EXECUTION VERSION HOSTING AGREEMENT

Exhibit 10.3

CONFIDENTIAL TREATMENT REQUESTED - REDACTED COPY

Confidential Treatment has been requested for portions of this Exhibit. Confidential

portions of this Exhibit are designated by [*****]. A complete version of this Exhibit has

been filed separately with the Securities and Exchange Commission.

EXECUTION VERSION

HOSTING AGREEMENT

Through this private instrument, on one side, PAGSEGURO INTERNET SA, a company headquartered in the city of São Paulo, São Paulo State, at ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇ ▇▇▇▇, ▇▇ ▇▇▇▇, 4° andar — Parte A, Jardim Paulistano, Brazil, CEP 01451-001, enrolled on the Corporate Taxpayer’s National Register at the Ministry of Finance (CNPJ/MF) under no. 08.561.701/0001-01, hereinafter referred to as “CLIENT” and on the other UOL DIVEO TECNOLOGIA LTDA., a company established at Alameda Barão de Limeira, 425, 1° andar, ▇▇▇▇▇▇ Elísios, in the city of São Paulo, São Paulo State, enrolled on the CNPJ under no. 01.588.770/0001-60, and local offices at Avenida Ceci, n° 1850, in the city of Barueri, São Paulo State, duly enrolled on the CNPJ under no. 01.588.770/0008-36, at Alameda Glete, 700 - 2° andar, ▇▇▇▇▇▇ ▇▇▇▇▇▇▇, in the city of São Paulo, São Paulo State, enrolled on the CNPJ under no. 01.588.770/0011-31 and at Alameda Barão de Limeira, n° 425 - 2° andar, ▇▇▇▇▇▇ ▇▇▇▇▇▇▇, in the city of São Paulo, São Paulo State, enrolled on the CNPJ under no. 01.588.770/0010-50, hereinafter referred to simply as “UOL DIVEO”, both belonging to the same economic group of UNIVERSO ONLINE (UOL), represented in the form of its articles of incorporation.

agree to execute this Hosting Agreement (“Agreement”), in accordance with the following clauses and conditions.

FIRST CLAUSE - PURPOSE

1.1. The purpose of this Agreement is the contracting by the CLIENT of data hosting, including the assignment of physical space, the leasing of equipment and the provision of internet access and/or the assignment of infrastructure for IT and the provision of Internet access in the company’s Data Center, in accordance with the modality and conditions described in the Technical-Commercial Proposal (“Proposal”) and/or in the respective Purchase Order and in the SLA Annex, which will form an integral part of this Agreement together with the Annex I – Availability Level and Hosting.

1.1.1. In the event of contradiction or doubt between the terms of this Agreement and the Proposal or any other documents, the terms of the Agreement will prevail.

1.2. In addition to the activities described above, the CLIENT may contract management services, as detailed in the Proposal and/or Purchase Order.

1.3. Depending on the contracting modality and the requested technical scope, UOL DIVEO may make software licenses available, described and detailed in the Proposal, subject to the provisions of clause 4.1.10.

1.4. UOL DIVEO is guaranteed the right to designate, in common agreement with the CLIENT, a new area in its Data Center, with the same conditions of the contracted area, with prior notice in writing, at least 30 (thirty) days in advance.

SECOND CLAUSE – PRICES AND ADJUSTMENTS

2.1. The prices for Hosting are those mentioned in the Purchase Order and/or Proposal. In the event of creation, institution or alteration of taxes, UOL DIVEO will review the amounts contained in the collection document in order to reflect such changes.

2.2. The Parties hereby elect the National Extended Consumer Price Index (IPCA), as an index of monetary restatement, applicable to the prices, every 12 (twelve) months, counting from the signing of the Activation Agreement by the CLIENT. In the absence of this index or, if permitted by law or by court decision, the official index that might come to replace it or, if it does not exist, another index of monthly variation, calculated pro rata die, and that most efficiently avoids the inflationary effects of the national currency, will be applied to the prices.

2.2.1. In the event of delay or failure to publish the applicable index, UOL DIVEO will issue the bills using the latest published index. Immediately after the next publication of said index, UOL DIVEO will issue the notes for the payment and/or reimbursement of the difference between the amount already charged and the amounts actually due.

Page 1 of 12

EXECUTION VERSION

2.3. For the purposes of this Agreement, the Activation Agreement is understood to be the document to be signed by the CLIENT, after completing the tests of suitability and acceptance of the items contracted, and such tests shall be performed in conjunction with UOL DIVEO.

2.3.1. The Activation Agreement shall be signed by the CLIENT within 5 (five) days after the communication of availability of the items contracted, subject to the provisions of clause 11.5 sent by UOL DIVEO. If the CLIENT does not sign the Activation Agreement or does not express the opinion that it refuses the Hosting within the abovementioned term, this will automatically be considered accepted by the CLIENT .

2.4. If the CLIENT directly contracts third party telecommunication services, it shall be responsible for reimbursing the expenses incurred by UOL DIVEO for the use of infrastructure by the CLIENT.

2.5. In the event of facts or acts that could adversely affect the economic and financial balance, including but not limited to fluctuations in the electrical energy costs related to this agreement, the parties will use their best efforts to regulate and discipline the situation then created in order to avoid any loss of an economic, financial or any other nature.

THIRD CLAUSE — METHOD OF PAYMENT

3.1. The method of payment is established in the Purchase Order(s) and/or Proposal(s).

3.2. Failure to pay on the due date, of any and all amounts charged on the basis of this Agreement, will imply the automatic application of a fine of 2% (two percent) and arrears interest of 1% (one percent) per month, in addition to monetary restatement based on the IPCA, calculated from the due date until the date of actual payment of the outstanding balance.

3.2.1. The Hosting may be suspended if the CLIENT’s default lasts for thirty (30) days counting from the due date and in this case will not be restarted unless all amounts owed are paid in full, without prejudice to UOL DIVEO’s right to terminate this Agreement.

FOURTH CLAUSE — THE CLIENT’S OBLIGATIONS

4.1. Without prejudice to the other obligations set forth in this Agreement, the CLIENT undertakes:

4.1.1. To supply, in writing, all technical data that may come to be requested by UOL DIVEO.

4.1.2. Unless otherwise agreed by the parties, the CLIENT will be responsible for including in its premises all the infrastructure necessary for the installation of the UOL DIVEO equipment, in accordance with the specifications to be supplied by UOL DIVEO.

4.1.3. When applicable, to allow the installation of the UOL DIVEO equipment on its premises.

4.1.4. To sign the Activation Agreement for the items contracted, as soon as it becomes operational, as a condition for the beginning and continuity of the Hosting.

4.1.5. Not to sell, bind, pawn, rent, or offer as a guarantee, or in any way, dispose of any equipment, including hardware and software, owned by UOL DIVEO, which will remain the property of UOL DIVEO until the end of the agreement.

Page 2 of 12

EXECUTION VERSION

4.1.6. To refrain from repairing, modifying, or even adding new components or connections, or making alterations and/or changes of any kind to the Data Center, as well as to the equipment owned by UOL DIVEO without prior written authorization from UOL DIVEO.

4.1.7. To make payments due for contracted items, in accordance with that set forth in this Agreement and its respective Purchase Orders.

4.1.8. The CLIENT shall take the due precautions to protect UOL DIVEO’s and other clients’ installations and equipment installed in the Data Center.

4.1.9. To be responsible, during the term of validity of this Agreement, for the expenses arising from trips, stays and meals of UOL DIVEO’s technicians at the CLIENT’s premises, provided that they are previously agreed between the parties.

4.1.10. The CLIENT is responsible for the proper use of the licenses made available by UOL DIVEO throughout the term of validity of the Agreement and while the licenses are made available to the CLIENT, it must know and observe the rules of use for such licenses. The CLIENT shall also request and/or inform UOL DIVEO of any change in the scope of the project that impacts the use of the licenses. Any penalty or fine that may come to be applied by the licensing company on UOL DIVEO, if the applicable rules are not observed, may be transferred from UOL DIVEO to the CLIENT, provided that its fault is proven.

4.1.11. UOL DIVEO and/or the licensing company may, at any time, upon prior notification 15 days in advance, conduct a verification audit of the use of the licenses made available to the CLIENT. This audit can be performed in the form of questions that shall be answered by the CLIENT within 30 (thirty) days of sending the questionnaire or analyzing the server configurations, through an evaluation of the operational system parameters, applications and items linked to the use of the license.

4.1.12. The licenses made available by UOL DIVEO may not be made unavailable or transferred for use by third parties during the term of validity of the agreement without the consent of the CLIENT.

4.1.13 The CLIENT declares itself to be aware of the internal policy of UOL DIVEO, which establishes:

(i) that demonstrations of cordiality between the professionals of UOL DIVEO and its clients are allowed, such as the exchange of gifts of symbolic value at Christmas, for example;

(ii) that in the event of an intention to offer valuable gifts to UOL DIVEO professionals by clients, whether in goods or services (including travel and courses), such intention shall be communicated in advance to the HR Management, through the e-mail ▇▇▇▇▇▇▇▇▇▇▇@▇▇▇▇▇▇.▇▇▇, who will decide on the appropriateness of accepting (or not) the offer to the professional.

FIFTH CLAUSE — UOL DIVEO’S OBLIGATIONS

5.1. Without prejudice to the other obligations set forth in this Agreement, UOL DIVEO undertakes to:

5.1.1. Provide the Hosting in the form contracted and described in clause 1.1.

5.1.2. Be responsible, during the term of validity of this Agreement and its respective Purchase Order, for expenses arising from employment and social security charges of its employees.

5.1.3. Carry out preventive and corrective maintenance of the items supplied by UOL DIVEO.

5.1.4. After completion of the installation, complete the tests together with CLIENT’s technical personnel for it to issue the Activation Agreement for each Purchase Order.

Page 3 of 12

EXECUTION VERSION

SIXTH CLAUSE — USE OF THE INTERNET

6.1. When applicable, that is, if the provision of access to the internet has been contracted or is available to the CLIENT, the following provisions must be respected:

6.1.1. The CLIENT agrees (i) to comply with all local, domestic and international laws and regulations governing the use of the internet; (ii) to know and comply with the “Use Policy” available on the UOL DIVEO website (▇▇▇▇://▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇.▇▇) which prohibits some activities such as (a) obtaining or attempting to obtain unauthorized access to another account, host or network (hacking) and (b) distributing, posting or sending messages to entities that do not request such messages expressly (also known in the market as spamming).

6.1.2. UOL DIVEO reserves the right, having ascertained and proven any breach of the above clause, especially with regard to spamming, 24 hours after written notice, in the event that an agreement has not been reached with the CLIENT, to disable the items possibly placed at the disposal of the CLIENT, if the problem is not solved, UOL DIVEO may immediately suspend the related services, and the CLIENT must maintain all other obligations related to the agreement, including making payments, under penalty of bearing the sanctions set forth in clause 3.3.1.

6.1.3. The CLIENT understands that the Internet is not owned by UOL DIVEO and also it is not operated or administered or in any way affiliated with UOL DIVEO. Thus, all content, services, information and other materials that may be offered, made available or accessed through the internet are supplied exclusively by third parties who are not affiliated to UOL DIVEO.

6.1.4. The use of the internet by the CLIENT, by the CLIENT’s clients or any other authorized user is the sole responsibility of the respective user and this user will be subject to all the laws and regulations that apply. UOL DIVEO does not guarantee that the provision of internet access will be uninterrupted or free of errors, or that any information, software or other material that may be accessed by the internet is free from viruses, debilitating code, worms or other malicious components.

6.1.5. The CLIENT further understands that the internet contains materials that have not been edited, some of which are sexually explicit or that may be offensive to some people and that the CLIENT’s access to such materials is its sole responsibility. UOL DIVEO has no control and accepts no responsibility for such materials.

6.1.6. If the CLIENT contracts firewall services, which may have the objective of reducing the CLIENTs risks when accessing the internet, it is clear that UOL DIVEO will not be responsible for any problems that the CLIENT might come to have with invasion, and the CLIENT is aware that invasions can occur within the company’s own environment, and for this type of invasion, UOL DIVEO does not employ any kind of security, except if caused exclusively by UOL DIVEO employees.

6.1.6.1 The application of the security filters will always be done from the external environment to the internal (read external as Internet), and the reverse direction is not applied. Therefore, if the CLIENT is practicing acts contrary to our Acceptable Use Policy, UOL DIVEO may apply punishments also set forth in the agreement.

SEVENTH CLAUSE — TERM OF VALIDITY

7.1. This Agreement will enter into force on January 01, 2017 and will remain valid for a period of 5 (five) years, and may only be renewed upon signature of an addendum.

7.1.1. In the event of cancellation by the CLIENT prior to the signing of the Activation Agreement or before completing the 48 (forty-eight) hours from the sending of communication of the availability of the items contracted by UOL DIVEO, the latter will bear all the costs involved for the installation of the Hosting.

Page 4 of 12

EXECUTION VERSION

EIGHTH CLAUSE — ASSIGNMENT

8.1. The Parties may assign and transfer, in whole or in part, this Agreement, upon prior written communication of the other Party, and in cases of corporate restructuring of any of the Parties, within the modalities set forth in the applicable corporate legislation, and the succeeding entity is subrogated in all rights and obligations assumed in this Agreement.

8.1.1. The parties agree that if the CLIENT ceases to be a direct controller of UOL DIVEO, UOL DIVEO shall communicate the corporate change to the CLIENT 60 (sixty) days in advance, it being at the CLIENT’s discretion whether to terminate the agreement, free of charge, or renegotiate the clauses of the agreement.

NINTH CLAUSE - CONFIDENTIALITY

9.1. The parties agree that all information supplied by the other party for the performance of this Agreement will be deemed to be confidential (“Confidential Information”) and will remain the sole and exclusive property of the party disclosing it (Disclosing Party).

9.2. Neither party may disclose Confidential Information to any person without the written consent of the Disclosing Party, except for its employees, contractors or suppliers and/or affiliates who need to receive this information for the faithful performance of this Agreement, and they must agree to the terms of this Clause.

9.3. The obligations of this clause will survive for a period of two (2) years after the end or termination of this Agreement.

9.4. The provisions of this Clause do not apply to any Confidential Information that: (i) is already known to the Receiving Party on the date on which it was disclosed by the Disclosing Party; (ii) is available to the public without violation by the Receiving Party of its obligations established herein; (iii) is disclosed to the Receiving Party free of restrictions by a third party who had legal permission to make such disclosure; (iv) is independently carried out by the Receiving Party; (v) has been disclosed by requirement of law or court order.

9.5. UOL DIVEO may use the CLIENT’s name and trademark in promotional material and/or on the UOL DIVEO website (▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇.▇▇), provided that the material is previously approved by the CLIENT.

9.6. By common agreement between the CLIENT and UOL DIVEO, UOL DIVEO’s “Virtual Seal”, defined below, will be displayed in the footer of the CLIENT’s website, so that it is visible during navigation of the entire site.

9.6.1. The Virtual Seal consists of material created by UOL DIVEO for dissemination to the general public about the hosting of the CLIENT’s site in the UOL DIVEO Data Center.

9.6.2. UOL DIVEO will make the Virtual Seal available to the CLIENT, and the CLIENT must forward the final layout of the page of the website with the Virtual Seal included to UOL DIVEO for approval prior to the dissemination.

9.6.3. In the event of termination of the Agreement, regardless of the reason, or if UOL DIVEO so requests, in writing and for any reason, the CLIENT shall delete the Virtual Seal from the website within 24 hours from the termination of the Agreement or the request.

9.6.4. Any alteration to the content, size, format or characteristics of the Virtual Seal without express and prior authorization from UOL DIVEO is expressly forbidden. The Virtual Seal is and will remain the property of UOL DIVEO.

Page 5 of 12

EXECUTION VERSION

TENTH CLAUSE — LIABILITY

10.1. In the event of non-compliance with the levels of availability, as defined in Annex I, through UOL DIVEO’s proven responsibility, which exceeds the minimum availability period, the CLIENT will be entitled to a credit in the month following the interruption, as compensation.

10.2. Neither party will be liable for the payment of compensation for losses and damages, loss of profits and/or direct damages incurred by virtue of this agreement, in an amount greater than the sum of twelve (12) monthly payments prior to that of the event giving rise to the damage.

