EXHIBIT 4.09

CERTAIN INFORMATION IN THIS EXHIBIT, MARKED BY [****], HAS BEEN EXCLUDED. SUCH EXCLUDED INFORMATION IS NOT MATERIAL AND IS THE TYPE THAT THE REGISTRANT TREATS AS PRIVATE OR CONFIDENTIAL.

CERTAIN PERSONAL INFORMATION IN THIS EXHIBIT, MARKED BY [XXXXX] HAS BEEN EXCLUDED.

OFFER 

CONTRACT FOR SMS A2P SERVICES (INFOTIM) 

I.  ZENVIA MOBILE SERVIÇOS DIGITAIS S.A., headquartered at Avenida Paulista, No. 2.300, 18th floor, Bela Vista, in the City of São Paulo, State of São Paulo, enrolled with the CNPJ/MF under No. 14.096.190/0001-05, hereby represented in the form of its acts of incorporation, hereinafter referred to as "INFOTIM CLIENT"; and 

II. TIM S.A., headquartered at Avenida João Cabral de Mello Neto, nº 850, bloco 01, sala 501 a 1208, Barra da Tijuca, in the City of Rio de Janeiro, State of Rio de Janeiro, enrolled with the CNPJ/MF under nº 02.421.421/0001-11, herein represented by its articles of incorporation, hereinafter referred to as "TIM". 

INFOTIM CLIENT and TIM jointly referred to as the "Parties" and individually referred to as "Party". 

WHEREAS: 

(i) TIM is a Personal Mobile Service (SMP) provider that owns network technology and specific systems for sending and receiving Short Text Messages ("SMS"); 

(ii) INFOTIM CLIENT is interested in providing services to its respective Direct Clients, making content available by sending SMS, using TIM's communication service platform for such purpose. 

(iii) A2P SMS is a form of communication where the SMS is sent or terminated from an application, and not between cell phones; as is the case of P2P SMS.

NOW, THEREFORE, BE IT RESOLVED by the Parties to enter into this Infotim Services Agreement ("Agreement"), which shall be governed by the following clauses: 

CLAUSE ONE: DEFINITIONS 

1.1 As used in this Agreement, the following terms shall have the meanings set out below. All other capitalized terms not defined herein shall have the meanings given in the body of this Agreement: 

(a) Application: is the system owned by the INFOTIM CLIENT, described in Annex I (INFOTIM Service Request Form) of this Agreement, which shall be connected to TIM's communication network for the execution of this Agreement; 

b) Area of Provision: is the geographical area in which TIM has authorization for operation of the Personal Mobile Service - SMP; 

c) SMP TIM client(s): individuals and/or companies using TIM's Personal Mobile Service (SMP) and that have Mobile Stations able to send and/or receive SMS; 

d) INFOTIM Client(s): Legal entity which hires TIM's services, subject matter of this Agreement, according to the information contained in the INFOTIM Service Request Form - Annex I. 

1

e) Direct Customer(s): Legal entity that hires the services of INFOTIM CLIENT, as provided in this Contract and in accordance with the information contained in the model of INFOTIM Service Request Form - Attachment I; 

f) Mobile Station: cell phone already enabled; 

g) Confidential Information: (i) information concerning the business of each Party, including, but not limited to, product plans of each Party, list and number of customers, access codes and other customer information, business model and values signed in this Agreement and in any additional terms, designs, staffing, research, development or technical knowledge, product performance indicators; (ii) any information identified by either Party as "confidential"; 

h) Large Account: number made available by TIM to the INFOTIM CLIENT, by means of which the sender and/or receiver of the SMS may identify the INFOTIM CLIENT. This same number will also allow TIM to identify the INFOTIM CLIENT; 

i) Dedicated Link: is a private link between two different points that allows the transmission of data between TIM and the INFOTIM client's datacenter; 

j) Short Text Messages or SMS: are text messages of up to 160 (one hundred and sixty) characters, transported via network communication services, which originate from or are destined to a specific Mobile Station; 

k) P2P SMS Messages: SMS messages sent from one Mobile Station to another; 

l) A2P SMS Messages: SMS messages sent from an application to a Mobile Station and vice-versa 

to a Mobile Station and vice-versa; 

m) Binary SMS Messages - messages that allow sending various types of content, such as ringtones download, phone system settings and WAP-Push via text messages; 

n) SMS Marketing Messages: Short Text Message Service or SMS for the promotion, invitation, encouragement to purchase or commercial transaction of any product or service, such as, but not limited to: (i) the act of stimulating the purchase/use of a product/service of the INFOTIM CLIENT and/or Direct Customer; (ii) Short Text Messages or SMS that have an advertising, promotional or propaganda connotation, and must contain prior and express request and authorization of the SMP TIM Customer(s) with express and formal authorization (OPT-IN); and (iv) Short Text Messages or SMS that are not characterized as merely informative messages of a service provision contracted by the Direct Customer.

o) Fraudulent SMS Messages: sending of SMS not requested or authorized by the user or that may contain information or links that may somehow harm the user, whether they are Span, Spoofing, Phishing, Smishing or any other category of Pernicious SMS that may be developed; 

p) User: individual and/or legal entity user of TIM's Personal Mobile Service (SMP), which has a direct commercial relationship with the INFOTIM CUSTOMER and/or with the Direct Client; 

q) VPN (VirtualPrivate Network): is the virtual tunnel built through the Internet Network, connecting the GPRS 

Data Network to the INFOTIM CLIENT's "Datacenter"; 

2

CLAUSE TWO: OBJECT 

2.1 The object of this Agreement is the provision of services by TIM ("Services") to the INFOTIM CLIENT, consisting of 

a) Sending and receiving SMS A2P solely and exclusively for the purposes defined in item 2.2 of the Agreement, between INFOTIM CLIENT, Direct Customers and Users; 

b) Sending and receiving A2P SMS, made to national and/or international companies within and/or outside the national territory, subject to the conditions set forth herein 

c) InfoTIM Technical Management, through (i) availability, maintenance and evolution of its SMP network structure and TIM's communication systems, to which the INFOTIM CLIENT should connect its Application, according to information contained in the INFOTIM Service Request Form, described in Annex I of the Contract, (ii) technical support provided to INFOTIM CLIENT, available 24 hours a day and 7 days a week, (iii) maintenance of the entire infrastructure of equipment and software (iv) maintenance of firewalls and security devices, to assist in the detection and blocking of unwanted messages, and protection of connections between TIM and the INFOTIM CLIENT, (v) programming and maintenance of the technical parameters of message flow (TPS -transactions per second), according to the volume expected by the INFOTIM CLIENT, (vi) programming and maintenance of the technical parameters of SMS resending. 

