MOFFAT DIGITAL PTY LTD

MASTER TRADING TERMS & CONDITIONS

MASTER SERVICE & INFRASTRUCTURE AGREEMENT

Moffat Digital Pty Ltd — Managed IT Services, Security Architecture & Asset Management

ABN: 31 669 166 938 | Version 9.0 | Last Updated: June 2026


1. BINDING ASSENT & ACCEPTANCE BY CONDUCT

This Master Service & Infrastructure Agreement ("Agreement") forms a legally binding contract between Moffat Digital Pty Ltd (ABN: 31 669 166 938), hereinafter referred to as "the Company," and the entity engaging the Company's services, hereinafter referred to as "the Client." The Client explicitly acknowledges and agrees that execution of a physical or digital signature, digital approval of a proposal or quote via MYOB or any other digital engagement platform, or the processing of any service payments or deposit invoices constitutes immediate, absolute assent to these Master Terms. If a formal print agreement is not physically executed at service commencement, this web-published version applies automatically by conduct to govern the technology infrastructure environment.


1.1 Agreement Term & Automatic Renewal

This Agreement commences on the date the Client accepts a Company proposal or quote and continues for an initial fixed term of twelve (12) months ("Initial Term"). The Initial Term is a firm commitment — neither party may exit during this period except by mutual written agreement. Upon expiry of the Initial Term, this Agreement automatically renews for successive twelve (12) month periods ("Renewal Terms") unless either party provides formal written notice of termination no less than thirty (30) days prior to the end of the then-current Renewal Term.


The Client acknowledges that:

  • Full Lock-In During Initial Term: The Client cannot terminate this Agreement during the initial twelve (12) month term. Any attempt to exit during the Initial Term will result in all remaining monthly fees for the balance of the term becoming immediately due and payable, in addition to the exit fee outlined in Section 6.2.
  • Exit Only at Renewal After Initial Term: Following the Initial Term, termination is only effective at the end of the then-current twelve (12) month Renewal Term. Notice of termination received less than thirty (30) days before the anniversary date will be applied to the following Renewal Term.
  • Automatic Renewal: If no written notice is received by the Company at least thirty (30) days prior to the anniversary date, the Agreement automatically renews for a further twelve (12) month Renewal Term at the then-current pricing, and all terms and conditions continue to apply in full.
  • Pricing Notifications: The Company will provide a minimum of thirty (30) days written notice of any pricing changes prior to a Renewal Term. Continued use of services into the Renewal Term constitutes acceptance of revised pricing.
  • Mid-Term Exit After Initial Term: Where a Client seeks to exit during a Renewal Term outside of the renewal window, the exit fee outlined in Section 6.2 applies in addition to all outstanding invoices for the remainder of that Renewal Term, unless otherwise agreed in writing by the Company.


2. MANAGED IDENTITY & ROOT INFRASTRUCTURE ARCHITECTURE

  • 2.1 Tenant Isolation Framework: To ensure the absolute integrity, security, and immunity of managed software infrastructure from
    unauthorised third-party exploits, administrative bypasses, or corporate interference, all primary cloud identity networks (including Microsoft 365, Fastmail, and system directories) will be provisioned and anchored under a dedicated Microsoft cloud tenancy registered and managed exclusively by the Company.
    The underlying Microsoft 365 tenant will be initially provisioned with a system-generated .onmicrosoft.com subdomain (e.g., [randomstring].onmicrosoft.com). This subdomain is a permanent, non-transferable Microsoft-assigned identifier that cannot be renamed or deleted. It forms the root technical identity of the cloud environment and remains under the Company's administrative custody for the duration of the Agreement.


  • 2.2 Add-on / Connected Client Custom Domains: Public client vanity namespaces (e.g., clientdomain.com.au) will be onboarded to the managed cloud tenant as secondary custom domain add-ons, mapped for day-to-day corporate branding and email aliases. These custom domains are set as the primary user-facing domain, meaning end users and external parties interact exclusively with the client's own brand domain.
    Additionally, the Company provisions a dedicated subdomain under its proprietary anchor domain moffat.digital (e.g., clientname.moffat.digital) as the primary administrative namespace within the tenant. This subdomain is the exclusive property of the Company, is never transferred to the Client, and is decommissioned by the Company upon exit. It forms part of the Company's managed infrastructure identity and confirms the Company's administrative custody of the environment for the duration of the Agreement.


