3. Obligations of the MANDATARY.
(a) Execute Valid Instructions in accordance with the agreed parameters; (b) use only Authorized Platforms and previously enabled mechanisms; (c) apply compliance, due diligence, KYC, risk management, and internal control procedures aligned with applicable regulations; (d) maintain documentary and operational traceability; (e) inform the END USER of any restriction, development, or contingency that materially impacts execution; and (f) reasonably safeguard and segregate the resources or assets under its control, in accordance with its Operational Protocols.
4.4. Obligations of the END USER.
(a) Issue only Valid Instructions; (b) provide truthful, sufficient, up-to-date, and timely information and documentation; (c) guarantee the legitimacy, ownership, and lawfulness of the resources and assets involved; (d) cooperate in handling regulatory, tax, compliance, or competent authority requirements; (e) refrain from using the Agreement, the platform, or operations for illicit purposes; (f) review and accept in advance the economic conditions applicable to each operation; and (g) be responsible for the consequences arising from falsity, inaccuracy, omission, or untimeliness in the information provided.
4.5. Representations and warranties of the END USER.
The END USER represents and warrants that (a) they act on their own behalf and have full legal capacity; (b) the resources and assets subject to operations are of legitimate origin and destination; (c) the information and supporting documents are truthful, complete, and up to date; (d) there are no legal restrictions, seizures, litigation, or claims affecting their authority to issue instructions; (e) they acknowledge that operations with digital assets may involve technological, operational, and market risks; and (f) they will promptly provide the required information and documentation.
4.6. Economic conditions, applicable rate, and charge authorization.
The END USER acknowledges and accepts that, prior to the execution of each operation, the MANDATARY shall inform them, by physical, electronic, supported verbal means, or through the enabled channels, of the essential economic conditions of the operation, including, when applicable, the amount delivered, the digital asset or fiat resource involved, the conversion rate or price, the equivalent to be received, the commissions, charges, costs, fees, margins, or economic differentials applicable, and any other relevant economic variable.
The END USER acknowledges that the rate or price disclosed may incorporate margins or economic differentials derived from the operational, technological, liquidity, processing, channeling, or conversion execution of the operation, according to the applicable flow. The END USER may accept the operation or withdraw from it before its execution.
Acceptance may be evidenced by physical or electronic receipts, slips, simplified forms, data messages, OTP, biometrics, system logs, counter validations, verbal acceptance supported by a Mandate Certificate, or any other suitable mechanism, which shall have full evidentiary validity under applicable regulations.
4.7. Liability and limitation of liability.
The MANDATARY shall be exclusively liable for the correct execution of Valid Instructions and for the diligence required of it in managing the resources, assets, and information under its control. It shall not be liable for losses arising from market fluctuations, digital asset volatility, exchange rate variations, third-party platform failures, blockchain network congestion, hacking, technological unavailability, force majeure, or circumstances beyond its reasonable control, provided it has acted in good faith and in accordance with its Operational Protocols. The limitation shall not apply in cases of breach of Valid Instructions, gross negligence, or willful misconduct by the MANDATARY. The MANDATARY's total cumulative liability to the END USER shall not exceed the amount actually charged by the MANDATARY for the specific operation giving rise to the claim, except in duly proven cases of willful misconduct or gross negligence. The foregoing does not limit the END USER's right to file complaints, requests, petitions, or claims for any amount, nor does it exclude applicable consumer protection mechanisms. Any limitation of liability shall be interpreted in accordance with applicable law and shall not apply in cases of willful misconduct, gross negligence, breach of Valid Instructions, violation of mandatory regulations, or infringement of the END USER's non-waivable rights.
4.8. Regulatory compliance.
When the operation involves jurisdictions included on risk lists, countries subject to increased FATF monitoring, sanctioned jurisdictions, non-cooperative jurisdictions, or counterparties with elevated risk factors, the MANDATARY, Zabio S.A.S., or authorized third parties may apply proportional measures of validation, monitoring, document requests, preventive retention, deferral, rejection, or escalation to the Compliance Officer. The inclusion of a jurisdiction on the FATF grey list does not necessarily imply automatic rejection of the operation but may trigger additional controls in accordance with the risk-based approach and applicable internal policies.