10.3. The parties represent and warrant that no equipment used by them pursuant to this Agreement violates any patent, copyright, trade secret or any other property rights, including intellectual, of the other party or any third party, nor will it interfere with the functioning of UOL DIVEO’s equipment or resources.

10.4. The parties represent and warrant that they are aware of, agree with and will comply with all laws, rules and regulations that apply to this Purchase Order/Agreement and the activities to be carried out by them hereunder.

10.5. UOL DIVEO will be solely responsible for all employment, social security, tax and accident obligations arising from the employment relationship between it and its employees, representatives or any other professionals who are designated to execute the Hosting and other items contracted.

ELEVENTH CLAUSE – GENERAL PROVISIONS

11.1. The parties acknowledge that the nullity or invalidity of any of the contractual clauses will not adversely affect the validity and effectiveness of the other clauses and of the agreement itself.

11.2. The tolerance by either party for non-compliance with the conditions set forth herein will represent mere liberality and cannot be invoked as a contractual novation or waiver of rights and may be exercised by the party who feels adversely affected at any time.

11.3. This Agreement cannot be amended except by an addendum in writing and signed by the parties.

11.4. In no case will this agreement give either party the right or authority to represent the other before any third party.

11.5. All notifications required under this Agreement will be (a) delivered in person, (b) sent by registered mail, or (c) transmitted by facsimile (with a confirmation copy also sent by registered mail) to the parties at the addresses specified in the Purchase Order, or other addresses that either party informs the other in writing.

11.6. The parties may not be held liable for failure to comply with their obligations under this Agreement as a result of acts of God or force majeure events that temporarily or definitively prevent compliance with any of these obligations, as provided in Article 393 of the Brazilian Civil Code. The party intending to use the exemption set forth in this Clause shall inform the other immediately, in writing, of the occurrence of the act of God or force majeure event, also reporting the estimated duration of said event.

11.7. If the availability of software licenses is contracted for the use of the CLIENT itself or for the use of the CLIENT’s clients, the following clauses apply:

11.7.1. The CLIENT may not remove, modify or omit any notice of copyright, registered trademark or other notices of property rights that are contained in or appear on the licensed products.

11.7.2. The CLIENT may not reverse engineer, decompile, or disassemble the licensed products except to the extent that such activity is expressly permitted by applicable legislation.

Page 6 of 12

EXECUTION VERSION

11.7.3. The CLIENT disclaims liability, to the extent permitted by applicable legislation, of all warranties offered by the licensing company, the licensing company, its affiliates or suppliers for any direct, indirect or consequential damages arising from the availability of the software.

11.7.4. UOL DIVEO will provide support for the software contracted by the CLIENT.

11.7.5. The Products Licensed by UOL DIVEO with the licensing company are assigned, for use for the contracted period, for the restricted use of the CLIENT. All rights and ownership of the intellectual property relating to the licensed products and their component elements are the property of the licensing company and its suppliers. Licensed products are protected by copyright laws and international copyright treaties, as well as by other international intellectual property laws and treaties. The possession, access or use of the products licensed by the CLIENT does not transfer any ownership of the licensed products or any intellectual property rights.

11.7.6. UOL DIVEO may supply the licensing company with the necessary information about the CLIENT to obtain and maintain the licenses.

11.7.7. The CLIENT is aware that the licensed products are not protected against failures. The products have not been designed or created to tolerate any situation where product failure could lead to death or serious personal injury or severe physical or environmental damage (“High Risk Use”). The CLIENT is not authorized to use the products in High Risk situations or in conjunction with high risk situations. High Risk Use is strictly prohibited. For example, High Risk Use includes: vessels or other mass human transportation, nuclear or chemical installations, and Class III medical equipment set forth in the Federal Food, Drug and Cosmetic Act. The CLIENT agrees not to use, distribute, or sublicense the use of the products in high risk situations or in conjunction with high risk situations.

11.7.8. The CLIENT shall maintain a copy of the End User License Terms with any service equipment.

11.8. This Agreement, together with the Purchase Order, the Proposal and other Annexes, constitute the entire agreement between the parties in relation to the contracted subject matter and replaces any prior or contemporaneous agreement, whether in writing or verbal, and individual declarations of will made by the parties in a manner other than that agreed in these documents shall be considered null and void.

11.9. The parties agree that the conditions related to termination, adjustment by the energy index and SLA will be regulated by an agreement with a similar purpose agreed between UOL and UOL DIVEO.

11.10. The CLIENT declares that the proxies and/or legal representatives who sign this instrument are duly incorporated in the form of their respective Bylaws/Articles of Incorporation, with powers to assume all obligations contracted herein.

11.11. This agreement cancels and replaces all and any contract or other agreements previously executed between the Parties, whether in written or verbal form.

11.12. This Agreement will be governed by Brazilian law.

TWELFTH CLAUSE - JURISDICTION

12.1. The parties elect the venue of São Paulo/São Paulo State, to settle any dispute arising from this Agreement.

In witness whereof, the Parties execute this Agreement in 02 (two) counterparts of equal content and form, together with two witnesses appointed and identified in the respective Purchase Order.

São Paulo, January 01, 201

Page 7 of 12

EXECUTION VERSION

UOL DIVEO TECNOLOGIA LTDA.
/s/ Rogildo ▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇				/s/ ▇▇▇▇▇▇ Bertozzo ▇▇▇▇▇▇
Name: Rogildo ▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇				Name:
R.G. n°:				R.G. n°:

PAGSEGURO INTERNET S.A.
/s/ ▇▇▇▇▇▇ Bertozzo ▇▇▇▇▇▇				/s/ ▇▇▇▇▇▇▇ lvaldo ▇▇ ▇▇▇▇▇
Name: ▇▇▇▇▇▇ Bertozzo ▇▇▇▇▇▇				Name: ▇▇▇▇▇▇▇ lvaldo ▇▇ ▇▇▇▇▇
Identity Card no.:				Identity Card no.:

WITNESSES:
Name: Identity Card no.:				Name: Identity Card no.:

Page 8 of 12

EXECUTION VERSION

ANNEX I

AVAILABILITY LEVEL AND HOSTING

1. The Availability Level Agreement

1.1 UOL DIVEO will maintain a minimum annual Hosting availability of 99.5% (SLA) - Excluding table I items. The Hosting availability is defined as the response of the operational system managed by UOL DIVEO, the application transactions managed by the CLIENT during a period of one year. The annual Hosting availability will be evaluated monthly. The minimum availability measured monthly will vary, depending on the number of days in the month.

1.1.1 For items in table I, UOL DIVEO will maintain a minimum annual availability of 99.9%

Table I

Infrastructure and provision of Internet Bandwidth

Server Clusters in Dedicated Hosting

VCare Servers (Virtual)

1.2 UOL DIVEO will not be liable to the Customer for any delays or failures arising from:

a) Interruptions programmed by UOL DIVEO for preventive and/or corrective maintenance, provided that the CLIENT is duly informed of them 48 (forty-eight) hours in advance;

b) Interruptions brought about by improper operation by the CLIENT or its representatives;

c) Act of God, force majeure, delays caused by the Client or any Third Party and delays or failures caused by the Client’s Materials or any viruses or similar destructive items that affect such materials.

1.2.1 UOL DIVEO will provide the CLIENT through an officially defined contact or through the administrative site provided for the CLIENT with a monthly report analytically listing all the unavailability that violates the SLA established herein and programmed maintenance detailing what it is, when it started with accuracy to the second, when it finished with accuracy to the second, how long it lasted with accuracy to the second for each of them, as well as the consolidated SLA attainment and the applicable penalty by the 5th (fifth) business day of the month following the calculated period

1.3 In the event that UOL DIVEO does not maintain a monthly Hosting availability of at least 99.5%, in any month, the CLIENT may request credit to be applied to the monthly payment related to the item affected and specified in each service order in the month following the month in which UOL DIVEO did not attain its minimum SLA commitment, as shown in the table below:

Real Monthly Hosting Availability		Percentage of Credit in the Monthly ▇▇▇▇
99.40% to 99.49%		1% of the amount of the Service Order
99.00% to 99.39%		2% of the amount of the Service Order
97.00% to 98.99%		3% of the amount of the Service Order
94.00% to 96.99%		4% of the amount of the Service Order
Below 94.00%		5% of the amount of the Service Order

1.3.1 For items contained in Table I, in the event that UOL DIVEO does not maintain a monthly Dedicated Hosting availability of at least 99.9%, in any month, the client may request in the month during which UOL DIVEO did not reach its minimum commitment, a credit to be applied to the monthly payment related to the item affected and specified in each service order, as per the table below:

Page 9 of 12

EXECUTION VERSION

Real Monthly Hosting Availability		Percentage of Credit in the Monthly ▇▇▇▇
99.80% to 99.89%		1% of the amount of the Service Order
99.40% to 99.79%		2% of the amount of the Service Order
97.50% to 99.39%		3% of the amount of the Service Order
95.00% to 97.99%		4% of the amount of the Service Order
Below 95.00%		5% of the amount of the Service Order

1.4 The SLA Credits will not be granted in the following cases:

1.4.1 Programmed Maintenance. Interruptions programmed by UOL DIVEO for the purpose of preventive and/or corrective maintenance of the items contracted in this instrument. Definition of Programmed Maintenance: Programmed Maintenance means any maintenance of the UOL DIVEO Internet Data Center where the CLIENT’s Hosting is located, provided that the CLIENT is advised of such preventive maintenance 48 hours in advance, and that is carried out between 2:00 and 6:00 a.m., local time, or at any time provided that it is previously agreed between UOL DIVEO and the CLIENT. UOL DIVEO will advise the CLIENT of the need for Programmed Maintenance by telephone, e-mail or fax.

1.4.2 Non-availability of the Hosting due to Programmed Maintenance, or any unavailability resulting from the CLIENT’s circuits or infrastructure, the CLIENT’s applications, applications incompatible with the hardware or software supplied by UOL DIVEO, the CLIENT’s acts or omissions, or any use or user of the Hosting, authorized by the CLIENT.

1.4.3 Shutdown of a server or other equipment that is part of a contingency system with a cluster or load balancing solution, and which does not imply interruption of the CLIENT’s Hosting.

1.5 Process for Requesting Credit: In the event that the CLIENT notifies UOL DIVEO of the non-availability of the Hosting, and UOL DIVEO establishes that such unavailability has not been due to causes beyond UOL DIVEO’s control, this period will be counted in the total unavailability for the period. Credits for these unavailabilities can only be used to reduce the recurring monthly amount and may not be used to reduce any options or tariffs or occasional fees that the CLIENT has incurred. Clients with multiple servers and/or services may receive credit only for items where the SLA has not been met.

1.6 The CLIENT must request credit within a period of 30 days counting from the end of the month in which the non-availability occurred, and for which the credit would apply.

1.7 The credit amount will be applied within a maximum of two collection cycles after the credit request that has been approved by UOL DIVEO.

1.8 UOL DIVEO is the only party authorized to evaluate the merits of a request for credit pursuant to this SLA. UOL DIVEO’s records will be the basis for calculating the non-availability of the Hosting and the resulting credits.

1.9 This SLA is the resource used to analyze the compensation for unavailability.

1.10 Because the compensation is monthly and the calculation of the breach of the SLA is annual, occasionally the credit amounts actually granted may exceed the amounts that would in fact be owed by UOL DIVEO, thus, at the end of the contract UOL DIVEO may be able to reconcile the amounts for calculation of possible compensation.

2. Hosting:

2.1 Definitions:

CLIENT’s Materials: means (a) any Web domain name made available by the CLIENT; (b) all Content of the Processing Environment; (c) any other information or material made available by the CLIENT to UOL DIVEO, including but not limited to all changes, expansions, work derived from such materials and executable programs.

Page 10 of 12

EXECUTION VERSION

The CLIENT hereby represents and warrants that it is the owner of or is authorized to use the CLIENT’s Materials; it represents and warrants also that the CLIENT’s Materials and the assignment of use rights to UOL DIVEO of such Materials do not infringe any law or regulation, including any rights of Third Parties.

Processing Environment: means any collection, delivered by the CLIENT to UOL DIVEO, of computer programs, multimedia, data files and other related items, including any intellectual property and CLIENT’s materials that might be contained in such programs and data files.

Content of the Processing Environment: means the materials, information and services contained, displayed, linked, framed, downloaded or accessed by or through a Processing Environment and links contained within such Processing Environment including, but not limited to: a) graphics, artwork, photographs, advertisements, other audio material or visual aids and links to or frames from other Web Sites; b) the content of any BBS (Bulletin Board System), chat forum or other communication service; c) any service provided by or through the Processing Environment; d) any material and information, including that described in subsections (a), (b) and (c) of this item, made available or displayed on or through the Processing Environment, through links or framed in other Processing Environments; and d) all updates, changes and other versions of any of the items above, including but not limited to changes made by users of the Processing Environment.

2.2 The CLIENT is solely responsible for the creation, provision, selection, accuracy, quality, reliability, transmissibility, suitability for use, ownership, updating and maintenance of all content hosted by UOL DIVEO.

2.3 It is also liable for any violation of security or loss of data that results from or through information, data or programs resulting from use of the content of the Processing Environment or of the Hardware and Software made available by UOL DIVEO in any way, including, but not limited, the receipt of viruses, debilitating codes or malicious devices that the CLIENT or users of the content of the Processing Environment or of the Hardware and Software supplied by UOL DIVEO may “download”, send or otherwise experience as a result of using such items, except if caused exclusively by employees of UOL DIVEO.

2.4 All Hardware and Software supplied by UOL DIVEO (computer equipment, server, server software, server peripherals and materials expressly related to the Purchase Order or Technical-Commercial Proposal) are the property of UOL DIVEO and the CLIENT will not acquire, for any reason, right of ownership or other rights in relation to the Hardware and Software provided by UOL DIVEO.

2.5 The CLIENT hereby grants UOL DIVEO, regardless of any payment, the right to use the CLIENT’s materials, exclusively for UOL DIVEO to carry out its obligations pursuant to this Agreement.

2.6 If the availability of software licenses is contracted for the use of the CLIENT itself or for the use of the CLIENT’s clients, the following clauses apply:

2.6.1 The CLIENT may not remove, modify or omit any notice of copyright, registered trademark or other notices of property rights that are contained in or appear on the licensed products.

2.6.2 The CLIENT may not reverse engineer, decompile, or disassemble the licensed products except to the extent that such activity is expressly permitted by applicable legislation.

2.6.3 The CLIENT disclaims liability, to the extent permitted by applicable legislation, of all warranties offered by the licensing company, its affiliates or suppliers for any direct, indirect or consequential damages arising from the availability of the software.

2.6.4 UOL DIVEO will provide support for the software contracted by the CLIENT.

2.6.5 The Products Licensed by UOL DIVEO with the licensing company are assigned, for use for the contracted period, for the restricted use of the CLIENT. All rights and ownership of the intellectual property relating to the licensed products and their component elements are the property of the licensing company and its suppliers. Licensed products are protected by copyright laws and international copyright treaties, as well as by other international intellectual property laws and treaties. The possession, access or use of the products licensed by the CLIENT does not transfer any ownership of the licensed products or any intellectual property rights

Page 11 of 12

EXECUTION VERSION

2.6.6 UOL DIVEO may supply the licensing company with the necessary information about the CLIENT to obtain and maintain the licenses.

2.6.7 The CLIENT is aware that the licensed products are not protected against failures. The products have not been designed or created to tolerate any situation where product failure could lead to death or serious personal injury or severe physical or environmental damage (“High Risk Use”). The CLIENT is not authorized to use the products in High Risk situations or in conjunction with high risk situations. High Risk Use is strictly prohibited. For example, High Risk Use includes: vessels or other mass human transportation, nuclear or chemical installations, and Class III medical equipment set forth in the Federal Food, Drug and Cosmetic Act. The CLIENT agrees not to use, distribute, or sublicense the use of the products in high risk situations or in conjunction with high risk situations.

2.6.8 The CLIENT shall maintain a copy of the End User License Terms with any equipment with a use license.

Page 12 of 12

Execution Version

Commercial Proposal

Hosting/APM – OPT-17/21629

Execution version

UOLDIVEO COMMERCIAL PROPOSAL – OPT-17/21629

Page: 2/12

To PagSeguro São Paulo, January 1, 2017.