  • 2.3 Administrative Sovereignty: The master Global Administrator credentials, background partner links, and telemetry monitoring profiles are assigned strictly to the Company's proprietary management namespace. The Company maintains sole administrative custody over these primary credentials. Security notifications, billing updates, and system verification tokens route exclusively to the Company's private technical consoles for the duration of the active Agreement.

  • 2.4 Handover Administrator Account: Upon formal termination of services, satisfaction of all financial obligations, and completion of the structured exit process outlined in Section 6, the Company will provision a dedicated Global Administrator account within the client tenant for the exclusive use of the incoming provider.

This Handover Administrator Account is:

  • Unlicensed - no Microsoft 365 product license is assigned, keeping it cost-neutral;
  • Global Administrator - carries full tenant administrative rights to allow the incoming provider to establish their own accounts and configuration;
  • Temporary - the incoming provider is expected to create their own permanent administrator account, configure multi-factor authentication, and disable the Handover Administrator Account promptly after confirmed access;
  • Securely Delivered - crede ntials are transmitted exclusively via an encrypted or one-time-view secure link. The Company will not transmit credentials via unencrypted email or SMS.

The Company will remain available online during the initial handover window to assist the incoming provider in confirming access. The moment the incoming provider confirms successful login and establishes their own administrative access, the Company's responsibility ceases absolutely and permanently as outlined in Section 6.7.


3. INTELLECTUAL PROPERTY & INFRASTRUCTURE OWNERSHIP

  • 3.1 System Core Property The Client acknowledges that any root domain namespace registered directly under the Company's ABN, along with all associated directory architectures, tenant routing profiles, and system access layers built by the Company, represents the proprietary operational utility and intellectual property of the Company.


  • 3.2 Conditional Operational Licence
    The Client is granted a temporary, revocable operational licence to utilise the managed identity framework and access corporate data strictly for the duration of an active, un-breached Service Agreement. This licence automatically terminates immediately upon material breach, non-payment, or formal contract termination notice.


  • 3.3 Data Ownership
    The Client retains absolute ownership over their underlying raw corporate files, database entries, and email data. The Company claims no ownership over structural client information, subject to the financial security locks outlined in Section 5.


  • 3.4 Domain Name Custody & Transfer Conditions
    Where the Company has registered, transferred, or is managing one or more internet domain names on behalf of the Client (including but not limited to .com.au, .au, .com, .net.au, or any other top-level domain), the following conditions apply:
  • Registrant Custody: Domain names managed by the Company are held under the Company's registrar account as technical custodian for the duration of the active Agreement. This custody arrangement is a managed service function and does not constitute a claim of ownership over the Client's trading name or brand identity.
  • Client Beneficial Ownership: The Client retains beneficial ownership of any domain name registered for their trading name or business identity. The Company does not claim commercial ownership of the Client's brand domain.
  • Transfer Conditions: Domain name transfers, EPP/authorisation code releases, DNS delegation changes, or registrar transfers will not be initiated or approved by the Company until all outstanding invoices, off-boarding fees, and upstream vendor tail cost liabilities (as outlined in Section 4.3) are settled in full via cleared funds.
  • Transfer Blocking Rights: In the event of account default, payment dispute, or breach of this Agreement, the Company reserves the right to withhold approval of any domain transfer request. The Company will formally reject any transfer notification received during an active dispute or outstanding payment period.
  • DNS Continuity: The Company accepts no liability for email, website, or service disruption arising from a Client-initiated or third-party-initiated domain transfer that bypasses the structured exit protocol outlined in Section 6.