2.1.1 The provision of InfoTIM's Technical Management service mentioned in clause 2.1, item (b), above, will be performed at TIM's technical facilities. 

2.2 The Text Messages to be sent have the sole and exclusive purpose of sending SMS that are characterized as "A2P SMS", and may contain the following types of information 

a) information of a financial nature (balances, statements, alerts of use of debit and credit cards, investment positions or any other transactions concerning the commercial relationship between Users and the financial institution providing the information); 

b) information of various contents, applicable to the communication of Direct Customer to its employees, partners, suppliers, among others; 

c) monitoring information, applicable to the transportation sector, in the control of vehicle location; 

d) telemetry information, applicable to the control and use of alarms in industries and public services;

e) access information and personal data, for public utility services, among others; 

f) stock information, order control, sales controls, among others, applicable to the automation of the sales force; 

g) information concerning the business relationship between the User and the INFOTIM CUSTOMER or the Direct Client, information provider; 

h) information for authentication or maintenance of applications; 

i) information containing SMS Marketing Messages. 

3

2.2.1 Any other purposes other than those mentioned above are strictly prohibited. 

2.3 Depending on the INFOTIM CLIENT's Application, SMS may be sent from the INFOTIM CLIENT to its Direct Customers and from the Direct Customers to the INFOTIM CLIENT ("two way"), or only from the INFOTIM CLIENT to its Direct Customers or from the Direct Customers to the INFOTIM CLIENT ("one way"). SMS may also be sent from the INFOTIM CUSTOMER on behalf of its Direct Customers. 

2.4 In order for SMS to be sent in any of the hypotheses of item 2.2, they will follow the standards established by TIM, as described in the Attachments. 

2.5 The following attachments ("Attachments") are part of this Agreement for all legal purposes: 

Annex I - INFOTIM Service Request Form. 

Annex II - INFOTIM Operations Manual 

Annex III - INFOTIM Commercial Table 

CLAUSE THREE: VALIDITY 

3.1 This Agreement shall be in force until May 31, 2023, and may be automatically renewed for a period of 12 (twelve) months, provided that there is no manifestation to the contrary by either party, in writing, up to 30 (thirty) days in advance of the date set for the end of the term. 

CLAUSE FOUR: TIM'S OBLIGATIONS 

4.1 The obligations of TIM are 

4.1.1 Make available its communication network, solely and exclusively to enable the sending of SMS between the INFOTIM CLIENT, its Direct Customers and the Users and/or vice versa, when the Application "for two way" for the purposes of execution of the object of this Agreement. 

4.1.2 Provide its communication network so that the INFOTIM CLIENT can connect the Application through Dedicated Link or VPN, which option will be of the INFOTIM CLIENT, who will bear the development, installation, cost and management of the necessary means for connecting its network structure or server to TIM's network, as well as configuration of its equipment. 

4.1.3 Install firewalls and security devices on its network to detect and block possible A2P SMS messages that are not in accordance with section 2.2 of this Agreement or that may be categorized as Fraudulent SMS messages or SMS messages that are not the subject of this Agreement. 

4.1.4 Provide INFOTIM CLIENT with technical support 24 (twenty-four) hours a day, seven days a week. The technical service may be activated by the INFOTIM CLIENT via telephone or e-mail, according to the data indicated below and specifications in Annex I.

Technical Support Center [*****]

Telephone number: [*****]

e-mail: [*****]

4

TIM will not be responsible for the non-receipt of Text Messages due to the occurrence of any fact or situation which prevents such activity, such as, but not limited to: blocking of the mobile service, inactive condition, suspension at the request of the SMP TIM Client (not originating or receiving calls), recipient with mobile equipment turned off or recipient outside TIM's coverage area or any other technical impossibility. 

4.2.1 The eventual non-receipt of SMS by the SMP TIM's Clients or the Direct Client, for any reason which is not attributed to the proven failure of TIM's communication network, shall not imply to TIM any responsibility resulting from activities not carried out or not performed due to the non-receipt of the Text Message, as well as it shall not release the Client from the obligation to pay the minimum contracted fee, under the terms of clause six of this Agreement. 

4.3 The Service under this Agreement may be temporarily interrupted in the following situations:

a) scheduled stops for preventive or corrective maintenance, when the INFOTIM CLIENT will be notified at least forty-eight (48) hours in advance by electronic mail; 

b) emergency (unscheduled) maintenance or repairs of the system, telecommunications network and/or electrical network; and 

c) acts of God and events of force majeure, as provided in article 393 of the Civil Code, which prevent the fulfillment of the obligations set forth in this Agreement, including, but not limited to, theft of physical parts of the network, employee strikes, strikes of third parties hired for network maintenance, fire and events of nature. 

4.4 TIM is not responsible for the content, origin or nature of the SMS sent, nor for the use of the same, being such responsibility the exclusive of the INFOTIM CLIENT and the Direct Customers. 

4.5 TIM will not transfer any registration information of the Users, being the INFOTIM CLIENT's sole responsibility to obtain the registration of its Users, as well as the acceptance to receive the SMS subject matter of this Agreement and later transfer of such information in case of judicial determination or in case of request from any public administrative or normative body, under the terms of the law. 