Att.: ▇▇▇▇▇▇ ▇▇▇▇▇▇▇

Re.: UOLDIVEO Proposal – OPT-17/21629-A

In answer to your request, we present a technology integrated solution proposal to meet the needs of PAGSEGURO regarding IT infrastructure services.

We offer PAGSEGURO our experience in high quality services provided to the corporate market. We prepared this Proposal according to our commitment to offer the best solution to meet the business needs of PAGSEGURO.

We present below our technical proposal and thank you for this opportunity. We remain at your disposal for any clarifications.

Kind Regards,

/s/ ▇▇▇▇▇ ▇▇▇▇▇▇▇

▇▇▇▇▇ ▇▇▇▇▇▇▇

ACCOUNT EXECUTIVE

(▇▇▇) ▇▇▇▇-▇▇▇▇

(▇▇▇) ▇▇▇▇▇-▇▇▇▇

The information included herein is confidential and must not be published or disclosed without the prior written consent of UOLDIVEO.

Alameda ▇▇▇▇▇ ▇▇ ▇▇▇▇▇▇▇, ▇▇▇ - ▇▇▇ ▇▇▇▇▇ – SP ▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇.▇▇

Execution version

UOLDIVEO COMMERCIAL PROPOSAL – OPT-17/21629

Page: 3/12

Table of Contents
Non-Disclosure Agreement			4
Presentation			5
About UOLDIVEO			5
Portfolio of Services			6
UOLDIVEO’s Experience			8
Quality			9
Certifications			9
Customers			10
Commercial Conditions:			11
Considerations:			11

The information included herein is confidential and must not be published or disclosed without the prior written consent of UOLDIVEO.

Alameda ▇▇▇▇▇ ▇▇ ▇▇▇▇▇▇▇, ▇▇▇ - ▇▇▇ ▇▇▇▇▇ – SP ▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇.▇▇

Execution version

UOLDIVEO COMMERCIAL PROPOSAL – OPT-17/21629

Page: 4/12

Non-Disclosure Agreement

All information included herein is strictly confidential and is provided exclusively to technically describe UOLDIVEO solutions, as requested by PAGSEGURO, and it must not be used for any other purpose.

With regards to the services described herein, in the event PAGSEGURO chooses a provider other than UOLDIVEO, or does not choose a provider within 15 days from the date hereof, PAGSEGURO agrees to return all exclusive and confidential information to UOLDIVEO, including, but not limited to, this document. Moreover, PAGSEGURO will not use or disclose this information in any way to obtain an unfair business advantage for itself, its subsidiaries, affiliates or partners in future business opportunities in which it may, directly or indirectly, compete with UOLDIVEO.

PAGSEGURO will not publish or disclose this information, in full or in part, without the prior written consent of UOLDIVEO. A number of company and service names included herein are trademarks. All of them are recognized in this representation.

The information included herein is confidential and must not be published or disclosed without the prior written consent of UOLDIVEO.

Alameda ▇▇▇▇▇ ▇▇ ▇▇▇▇▇▇▇, ▇▇▇ - ▇▇▇ ▇▇▇▇▇ – SP ▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇.▇▇

Execution version

UOLDIVEO COMMERCIAL PROPOSAL – OPT-17/21629

Page: 5/12

Presentation

About UOLDIVEO

UOLDIVEO, a company of the UOL Group with over 17 years of experience, offers complete IT Outsourcing solutions for mission critical environments.

It has the biggest Data Center infrastructure in Brazil, the best and most flexible Business Cloud, and a wide range of managed services. All of this is supported by one of the largest certified technical teams in Brazil, standardized processes, and cutting-edge technology, which allow an IT Transformation approach, aimed at offering a fast, efficient, and business focused IT.

UOLDIVEO serviced more than 3,000 customers and has 1,500 employees with over 280 international certifications.

UOLDIVEO is headquartered in São Paulo and has offices in 7 Brazilian capitals.

Legend

17 anos Experiência ▇▇ ▇▇▇▇▇▇▇ = 17 years Market Experience

+ 3 mil Clientes = + 3,000 Customers

1.500 Colaboradores = 1,500 Employees

26 mil m2 Data Centers = 26,000 sq mt Data Centers

Rede Própria em 7 Cidades = Own Network in 7 Cities

15 Petabytes em Armazenamento = 15 Petabytes of Storage

Soluções Orientadas por Segmento ▇▇ ▇▇▇▇▇▇▇ = Solutions Developed by Market Segment

The information included herein is confidential and must not be published or disclosed without the prior written consent of UOLDIVEO.

Alameda ▇▇▇▇▇ ▇▇ ▇▇▇▇▇▇▇, ▇▇▇ - ▇▇▇ ▇▇▇▇▇ – SP ▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇.▇▇

Execution version

UOLDIVEO COMMERCIAL PROPOSAL – OPT-17/21629

Page: 6/12

Portfolio of Services

Our portfolio consists of complete and integrated solutions to meet a number of IT requirements from companies, awarding us our recognition as trusted advisors by our partners.

Legend

Exterior Circle; upper quadrant

SERVIÇOS GERENCIADOS = MANAGED SERVICES

GESTÃO DE WAN = WAN MANAGEMENT

GESTÃO DE REDES = NETWORK MANAGEMENT GESTÃO DE BACKUP = BACKUP MANAGEMENT GESTÃO DE STORAGE = STORAGE MANAGEMENT

GESTÃO DE BANCOS DE DADOS = DATABASE MANAGEMENT

GESTÃO DE SISTEMA OPERACIONAL = OPERATING SYSTEM MANAGEMENT

GESTÃO DE APLICAÇÕES = APPLICATION MANAGEMENT

GESTÃO DE MIDDLEWARE = MIDDLEWARE MANAGEMENT

GESTÃO DE PROJETOS E ESPECIALISTAS = PROJECT AND SPECIALIST MANAGEMENT

The information included herein is confidential and must not be published or disclosed without the prior written consent of UOLDIVEO.

Alameda ▇▇▇▇▇ ▇▇ ▇▇▇▇▇▇▇, ▇▇▇ - ▇▇▇ ▇▇▇▇▇ – SP ▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇.▇▇

Execution version

UOLDIVEO COMMERCIAL PROPOSAL – OPT-17/21629

Page: ▇/▇▇

▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇; left quadrant

E-COMMERCE SERVICES = E-COMMERCE SERVICES

MIDDLEWARE SERVICES = MIDDLEWARE SERVICES

CORE TECHNOLOGIES SERVICES = CORE TECHNOLOGIES SERVICES

SOLUÇÕES PARA NEGÓCIO = BUSINESS SOLUTIONS

Exterior Circle; right quadrant

GOVERNANÇA DE TI = IT GOVERNANCE

ARQUITETURA DE TI = IT ARCHITECTURE

ENGENHARIA DE SOFTWARE = SOFTWARE ENGINEERING

CONSULTORIA = CONSULTING SERVICES

Exterior Circle; lower quadrant

SERVIÇOS À APLICAÇÃO = APPLICATION SERVICES

STRESS TEST = STRESS TEST

OTIMIZAÇÃO DE PERFORMANCE = PERFORMANCE OPTIMIZATION

MONITORAMENTO DE PERFORMANCE = PERFORMANCE MONITORING

TESTES FUNCIONAIS = FUNCTIONAL TESTING

▇^▇▇ ▇▇▇▇▇ ▇▇▇▇▇▇; left side

SERVIÇOS DE SEGURANÇA = SECURITY SERVICES

VULNERABILITY SCAN = VULNERABILITY SCAN

SMART CORRELATION = SMART CORRELATION

DDOS PROTECTION = DDOS PROTECTION

WEB APPLICATION FIREWALL = WEB APPLICATION FIREWALL

BRAND PROTECTION = BRAND PROTECTION

▇^▇▇ ▇▇▇▇▇ ▇▇▇▇▇▇; right side

PLATAFORMA E SOFTWARE = PLATFORM AND SOFTWARE

SERVIÇOS DE PAGAMENTOS = PAYMENT SERVICES

PIN PAD = PIN PAD

AUTOMAÇÃO E CONTROLE = AUTOMATION AND CONTROL

PREVENÇÃO À FRAUDE = FRAUD PREVENTION

EXCHANGE = EXCHANGE

WEBFILTER = WEBFILTER

Innermost Circle; upper half

DATACENTER = DATACENTER

COLOCATION = COLOCATION CENTER

SERVIÇOS COMPARTILHADOS = SHARED SERVICES

HOSTING = HOSTING

Innermost Circle; lower half

MPLS = MPLS

LAN TO LAN = LAN TO LAN

INTERNET = INTERNET

The information included herein is confidential and must not be published or disclosed without the prior written consent of UOLDIVEO.

Alameda ▇▇▇▇▇ ▇▇ ▇▇▇▇▇▇▇, ▇▇▇ - ▇▇▇ ▇▇▇▇▇ – SP ▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇.▇▇

Execution version

UOLDIVEO COMMERCIAL PROPOSAL – OPT-17/21629

Page: 8/12

UOLDIVEO’s Experience

We are a leading Brazilian company in IT Outsourcing. We are supported by a solid group with strong experience in the Brazilian market. In addition, we have experience in the management of mission critical and high-volume environments and offer robustness and agility in our operations.

Servicing and Operations:

☐ +2.2 billion security events

☐ +6,300 firewalls

☐ +169,000 security rules

☐ monitoring +500,000 infrastructure active elements

☐ +14 million active mail boxes

☐ +400,000 internet domain names

☐ +7,000 database instances

Backbone:

☐ + 200 Gbps in traffic capability

☐ + 1,800 points of presence

☐ + 3.7 million e-commerce transactions/month

☐ 70,000 simultaneous streaming sections/second

☐ 7 billion page views/month

☐ +34 million one-time visitors

Data Center:

☐ + 15PBytes of stored data, equivalent to +3 million hours of HD movies

The information included herein is confidential and must not be published or disclosed without the prior written consent of UOLDIVEO.

Alameda ▇▇▇▇▇ ▇▇ ▇▇▇▇▇▇▇, ▇▇▇ - ▇▇▇ ▇▇▇▇▇ – SP ▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇.▇▇

Execution version

UOLDIVEO COMMERCIAL PROPOSAL – OPT-17/21629

Page: 9/12

Quality

Through IT service management best practices, we prepare continuous improvement plans aiming at business maintenance and satisfaction of our employees and customers.

Accordingly, we developed out processes based on ISO/IEC 27001, ISAE 3402 (SAS 70), ISO 20000:2011, PCI requirements and ITIL v3 and CobiT methodologies.

Certifications

The information included herein is confidential and must not be published or disclosed without the prior written consent of UOLDIVEO.

Alameda ▇▇▇▇▇ ▇▇ ▇▇▇▇▇▇▇, ▇▇▇ - ▇▇▇ ▇▇▇▇▇ – SP ▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇.▇▇

Execution version

UOLDIVEO COMMERCIAL PROPOSAL – OPT-17/21629

Page: 10/12

Customers

We have a solid portfolio of customers:

☐ 250 among the top 500 companies in Brazil;

☐ 3 biggest airline companies in Brazil;

☐ 7 among the top 10 retail companies in Brazil (90% of big e-commerce companies);

☐ 6 biggest operators of mobile phones in Brazil;

☐ 3 among the top 4 education groups in Brazil;

☐ 6 among the top 10 contact centers in Brazil;

☐ 3 among the top 5 purchasers in Brazil;

☐ 6 among the top 10 real estate groups in Brazil;

☐ 3 among the top 4 cosmetic companies in Brazil;

☐ 2 among the top 3 chemical companies in Brazil;

☐ more than 100 companies of the financial segment.

The information included herein is confidential and must not be published or disclosed without the prior written consent of UOLDIVEO.

Alameda ▇▇▇▇▇ ▇▇ ▇▇▇▇▇▇▇, ▇▇▇ - ▇▇▇ ▇▇▇▇▇ – SP ▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇.▇▇

CONFIDENTIAL TREATMENT REQUESTED

Execution version

UOLDIVEO COMMERCIAL PROPOSAL – OPT-17/21629

Page: 11/12

Commercial Conditions:

Description of Services
Refers to services described in the OPT-17/21629-A Technical Proposal		Monthly fee for an engagement period of 60 months Including taxes
Hosting		[*****]
APM – Dynatrace		[*****]
TOTAL		[*****]

Considerations:

• expiration of the proposal: 15 business days. After this period, if the CUSTOMER does not return this proposal duly signed to UOLDIVEO, the terms and conditions provided herein may be reviewed by UOLDIVEO;

• taxes and tax rates will be charged pursuant to applicable law:

• Telecom services: PIS, COFINS, and ICMS apply (as applicable to each region);

• Data Center Solution services, Managed Services, Software Services, Application Services, and/or Security Management Services: ISS, PIS, and COFINS apply, according to the type of service;

• Internet access provider services and Cloud services: PIS and COFINS apply.

• any changes in tax rates or tax calculation basis on the value of services provided hereunder, as well as the creation of any taxes as of the date hereof, even if arising out of the cancellation of a tax exemption, will result in an adjustment to the prices offered (representing a price increase or decrease), according to the relevant change;

• noncompliance with the obligations set forth in the Technical and Commercial Proposals by the CUSTOMER, resulting in delays in the originally proposed schedule, does not exempt the CUSTOMER from timely complying with its other obligations, primarily those regarding the amounts payable;

• monthly fees will be invoiced as follows:

The information included herein is confidential and must not be published or disclosed without the prior written consent of UOLDIVEO.

Alameda ▇▇▇▇▇ ▇▇ ▇▇▇▇▇▇▇, ▇▇▇ - ▇▇▇ ▇▇▇▇▇ – SP ▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇.▇▇

[*****] Confidential material redacted and filed separately with the Securities and Exchange Commission.

Execution version

UOLDIVEO COMMERCIAL PROPOSAL – OPT-17/21629

Page: 12/12

• the first (1^st) installment will be invoiced on a pro rata basis and will be payable on the 10^th day of the month following the delivery of the contracted Solution, in full or in part, to be agreed by the Parties;

• the second (2^nd) installment, as well as the other instalments that become due until the expiration of the Agreement, will be invoiced by the 20^th day, payable on the 2^nd day of the following month;

• the monthly payments for products with variable fees may vary, according to the effective consumption of resources listed and amounts provided in the Commercial Proposal.

• this proposal does not include local cross-connection costs with Third-party Operators;

• the items contracted hereunder may be available according to third-party supply or our own inventory, which may result in partial deliveries. In the event of partial deliveries, the relevant acceptance terms must be approved by the CUSTOMER to be included in the invoice;

• in the event more licenses are required to be provided by UOL DIVEO (due to an increase in the number of users, change of license and/or increase in the number of CPUs) and/or change in software version (based on functionalities and/or version upgrade, if not included in the maintenance agreement), the relevant amounts will be added to the monthly fee of the subsequent month;

• any reinstallation of servers, operating systems or databases upon the request of the CUSTOMER as a result of application failure may be included in an additional commercial proposal.

The information included herein is confidential and must not be published or disclosed without the prior written consent of UOLDIVEO.

Alameda ▇▇▇▇▇ ▇▇ ▇▇▇▇▇▇▇, ▇▇▇ - ▇▇▇ ▇▇▇▇▇ – SP ▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇.▇▇

EXECUTION VERSION

Technical Proposal

Hosting – Tamboré DTC & Licensing Service and Dynatrace

support - RUXIT

EXECUTION VERSION

TECHNICAL PROPOSAL UOLDIVEO-OPT-17/21629-A

Page: 2/32

São Paulo, January 01, 2017.

To

PAGSEGURO INTERNET LTDA

Regarding the UOLDIVEO (OPT-17/21629-A) Proposal

In response to your request, we present a proposal for an integrated technology solution to meet the expectations of PAGSEGURO INTERNET LTDA in relation to IT infrastructure services.

We place at PAGSEGURO INTERNET LTDA’s disposal our experience in providing excellent quality services to the corporate market. We have developed this Proposal with the commitment to offer a solution that most adheres to the business needs of PAGSEGURO INTERNET LTDA.

We are grateful for the opportunity and remain at your entire disposal for any clarification that may be necessary.