  • 3.5 .au Domain Transfer Protocol — Strict Policy
    Due to the absence of registrar-level transfer locks on .au and .com.au domain extensions under auDA policy, the Company enforces the following strict protocol for all .au domain transfers:
  • No Direct EPP Release: The Company will never transmit an EPP authorisation code or domain password directly to a Client, incoming IT provider, or any third party via email, SMS, or any unencrypted channel. Direct EPP transmission is prohibited under this Agreement regardless of circumstance.
  • Formal Gaining Registrar Request Required: All .au domain transfers must be initiated by the incoming provider through their own auDA-accredited registrar. The gaining registrar will submit a formal transfer request which, under auDA's mandatory transfer policy, triggers an official notification to the Company as registrant contact.
  • Registrant Notification & Approval: Upon receipt of the auDA transfer confirmation notification, the Company will review and approve the transfer only if all exit conditions have been met including full payment of outstanding invoices, off-boarding fees, and upstream vendor tail costs. This process creates a formal, auditable trail confirming the Company authorised the release — not that the incoming party held prior ownership.
  • Transfer Rejection Rights: If any financial obligations remain outstanding at the time a transfer notification is received, the Company will formally reject the transfer request within the auDA notification window. The incoming provider must resolve all outstanding matters before resubmitting.
  • Fraudulent Transfer Protection: The Client acknowledges that under auDA Licensing Rules, any fraudulent transfer of a .au domain licence may be cancelled by the registrar or auDA directly. The Company reserves the right to lodge a formal complaint with auDA and seek licence cancellation in the event of any unauthorised or misrepresented transfer attempt.
  • No Liability for Bypass Attempts: The Company accepts no responsibility for service disruption, data loss, or business impact resulting from the Client or incoming provider attempting to bypass this protocol. Any costs incurred by the Company in defending or reversing an unauthorised transfer will be charged to the Client.


4. SERVICE FEES, LICENSING, & PREPAID OPERATIONAL FLOAT

  • 4.1 Advance Billing Cycle: All baseline monthly service fees, endpoint seat configurations, and core software subscription licensing charges are invoiced and payable strictly fourteen (14) days in advance of the service month cycle.
  • 4.2 Prepaid Security Bond: Upon commencement of services, the Client must deposit an upfront, non-interest-bearing Security Bond equivalent to two (2) full months of the baseline recurring service fee. This bond is retained securely by the Company as a financial buffer to cover:
  • Upstream wholesale licensing liabilities payable to third party providers during the notice and wind-down period;
  • Upstream managed service platform and endpoint monitoring vendor tail costs, which typically continue to accrue for two (2) or more billing cycles following cancellation notice due to those vendors' own contractual terms;
  • Any outstanding cloud backup, security monitoring, or infrastructure decommissioning costs incurred post-termination.


The Security Bond is strictly non-refundable if the Client terminates services in breach of the required notice period. Where the bond does not fully cover all upstream tail liabilities and outstanding costs, the Client remains personally liable for the shortfall, which will be itemised on a final reconciliation invoice.


  • 4.3 Upstream Vendor Tail Cost Liability 
    The Client explicitly acknowledges that the Company operates managed service delivery through upstream third party platform providers including but not limited to endpoint management and monitoring platforms, remote management toolsets, wholesale cloud licensing distributors, and cybersecurity vendors. These upstream providers operate under their own independent contractual terms which may include:
  • Minimum notice periods of thirty (30) to ninety (90) days for service cancellation;
  • Continued billing for two (2) or more months following cancellation notice submission;
  • Non-refundable prepaid annual or quarterly licensing commitments.

The Client agrees that any upstream vendor tail costs incurred by the Company as a direct result of the Client's service termination are a legitimate, recoverable cost and will be passed through to the Client in full on the final off-boarding invoice. The Company will provide reasonable documentation of such costs upon request but is not obligated to disclose the identity or commercial terms of its upstream vendor relationships.


  • 4.4 Microsoft NCE Annual Subscription - No Refund Policy
    The Client explicitly acknowledges and accepts that Microsoft 365 licensing procured on the Client's behalf under Microsoft's New Commerce Experience (NCE) framework is subject to Microsoft's own binding cancellation and refund terms, which are as follows:
  • Within 72 hours of purchase or renewal: cancellation may be eligible for a full refund at Microsoft's discretion;
  • After 72 hours: the subscription is locked for the full annual term with no refund entitlement. The Client remains liable for the full annual subscription cost regardless of early termination of this Agreement.