4.6 The INFOTIM CLIENT hereby acknowledges and accepts that there is no guarantee of the effective receipt of SMS to the recipient, nor the deadline for its sending, under the terms of clause 4.2.

4.7 TIM will act and respond before the INFOTIM CLIENT for the full compliance of all obligations, warranties, penalties, responsibilities set forth in this Agreement. 

CLAUSE FIVE: INFOTIM CLIENT'S OBLIGATIONS 

5.1 The obligations of the INFOTIM CLIENT, without prejudice to the other obligations set forth in this Agreement, are 

5.1.1 Obtain from the SMP TIM Customers and Users, prior and express authorization (OPT-IN) for sending and receiving Text Messages, object of this Agreement, obliging to keep a copy of the authorization of the SMP TIM Customers and Users, recipients of the SMS, fully exempting TIM from any liability, whether joint or subsidiary, regarding the absence of authorization or fraud of any nature.

5.1.1.1 The INFOTIM CLIENT agrees not to use the Services, the subject of this Agreement, to send fraudulent SMS or SMS that are not characterized as "A2P SMS". In this sense, SMS may only be sent to recipients who have granted prior authorization, being the INFOTIM CLIENT responsible with them, TIM and third parties, for any reason and at any time, even after the end of the validity of this Agreement, for not requesting the express authorization. 

5.1.1.2 The copies of the previous authorizations, filed by the INFOTIM CLIENT, in the terms of item 5.1.1 above, shall be stored by the INFOTIM CLIENT for a period of 5 (five) years, as well as made available to TIM, if requested by TIM, in the maximum period of 05 (five) working days from TIM's request. 

5

5.1.1.3 The INFOTIM CLIENT will be responsible for offering a solution to the recipient so that he/she may formally manifest, at any time and without any impediment, his/her intention to no longer receive the SMS, it being established that the sending of SMS to the recipient after the latter notifies that he/she no longer wishes to receive the SMS configures a breach of the obligations set forth in this Agreement, and may, further, at TIM's discretion, and upon prior notice within a reasonable period of time, result in the unilateral termination of this Agreement. 

5.1.1.4 In the event TIM is sued in court, in the administrative forum of the consumer protection agency or by the National Telecommunications Agency - ANATEL, for sending SMS within the scope of this Agreement to SMP TIM Customers or Users who have not previously and expressly authorized its receipt, the INFOTIM CLIENT will exempt TIM from any liability, including pecuniary, assuming all expenses and costs related to TIM's defense and payment of fines, being possible to reimburse TIM if it incurs in any disbursement. 

5.1.2 Pay the due remuneration to TIM, in the manner and timeframe set forth in clauses six and seven of this Agreement. 

5.1.3 Not to send Text Messages to SMP TIM clients from other telecom providers, with the exception of sending messages with merely informative content under the terms of Resolution 632/2014, which approved the General Consumer Regulation; 

5.1.4 Define and care for the content of SMS to be sent, being solely responsible for the accuracy, correctness and veracity of the information sent, as well as for the consequences resulting therefrom, including before third parties. 

5.1.5 Forbid messages and contents that: 

(a) Are false or give rise to doubtful interpretations, or offer Content that are not those that the User and/or Direct Client will contract, trying in any way to ensnare him/her; 

b) Invade the privacy of third parties or harm them in any way; 

c) Promote in any way racism against minority groups, or any other form of religious 

c) Promotes racism in any form against minority groups, or any other form of religious, political fanaticism or discrimination against groups of people or ethnicities 

d) Are obscene, such as pedophilia and other crimes of a sexual nature; 

e) Violate the rights of third parties, including, but not limited to copyright, and/or the creation and sending of unauthorized messages 

f) Mention any type of advertisement of telecommunications service providers, which does not exclude the possibility of sending messages with merely informative content under the terms of Resolution 632/2014, which approved the General Consumer Regulation; 

g) Advocate or make apology for drugs and drug trafficking, narcotics, cigarettes, alcoholic beverages or illegal gambling; 

h) Offend the law, morals or business ethics; 

6

i) Are in any way prohibited or not recommendable to a certain age group, except if disclosed in an information channel in which there is a differentiated disclosure; 

j) Offer illegal and/or pirated Contents, infringing copyrights and property rights of third parties; 

k) Are considered fraudulent SMS; 

l) Contains political and/or electoral themes in disagreement with the normative instructions issued by the Brazilian competent bodies; 

m) Are in disagreement with the applicable laws and regulations, even if supervening to the signature of this Contract. 

5.1.6 Hold TIM fully liable for the content of the SMS texts delivered, typed and/or created by itself or third parties, being liable for its content in or out of court, whereby TIM is released from any liability, either jointly or severally, for any and all claims, complaints, representations and legal actions of any nature, related to the Services, including claims from Users or Customers of the SMP TIM, in the event of disclosure of its confidential information. 

5.1.7 Taking responsibility for the faithful compliance of the laws, and, especially, for not sending defamatory, slanderous, fraudulent messages, which contain false information, or that constitute the violation of any applicable legal provisions. 

5.1.8 Keep TIM informed and safe from any claim regarding the content of the SMS sent, including defending TIM, whenever requested by it, administratively or judicially, in any instance or court, in the event TIM is sued by any of the Users or Clients of the SMP TIM due to an SMS sent on the instruction of the INFOTIM CLIENT. 

5.1.9 Reimburse all the amounts resulting from convictions, losses or damages that fall upon TIM, which have immediate or immediate cause, the non-compliance of the INFOTIM CLIENT's obligations under this Agreement, including, but not limited to, indirect damages, loss of profits or commercial failures, as well as losses claimed by third parties or SMP TIM Clients. 

5.1.10 Take responsibility for hiring the necessary means to connect the application to TIM's communication network. 

5.1.11 Provide in writing the information and clarifications related to the performance of the contractual object that may be requested by TIM within 7 (seven) working days, except in cases in which TIM needs the referred information and clarifications in a shorter period. 