Sincerely,

/s/ Paulo ▇▇▇▇▇▇ Nova ▇▇▇▇▇▇▇▇▇

▇▇▇▇▇ ▇▇▇▇▇▇ Nova ▇▇▇▇▇▇▇▇▇

Solution Architect

The information contained in this document is confidential and may not be published or disclosed without the prior written permission of UOLDIVEO.

▇▇▇ ▇▇▇▇▇▇▇ ▇▇▇▇▇▇ ▇▇▇. São Paulo-SP. CEP 04530-030. ▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇.▇▇

EXECUTION VERSION

TECHNICAL PROPOSAL UOLDIVEO-OPT-17/21629-A

Page: 3/32

Summary

Summary			3
Confidentiality Agreement			5
Presentation			6
About UOLDIVEO			6
Portfolio of Services			7
About Multicloud			8
UOLDIVEO is Multicloud			8
UOLDIVEO’s Experience			9
Quality			10
Certifications			10
Partners			11
Clients:			11
Introduction			12
Objective			12
Preliminary Instructions:			13
Dynatrace RUXIT licensing service			13
Considerations for the Dynatrace RUXIT Licensing Service			13
Datacenter hosting service			13
UOLDIVEO SCALE STORAGE			13
Considerations for the Proposal:			15
Responsibilities:			16
Annex – SLA (Service Level Agreements):			17
Annex – Datacenter Hosting Service			18
UOLDIVEO SCALE BACKUP:			18

The information contained in this document is confidential and may not be published or disclosed without the prior written permission of UOLDIVEO.

▇▇▇ ▇▇▇▇▇▇▇ ▇▇▇▇▇▇ ▇▇▇. São Paulo-SP. CEP 04530-030. ▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇.▇▇

EXECUTION VERSION

TECHNICAL PROPOSAL UOLDIVEO-OPT-17/21629-A

Page: 4/32

UOLDIVEO FILESYSTEM SCALE BACKUP:			18
UOLDIVEO APPLICATION SCALE BACKUP:			18
Characteristics:			19
Service Levels:			21
Validation of contracted franchise:			22
Annex – Infrastrucutre: Tamboré UOLDIVEO Data Center			23
General Aspects:			23
Redundant Electrical Energy System:			23
Redundant climatization system:			24
Fire detection and prevention system:			26
Physical Security:			26
Monitoring Center:			27
Annex – Infrastructure: Glete UOLDIVEO Data Center			27
General Aspects:			27
Access Control System:			28
Fire Detection and Fighting System:			29
Physical Infrastrucutre for Racks and Cages:			29
Electrical System:			30
Refrigeration System:			31
Monitoring Center:			32

The information contained in this document is confidential and may not be published or disclosed without the prior written permission of UOLDIVEO.

▇▇▇ ▇▇▇▇▇▇▇ ▇▇▇▇▇▇ ▇▇▇. São Paulo-SP. CEP 04530-030. ▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇.▇▇

EXECUTION VERSION

TECHNICAL PROPOSAL UOLDIVEO-OPT-17/21629-A

Page: 5/32

Confidentiality Agreement

All the information contained in this document is strictly confidential and is provided for the sole purpose of technically describing UOLDIVEO solutions at the request of PAGSEGURO INTERNET LTDA, and shall not be used for any other purpose.

With respect to the services described herein, if PAGSEGURO INTERNET LTDA chooses a supplier other than UOLDIVEO, or if it does not select any supplier within 15 days from the date of this proposal, PAGSEGURO INTERNET LTDA hereby agrees to return all UOLDIVEO’s exclusive and confidential information, including but not limited to this document, and will not use nor disclose this information in any way in order to gain an unfair business advantage for itself, its subsidiaries, associations or partners in any way, for future business opportunities in which it may be directly or indirectly competing with UOLDIVEO.

PAGSEGURO INTERNET LTDA will not publish nor disclose this information, in whole or in part, without the prior written permission of UOLDIVEO. Many of the service and business names mentioned in this document are registered trademarks. All of them are recognized through this declaration.

The information contained in this document is confidential and may not be published or disclosed without the prior written permission of UOLDIVEO.

▇▇▇ ▇▇▇▇▇▇▇ ▇▇▇▇▇▇ ▇▇▇. São Paulo-SP. CEP 04530-030. ▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇.▇▇

EXECUTION VERSION

TECHNICAL PROPOSAL UOLDIVEO-OPT-17/21629-A

Page: 6/32

Presentation

About UOLDIVEO

UOLDIVEO, a UOL Group company with more than 17 years of experience, has complete IT Outsourcing solutions to meet mission critical environments.

It has the largest Data Center infrastructure in the country, the best and most flexible Corporate Cloud, in addition to a wide range of managed services. All supported by one of the country’s largest certified technical bodies, standardized processes and cutting edge technology that enable an IT Transformation approach aiming to deliver IT with speed, efficiency and a focus on the business.

There are more than 3 thousand clients served and 1500 employees with more than 280 international certifications.

UOLDIVEO is headquartered in São Paulo with a presence in 7 Brazilian capitals.

The information contained in this document is confidential and may not be published or disclosed without the prior written permission of UOLDIVEO.

▇▇▇ ▇▇▇▇▇▇▇ ▇▇▇▇▇▇ ▇▇▇. São Paulo-SP. CEP 04530-030. ▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇.▇▇

EXECUTION VERSION

TECHNICAL PROPOSAL UOLDIVEO-OPT-17/21629-A

Page: 7/32

Portfolio of Services

Our portfolio is composed of complete and integrated solutions that meet the most diverse needs of IT companies, making us trusted advisors of our partners.

The information contained in this document is confidential and may not be published or disclosed without the prior written permission of UOLDIVEO.

▇▇▇ ▇▇▇▇▇▇▇ ▇▇▇▇▇▇ ▇▇▇. São Paulo-SP. CEP 04530-030. ▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇.▇▇

EXECUTION VERSION

TECHNICAL PROPOSAL UOLDIVEO-OPT-17/21629-A

Page: 8/32

About Multicloud

In recent years, companies with typically digital characteristics are changing the traditional markets, providing new experiences for clients. While established companies have to deal with traditional systems, processes and methodologies, they are at the same time under pressure to adapt, be innovative and agile. Driven by the “Internet of Things” and Big Data, companies will undergo a transformation that will make the largest part of the business digital and the technological basis of this transformation is precisely Cloud Computing. But before making the decision to take workloads to the clouds it must be kept in mind that:

“There is no single cloud for all applications and not every application consumes any cloud”

Therefore, a Multicloud approach, where companies use clouds with different technologies and characteristics, is so important.

UOLDIVEO is Multicloud

At UOLDIVEO, companies can rely on the services of leading players in the public cloud market, such as AWS, Microsoft Azure, VMWare and OpenStack, as well as Private Cloud offers on OpenStack and VMWare and also Virtual Data Center with Virtustream technology.

All these technologies and an extensive service layer, which starts with the analysis of the application characteristics and recommendation of the appropriate cloud, up to cloud use management and improvement services, make UOLDIVEO Multicloud the right way to go about the digital transformation of companies.

For us, Multicloud is more than offering alternative hardware, software, infrastructure or an access panel to different public clouds. It is being close to the client in order to understand their challenges and appropriately form a solution that meets the needs of each application, within a differentiated service context that allows the support to grow our clients business.

The information contained in this document is confidential and may not be published or disclosed without the prior written permission of UOLDIVEO.

▇▇▇ ▇▇▇▇▇▇▇ ▇▇▇▇▇▇ ▇▇▇. São Paulo-SP. CEP 04530-030. ▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇.▇▇

EXECUTION VERSION

TECHNICAL PROPOSAL UOLDIVEO-OPT-17/21629-A

Page: 9/32

UOLDIVEO’s Experience

We are the leading Brazilian IT Outsourcing company. We have a solid group with strong experience in the domestic market, experience in management of mission critical environments and high volume, in addition to robustness and speed in our operations.

Service and Operations:

☐ +2.2 Billlion security events

☐ +6,300 firewalls

☐ +169,000 security rules

☐ Monitoring of +500,000 active elements of infrastructure

☐ +14 million active mailboxes

☐ +400,000 internet domains

☐ +7,000 instances of databases

Backbone:

☐ + 200 Gbps traffic capacity

☐ + 1,800 points of presence

☐ + 3.7 million e-commerce transactions/month

☐ 70,000 simultaneous sections/second of streaming

☐ 7 Billion page views/month

☐ +34 million unique visitors

Data Center:

☐ + 15PBytes of stored data which is equivalent to +3 million hours of HD film

The information contained in this document is confidential and may not be published or disclosed without the prior written permission of UOLDIVEO.

▇▇▇ ▇▇▇▇▇▇▇ ▇▇▇▇▇▇ ▇▇▇. São Paulo-SP. CEP 04530-030. ▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇.▇▇

EXECUTION VERSION

TECHNICAL PROPOSAL UOLDIVEO-OPT-17/21629-A

Page: 10/32

Quality

Through best practices in IT service management, we carry out continuous improvement plans aimed at maintaining both the business and the satisfaction of our employees and clients.

In order to do this, we have developed our processes based on the requirements of ISO/IEC 27001, ISAE 3402 (SAS 70), ISO 20000: 2011, PCI, SOX, and ITIL v3 and CobiT methodologies.

Certifications

☑ COMPANY:

Focusing on Security, Quality, Performance and Reliability, it has the following certifications:

☑ PROFESSIONALS:

Highly qualified and certified professionals to provide high quality services:

The information contained in this document is confidential and may not be published or disclosed without the prior written permission of UOLDIVEO.

▇▇▇ ▇▇▇▇▇▇▇ ▇▇▇▇▇▇ ▇▇▇. São Paulo-SP. CEP 04530-030. ▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇.▇▇

EXECUTION VERSION

TECHNICAL PROPOSAL UOLDIVEO-OPT-17/21629-A

Page: 11/32

Partners

To meet the needs of our clients, we offer solutions for their business. In order to do this we have several technological partnerships of which the following are highlighted:

Clients:

We have a solid portfolio of clients:

☐ 250 of the 500 largest companies in Brazil;

☐ the 3 largest airlines in Brazil;

☐ 7 of the 10 largest retail companies in Brazil (90% of the big e-commerces);

☐ the 6 largest mobile telephone operators in Brazil;

☐ 3 of the 4 largest education groups in Brazil;

☐ 6 of the 10 largest contact center companies in Brazil;

☐ 3 of the 5 largest purchasers in Brazil;

☐ 6 of the 10 largest real estate groups in Brazil;

☐ 3 of the 4 largest cosmetic industries in Brazil;

☐ 2 of the 3 largest chemical industries in Brazil;

The information contained in this document is confidential and may not be published or disclosed without the prior written permission of UOLDIVEO.

▇▇▇ ▇▇▇▇▇▇▇ ▇▇▇▇▇▇ ▇▇▇. São Paulo-SP. CEP 04530-030. ▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇.▇▇

EXECUTION VERSION

TECHNICAL PROPOSAL UOLDIVEO-OPT-17/21629-A

Page: 12/32

Introduction

Objective

To present the UOLDIVEO service bases of Hosting and Licensing Services and Dynatrace Support - Ruxit for PAGSEGURO INTERNET LTDA.

This proposal replaces the terms and conditions of the proposal previously in force, becoming, therefore, the new reference for scope, terms and conditions for the operation of Hosting and Licensing Services and Dynatrace Support – Ruxit for PAGSEGURO INTERNET LTDA.

The information contained in this document is confidential and may not be published or disclosed without the prior written permission of UOLDIVEO.

▇▇▇ ▇▇▇▇▇▇▇ ▇▇▇▇▇▇ ▇▇▇. São Paulo-SP. CEP 04530-030. ▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇.▇▇

EXECUTION VERSION

TECHNICAL PROPOSAL UOLDIVEO-OPT-17/21629-A

Page: 13/32

Preliminary Instructions:

This proposal includes the solution of services managed by UOLDIVEO called Hosting, which constitutes the supply of services, equipment and software, managed and administered by UOLDIVEO, as specified in the item Datacentre hosting service.

Dynatrace RUXIT licensing service

This proposal consists of the supply of Dynatrace Ruxit license and support in accordance with the items below:

• Full monitoring of up to 30 (thirty) HOSTS in production at UOL DIVEO’s Datacenter, designated for use by the final client PAGSEGURO;

• Dynatrace Premium support, standard service;

• Up to 500,000 real user sessions;

• Up to 200,000 Web checks.

Considerations for the Dynatrace RUXIT Licensing Service

• UOLDIVEO’s operation is restricted to the supply of the Licensing presented in this proposal.

• Any elements, inputs or activities that are not explicitly specified are not part of the scope and, if necessary, must be contracted additionally or supplied / executed directly by PAGSEGURO INTERNET LTDA.

• Requests for a change in the initial project scope shall be evaluated jointly between UOLDIVEO and PAGSEGURO INTERNET LTDA and will be subject to additional execution costs and deadlines.

Datacenter hosting service

UOLDIVEO SCALE STORAGE

Service scope:

The UOLDIVEO SCALE STORAGE product consists of supplying storage areas in UOLDIVEO Shared Storages. The offer can be delivered in a Storage Area Network (SAN) for the Flash, High-End or Midrange options or Network Attached Storage (NAS).

The information contained in this document is confidential and may not be published or disclosed without the prior written permission of UOLDIVEO.

▇▇▇ ▇▇▇▇▇▇▇ ▇▇▇▇▇▇ ▇▇▇. São Paulo-SP. CEP 04530-030. ▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇.▇▇

EXECUTION VERSION

TECHNICAL PROPOSAL UOLDIVEO-OPT-17/21629-A

Page: 14/32

Here, PAGSEGURO INTERNET LTDA has the possibility to storing its data in a secure, scalable, flexible way, provisioned according to its needs and without the need for investment in dedicated equipment.

The following modalityof UOLDIVEO SCALE STORAGE has been offered:

UOLDIVEO HIGH-END SCALE STORAGE:

• Product for mission-critical, extremely high-performance applications that demand the highest levels of service for availability and performance;

• Recommended for environments requiring a high IOPS index, such as databases, for example;

• Delivers up to 3000 IOPS per Tbytes of data allocated in LUN;

The following elements were considered for this modality:

• Connection with the physical servers of PAGSEGURO INTERNET LTDA:

• Total volume of 21.5 useful Tbytes;

UOLDIVEO SCALE BACKUP:

This technical proposal includes the following modality(ies) of UOLDIVEO SCALE BACKUP:

• UOLDIVEO FILESYSTEM SCALE BACKUP:

• Scope: Service included for 04 physical servers;

• Type of Backup: File System of operational system and files;

• Sessions: Full weekly (with storage for up to 30 days) and incremental daily (with storage for up to 30 days);

• Total Quantity of Data: up to 05 Tbytes backup to be divided among all servers serviced by this backup mode.

• Special Retention:

• In this proposal the retention for 24 months for a volume of 05TB was included. This retention applies to the monthly backup, in addition to the standard retention of the UOLDIVEO SCALE BACKUP product.

The information contained in this document is confidential and may not be published or disclosed without the prior written permission of UOLDIVEO.

▇▇▇ ▇▇▇▇▇▇▇ ▇▇▇▇▇▇ ▇▇▇. São Paulo-SP. CEP 04530-030. ▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇.▇▇

EXECUTION VERSION

TECHNICAL PROPOSAL UOLDIVEO-OPT-17/21629-A

Page: 15/32

Considerations for the Proposal:

• All windows for the execution of changes, requisitions or any types of action that imply unavailability will be previously communicated and agreed with PAGSEGURO INTERNET LTDA;

• PAGSEGURO INTERNET LTDA will be fully responsible for the availability of all hardware/software resources necessary to execute the service, except for the resources owned by UOLDIVEO;

• When necessary, PAGSEGURO INTERNET LTDA must ensure that professionals are available and able to support the activities inherent to the solution contracted and described in this proposal.

• UOLDIVEO reserves the right to change any type of supplier, brand, or software version of products used in its standard portfolio of services without adversely affecting the services of PAGSEGURO INTERNET LTDA for matters of technological updating or adaptation to market standards. UOLDIVEO is responsible for communicating in advance any type of change in its environment;

The information contained in this document is confidential and may not be published or disclosed without the prior written permission of UOLDIVEO.