The Company does not absorb, offset, or refund any portion of prepaid annual Microsoft 365 licensing costs upon early service termination. The Client is advised to factor this into any decision to exit services mid-term. The Company will provide the Client with the exact subscription renewal/expiry date upon request, and the Client is responsible for arranging replacement licensing with their incoming provider before expiry to avoid service disruption.


Auto-renewal: Upon receipt of a formal termination notice, the Company will disable auto-renewal on applicable Microsoft 365 subscriptions held under the Company's upstream wholesale licensing account to prevent further billing cycles being charged to the Company on the Client's behalf.


5. Payment Default, Suspension & Data Archival

  • 5.1 Payment Notification Protocol
    The Company will issue formal written payment notifications via email upon any invoice becoming overdue. The Client acknowledges that consistent, responsive communication is a condition of continued service. The following staged protocol applies:
  • Stage 1 - 1 Month Overdue: Formal written notice issued. Services remain active. Client is expected to respond within 7 days with payment or a written payment arrangement.
  • Stage 2 -2 Months Overdue: Second formal notice issued. Services remain active where the Client maintains active communication and a documented payment arrangement is in place.
  • Stage 3 - 3 Months Overdue or No Communication: The Company reserves the absolute right to suspend all services, block all user access, and archive all client data without further notice. No liability attaches to the Company for any business disruption, data unavailability, or consequential loss arising from this suspension.


  • 5.2 Data Archival & Access Suspension
    Upon suspension under Section 5.1 Stage 3, the following applies:
  • All client data held within the managed environment will be archived and held in trust by the Company pending full payment of all outstanding amounts;
  • Access to all Microsoft 365 services, email, OneDrive, SharePoint, and connected systems will be suspended immediately;
  • All active user sessions will be terminated and cached authentication tokens revoked;
  • Security monitoring and endpoint protection profiles may be deactivated to remove the Company's ongoing technical liability for an unsupported environment;
  • Archival administration time is billable at the Company's standard hourly rate and will be included on the final reconciliation invoice.


  • 5.3 Restoration of Access
    Full access to services and archived data will be restored upon receipt of cleared funds covering all outstanding invoices, archival administration charges, and any upstream vendor costs incurred during the suspension period. The Company is under no obligation to restore services on a partial payment basis.


  • 5.4 Protection Against Forced Takeover
    The Client explicitly acknowledges that the underlying cloud infrastructure is provisioned and managed under the Company's proprietary administrative framework. External registrars, incoming third-party IT vendors, or any party acting on the Client's behalf cannot bypass the Company to force a tenant release or execute an administrative takeover. The infrastructure will remain suspended until a formal release is authorised by the Company and all outstanding financial obligations are fully discharged.


6. Termination, Handover & Absolute Liability Waiver

  • 6.1 Standard Notice Period
    Either party may terminate this Agreement by providing a minimum of thirty (30) days formal written notice, aligned to a clean calendar month billing cycle.


  • 6.2 Exit Fees & Onboarding Deposit
    The following financial conditions apply to all terminations:
  • Client-Initiated Termination: An exit fee applies, quoted as a fixed amount between $300 and $600 AUD depending on environment complexity. The final quoted amount governs and must be paid in full before any handover work commences.
  • Company-Initiated Termination: No exit fee applies. The non-refundable onboarding deposit held by the Company is applied as compensation covering infrastructure decommissioning costs. No further payment is required from either party beyond settlement of any outstanding monthly invoices.
  • Onboarding Deposit: The onboarding deposit equivalent to two (2) months of the baseline MSP service fee is strictly non-refundable under all circumstances including Company-initiated termination. It covers infrastructure setup, provisioning, and onboarding labour costs incurred at commencement of services.