5.1.12 Sign with the name of the Direct Client or INFOTIM CLIENT the SMS sent with the sender's identification. 

5.1.13 Keep Users informed about the conditions of use and prices of the service that constitute the subject of this Contract. 

5.1.14 Inform TIM, in advance, according to the flow established in Annex II (INFOTIM Operations Manual) of this Agreement, of any interruption and/or failure in the system, which makes the Service unavailable, even momentarily, the system being understood as the entire structure for the provision of the service, and should also indicate, in this act, the name of the person responsible for any clarifications arising from any unavailability. 

5.1.15 Be responsible for warning Users and Direct Customers about the unavailability of its system. 

5.1.16 Take full responsibility for the security necessary to prevent interference of SMS on its systems, knowing that it is its responsibility to take all precautions to prevent any fraud, misuse or damage resulting from the misuse of SMS or their contents by Users, Direct Customers and third parties. 

7

5.1.17 Be responsible for the items of the solution under its responsibility, including all hardware resources (firewall, switch, router, server, etc.), software (INFOTIM connection application), and network services required for the full operation of the solution (DNS, DHCP, VPN, etc.) 

5.1.18 Any agreements of restriction and limitation of liability that the INFOTIM CLIENT has with its Direct Customers shall not limit the INFOTIM CLIENT's liability before TIM for the fulfillment of the obligations undertaken, including for acts and actions of its Direct Customers. 

5.2 The INFOTIM CLIENT declares to be aware of and agree with the information, requirements and obligations contained in the INFOTIM Operations Manual - Annex II of this instrument. 

5.3 The INFOTIM CLIENT is forbidden to use the TIM brand, without previous authorization from TIM, in any case, under penalty of compensation for the undue use of the brand and immediate termination of this Agreement by TIM. 

5.4 The INFOTIM CLIENT will act and respond before TIM for the full compliance of all obligations, guarantees, penalties, liabilities and, in general, any other obligations arising from this Agreement. 

5.5 The INFOTIM CLIENT is prohibited from using alternative routes for sending A2P SMS (InfoTIM), other than those specifically contracted in this Agreement. These authorized routes are identified by the use of Large Accounts. In case it is evidenced that A2P SMS are sent via unauthorized routes (long numbers or "chippers"), this Agreement may be cancelled unilaterally and immediately by TIM, and INFOTIM's CLIENT will incur the penalties described in clauses 11.1.1 and 5.1.9. 

5.6 It is the INFOTIM CLIENT's responsibility to manage the sending of SMS of its own and its Direct Clients and Users, in order to avoid the occurrence of any kind of fraud or misuse of SMS. 

5.7 The INFOTIM CLIENT must, whenever requested by TIM, prove within five (5) business days the proper management of the sending of SMS of its own and its Direct Customers, proving the non-performance of frauds or misuse of SMS. 

CLAUSE SIX: PRICE 

6.1 For each SMS sent by the INFOTIM CLIENT, we will charge two price components: 

(a) The amount relating to the sending and receipt of the SMS; 

b) The amount for the InfoTIM's Technical Management. 

6.1.1 The sum of the two components above constitutes the total amount defined in Annex III of the Contract, and such amount is published on TIM's website (link); 

6.1.2 The minimum franchise defined for the INFOTIM client must be paid to TIM, regardless of the use of the total number of SMS contracted. 

6.2 TIM reserves the right to set a limit on the volume of excess messages in case of technical impacts caused to its systems. In case of application of such limit, TIM will formally inform the INFOTIM CLIENT, upon notification, 30 (thirty) days in advance. 

6.3 Only SMS delivered to Direct Customers and Users will be computed to account for the consumption of the Minimum Franchise contracted by the INFOTIM CLIENT. For billing purposes, the franchise contracted by the INFOTIM CLIENT will be considered.

8

6.4 Taxes that may be applicable are already included in the amounts listed in Annex III. 

6.5 The amounts charged for the Services provided by TIM will be adjusted annually, according to the variation  of the IGP-DI in the period or any other index that may replace it. 

CLAUSE SEVEN: FORM OF PAYMENT 

7.1 TIM will send the INFOTIM CLIENT, unified or separately, the monthly invoice/invoice for the services rendered (SMS Sending and Technical Management) to the address indicated in the preamble of this Agreement. The payments will be made within 30 (thirty) days from the issue of the respective invoice/invoice. 

The payments will be made, as indicated by TIM, within 30 (thirty) days from the issuance of the invoice, through the payment slip sent with the invoice and/or credit in the checking account informed below: 

TIM SA: CNPJ - 02.421.421/0001-11 

Bank ITAÚ [****]

Agency No [****] 

Checking Account: [****]

7.1.1 The first charge of the minimum monthly fee specified in clause 7.1 above will be pro-rated, according to the billing start date, which will occur after the period of Service testing. 

7.1.2 TIM may issue collection slips in the amount payable net, with the banking entity chosen by TIM, after the invoice is issued. 

7.2 Any late payment will be subject to a fine of 2% (two percent), monetary adjustment calculated according to the variation of the IGP-DI of the Getúlio Vargas Foundation and default interest of 1% (one percent) per month on the total updated debt.

7.2.1 In this case, the charges will be posted on the immediately following invoice. 

7.3 In the event that TIM presents an invoice in disagreement with the number of SMS that the INFOTIM

claims to have used, the INFOTIM CLIENT shall open an invoice dispute with TIM's Customer Relations Center (CRC). 

7.3.1 The INFOTIM CLIENT shall inform the volume of SMS that he/she considers correct, and attach to the contest, a detailed internal report of the volume found, which justifies the bill contest. Upon receipt of the documentation sent by the INFOTIM CUSTOMER, TIM will generate a report with the details of the SMS delivered, to support its opinion on the dispute. 

9

CLAUSE EIGHT: RESTRICTIONS 

8.1 Notwithstanding the provision contained in item 5.1.4 of this Agreement, the INFOTIM CLIENT is prohibited from sending messages that are not in accordance with the provisions of this Agreement, including the list of examples in item 5.1.5, as well as any message or content that violates the current legislation, which is untrue, fraudulent, defamatory or slanderous, that violates any third party rights, or that generates any type of civil or criminal offense. 