▇▇▇ ▇▇▇▇▇▇▇ ▇▇▇▇▇▇ ▇▇▇. São Paulo-SP. CEP 04530-030. ▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇.▇▇

EXECUTION VERSION

TECHNICAL PROPOSAL UOLDIVEO-OPT-17/21629-A

Page: 16/32

Responsibilities:

☑ UOLDIVEO’s RESPONSIBILITIES:

• Supply the information and technical clarification requested by PAGSEGURO INTERNET LTDA on the execution of the services;

• Have access to the installations of the environments that are the subject matter of this proposal only with the knowledge and authorization supplied by PAGSEGURO INTERNET LTDA

• Issue, in the due terms, all documents that are its responsibility;

☑ PAGSEGURO INTERNET LTDA’s RESPONSIBILTIES

• Any item that comes to be altered or included will be the subject of an additional commercial proposal;

• Supply authorization to access its installations when necessary to execute the scope of activities in this proposal;

• Supply in a timely manner, when it is its responsibility, the data and clarification requested by UOLDIVEO;

• Make available to UOLDIVEO the technical information about managed environment devices, including manuals, plans and data on previously executed services;

• Make a focal point available capable of supplying environmental information necessary for the execution of the activities contained in the schedule presented in this document;

The information contained in this document is confidential and may not be published or disclosed without the prior written permission of UOLDIVEO.

▇▇▇ ▇▇▇▇▇▇▇ ▇▇▇▇▇▇ ▇▇▇. São Paulo-SP. CEP 04530-030. ▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇.▇▇

EXECUTION VERSION

TECHNICAL PROPOSAL UOLDIVEO-OPT-17/21629-A

Page: 17/32

Annex – SLA (Service Level Agreements):

UOLDIVEO is committed to fully complying with the SLA commitments by supplying redundancy and diversity in every aspect. All UOLDIVEO infrastructure equipment is implemented with redundancy for maximum availability.

We work with the following indicators of annual availability, evaluated monthly for credit purposes:

• Infrastructure available 99.9% of time;

The following average repair times, Mean Time to Recovery (MTTR), will be considered:

Type of Impact		Severity				Mean Time to Recovery (MTTR)
•    Availability of the services totally affected (completely unavailable); •    All or most users are unable to operate; •    Risk of loss of physical security of the Data Center environment; •    Detection of attack or invasion of the environment* •    Risk of fraud or breach of confidential information *.			P1				4 hours
•    Availability of the services partially affected; •    A considerable number of users are having difficulty operating; •    Customer environment degraded or with intermittent drops; •    Partially unavailable link access*.			P2				12 hours
•    Degradation of services without unavailability (degradation of quality); •    A very small number of users with difficulty to operate or consult information; •    A group of clients unable to use some non-critical function.			P3				24 hours
•    Requests for non-critical technical support; •    Requests for information or non-strategic or critical activities; •    Request for occasional reports for verification.			P4				96 hours

* When applicable.

Other information related to the SLA is included in the Service Level Annex which is an integral part of the contract.

The information contained in this document is confidential and may not be published or disclosed without the prior written permission of UOLDIVEO.

▇▇▇ ▇▇▇▇▇▇▇ ▇▇▇▇▇▇ ▇▇▇. São Paulo-SP. CEP 04530-030. ▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇.▇▇

EXECUTION VERSION

TECHNICAL PROPOSAL UOLDIVEO-OPT-17/21629-A

Page: 18/32

Annex – Datacenter Hosting Service

UOLDIVEO SCALE BACKUP:

The UOLDIVEO SCALE BACKUP solution aims to protect your company’s data using a robust, redundant and secure backup infrastructure, the data copy of which is stored efficiently and it is possible to make information available quickly in cases of physical or logical corruption.

UOLDIVEO SCALE BACKUP uses the latest in technology, using proven backup tools such as Symantec Netbackup, disk-stored deduplication features and automatic replication of backup data between the UOLDIVEO Datacenters, which provides our clients with backup of large masses of data in minimized windows, in addition to providing faster and more reliable data restoration.

One of UOLDIVEO SCALE BACKUP’s key differentiators is the automatic replication of backup data between the Glete and Tamboré UOLDIVEO Datacenters and vice versa. Thus all backups made on our UOLDIVEO SCALE BACKUP infrastructure are automatically sent to external storage, since our Datacenters are located geographically at a distance of approximately 20 kilometers. Hence, our clients can use our backup product as a “cold’ Disaster Recovery tool, that is, it is possible to restore the data directly to servers allocated in a Datacenter unlike that contracted as a production environment.

UOLDIVEO FILESYSTEM SCALE BACKUP:

A backup solution intended for data protection of files and directories, including attributes and other file system metadata. Through the UOLDIVEO FILESYSTEM SCALE BACKUP product it is possible to make backups of open files (Open File) and also of Microsoft Active Directory.

Approved operational systems:

✓ Microsoft Windows Server 2003, 2008 or 2012;

✓ Linux Distributions:

• Enterprise Red Hat 5 or 6;

• SUSE Enterprise 10;

• CENTOS 5;

✓ Unix:

• AIX 6;

• Oracle Solaris 9 or 10.

UOLDIVEO APPLICATION SCALE BACKUP:

Backup solution that provides integration with various technologies and application and database APIs, providing backup without interruptions.

The UOLDIVEO APPLICATION SCALE BACKUP makes backups of applications and databases online, that is, it has functionalities in the management of LOGS and in pausing them for the full copying of the data without any unavailability occurring.

The information contained in this document is confidential and may not be published or disclosed without the prior written permission of UOLDIVEO.

▇▇▇ ▇▇▇▇▇▇▇ ▇▇▇▇▇▇ ▇▇▇. São Paulo-SP. CEP 04530-030. ▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇.▇▇

EXECUTION VERSION

TECHNICAL PROPOSAL UOLDIVEO-OPT-17/21629-A

Page: 19/32

Approved Applications:

✓ APPLICATION:

• Microsoft Exchange Server 2007, 2010 or 2013:

• Microsoft Office Sharepoint Server 2007, 2010 or 2013;

• SAP 6 and 7 ( Via agent only with Oracle Database);

✓ DATABASE:

• MS SQLStandard/Enterprise/Datacenter 2005, 2008 or 2012;

• Oracle Standard/Enterprise 9i, 10g or 11g.

Characteristics:

Each UOLDIVEO SCALE BACKUP product has its own characteristics in order to optimize the technologies used for each backup need.

✓ Restoration:

All UOLDIVEO SCALE BACKUP products include as standard the restoration of data in the event of total loss of a server.

The following table lists the types of granularity enabled for each product: UOLDIVEO SCALE BACKUP in accordance with the installed system:

UOLDIVEO FILESYSTEM SCALE BACKUP

Type		Type of restoration
Operational System		System State (only Microsoft Windows)
MS Active Directory		Granular or complete restoration of the Active Directory
File System		Files and directories

UOLDIVEO HYPERVISOR SCALE BACKUP

Type		Type of restoration
VM¹ Microsoft Windows		VM¹ Complete or granular restoraton of files/directories
VM¹ Linux		VM¹ Complete or granular restoraton of files/directories
¹        Virtual Machine

The information contained in this document is confidential and may not be published or disclosed without the prior written permission of UOLDIVEO.

▇▇▇ ▇▇▇▇▇▇▇ ▇▇▇▇▇▇ ▇▇▇. São Paulo-SP. CEP 04530-030. ▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇.▇▇

EXECUTION VERSION

TECHNICAL PROPOSAL UOLDIVEO-OPT-17/21629-A

Page: 20/32

UOLDIVEO APPLICATION SCALE BACKUP

Type		Type of restoration
MS Exchange Server¹		Mailbox Store, user or email/user’s folder.
MS Sharepoint Server¹		Granular or complete restoration of objects.
SAP		Complete database
Databases		Complete database
¹   Without support for granular restoration in the 2013 version;

If PAGSEGURO INTERNET LTDA needs point-in-time restorations, UOLDIVEO provides up to 1 monthly point-in-time restoration (non-cumulative) for every environment.

The area for data restoration (movement area) is the responsibility of PAGSEGURO INTERNET LTDA. If PAGSEGURO INTERNET LTDA needs an area for data restoration, it may contract one through the UOLDIVEO Service Desk or Account Manager.

One of the differentials of the UOLDIVEO SCALE BACKUP product is the automatic replication of backup data between the UOLDIVEO GLETE and TAMBORÉ Datacenters (Cross-Backup), in this way the data can be restored in a UOLDIVEO Datacenter different from the one contracted.

To perform this procedure, PAGSEGURO INTERNET LTDA will need to have contracted the server infrastructure in the UOLDIVEO Datacenter different from the one used as the production environment.

Ö Retention:

UOLDIVEO FILESYSTEM SCALE BACKUP

Type		Policy		Standard Retention
Operational System / File System		Daily Incremental		30 days
		Weekly Full		30 days
UOLDIVEO HYPERVISOR SCALE BACKUP
Type		Policy		Standard Retention
Virtual Machine		Daily Incremental		30 days
		Weekly Full		30 days

The information contained in this document is confidential and may not be published or disclosed without the prior written permission of UOLDIVEO.

▇▇▇ ▇▇▇▇▇▇▇ ▇▇▇▇▇▇ ▇▇▇. São Paulo-SP. CEP 04530-030. ▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇.▇▇

EXECUTION VERSION

TECHNICAL PROPOSAL UOLDIVEO-OPT-17/21629-A

Page: 21/32

UOLDIVEO APPLICATION SCALE BACKUP
Type		Policy		Standard Retention
Database/APPLICATION		Daily Full		30 days
ArchivedLog/ TLog		Greater or equal 2/2 hours		30 days

Service Levels:

For the UOLDIVEO SCALE BACKUP product, standard SLO (Service Level Objective) amounts are used. These amounts apply to the “Window x Backup” amounts presented above and to the RTOs.

RTOs:

The table below (Standard RTO Tab) presents the volumes that can be recovered in the standard windows. For volumes greater than those displayed in the second column, add one (1) hour to the RTO target for each additional block, which can be verified in the fourth column of the table, in accordance with the respective contracted plan.

Product		Volume to be Recovered (GB) Within the  RTO1,2				RTO (hours) —Target1,2				Volume (GB) Incr./Additional hour2
FILESYSTEM			500				12				83.3
HYPERVISOR			500				12				83.3
APPLICATION			500				12				83.3
StandardRTOTab – Standard RTO Table

¹  Valid for disaster cases and start of service P1

² There may be restrictions/limitations when there is a large quantity of files (Approximately 300,000 files per server with a limit of 5,000 per folder), volumes using NAS, backups of virtual environments or using encryption.

The information contained in this document is confidential and may not be published or disclosed without the prior written permission of UOLDIVEO.

▇▇▇ ▇▇▇▇▇▇▇ ▇▇▇▇▇▇ ▇▇▇. São Paulo-SP. CEP 04530-030. ▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇.▇▇

EXECUTION VERSION

TECHNICAL PROPOSAL UOLDIVEO-OPT-17/21629-A

Page: 22/32

SLO: For UOLDIVEO SCALE BACKUP product services the following targets will be used as reference:

Description		Annual Target1
Backup Jobs executed		95%
Successful Restorations		95%
Restorations with the RTO		95%
SLOTab – SLO Table

¹  Excluding environments with requisitions/changes that may affect backup/restoration.

Validation of contracted franchise:

For billing purposes, UOLDIVEO counts the highest volume protected on a server or sum of the volumes in a set of servers within an agreement, on a single day (peak consumption), in a period of 01 (one) month. If this backup exceeds the contracted volume, there will be a charge of the amount per GB (Gigabyte) in excess.

The information contained in this document is confidential and may not be published or disclosed without the prior written permission of UOLDIVEO.

▇▇▇ ▇▇▇▇▇▇▇ ▇▇▇▇▇▇ ▇▇▇. São Paulo-SP. CEP 04530-030. ▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇.▇▇

EXECUTION VERSION

TECHNICAL PROPOSAL UOLDIVEO-OPT-17/21629-A

Page: 23/32

Annex – Infrastrucutre: UOLDIVEO Tamboré Data Center

General Aspects:

The UOLDIVEO Data Center is located in Tamboré at Avenida Ceci, 1850. Within the methodology developed by UOLDIVEO, the following criteria were used to define the location of the Data Center:   Location issues   Near to the important roads in the State of São Paulo with easy access, a region with electricity networks with high availability and reliability. Near to Central Business Districts; near to Industrial Zones.

Characteristics of the Site

Possibility of Enlargement; Availability of Parking; Availability of External Space; Accessibility of the Site to Vehicles; Security of the site.

Public Service Issues

Availability of Energy; Availability of Redundant Power Supply; Availability of Fiber Redundancy.

Physical Space

The UOLDIVEO Data Center has 17,000m² (square meters) with a total capacity of up to 4,000 racks.

Redundant Electrical Energy System:

The Data Center is located in the W.T. Technology Park Condominium and is powered by two Eletropaulo Energy Transmission lines of the highest reliability. These two 88 kV lines are energized by the Transmission Transformer Stations: ▇▇▇▇▇ ▇▇ ▇▇▇▇▇ and Pirituba.   A failure in the supply of electrical energy by the public utility provider will not cause any inconvenience to clients, since the Data Center has generators in the N+1 configuration guaranteeing the power supply regardless of the duration of the public utility provider’s power failure or power outage, because it has 180,000-liter diesel fuel tanks guaranteeing 03 days of autonomy without the need for refueling.

The information contained in this document is confidential and may not be published or disclosed without the prior written permission of UOLDIVEO.

▇▇▇ ▇▇▇▇▇▇▇ ▇▇▇▇▇▇ ▇▇▇. São Paulo-SP. CEP 04530-030. ▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇.▇▇

EXECUTION VERSION

TECHNICAL PROPOSAL UOLDIVEO-OPT-17/21629-A

Page: 24/32

The Data Center has a set of Uninterrutpible Power Supplies (UPSs) that automatically assumes the load during a power failure until the generator engine groups start. Within a maximum of 2 minutes the generators start up re-establishing the alternating electricity current.

The uninterrupted energy supply is composed of 04 (four) independent systems, each of which has three UPSs in parallel-redundant connection, producing a total of 12MVA, with battery banks that allow its use at maximum capacity, around fifteen minutes.

It also has two independent rotary UPS systems, with a current installed power of 3.4MVA, being able to reach three systems with a total capacity of 10.2MVA
		The architecture of the electrical system provides two independent lines or sources of stabilized power at 208 VAC originating from different UPS sets, armored busways and distribution boards on the clients’ racks, ensuring reliability and redundancy.

Redundant climatization system:

The air conditioning unit in the Tamboré Data Center is composed of liquid chillers in the N+1 configuration. The chillers are responsible for the “production of cold water”, which circulates throughout the building, through special and thermally insulated pipes, bringing cold water to all air conditioners (fancoils) that serve the technical areas and offices, ensuring adequate climatization (temperature and humidity).

The fancoils are high-precision, state-of-the-art equipment with microprocessors maintaining the room temperature at 22ºC (± 3ºC), controlling also the relative humidity of the room, maintaining it at 50% (± 15%), through a heating and humidification system. The air is insufflated under the raised floor, through strategically distributed diffusers, guaranteeing homogeneity in the distribution and consequently in the ambient temperature.

The information contained in this document is confidential and may not be published or disclosed without the prior written permission of UOLDIVEO.

▇▇▇ ▇▇▇▇▇▇▇ ▇▇▇▇▇▇ ▇▇▇. São Paulo-SP. CEP 04530-030. ▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇.▇▇

EXECUTION VERSION

TECHNICAL PROPOSAL UOLDIVEO-OPT-17/21629-A

Page: 25/32

In all technical rooms, the N+1 with redundancy concept was adopted for all the infrastructure equipment, and thus, there is always an air conditioner in reserve, always ready to operate in the event of failure or maintenance on any of them.

The arrangement of the racks, whether they in an open area or in cages, shall follow the configuration of hot corridor, cold corridor for the best efficiency of the air conditioning system.

Fire detection and prevention system:

The Data Center is equipped with a state-of-the-art fire suppression and alarm system operated by highly-trained personnel to respond to fire incidents. In the event of a fire starting, the entire system is activated by sophisticated sensors called VESDA (Very Early Smoke Detection Alarm), which is sensitive to small volumes of smoke.