4.9. Service blocking and suspension.
The MANDATARY may reject, suspend, block, or defer the execution of operations when: (a) there are inconsistencies in the information; (b) documents are not updated promptly; (c) improper or unauthorized use is detected; (d) there is a breach of the Agreement; (e) there are requirements from competent authorities; (f) compliance alerts, restrictive lists, or reputational or regulatory risks arise; or (g) the operation does not comply with its internal policies, Operational Protocols, or due diligence requirements.
4.10. Confidentiality and personal data.
The Parties shall maintain the confidentiality of non-public information known in connection with this Agreement. The END USER authorizes the MANDATARY to collect, use, store, circulate, transmit, and, when necessary for the execution of the mandate, share with partner third parties, operational mandataries, or competent authorities their personal, financial, transactional, and biometric information, in accordance with the Personal Data Processing Policy of the MANDATARY and ZABIO S.A.S., available through their enabled channels.
4.11. Indemnification.
The END USER shall hold the MANDATARY harmless against claims, losses, penalties, fines, costs, expenses, and contingencies arising from the falsity, inaccuracy, insufficiency, or untimeliness of the information provided; the unlawfulness or lack of legitimacy of the resources or assets involved; the improper use of the Agreement or the services; and the breach of applicable legal or regulatory obligations. In turn, the MANDATARY shall hold the END USER harmless against direct damages arising from gross negligence, willful misconduct, or breach of Valid Instructions, within the limits provided for in the Agreement.
4.12. Term and termination.
This Agreement shall have an indefinite term from its acceptance by adhesion by the END USER. Either Party may terminate it by written notice with at least thirty (30) calendar days' advance notice. The MANDATARY may terminate it immediately due to material breach by the END USER, provision of false information, appearance on restrictive lists, regulatory requirements, competent authority decisions, supervening compliance risks, or improper use of the service.
4.13. Penalty clause and executory title.
In the event of breach of essential obligations, the compliant Party may demand from the breaching Party a penalty clause equivalent to the amount actually charged by the MANDATARY in the operation giving rise to the breach. The Parties acknowledge that this Agreement constitutes an executory title pursuant to the General Code of Procedure.
4.14. Applicable law and dispute resolution.
This Agreement shall be governed by the laws of the Republic of Colombia. The Parties shall endeavor to resolve disputes through direct settlement within fifteen (15) calendar days following written notification of the conflict. In the absence of agreement, the dispute shall be submitted to the competent ordinary jurisdiction in the city of Bogotá D.C., without prejudice to financial consumer rights and special consumer protection mechanisms provided for in Colombian regulations.
4.15. Notifications.
Notifications, requests, or communications shall be made in writing and sent to the email addresses provided by each Party. The END USER may contact the MANDATARY through the operational channels provided at the time of onboarding. The contact channels of ZABIO S.A.S. (successive mandatary) are: email info@zabio.com; physical address Carrera 15 # 95-35, Office 205, Bogotá D.C.; website www.zabio.com.
5. Acceptance
Acceptance of this Agreement is made by adhesion, at the time of the END USER's onboarding or first operation at the OPERATING PARTNER's counter or through its enabled electronic channels. Acceptance may be manifested by handwritten signature, electronic signature, OTP, biometrics, checkbox, data message, verbal validation at the counter supported by the corresponding Mandate Certificate, or any other suitable mechanism pursuant to applicable regulations, which shall have full evidentiary and binding validity.
The evidence of acceptance must reasonably identify: (i) the date and time of acceptance; (ii) the channel used; (iii) the version of the Terms and Conditions, of this Agreement, and, when applicable, of the Mandate Certificate accepted or made available; (iv) the authentication or expression of intent mechanism used; and (v) the essential economic conditions disclosed before the execution of the operation.
Upon onboarding or the corresponding operation, the MANDATARY may deliver to the END USER a Mandate Certificate, in physical or electronic form, as informational proof and quick reference. This certificate may include the reference to the operation and the indication of the channels through which the END USER may consult the full content of this Agreement and other applicable documents.
This Agreement is published in full on the Zabio Platform (www.zabio.com) and is delivered to the END USER in physical or electronic format when requested or when the operation warrants it.