8.2 The services set forth in this contract do not include the modalities of binary SMS or WAP Push, which may be offered by TIM to the INFOTIM CLIENT, at its own discretion, as long as a specific contract or additive is signed for this purpose, stating the terms and conditions of the services commercial, technical and operational conditions applicable. It is forbidden to CLIENT INFOTIM to send binary SMS or WAP Push without the observance of the conditions set forth in this Clause.

8.3 It is forbidden to CLIENT INFOTIM to send SMS Marketing Messages when there is no prior formal authorization from the User, through OPT-IN.

8.4 It is prohibited to the INFOTIM CLIENT to resell telecommunications services or operation similar to those described in item 8.3 above, to third parties, for any reason or purpose, under the terms of applicable laws and regulations. 

8.5 The INFOTIM CLIENT will be fully liable for the payment of losses and damages, including attorney's fees, procedural costs and expenses, as well as any other expenses resulting from judicial and/or extrajudicial claim proposed by third parties due to the resale or similar operation by the INFOTIM CLIENT mentioned in item 8.4 above, it being further established that, in the event TIM is a party to any claim filed on behalf of the INFOTIM CLIENT, the INFOTIM CLIENT shall make all reasonable efforts to replace TIM in the lawsuit. 

8.6 CLIENT INFOTIM agrees to respect the national and international legislation with regard to the Protection of Users' Information, including the provisions of Law 12,965/2014 (Marco Civil Law). 

CLAUSE NINE: CONFIDENTIALITY 

9.1 The Parties, their employees and their subcontractors shall not disclose any document or Information to which they have access in relation to the subject matter of this Agreement. The disclosure and/or reproduction, whether total or partial, of any Information, related to this Agreement or any detail of its evolution, shall be made only with the prior written consent of the other Party, always respecting the legal limits, the best practices and regulatory documents of the SUPPLIER PARTY regarding security and privacy. 

9.2 Each Party (hereinafter, the "Receiving Party") shall keep all the information provided by the other Party (hereinafter, the "Supplying Party") in the strictest confidence and may not disclose it to third parties without the Supplying Party's prior written consent. The Information may not be used by the Receiving Party for any purpose other than the performance of this Agreement. The foregoing obligations shall not apply to any Information that:

10

(i) is already in the public domain at the time it was disclosed; 

(ii) becomes public domain after its disclosure, without the disclosure being made in violation of this Agreement; 

(iii) is lawfully disclosed to either Party, its Affiliates or its Representatives by a third party which, to the best of the receiving Party's, its Affiliates' or Representatives' knowledge, is not in breach of any obligation of confidentiality in respect of the information provided 

(iv) is required to be disclosed by the Receiving Party pursuant to an order issued by an administrative or judicial body having jurisdiction over that Party only to the extent of such order; or

(v) is independently obtained or developed by either Party without any breach of its obligations under this Agreement, except when such information is developed on the basis of Confidential Information.

9.3 The Party receiving Confidential Information shall communicate to the SUPPLIER Party, as soon as it is aware of it, any request for such information by any competent public authorities or by means of any legal proceedings, so that the SUPPLIER Party is able to take the legal measures it deems appropriate. 

9.4 The Parties are aware that each of them is part of an organization of various legal entities in various jurisdictions ("Affiliated" companies), and that it may be necessary or appropriate to provide Information to Affiliated companies. For this reason, each Party (both the Providing Party and the Receiving Party under this Agreement) agrees that: 

(i) The Receiving Party may provide Information to an Associated Company, but only on the latter's need to know such information in order to carry out the purposes provided for in this Agreement, respecting the legal guidelines in force and within the limits of the consent provided by the data subject; and 

(ii) Each Party shall ensure compliance and appropriate confidentiality by its Associated Companies with the terms and conditions of this Section. 

9.5 Each Party shall limit access to Information to its employees, representatives, contractors or consultants to whom such access is reasonably necessary or appropriate for the proper performance of this Agreement and shall only use such Information for the proper performance of this Agreement. 

9.6 The duty of Confidentiality covers the Information received by the Parties, orally or in writing, through various communication procedures, such as telephone and digital media, of whose secrecy a Party has been alerted by the other, by any means. 

9.7 Failure to comply with any of the provisions set forth in this Section shall subject the breaching Party to the competent judicial and administrative procedures, of civil and criminal order, including preliminary injunction, preliminary restraining orders and indemnification for losses and damages that may arise to the other Party. 

9.8 The obligation of confidentiality is irrevocable and irreversible and shall be observed even after the termination of this Agreement. 

9.9 All Confidential Information transmitted or disclosed to the Receiving Party shall be returned to the Supplying Party or destroyed by the Receiving Party in an irrecoverable way, as soon as the need of its use by the Receiving Party has ceased or as soon as requested by the Supplying Party and, in any case, in the hypothesis of termination of this Agreement. At the request of the Supplying Party, the Receiving Party shall take responsibility for the transportation of the requested information and promptly issue a statement to be signed by its legal representative, confirming that all Information not returned to the Supplying Party has been entirely destroyed. 

9.10 The breach of this clause shall result in the immediate termination of this Agreement, regardless of prior notice. 

11

CLAUSE TEN: TERMINATION 

10.1 The Parties agree that this Agreement may be terminated unilaterally, by either Party, at any time, without cause, and without incidence of any burden or fine, upon prior notice, by means of notification, at least sixty (60) days in advance, being the Parties expressly aware that they may not oppose to the eventual termination, under any circumstances. 