The detection system is complemented by ionic smoke detectors installed in the environment and below the raised floor.

Second stage fire fighting is carried out by reducing the level of oxygen in the environment through an inert gas, called Inergen, which has ecological properties that do not harm equipment or people.

If the fire is not extinguished by the Inergen gas there is also a dry piping system Sprinkler system, hand fire extinguishers and complementary hydrants, for the purpose of extinguishing the fire in this zone, thus avoiding any disturbance in other operational rooms.

The information contained in this document is confidential and may not be published or disclosed without the prior written permission of UOLDIVEO.

▇▇▇ ▇▇▇▇▇▇▇ ▇▇▇▇▇▇ ▇▇▇. São Paulo-SP. CEP 04530-030. ▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇.▇▇

EXECUTION VERSION

TECHNICAL PROPOSAL UOLDIVEO-OPT-17/21629-A

Page: 26/32

Physical Security:

The UOLDIVEO Data Center has properly prepared and trained security officers 24 hours a day, 7 days a week, 365 days a year. The armored security booths are strategically located at the perimeter of the UOLDIVEO Data Center site. All internal and external areas of the UOLDIVEO Data Center are monitored by high resolution cameras that are part of the closed circuit television that register and digitally record the images that are stored for periods of up to 90 days.

All persons entering Data Center premises are registered in the access control system. Access to any area in the Data Center is controlled through the use of access devices that include two levels of authentication—card + password, and biometrics (when applicable). Only authorized persons will be able to access the area in which their equipment is located.

All environments in the Data Center are segregated and access to them is protected by card and password authentication.
		Motion detectors also advise security officers if UOLDIVEO clients or personnel are in places outside their designated areas.

Monitoring Center:

The behavior of the Backbone and of the entire structure of contracted services is permanently controlled through an operations and alarm monitoring center, called the Command Center. This center of operations has a highly able and constantly trained technical team for the operation of various monitoring tools, specifically defined for each procedure or activity, such as hardware monitoring, bandwidth usage measurement, and device accessibility testing, etc.

The information contained in this document is confidential and may not be published or disclosed without the prior written permission of UOLDIVEO.

▇▇▇ ▇▇▇▇▇▇▇ ▇▇▇▇▇▇ ▇▇▇. São Paulo-SP. CEP 04530-030. ▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇.▇▇

EXECUTION VERSION

TECHNICAL PROPOSAL UOLDIVEO-OPT-17/21629-A

Page: 27/32

Annex – Infrastructure: UOLDIVEO Glete Data Center

General Aspects:

The Data Center is housed in an 8-story building, specifically designed to meet the most stringent security, availability, density and connectivity standards required for modern Information Technology Systems. The concepts of Green Computing guided the project from the outset, in order to meet the current strict requirements, with the lowest energy consumption and emission of waste.   All the electrical infrastructure is housed in the three underground levels for complete security and access control. The facilities for the teams responsible for monitoring and administering the support systems and hosted equipment are located on the ground floor.   The servers and other IT equipment will be installed on the four upper floors, with each floor having an independent air-conditioning structure and redundant power supply systems.

At the top of the building the main cooling systems are housed, protected by side concrete bulkheads.

The building has a dock for loading and unloading equipment from trucks inside its internal area and internal parking for vehicles of previously authorized clients. Areas for temporary stock, assembly and testing of equipment are also available, with the objective of minimizing access to the working areas where the equipment is in operation.   The location of the Data Center in the central region of the city of São Paulo allows access to a reliable supply of high voltage electricity as well as redundant connectivity with all major telecommunications operators in the country.

All the installations’ systems - security, cooling and power - are interconnected to the BMS (Building Management System), which controls each individual device in an integrated and intelligent manner, with the aim of optimizing use of the installed resources.

The information contained in this document is confidential and may not be published or disclosed without the prior written permission of UOLDIVEO.

▇▇▇ ▇▇▇▇▇▇▇ ▇▇▇▇▇▇ ▇▇▇. São Paulo-SP. CEP 04530-030. ▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇.▇▇

EXECUTION VERSION

TECHNICAL PROPOSAL UOLDIVEO-OPT-17/21629-A

Page: 28/32

Access Control System:

The UOLDIVEO Glete Data Center has several levels of security from the building entrance to the physical access to the hosted equipment. Any access to the facilities, for any activities such as maintenance, delivery of equipment, access to equipment, etc. by persons not involved in the operation is gained only with prior authorization confirmed by formal request and following release from the security area.

Security levels:

Acess to the building:

• Security guards monitor the areas adjacent to the building via closed circuit television;

• Access is allowed only to duly authorized persons;

• The entire environment is monitored by digital cameras and the images are recorded 24 hours a day by the Security Center.

Acess to the internal areas:

• Only allowed when accompanied by the safety or operations team;

• Controlled by proximity card and biometrics.

Access to the Server Rooms:

• Only allowed when accompanied by the operations team;

• Controlled by proximity card and biometrics.

Access to the Cages and Racks:

• Only allowed when accompanied by the operations team;

• Access control to the cages and racks is carried out by keys or proximity cards released by the operations team;

• Access to the cages and racks is monitored by cameras positioned to record images of the access corridors.

All information generated by security systems, such as images and access logs are stored for 90 days, and can be viewed by clients upon prior request at the Data Center itself.

The information contained in this document is confidential and may not be published or disclosed without the prior written permission of UOLDIVEO.

▇▇▇ ▇▇▇▇▇▇▇ ▇▇▇▇▇▇ ▇▇▇. São Paulo-SP. CEP 04530-030. ▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇.▇▇

EXECUTION VERSION

TECHNICAL PROPOSAL UOLDIVEO-OPT-17/21629-A

Page: 29/32

The 24x7 access release process must be carried out by a service requisition to the Service Center or on the Customer Website by the PAGSEGURO INTERNET LTDA responsible person, indicated formally in the agreement, with a minimum advance notice set forth in the Data Center operational procedures.

Fire Detection and Fighting System:

The UOLDIVEO Glete Data Center Glete has a 24x7 resident civilian firefighter who is responsible for inspecting the environment for fire hazards and for first response to any incident. The building is located four (4) blocks from the São Paulo State Fire Brigade (▇▇▇▇▇▇ ▇▇▇▇▇▇▇ Battalion).

It has a VESDA early fire detection system and ionic or thermo-velocimetric smoke detectors distributed throughout all levels - floor and ceiling - both connected to the fire fighting center.

• The facilities have smoke detectors placed throughout the area, on the three levels of physical accommodation: drop ceiling, environment and false floor. They are also present in all areas containing energy and cooling infrastructure equipment;

• These devices, which are monitored by the Security Center, indicate in the panel the exact sector of the emergency, in addition to sounding the alarm in the affected area and notifying the resident Firefighter to carry out the primary firefighting;

• The server floors have an Inergen gas system automatically activated by the sensors connected to the firefighting center;

• The floors also have automatic dry showers (pre-action sprinklers and dry-pipes).

Physical Infrastrucutre for Racks and Cages:

The server room on each floor has a raised floor in every environment, with steel sheets covered with anti-static material, 1000 mm high and a load capacity of 1500 Kg/m² and point load capacity of 500 kg. All equipment must be installed in racks and a standard rack occupies 600 mm x 1050 mm and 2000 mm of space. The maximum height in the server room is 2500 mm, and the rack or equipment must not exceed 2400 mm.   The racks supplied by UOLDIVEO are closed-type with doors controlled by a key, which remains in a safe place accessible only by Data Center staff. Equipment that comes in its own racks will be allowed provided that it is within the space limitations indicated above.

The information contained in this document is confidential and may not be published or disclosed without the prior written permission of UOLDIVEO.

▇▇▇ ▇▇▇▇▇▇▇ ▇▇▇▇▇▇ ▇▇▇. São Paulo-SP. CEP 04530-030. ▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇.▇▇

EXECUTION VERSION

TECHNICAL PROPOSAL UOLDIVEO-OPT-17/21629-A

Page: 30/32

Spaces for various racks protected by hollow bulkheads may also be made available - for more efficient air-conditioning. Each of these areas is called a Cage and can optionally have its physical access controlled individually by an electronic device released by card and biometrics.

The arrangement of the racks, whether they in an open area or in cages, shall follow the configuration of hot corridor, cold corridor for the best efficiency of the air conditioning system.

The elevators for access to the floors are capable of transporting equipment of up to 4 tons.

All data cabling is passed through ducts provided under the raised floor and follows the standard of dedicated switches per rack - Top of Rack.

The electrical cabling runs through exclusive electroducts, strategically arranged so as not to interfere with the data cabling ducts.

Electrical System:

The UOLDIVEO Glete DC power supply system is designed to meet the capacity and availability required in today’s IT environments. Structured in a Redundant Parallel Architecture, it supplies uninterrupted power for all critical systems.

All systems are continuously monitored by the BMS and allow maintenance to be carried out on all of its elements without interruption to the power supply and cooling of the equipment.

Substation:

The power substation at 21KV - medium voltage - is serviced by the Eletropaulo distributor. Through transformers in N+N configuration, the voltage is lowered to 480V that internally and independently feed the air-conditioning system and UPS systems. The total system capacity is 9MVA.

The information contained in this document is confidential and may not be published or disclosed without the prior written permission of UOLDIVEO.

▇▇▇ ▇▇▇▇▇▇▇ ▇▇▇▇▇▇ ▇▇▇. São Paulo-SP. CEP 04530-030. ▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇.▇▇

EXECUTION VERSION

TECHNICAL PROPOSAL UOLDIVEO-OPT-17/21629-A

Page: 31/32

Electrical Distribution:

The electrical network available for the equipment at 208VAC is composed of circuits segmented by sectored boards that distribute power to the plug strips for each rack or equipment. Each circuit is individually protected by a circuit breaker and short-circuit detector.

Nobreak System:

Each floor of the Data Center has two 1,000 kVA nobreak lines, also known as a UPS, in the N+1 configuration per line. The UPSs have redundant battery banks with 12-minute autonomy at full load.

Each UPS set feeds, in cross-configuration, two static switches that in turn feed each of the two busways of power to the floor. This scheme allows for maintenance on any of the lines without the servers stopping.

Generator Engine Group:

The power continuity in the DC is guaranteed by 4 3MVA generators each configured in an N+1 system. Feeding the generators, there are tanks holding a total of 34,000 liters of diesel.

Load Bank:

For the predictive and preventive maintenance of Data Center systems, it is possible to install a Load Bank that makes it feasible, in a simple and economical way, to carry out these tests, certifying the reliability of the system.

Cooling System:

The Glete UOLDIVEO Data Center air-conditioning system features a dual-ring, redundant cold water architecture, fed by a set of air cooled Chillers in N+1 configuration. The ring feeds the precision Fan-Coils with cold water located on each floor. This architecture allows the maintenance on pipes and equipment to be carried out without interrupting the functioning of the air conditioning for the floors.

The temperature and humidity control of the floors is automatic, controlled and monitored by the manufacturer’s own cooling system and is integrated with the BMS.

• The system is composed of 6 Air cooled Chillers of 350TR configured in N+1 redundancy, totaling a cooling capacity of 1750TR (21,000,000 BTU);

• Each floor, in maximum configuration, has 10 Fan-Coils of 36TR each, in configuration N+2, totaling 288TR (3,456,000 BTU). The redundancy allows the maintenance of up to two pieces of equipment without adversely affecting the temperature and humidity on the floor;

The information contained in this document is confidential and may not be published or disclosed without the prior written permission of UOLDIVEO.

▇▇▇ ▇▇▇▇▇▇▇ ▇▇▇▇▇▇ ▇▇▇. São Paulo-SP. CEP 04530-030. ▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇.▇▇

EXECUTION VERSION

TECHNICAL PROPOSAL UOLDIVEO-OPT-17/21629-A

Page: 32/32

• The temperature and relative humidity of the air are automatically controlled by the precision Fan-coils, where sensors detect the temperature and return humidity, adjusting their operation accordingly;

• An integrated Fan-Coil balancing system allows full balance and precise control of temperature and humidity, even with unevenly distributed loads;

•    The temperature is maintained at 21ºC (± 3ºC), according to modern standards for IT equipment;   •    Air humidity is maintained at 50% (± 15%), according to modern standards for IT equipment.

Monitoring Center:

The behavior of the Backbone and of the entire structure of contracted services is permanently controlled through an operations and alarm monitoring center, called the Command Center. This center of operations has a highly able and constantly trained technical team for the operation of various monitoring tools, specifically defined for each procedure or activity, such as hardware monitoring, bandwidth usage measurement, and device accessibility testing, etc.

The information contained in this document is confidential and may not be published or disclosed without the prior written permission of UOLDIVEO.

▇▇▇ ▇▇▇▇▇▇▇ ▇▇▇▇▇▇ ▇▇▇. São Paulo-SP. CEP 04530-030. ▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇.▇▇

EXECUTION VERSION

Commercial Proposal

DDoS Protection – OPT-17/21631

EXECUTION VERSION

Page: 2/12

São Paulo, January 1, 2017.

To PagSeguro

Att.: ▇▇▇▇▇▇ ▇▇▇▇▇▇▇

Re.: UOLDIVEO Proposal – OPT-17/21631-A

In answer to your request, we present a technology integrated solution proposal to meet the needs of PAGSEGURO regarding IT infrastructure services.

We offer PAGSEGURO our experience in high quality services provided to the corporate market. We prepared this Proposal according to our commitment to offer the best solution to meet the business needs of PAGSEGURO.

We present below our technical proposal and thank you for this opportunity. We remain at your disposal for any clarifications.

Kind Regards,

/s/ ▇▇▇▇▇ ▇▇▇▇▇▇▇

▇▇▇▇▇ ▇▇▇▇▇▇▇

ACCOUNT EXECUTIVE

(▇▇▇) ▇▇▇▇-▇▇▇▇

(▇▇▇) ▇▇▇▇▇-▇▇▇▇

EXECUTION VERSION

Page: 3/12

Table of Contents

Non-Disclosure Agreement			4
Presentation			5
About UOLDIVEO			5
Portfolio of Services			6
UOLDIVEO’s Experience			8
Quality			9
Certifications			9
Customers			10
Commercial Conditions:			11
Considerations:			11

EXECUTION VERSION

Page: 4/12

Non-Disclosure Agreement

All information included herein is strictly confidential and is provided exclusively to technically describe

UOLDIVEO solutions, as requested by PAGSEGURO, and it must not be used for any other purpose.

With regards to the services described herein, in the event PAGSEGURO chooses a provider other than UOLDIVEO, or does not choose a provider within 15 days from the date hereof, PAGSEGURO agrees to return all exclusive and confidential information to UOLDIVEO, including, but not limited to, this document. Moreover, PAGSEGURO will not use or disclose this information in any way to obtain an unfair business advantage for itself, its subsidiaries, affiliates or partners in future business opportunities in which it may, directly or indirectly, compete with UOLDIVEO.

PAGSEGURO will not publish or disclose this information, in full or in part, without the prior written consent of UOLDIVEO. A number of company and service names included herein are trademarks. All of them are recognized in this representation.

EXECUTION VERSION

Page: 5/12

Presentation

About UOLDIVEO

UOLDIVEO, a company of the UOL Group with over 17 years of experience, offers complete IT Outsourcing solutions for mission critical environments.

It has the biggest Data Center infrastructure in Brazil, the best and most flexible Business Cloud, and a wide range of managed services. All of this is supported by one of the largest certified technical teams in Brazil, standardized processes, and cutting-edge technology, which allow an IT Transformation approach, aimed at offering a fast, efficient, and business focused IT.

UOLDIVEO serviced more than 3,000 customers and has 1,500 employees with over 280 international certifications.

UOLDIVEO is headquartered in São Paulo and has offices in 7 Brazilian capitals.

Legend

17 anos Experiência ▇▇ ▇▇▇▇▇▇▇ = 17 years Market Experience

+ 3 mil Clientes = + 3,000 Customers

1.500 Colaboradores = 1,500 Employees

26 mil m2 Data Centers = 26,000 sq mt Data Centers

Rede Própria em 7 Cidades = Own Network in 7 Cities

15 Petabytes em Armazenamento = 15 Petabytes of Storage

Soluções Orientadas por Segmento ▇▇ ▇▇▇▇▇▇▇ = Solutions Developed by Market Segment

EXECUTION VERSION

Page: 6/12

Portfolio of Services

Our portfolio consists of complete and integrated solutions to meet a number of IT requirements from companies, awarding us our recognition as trusted advisors by our partners.