  • 6.3 Pre-Requisites for Handover
    The Company will not commence any handover, transition, or exit activity until the following conditions are met in full:
  • All outstanding invoices are paid in full via cleared funds;
  • The applicable exit fee (where Client-initiated) is paid in full via cleared funds;
  • All upstream vendor tail costs are either paid or formally acknowledged by the Client in writing;
  • The Client has designated a named incoming provider or representative to receive access.


  • 6.4 The Handover Protocol
    Upon satisfaction of all pre-requisites under Section 6.3, the Company will execute the following structured handover:
  • The Company will provision a dedicated Global Administrator account within the client's managed environment for the exclusive use of the incoming provider;
  • Credentials for this account will be transmitted via secure, encrypted one-time delivery to the designated incoming provider or Client representative;
  • The Company will remain available online during the initial handover window to assist the incoming provider in confirming access, adding their own administrator account, and configuring multi-factor authentication;
  • Once the incoming provider confirms successful login and establishment of their own administrative access, the Company's involvement and responsibility ceases immediately and permanently;
  • The Company will then remove its own administrative accounts and any partner access relationships from the environment.


  • 6.5 Incoming Provider Compatibility
    The handover protocol is compatible with any incoming IT provider regardless of Microsoft Partner status, CSP enrollment, or technical capability. No formal Microsoft-to-Microsoft tenant transfer is required. The incoming provider is solely responsible for establishing their own billing relationship, licensing, and configuration after handover. The Company provides no warranty, training, or ongoing support to the incoming provider beyond the initial handover window.


  • 6.6 Microsoft 365 Subscription Auto-Renewal
    Upon receipt of formal termination notice, the Company will disable auto-renewal on any Microsoft 365 subscriptions managed on the Client's behalf to prevent further billing cycles. The Client is solely responsible for arranging replacement licensing with their incoming provider prior to subscription expiry to avoid service disruption. The Company accepts no liability for service interruption arising from the Client's failure to arrange timely replacement licensing.


  • 6.7 Absolute Liability Waiver - Handover & Data
    The Client explicitly and irrevocably acknowledges and agrees that:
  • Immediate Cessation of Responsibility: The Company's operational responsibility, liability, and duty of care ceases absolutely and permanently at the exact moment the incoming provider or Client representative confirms successful access to the handover administrator account. This cessation is immediate, unconditional, and not subject to any grace period or retrospective claim.
  • No Retrospective Claims: The Client waives all rights to bring any claim, action, or demand against the Company for any matter arising from or connected to the managed environment after the confirmed handover moment, including but not limited to data loss, configuration errors, security incidents, service failures, or business disruption.
  • Data Condition Waiver: Where the Company provides archived or backed-up data as part of the exit process, such data is provided in good faith and to the best of the Company's ability. The Company makes no warranty as to the completeness, currency, format, or usability of archived data. The Client accepts full responsibility for verifying data integrity upon receipt and waives any claim arising from the condition or content of archived data.
  • Best Efforts Standard: The Company's obligation in respect of data archival and handover is limited to a best efforts standard. The Company is not liable for any gap between the Client's expectations of data completeness and the actual archived state of the environment at the time of suspension or termination.
  • Incoming Provider Liability: The incoming IT provider or Client assumes full, exclusive operational and civil liability for the environment immediately upon confirmed receipt of handover credentials. The Company is held entirely harmless from any action, claim, or liability arising from the incoming provider's management of the environment from that moment forward.
  • No Warranty of Continuity: The Company does not warrant that services, configurations, or integrations established during the managed period will continue to function correctly under the management of an incoming provider. Any remediation required is the sole responsibility of the incoming provider.


7. Amendments & Revisions

The Company reserves the right to review and update these Master Trading Terms to align with evolving cybersecurity threats, vendor specifications, and legal requirements. Continued use of the Company's infrastructure or payment of subsequent invoices after a terms update is published online constitutes binding acceptance of the revised framework. The Company will provide thirty (30) days written notice of any material changes to these terms.



Last Updated: June 2026 | Version 9.0 | Moffat Digital Pty Ltd | ABN: 31 669 166 938 | info@moffatdigital.au