10.2 Without prejudice to the applicable fines and indemnities, under the terms of this instrument, the Parties may terminate this Agreement by simple extrajudicial notification, without observance of any term, in any of the following hypotheses: 

a) By any of the Parties, in case of total or partial non-performance of the obligations assumed in this Agreement; 

b) By TIM, in case of delay in payment, as set forth in clause 5.1.2. 

c) In case of bankruptcy, self-bankruptcy, judicial or extrajudicial recovery, or insolvency of any of the Parties; 

d) Occurrence of a fact that, due to its nature and seriousness, affects the reliability and morality of the INFOTIM CLIENT or is likely to cause damage or compromise, even indirectly, TIM's image; and 

e) In case of violation of any of the declarations and guarantees contained in the Business Ethics Clause of this Agreement. 

10.3 If TIM does not use the right to terminate the Agreement under the terms of the previous items, it may, at its sole discretion, suspend the execution of the Agreement until the INFOTIM CLIENT fully complies with the breached contractual obligation. Any payments, reimbursements or readjustments will be suspended during this period (without prejudice to the application of the penalties to which the INFOTIM CLIENT is subject). 

CLAUSE ELEVEN: PENALTIES 

11.1 For non-compliance with the obligations set forth in this Agreement, by any of the Parties, it will be communicated by the prejudiced Party, through written notice, delivered directly, via e-mail or by mail, in order to provide the regularization within ten (10) working days. 

11.1 .1 Failure to regularize will result, at the discretion of the prejudiced Party, in the termination of the Contract, as well as in the application of a compensatory fine in the amount of 50% (fifty percent) of the value of the last invoice, without prejudice to the losses and damages resulting therefrom. 

11.2 In the event of termination for any reason attributable to INFOTIM CLIENT, according to the terms of this Agreement, the latter will be responsible for the payment of losses and damages to be ascertained. 

11.3 The fines that may be applied will be considered liquid and certain debts, based on this Agreement, thus, TIM may charge them judicially, serving for this purpose, this instrument as an extrajudicial execution title, under the terms of art. 784, III of the Code of Civil Procedure. 

11.4 In cases where any violation of the rules set forth in this Agreement is found by the INFOTIM CLIENT, TIM may, at its sole discretion, suspend the Services, or even cancel the Services, upon prior notice to the INFOTIM CLIENT. 

11.5 The termination due to lack of payment by the INFOTIM CLIENT does not affect the enforceability of the charges resulting from the Agreement, as the case may be. 

11.6 If TIM finds that the use of the mentioned Services, by the INFOTIM CLIENT and by its Direct Customers is not respecting the premises and conditions established herein, TIM reserves the right to terminate this Agreement. 

11.7 If there are indications of deviation in the use of the service(s), frauds, as well as non-compliance with the obligations set forth in clause nine of this Agreement and the applicable legislation, TIM may immediately suspend or terminate the Agreement, at its discretion, without prejudice to the collection of the penalty described in item 11.1.1. 

12

CLAUSE TWELVE: BUSINESS ETHICS 

12.1 The Parties hereby declare that they have (i) their own codes of conduct that contemplate the guidelines and principles of ethical behavior, integrity and transparency to which their managers, employees and collaborators are subordinated, and (ii) compliance programs that aim to ensure (a) compliance with the legislation, codes, regulations, rules, policies and anti-corruption procedures of any government or competent authority, considering the jurisdiction where the business and services will be conducted or performed under this Agreement - in particular, Law No. 12. 846/2013, Decree No. 8,420/2015 and the United States of America Foreign Corrupt Practices Act ("FCPA") -, and (b) the identification of deviations of conduct of its officers, employees and other collaborators, directly or indirectly linked. 

12.2 In this sense, CLIENT INFOTIM declares and guarantees that 

12.2.1 Aiming to ensure the effectiveness of its Compliance Program, it disseminates and trains its employees, subcontractors, consultants, agents and/or representatives about the anticorruption theme; 

12.2.2 Is aware that TIM bases its business and its performance on the observance of ethics and sustainable development and growth, for which reason it is committed to respecting and protecting human rights, labor law, the principles of environmental protection and the fight against all forms of corruption, in light of the principles of the United Nations Global Compact; 

12.2.3 It acknowledges that the terms of its Code of Ethics and Conduct, Anti-Corruption Policy and Conflict of Interest Policy are published on TIM's website, available at http://www.tim.com.br/ri > Governance, Code of Ethics and http://www.tim.com.br/ri > ESG > Code of Ethics, whose guidelines are widely disclosed and disseminated within the company, to the market and to society; 

12.2.4 Will comply with and cause all its employees, subcontractors, consultants, agents and/or representatives who are related to the scope of this Agreement, even if indirectly, to comply with the Code of Ethics and Conduct, TIM's Anti-Corruption and Conflict of Interest Policy, mentioned in item 12.2.3; 

12.2.5 Is aware that TIM repudiates and condemns acts of corruption in all its forms, including bribery, extortion and kickbacks, in particular those provided for in Law no. 12. 846/2013 and the "FCPA", the financing of terrorism, child, illegal, forced and/or slave-like labor, as well as all forms of exploitation of children and adolescents and any and all acts of harassment or discrimination in their working relationships, including in the definition of remuneration, access to training promotions, dismissals or retirement, whether based on race, ethnic origin, nationality, religion, sex, gender identity, sexual orientation, age, physical or mental disability, union membership, or that violates (i) human rights and/or implies or results in torture, physical or mental (ii) personal and/or workplace health and safety; (iii) the right of free association of employees, (iv) environmental and sustainability rights, and (v) appreciation of diversity; and 

12.2.6 It has not been convicted of any act detrimental to the public administration, nor has been or is listed by any government or public agency (such as the United Nations or the World Bank) as excluded, suspended or is indicated for exclusion and/or suspension or ineligible for government bidding programs. 

12.3 Considering the responsibility established by article 2 of Law No. 12,846/2013, CLIENT INFOTIM will not practice any harmful act provided for in said law - in particular, will not offer to pay, nor pay, will not pay, offer, promise or give, directly or indirectly, any value or thing of value, including any eventual amounts paid to it by TIM, to any employee or official of a government, company or society controlled or owned by the government, political party, candidate for political office, or to any other person being aware of or 

believing that such value or item of value will be transmitted to anyone to influence any action, omission or decision by such person or by any governmental body for the purpose of obtaining, retaining or conducting business for itself and/or TIM - as well as in violation of the precepts contained in the FCPA, in the interest of and/or for the benefit, exclusive or otherwise, of TIM. 