Legend

Exterior Circle; upper quadrant

SERVIÇOS GERENCIADOS = MANAGED SERVICES

GESTÃO DE WAN = WAN MANAGEMENT

GESTÃO DE REDES = NETWORK MANAGEMENT GESTÃO DE BACKUP = BACKUP MANAGEMENT GESTÃO DE STORAGE = STORAGE MANAGEMENT

GESTÃO DE BANCOS DE DADOS = DATABASE MANAGEMENT

GESTÃO DE SISTEMA OPERACIONAL = OPERATING SYSTEM MANAGEMENT

GESTÃO DE APLICAÇÕES = APPLICATION MANAGEMENT GESTÃO DE MIDDLEWARE = MIDDLEWARE MANAGEMENT

GESTÃO DE PROJETOS E ESPECIALISTAS = PROJECT AND SPECIALIST MANAGEMENT

EXECUTION VERSION

Page: ▇/▇▇

▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇; left quadrant

E-COMMERCE SERVICES = E-COMMERCE SERVICES

MIDDLEWARE SERVICES = MIDDLEWARE SERVICES

CORE TECHNOLOGIES SERVICES = CORE TECHNOLOGIES SERVICES

SOLUÇÕES PARA NEGÓCIO = BUSINESS SOLUTIONS

Exterior Circle; right quadrant

GOVERNANÇA DE TI = IT GOVERNANCE

ARQUITETURA DE TI = IT ARCHITECTURE

ENGENHARIA DE SOFTWARE = SOFTWARE ENGINEERING

CONSULTORIA = CONSULTING SERVICES

Exterior Circle; lower quadrant

SERVIÇOS À APLICAÇÃO = APPLICATION SERVICES

STRESS TEST = STRESS TEST

OTIMIZAÇÃO DE PERFORMANCE = PERFORMANCE OPTIMIZATION

MONITORAMENTO DE PERFORMANCE = PERFORMANCE MONITORING

TESTES FUNCIONAIS = FUNCTIONAL TESTING

▇^▇▇ ▇▇▇▇▇ ▇▇▇▇▇▇; left side

SERVIÇOS DE SEGURANÇA = SECURITY SERVICES

VULNERABILITY SCAN = VULNERABILITY SCAN

SMART CORRELATION = SMART CORRELATION

DDOS PROTECTION = DDOS PROTECTION

WEB APPLICATION FIREWALL = WEB APPLICATION FIREWALL

BRAND PROTECTION = BRAND PROTECTION

▇^▇▇ ▇▇▇▇▇ ▇▇▇▇▇▇; right side

PLATAFORMA E SOFTWARE = PLATFORM AND SOFTWARE

SERVIÇOS DE PAGAMENTOS = PAYMENT SERVICES

PIN PAD = PIN PAD

AUTOMAÇÃO E CONTROLE = AUTOMATION AND CONTROL

PREVENÇÃO À FRAUDE = FRAUD PREVENTION

EXCHANGE = EXCHANGE

WEBFILTER = WEBFILTER

Innermost Circle; upper half

DATACENTER = DATACENTER

COLOCATION = COLOCATION CENTER

SERVIÇOS COMPARTILHADOS = SHARED SERVICES

HOSTING = HOSTING

Innermost Circle; lower half

MPLS = MPLS

LAN TO LAN = LAN TO LAN

INTERNET = INTERNET

EXECUTION VERSION

Page: 8/12

UOLDIVEO’s Experience

We are a leading Brazilian company in IT Outsourcing. We are supported by a solid group with strong experience in the Brazilian market. In addition, we have experience in the management of mission critical and high-volume environments and offer robustness and agility in our operations.

Servicing and Operations:

☐ +2.2 billion security events

☐ +6,300 firewalls

☐ +169,000 security rules

☐ monitoring +500,000 infrastructure active elements

☐ +14 million active mail boxes

☐ +400,000 internet domain names

☐ +7,000 database instances

Backbone:

☐ + 200 Gbps in traffic capability

☐ + 1,800 points of presence

☐ + 3.7 million e-commerce transactions/month

☐ 70,000 simultaneous streaming sections/second

☐ 7 billion page views/month

☐ +34 million one-time visitors

Data Center:

☐ + 15PBytes of stored data, equivalent to +3 million hours of HD movies

EXECUTION VERSION

Page: 9/12

Quality

Through IT service management best practices, we prepare continuous improvement plans aiming at business maintenance and satisfaction of our employees and customers.

Accordingly, we developed out processes based on ISO/IEC 27001, ISAE 3402 (SAS 70), ISO 20000:2011, PCI requirements and ITIL v3 and CobiT methodologies.

Certifications

EXECUTION VERSION

Page: 10/12

Customers

We have a solid portfolio of customers:

☐ 250 among the top 500 companies in Brazil;

☐ 3 biggest airline companies in Brazil;

☐ 7 among the top 10 retail companies in Brazil (90% of big e-commerce companies);

☐ 6 biggest operators of mobile phones in Brazil;

☐ 3 among the top 4 education groups in Brazil;

☐ 6 among the top 10 contact centers in Brazil;

☐ 3 among the top 5 purchasers in Brazil;

☐ 6 among the top 10 real estate groups in Brazil;

☐ 3 among the top 4 cosmetic companies in Brazil;

☐ 2 among the top 3 chemical companies in Brazil;

☐ more than 100 companies of the financial segment.

CONFIDENTIAL TREATMENT REQUESTED

EXECUTION VERSION

Page: 11/12

Commercial Conditions:

Description of Services Refers to services described in the OPT-17/21631-A Technical Proposal		Monthly fee for an engagement period of 60 months
		Including taxes
DDoS Protection		[*****]

Considerations:

• expiration of the proposal: 15 business days. After this period, if the CUSTOMER does not return this proposal duly signed to UOLDIVEO, the terms and conditions provided herein may be reviewed by UOLDIVEO;

• taxes and tax rates will be charged pursuant to applicable law:

• Telecom services: PIS, COFINS, and ICMS apply (as applicable to each region);

• Data Center Solution services, Managed Services, Software Services, Application Services, and/or Security Management Services: ISS, PIS, and COFINS apply, according to the type of service;

• any changes in tax rates or tax calculation basis on the value of services provided hereunder, as well as the creation of any taxes as of the date hereof, even if arising out of the cancellation of a tax exemption, will result in an adjustment to the prices offered (representing a price increase or decrease), according to the relevant change;

• noncompliance with the obligations set forth in the Technical and Commercial Proposals by the CUSTOMER, resulting in delays in the originally proposed schedule, does not exempt the CUSTOMER from timely complying with its other obligations, primarily those regarding the amounts payable;

• monthly fees will be invoiced as follows:

• the first (1^st) installment will be invoiced on a pro rata basis and will be payable on the 10^th day of the month following the delivery of the contracted Solution, in full or in part, to be agreed by the Parties;

• the second (2^nd) installment, as well as the other instalments that become due until the expiration of the Agreement, will be invoiced by the 20^th day, payable on the 2^nd day of the following month;

[*****] Confidential material redacted and filed separately with the Securities and Exchange Commission.

EXECUTION VERSION

Page: 12/12

• the monthly payments for products with variable fees may vary, according to the effective consumption of resources listed and amounts provided in the Commercial Proposal.

Execution Version

Technical Proposal

DDoS Protection

Execution Version

TECHNICAL PROPOSAL UOLDIVEO – OPT-17/21631-A

Page: 2/22

São Paulo, January 01, 2017.

To

PAGSEGURO INTERNET LTDA

Regarding the UOLDIVEO (OPT-17/21631-A) Proposal

In response to your request, we present a proposal for an integrated technology solution to meet the expectations of PAGSEGURO INTERNET LTDA in relation to IT infrastructure services.

We place at PAGSEGURO INTERNET LTDA’s disposal our experience in providing excellent quality services to the corporate market. We have developed this Proposal with the commitment to offer a solution that most adheres to the business needs of PAGSEGURO INTERNET LTDA.

We are grateful for the opportunity and remain at your entire disposal for any clarification that may be necessary.

Sincerely,

Paulo ▇▇▇▇▇▇ Nova ▇▇▇▇▇▇▇▇▇

Solution Architect

The information contained in this document is confidential and may not be published or disclosed without the prior written permission of UOLDIVEO.

▇▇▇ ▇▇▇▇▇▇▇ ▇▇▇▇▇▇ ▇▇▇. São Paulo – SP. CEP 04530-030. ▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇.▇▇

Execution Version

TECHNICAL PROPOSAL UOLDIVEO – OPT-17/21631-A

Page: 3/22

Summary

Summary			3
Confidentiality Agreement			4
Presentation			5
About UOLDIVEO			5
Portfolio of Services			6
About Multicloud			7
UOLDIVEO is Multicloud			7
UOLDIVEO’s Experience			8
Quality			9
Certifications			9
Partners			10
Clients:			10
Introduction			11
Objective			11
Preliminary Instructions:			12
Attack protection services – DDOS Protection			13
Considerations for the attack protection service – DDOS Protection:			13
Details of the attack protection service – DDOS Protection:			14
Considerations for the Proposal:			19
Responsibilities:			21

The information contained in this document is confidential and may not be published or disclosed without the prior written permission of UOLDIVEO.

▇▇▇ ▇▇▇▇▇▇▇ ▇▇▇▇▇▇ ▇▇▇. São Paulo – SP. CEP 04530-030. ▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇.▇▇

Execution Version

TECHNICAL PROPOSAL UOLDIVEO – OPT-17/21631-A

Page: 4/22

Confidentiality Agreement

All the information contained in this document is strictly confidential and is provided for the sole purpose of technically describing UOLDIVEO solutions at the request of PAGSEGURO INTERNET LTDA, and shall not be used for any other purpose.

With respect to the services described herein, if PAGSEGURO INTERNET LTDA chooses a supplier other than UOLDIVEO, or if it does not select any supplier within 15 days from the date of this proposal, PAGSEGURO INTERNET LTDA hereby agrees to return all UOLDIVEO’s exclusive and confidential information, including but not limited to this document, and will not use nor disclose this information in any way in order to gain an unfair business advantage for itself, its subsidiaries, associations or partners in any way, for future business opportunities in which it may be directly or indirectly competing with UOLDIVEO.

PAGSEGURO INTERNET LTDA will not publish nor disclose this information, in whole or in part, without the prior written permission of UOLDIVEO. Many of the service and business names mentioned in this document are registered trademarks. All of them are recognized through this declaration.

The information contained in this document is confidential and may not be published or disclosed without the prior written permission of UOLDIVEO.

▇▇▇ ▇▇▇▇▇▇▇ ▇▇▇▇▇▇ ▇▇▇. São Paulo – SP. CEP 04530-030. ▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇.▇▇

Execution Version

TECHNICAL PROPOSAL UOLDIVEO – OPT-17/21631-A

Page: 5/22

Presentation

About UOLDIVEO

UOLDIVEO, a UOL Group company with more than 17 years of experience, has complete IT Outsourcing solutions to meet mission critical environments.

It has the largest Data Center infrastructure in the country, the best and most flexible Corporate Cloud, in addition to a wide range of managed services. All supported by one of the country’s largest certified technical bodies, standardized processes and cutting edge technology that enable an IT Transformation approach aiming to deliver IT with speed, efficiency and a focus on the business.

There are more than 3 thousand clients served and 1500 employees with more than 280 international certifications. UOLDIVEO is headquartered in São Paulo with a presence in 7 Brazilian capitals.

The information contained in this document is confidential and may not be published or disclosed without the prior written permission of UOLDIVEO.

▇▇▇ ▇▇▇▇▇▇▇ ▇▇▇▇▇▇ ▇▇▇. São Paulo – SP. CEP 04530-030. ▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇.▇▇

Execution Version

TECHNICAL PROPOSAL UOLDIVEO – OPT-17/21631-A

Page: 6/22

Portfolio of Services

Our portfolio is composed of complete and integrated solutions that meet the most diverse needs of IT companies, making us trusted advisors of our partners.

The information contained in this document is confidential and may not be published or disclosed without the prior written permission of UOLDIVEO.

▇▇▇ ▇▇▇▇▇▇▇ ▇▇▇▇▇▇ ▇▇▇. São Paulo – SP. CEP 04530-030. ▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇.▇▇

Execution Version

TECHNICAL PROPOSAL UOLDIVEO – OPT-17/21631-A

Page: 7/22

About Multicloud

In recent years, companies with typically digital characteristics are changing the traditional markets, providing new experiences for clients. While established companies have to deal with traditional systems, processes and methodologies, they are at the same time under pressure to adapt, be innovative and agile. Driven by the “Internet of Things” and Big Data, companies will undergo a transformation that will make the largest part of the business digital and the technological basis of this transformation is precisely Cloud Computing. But before making the decision to take workloads to the clouds it must be kept in mind that:

“There is no single cloud for all applications and not every application consumes any cloud”

Therefore, a Multicloud approach, where companies use clouds with different technologies and characteristics, is so important.

UOLDIVEO is Multicloud

At UOLDIVEO, companies can rely on the services of leading players in the public cloud market, such as AWS, Microsoft Azure, VMWare and OpenStack, as well as Private Cloud offers on OpenStack and VMWare and also Virtual Data Center with Virtustream technology.

All these technologies and an extensive service layer, which starts with the analysis of the application characteristics and recommendation of the appropriate cloud, up to cloud use management and improvement services, make UOLDIVEO Multicloud the right way to go about the digital transformation of companies.

For us, Multicloud is more than offering alternative hardware, software, infrastructure or an access panel to different public clouds. It is being close to the client in order to understand its challenges and appropriately form a solution that meets the needs of each application, within a differentiated service context that allows the support to grow our clients business.

The information contained in this document is confidential and may not be published or disclosed without the prior written permission of UOLDIVEO.

▇▇▇ ▇▇▇▇▇▇▇ ▇▇▇▇▇▇ ▇▇▇. São Paulo – SP. CEP 04530-030. ▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇.▇▇

Execution Version

TECHNICAL PROPOSAL UOLDIVEO – OPT-17/21631-A

Page: 8/22

UOLDIVEO’s Experience

We are the leading Brazilian IT Outsourcing company. We have a solid group with strong experience in the domestic market, experience in management of mission critical environments and high volume, in addition to robustness and agility in our operations.

Service and Operations:

☐ +2.2 Billlion security events

☐ +6,300 firewalls

☐ +169,000 security rules

☐ Monitoring of +500,000 active elements of infrastructure

☐ +14 million active mailboxes

☐ +400,000 internet domains

☐ +7,000 instances of databases

Backbone:

☐ + 200 Gbps traffic capacity

☐ + 1,800 points of presence

☐ + 3.7 million e-commerce transactions/month

☐ 70,000 simultaneous sections/second of streaming

☐ 7 Billion pageviews/month

☐ +34 million unique visitors

Data Center:

☐ + 15PBytes of stored data which is equivalent to +3 million hours of HD film

The information contained in this document is confidential and may not be published or disclosed without the prior written permission of UOLDIVEO.

▇▇▇ ▇▇▇▇▇▇▇ ▇▇▇▇▇▇ ▇▇▇. São Paulo – SP. CEP 04530-030. ▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇.▇▇

Execution Version

TECHNICAL PROPOSAL UOLDIVEO – OPT-17/21631-A

Page: 9/22

Quality

Through best practices in IT service management, we carry out continuous improvement plans aimed at maintaining the business as well as the satisfaction of our employees and clients.

In order to do this, we developed our processes based on the requirements of ISO/IEC 27001, ISAE 3402 (SAS 70), ISO 20000:2011, PCI, SOX, and ITIL v3 and CobiT methodologies.

Certifications

☑ COMPANY:

Focusing on Security, Quality, Performance and Reliability, it has the following certifications:

☑ PROFESSIONALS:

Highly qualified and certified professionals to provide high quality services

The information contained in this document is confidential and may not be published or disclosed without the prior written permission of UOLDIVEO.