12.3.1 Moreover, the CLIENT INFOTIM hereby declares to be aware of TIM's Channel for Denunciations, available at http://www.tim.com.br/canal-denuncia/?origin=RI, and undertakes to, whenever possible, submit there any and all attempts and/or practices to which it is subjected, becomes aware of, or against which it is invested that fit into the conduct described in Law no. 12. 846/2013 and/or violate TIM's internal regulations, in particular, but not limited to, the Code of Ethics and Conduct, the Anti-corruption Policy, the Conflict of Interest Policy and/or current legislation. 

13

TIM may, regardless of any contrary provision contained in this Agreement and upon prior notice, suspend and/or terminate this Agreement in the event of a proven violation of any representation and/or warranty set forth in this Section. 

12.4.1 CLIENT INFOTIM will indemnify and hold TIM harmless from and against any loss, claim, cost, or expense incurred by TIM, based on or arising out of any breach of the representations and warranties set forth in this Section or due to any violation of the provisions of the aforementioned legislation resulting from any act, active or omission, of CLIENT INFOTIM and/or its Directors, officers, employees and/or representatives. 

12.5 The INFOTIM CLIENT undertakes, whenever requested, to provide (i) statement of compliance with the obligations undertaken in this clause and/or (ii) clarification of any questioning regarding the fact or event related to the obligations contained in this clause, sharing any documents requested. 

12.6 Finally, TIM declares that the provisions of this Agreement were negotiated in light and in strict compliance with its Code of Ethics and Conduct and the environmental protection legislation, demonstrating its commitment to sustainable development and maintenance of the balance of ecosystems, as per the Environmental Policy available at http://ri.tim.com.br/ - ESG > Policies. Besides, regarding the provisions contained in the present Clause, CLIENT INFOTIM, as a supplier and/or commercial partner, undertakes to observe and disseminate in its business chain the ethical and social principles and values mentioned above, as well as those of competition. 

CLAUSE THIRTEEN - DATA PROTECTION 

13.1 For the purposes of this Agreement, the following are considered: 

(a) "PERSONAL DATA": any information obtained in an online or offline medium and capable of identifying or making identifiable a natural person ("DATA SUBJECT or DATA SUBJECT"), including information that can be combined with others to identify an individual, and/or that relates to the identity, characteristics or behaviors of an individual or influences how such individual is treated or evaluated; for example a name, an identification number, location data, electronic identifiers (such as cookies, beacons and related technologies) or to one or more specific elements of that natural person's identity. The definition of personal data also includes the concept of SENSITIVE PERSONAL DATA; 

(b) "SENSITIVE PERSONAL DATA" shall mean personal data concerning social, racial and ethnic origin, health, genetic or biometric information, sexual orientation or sexual life, political, religious and philosophical beliefs or trade union or organization membership relating to such beliefs, or any information which, when combined with other information, is capable of revealing sensitive data when linked to a natural person; 

(c) "PROCESSING" (and the related terms "PROCESSING" and "PROCESSED") shall mean any operation or set of operations which is performed upon personal data or sets of personal data, by automated or non-automated means, such as collection, production, receipt, classification, use, access, reproduction, transmission, distribution, processing, filing, storage, deletion, evaluation or control of information, modification, communication, transfer, dissemination or extraction. The Parties declare that the treatment defined herein will be carried out in Brazil; 

(d) "CONTROLLER" shall mean the party to be in charge of decisions concerning the processing of personal data, including determining the purposes and means of processing 

(e) "OPERATOR" shall mean the party which processes personal data pursuant to the instructions of the CONTROLLER and on its behalf 

(f) "INCIDENT": a security incident occurred in the context of the processing of personal data and which may cause relevant risk or damage to the data subjects, including cases of improper processing of personal data. 

14

13.2 The Parties hereby declare that they comply with all applicable legislation on privacy and data protection, including (whenever and wherever applicable) the Federal Constitution, the Consumer Defense Code, the Civil Code, the Marco Civil da Internet (Federal Law n. 12.965/2014), its regulating decree (Decree 8.771/2016), the General Data Protection Law (Federal Law n.13.709/2018), and other sectoral or general rules on the subject, including foreign ones. 

13.3 The Parties acknowledge that, by virtue of the execution of this Agreement, Personal Data may be shared between them. Each Party shall be responsible for the processing of personal data carried out by it in the context of this Agreement and the relationship between the Parties, holding the other Party harmless from any damage or loss arising from any operation of processing of personal data carried out in breach of the Agreement and/or applicable law. 

13.3.1 The Parties acknowledge that, due to the fulfillment of this Agreement, the INFOTIM CLIENT will provide TIM with Personal Data as defined by the applicable legislation. To this end, CLIENT INFOTIM undertakes to always ground the sharing on a legal basis provided for in the applicable legislation, as well as to ensure that the Personal Data were obtained lawfully, legitimately and in accordance with applicable law, as well as that the collection of consent necessary for the execution of this Agreement was duly performed by CLIENT INFOTIM, being responsible for taking all actions that may be necessary with the owners of the Personal Data to enable the sharing with TIM. 

13.3.2 . TIM shall not be liable, by itself or by its employees, for the Treatment of Personal Data carried out by the INFOTIM CLIENT by itself, its employees, agents, representatives and collaborators necessary for the provision of Personal Data to TIM, as per the object of the Agreement. The INFOTIM CLIENT shall hold TIM harmless from any liabilities, damages or losses, direct and indirect, including fines, arising from any Treatment of Personal Data performed in breach of this Agreement and/or the applicable legislation, whereby TIM shall have the right to recourse against the INFOTIM CLIENT in such cases.

13.4 The Parties will implement technical and administrative security measures to protect the personal data against accidental or unlawful destruction, accidental loss, alteration, diffusion or unauthorized access, as well as any other form of inappropriate or unlawful treatment of the same.

13.5 The Parties declare and warrant that the systems used by them to process personal data are structured so as to meet the security requirements, the standards of good practice and governance and the general principles provided for in the laws in force and other regulatory standards, ensuring the adequate protection of personal data, as well as the inviolability of the intimacy, honor and image of their holders. 

13.6 The Parties shall immediately inform each other in case of occurrence or mere suspicion of an incident, in order to allow the affected Party to ascertain its causes and effects, to then take the containment measures, impact assessment and the need to communicate on the incident to the public, to the competent authorities and/or to the data subjects. In the hypothesis of verification by one of the Parties, of the effective occurrence of an incident, it shall notify the other Party in writing and in a detailed manner of all information and details available on such incident, all within no more than forty-eight (48) hours from the acknowledgement of the incident. 

13.7 Subject to the provisions of this Agreement, the Parties shall ensure that their employees and/or external service providers hired by it who may have access to the data in the context of this Agreement comply with and enforce the applicable legal provisions on personal data protection, as well as all provisions of this nature provided for in this Agreement, in particular by not assigning or disclosing any personal data processed under this Agreement to third parties, or using them for any purposes other than those strictly necessary for the achievement of the purpose of the provision of services under this Agreement. Each Party shall be responsible for contracting any subcontractor and shall be fully liable for the data processing activities performed by the subcontracted party, as well as for any incidents occurring in the context of the processing of personal data by such subcontracted party, as provided in this Agreement.

15

13.8 Each Party will be responsible for the personal data treatment carried out by it in the context of the Agreement and the relationship between the Parties, holding the other Party harmless from any damage or loss arising from any operation of personal data treatment carried out in breach of the Agreement and/or the applicable law. TIM will not be held liable, under any circumstances, for any actions, omissions, failures or errors of the INFOTIM CLIENT and/or any employees, agents, representatives or third parties hired by it, including but not limited to its suppliers, in the context of the treatment of any personal data under this Agreement, as well as for any consequential losses or those resulting from the direct or indirect treatment of the Personal Data, and the INFOTIM CLIENT shall indemnify and hold TIM harmless from any liability in this regard. 

CLAUSE FOURTEEN: GENERAL PROVISIONS 

14.1 Any communications between the Parties regarding this Agreement will only be effective as provided in this Agreement if made in writing and (a) delivered in hand or (b) sent by mail with Acknowledgment of Receipt (AR) or forwarded during business hours of working days by e-mail with confirmation of receipt of the recipient of the e-mail. For the purposes of communications relating to this Agreement, the following data and addresses of the Parties shall be considered: 

For the INFOTIM CLIENT: 

Address: Avenida Paulista, n ° 2.300, 18th floor, Bairro Bela Vista, in the City of São Paulo, State of São Paulo Zip Code: 01310-300 

Attn: [****]

E-mail: [****]  

To TIM 

Address: Avenida das Nações Unidas, 17.007 - 7 floor - Sigma Tower - Zip Code: 04795-100 

Attn: [****]  

E-mail: [****]

14.2 This Agreement does not create any partnership, association, joint venture or any other relationship of similar nature between the Parties, and neither Party is permitted to act on behalf of the other. 

14.3 This Agreement contains the entire undertaking between the Parties with respect to its subject matter and supersedes any and all prior contractual instruments or agreements, written or oral, with respect to all matters covered by or referred to in this Agreement. 

14.4 This Instrument binds the Parties, their successors in any capacity, having its title automatically transferred to the supervening entity, and any authorized assignees, and any other amendment or contractual modification shall only be valid upon the execution of an additional term, which shall be duly signed by the legal representatives of the Parties. 

14.5 The Parties expressly acknowledge that all provisions of this Agreement were fully negotiated and accepted with the support of their legal advisors, reflecting, therefore, the subjective good faith of the Parties in this contracting. 

16

14.6 The lack or delay, by any of the Parties, in exercising any right arising out of this Agreement shall not imply waiver or novation, and shall be construed as mere liberality, and the right may be exercised at any time, unless otherwise expressly provided by the Parties. 

14.7 Neither Party shall be liable to the other for any delays or non-performance of any provision of this Agreement due to acts of God and force majeure, under the terms of the Civil Code. 

14.8 In case of doubt or contradiction between this Agreement, its Attachments, the provisions of this Agreement shall always prevail. 

14.9 The taxes that are due as a direct or indirect result of this Agreement or its execution, constitute responsibility burden of the Party that causes the appearance of the tax obligation, as defined in the competent law. 

14.10 The Parties declare, under penalty of the law, that the attorneys-in-fact and/or legal representatives hereunder subscribed are duly appointed in the form of their respective acts of incorporation, with powers to assume the obligations hereunder. 

14.11 The Parties acknowledge and expressly agree with the veracity, authenticity, integrity, validity and effectiveness of this instrument under the terms of articles 104 and 107 of the Civil Code, signed by the Parties in electronic format and/or by means of electronic certificates, including those using certificates not issued by ICP-Brasil, under the terms of art. 10, § 2, of Provisory Measure No. 2,200-2, of August 24, 2001. 

CLAUSE FIFTEEN: VENUE AND APPLICABLE LAW 

15.1 This Agreement shall be governed by the Brazilian laws. 

15.2 The Central Forum of the City of São Paulo is hereby elected, with express waiver of any other, however privileged it may be, to settle any doubt or dispute arising from this Agreement. 

And, for being fair and contracted, the Parties sign this Agreement in two (2) counterparts of equal content and form, in the presence of the two undersigned witnesses.   

Rio de Janeiro, October 21, 2022. 

17

Paulo Humberto
[XXXX]
TIMS.A.
LilianLima	RuyRibeiroGuimarãesNeto
[ XXXX]	[XXXX]
ZENVIAMOBILESERVIÇOSDIGITAISS.A.
Adriana FatimaMorais	GersonNascimentoGonçalves
[XXXX]	[XXXX]

18