▇▇▇ ▇▇▇▇▇▇▇ ▇▇▇▇▇▇ ▇▇▇. São Paulo – SP. CEP 04530-030. ▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇.▇▇

Execution Version

TECHNICAL PROPOSAL UOLDIVEO – OPT-17/21631-A

Page: 10/22

Partners

To meet the needs of our clients, we offer solutions for their business. In order to do this we have several technological partnerships of which the following are highlighted:

Clients:

We have a solid portfolio of clients:

☐ 250 of the 500 largest companies in Brazil;

☐ the 3 largest airlines in Brazil;

☐ 7 of the 10 largest retail companies in Brazil (90% of the big e-commerces);

☐ the 6 largest mobile telephone operators in Brazil;

☐ 3 of the 4 largest education groups in Brazil;

☐ 6 of the 10 largest contact center companies in Brazil;

☐ 3 of the 5 largest purchasers in Brazil;

☐ 6 of the 10 largest real estate groups in Brazil;

☐ 3 of the 4 largest cosmetic industries in Brazil;

☐ 2 of the 3 largest chemical industries in Brazil;

The information contained in this document is confidential and may not be published or disclosed without the prior written permission of UOLDIVEO.

▇▇▇ ▇▇▇▇▇▇▇ ▇▇▇▇▇▇ ▇▇▇. São Paulo – SP. CEP 04530-030. ▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇.▇▇

Execution Version

TECHNICAL PROPOSAL UOLDIVEO – OPT-17/21631-A

Page: 11/22

Introduction

Objective

To present the UOLDIVEO bases of the Managed Security Services for PAGSEGURO INTERNET LTDA, in accordance with the service below:

Attack Protecton Service – DDOS Protection;

This proposal replaces the terms and conditions of the proposal previously in force, becoming, therefore, the new reference for scope, terms and conditions for the operation of Managed Security Services for PAGSEGURO INTERNET LTDA.

The information contained in this document is confidential and may not be published or disclosed without the prior written permission of UOLDIVEO.

▇▇▇ ▇▇▇▇▇▇▇ ▇▇▇▇▇▇ ▇▇▇. São Paulo – SP. CEP 04530-030. ▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇.▇▇

Execution Version

TECHNICAL PROPOSAL UOLDIVEO – OPT-17/21631-A

Page: 12/22

Preliminary Instructions:

This proposal includes the solution to protect against DDOS attacks with the objective of protecting the PAGSEGURO INTERNET LTDA environment from denial of service attacks that can affect the availability of its services.

The information contained in this document is confidential and may not be published or disclosed without the prior written permission of UOLDIVEO.

▇▇▇ ▇▇▇▇▇▇▇ ▇▇▇▇▇▇ ▇▇▇. São Paulo – SP. CEP 04530-030. ▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇.▇▇

Execution Version

TECHNICAL PROPOSAL UOLDIVEO – OPT-17/21631-A

Page: 13/22

Attack protection services – DDOS Protection

Technical Solution:

The proposed solution for PAGSEGURO INTERNET LTDA includes the provision of Services as detailed below:

QTY		PART NUMBER		DESCRIPTION
01		SEC-DDOS-BSC- 300MBPS		BASIC DDOS PROTECTION FOR LINK OF UP TO 300 MBPS SERVICE

Elements consdiered for this Proposal:

• Bascic DDoS Protection Service for Internet Bandwidth of 300 Mbps;

Considerations for the attack protection service – DDOS Protection:

• Changes testing will only be performed when the client makes available or contracts an environment for testing and/or approval. If such an environment is not supplied, the change will be implemented directly in the productive environment.

• If the UOL DIVEO infrastructure is affected by the DDoS attack, UOL DIVEO may make use of the blocking methodology in the edge routers based on the blackhole concept with the purpose of isolating the packet stream sent by the attacker(s). Access will be normalized after UOL DIVEO validates that the attack was interrupted.

• If the contracted attack limit is reached, UOL DIVEO will configure the blackholes for the protected IP address.

• If PAGSEGURO INTERNET LTDA has attacks below the limit, these will be mitigated until the time set forth in the agreement. Having exceeded this time, UOL DIVEO will configure the blackholes for the protected IP address.

• PAGSEGURO INTERNET LTDA will be entitled to a limited number of monthly mitigations when it reaches 50% of the protected bandwidth. If the number of mitigations in this range is exceeded, UOL DIVEO will configure the blackholes for the protected IP address or may, with the authorization of PAGSEGURO INTERNET LTDA, issue an additional charge.

• The DDoS Protection solution does not include internet bandwidth, requiring that the UOLDIVEO solution be contracted for this connection model;

The information contained in this document is confidential and may not be published or disclosed without the prior written permission of UOLDIVEO.

▇▇▇ ▇▇▇▇▇▇▇ ▇▇▇▇▇▇ ▇▇▇. São Paulo – SP. CEP 04530-030. ▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇.▇▇

Execution Version

TECHNICAL PROPOSAL UOLDIVEO – OPT-17/21631-A

Page: 14/22

Details of the attack protection service – DDOS Protection:

UOLDIVEO’s DDoS Protection is an intelligent product that is adaptable to new threats that are constantly emerging. This product makes use of the most advanced technologies in the prevention and mitigation of attacks, in addition to having a highly specialized team with proven experience in the protection of mission critical environments.

DDoS attacks are identified (24x7) through a behavioral analysis of trafficked data. If anomalies are detected, attacks can be blocked before they even reach the infrastructure, causing only legitimate traffic to continue accessing the online services.

☑ BENEFITS:

• Proactive management, reducing losses and impact on business;

• Reduces capital immobilisation for security assets;

• Protection by means of customized technology in accordance with the client’s business;

• 24x7x365 monitoring and management with a specialized DDoS attack and incident response team;

• Integration with the UOLDIVEO’s SOC intelligent correlation system;

• Use of scalable and efficient technology in blocking DDoS attacks;

• Mitigation and blocking of malicious traffic carried out in the core infrastructure of the UOLDIVEO Data Center, preserving PAGSEGURO INTERNET LTDA’s internet bandwidth;

• Legitimate users will continue to access the service normally during the mitigation service (under attack);

• Respected product: protects the largest Content and Services Portal in Brazil.

☑ Offered Model:

The company is continuously monitored and protected by the UOLDIVEO SOC (Security Operation Center). If an attack is detected, the UOLDIVEO specialist team can initiate mitigation in the following ways:

The information contained in this document is confidential and may not be published or disclosed without the prior written permission of UOLDIVEO.

▇▇▇ ▇▇▇▇▇▇▇ ▇▇▇▇▇▇ ▇▇▇. São Paulo – SP. CEP 04530-030. ▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇.▇▇

Execution Version

TECHNICAL PROPOSAL UOLDIVEO – OPT-17/21631-A

Page: 15/22

☐ Automatic: mitigation is initiated automatically and the company is notified;

☐ On Demand: notification is made by the SOC service channel and the mitigation is initiated after authorization;

☐ Pre-defined: the mitigation is initiated through authorization or characteristics previously defined by the company.

The company is notified from detection until the end of an attack. Through reports, the company will obtain detailed information about the attacks that attempted to impact its online services and that could harm its business.

☑ TECHNICAL CHARACTERISTICS:

Technical Characteristics of the Business Model		Basic Protection		Advanced Protection
Protection via BlackHole		☐		☐
IP Black/White List		☐		☐
TCP SynfloodAttack		☐		☐
IP Fragment (bandwidth)		☐		☐
TCP FloodAttack		☐		☐
UDP FloodAttack		☐		☐
TrafficShaping		☐		☐
Other TCP/IP applications		☐		☐
Geographical Protection		☐		☐
DNS FloodAttack		☐		☐
HTTP FloodRequests		☐		☐
SSL Overload Protection		☐		☐
VoIP FloodAttack		☐		☐
Behavioural analysis of Inbound and Outbound traffic		☐		☐
Dedicated Inline Protection				☐
Cloud Signaling				☐
Service and Monitoring 24/7/365		☐		☐

The information contained in this document is confidential and may not be published or disclosed without the prior written permission of UOLDIVEO.

▇▇▇ ▇▇▇▇▇▇▇ ▇▇▇▇▇▇ ▇▇▇. São Paulo – SP. CEP 04530-030. ▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇.▇▇

Execution Version

TECHNICAL PROPOSAL UOLDIVEO – OPT-17/21631-A

Page: 16/22

☑ SLA:

Activity		Item
Monitoring and management of contracted MSS service assets		24x7x365
Start of operation in the event of an Incident		15 minutes (after detection by the SOC monitoring)
Service Requisitions (Information, Analysis and Policy Changes)		08 hours after the opening of the call, except when a maintenance window is necessary.
Alteration and inclusion of attack recognition signatures		08 hours after release of the updates by the manufacturer, conditional on approval by UOLDIVEO
Assistance time for Service Requisitions		Monday to Friday from 09:00 to 18:00. (Calls opened outside these hours will be assisted on the next business day)
Time for Opening a Service Requsition		24x7x365
Assistance Time for incidents		24x7x365
Periodical Report		Monthly, delivered in the month following the service provision
Root Cause Analysis Report		05 business days after the incident has been closed.
Stabilization Period (SLO)		03 months (after entering into operation)
Changes in the environment made by the client that might impact on the contracted services		Report 48 (forty-eight) hours in advance
Programmed interruptions by UOLDIVEO for preventive and/or corrective maintenance		Will be communicated to the Client 48 (forty-eight) hours in advance
Updating of status and activities during the mitigation process		3 hours (Visual monitoring of the mitigation with the Clients’ Panel made available, enabling the analysis of the impacts on the contracted internet bandwidth)

The information contained in this document is confidential and may not be published or disclosed without the prior written permission of UOLDIVEO.

▇▇▇ ▇▇▇▇▇▇▇ ▇▇▇▇▇▇ ▇▇▇. São Paulo – SP. CEP 04530-030. ▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇.▇▇

Execution Version

TECHNICAL PROPOSAL UOLDIVEO – OPT-17/21631-A

Page: 17/22

☑ MITIGATION TABLE:

Bandwidth contracted for		Limit of		Mitigation Time		Maximum number of attacks
the DDoSProtection		Bandwidth		limit		equal to or greater than 50%
product (Mbps) – Clean		Protected				of the Limit of Bandwidth
Traffic		(Mbps)		(hours)		Protected
5		50		1:00:00		10 (equal to or greater than 25Mbps)
10		100		1:00:00		10 (equal to or greater than 50Mbps)
20		200		2:00:00		10 (equal to or greater than 100Mbps)
40		400		2:00:00		10 (equal to or greater than 200Mbps)
100		1000		2:00:00		10 (equal to or greater than 500Mbps)
200		2000		3:00:00		10 (equal to or greater than 1,000Mbps)
400		4000		3:00:00		10 (equal to or greater than 2,000Mbps)
800		8000		3:00:00		10 (equal to or greater than 4,000Mbps)
1,000 or larger		10,000		4:00:00		10 (equal to or greater than 5,000Mbps)

Service Level Agreement – DDOS Protection

Activity		Item
Monitoring and management of contracted MSS service assets		24x7x365
Availablity of the Datacenter		99.90%
Availability of the Client Panel		99.50% (excluding operational technical windows)
Notification of incident alert		30 minutes (after detection by the SOC monitoring)
Start of operation in the event of an Incident		15 minutes (after detection by the SOC monitoring)
Service Requisitions (Information, Analysis and Policy Changes)		08 hours after the opening of the call, except when a maintenance window is necessary.
Alteration and inclusion of attack recognition signatures		08 hours after release of the updates by the manufacturer, conditional on approval by UOLDIVEO
Assitance time for Service Requisitions		Monday to Friday from 09:00 to 18:00 hrs. (Calls opened outside these hours will be assisted on the next business day)

The information contained in this document is confidential and may not be published or disclosed without the prior written permission of UOLDIVEO.

▇▇▇ ▇▇▇▇▇▇▇ ▇▇▇▇▇▇ ▇▇▇. São Paulo – SP. CEP 04530-030. ▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇.▇▇

Execution Version

TECHNICAL PROPOSAL UOLDIVEO – OPT-17/21631-A

Page: 18/22

Activity		Item
Time for Opening a Service Requsition		24x7x365
Assistance Time for incidents		24x7x365
Periodical Report		Monthly
Root Cause Analysis Report		05 business days after the incident has been closed.
Stabilization Period (SLO)		03 months (after entering into operation)
Changes in the environment made by the client that might impact on the contracted services		Report 48 (forty-eight) hours in advance
Programmed interruptions by UOLDIVEO for preventive and/or corrective maintenance		Will be communicated to the Client 48 (forty-eight) hours in advance

Assistance Time: Monday to Friday from 09:00 to 18:00.

• For opening calls and normal requests;

• Calls opened outside these hours will be assisted on the next business day;

Description:

• Notification of Incident Alert: the client will be notified up to 30 minutes after detection, and the mitigating actions will be started;

• Start of operation in the event of an Incident: time necessary to start the analysis and deal with incident (attacks, exploitation of vulnerabilities among others) that is impacting on the client’s environment;

• Service requisitions: requests sent by the client, such as information, analysis requests and configuration changes;

• Alteration and inclusion of attack recognition signatures: periodic signatures made available by the manufacturer that will be approved by UOLDIVEO MSS in order to avoid any instability or risks in the protection services supplied;

• Periodic Report: report with the main statistics of the functioning of the service throughout the period, with an analysis of the results obtained;

• Root Cause Report: Report issued up to the 5th business day after the incident has been closed with analysis, actions taken and possible factors causing it, in addition to presenting recommendations in order to avoid recurrence;

• Stabilization period: period that passes after service is activated and delivered to the SOC, necessary for alignments and adjustments in the processes between the Client and UOLDIVEO MSS, during this period the SLAs will be ascertained, but no fines or penalties will be imposed.

The information contained in this document is confidential and may not be published or disclosed without the prior written permission of UOLDIVEO.

▇▇▇ ▇▇▇▇▇▇▇ ▇▇▇▇▇▇ ▇▇▇. São Paulo – SP. CEP 04530-030. ▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇.▇▇

Execution Version

TECHNICAL PROPOSAL UOLDIVEO – OPT-17/21631-A

Page: 19/22

Emergency Maintenance:

• Occurs whenever problems are identified that lead to instability or unavailability of services, when UOLDIVEO will activate its best resources to solve them within the shortest time and lowest impact possible;

• During emergency maintenance, the affected Client’s primary point of contact will receive notification up to 30 minutes before the start of emergency maintenance and up to 30 minutes after completion.

Considerations for the Proposal:

• PAGSEGURO INTERNET LTDA will be responsible for the architecture of its environment, as well as for conversion of standard tower equipment to standard rack, if necessary;

• The DDoS Protection solution does not include internet bandwidth, requiring that the UOLDIVEO solution be contracted for this connection model;

• If UOL DIVEO infrastructure is affected by the DDoS attack, UOL DIVEO may make use of methodologies for blocking packets in the edge routers based on the black hole concept. The purpose is to isolate the attacker’s packet stream. Access will be normalized after the attacker interrupts its activities.

• UOLDIVEO reserves the right to change any type of supplier, brand, or software version of products used in its standard portfolio of services without adversely affecting the services of PAGSEGURO INTERNET LTDA for matters of technological updating or adaptation to market standards. UOLDIVEO is responsible for communicating in advance any type of change in its environment;

• Upon contracting DDoS Protection, UOLDIVEO will provide a specific login and password to access the UOLDIVEO MSS area within the Cients’ Portal. This access will enable PAGSEGURO INTERNET LTDA to visualize information such as:

• Average traffic in the period for inbound and outbound packets (in and out);

• Maximum traffic in the period for inbound and outbound packets (in and out);

• Graphical monitoring of the volumetric analysis of the attack in conjunction with “clean” traffic seen in Mbps (this area will only be visible during a DDoS attack);

The information contained in this document is confidential and may not be published or disclosed without the prior written permission of UOLDIVEO.

▇▇▇ ▇▇▇▇▇▇▇ ▇▇▇▇▇▇ ▇▇▇. São Paulo – SP. CEP 04530-030. ▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇.▇▇

Execution Version

TECHNICAL PROPOSAL UOLDIVEO – OPT-17/21631-A

Page: 20/22

• Chart indicating the five countries that most accessed the block of IP addresses or the main Website indicated by PAGSEGURO INTERNET LTDA (Top-5);

• Charts indicating the five most accessed ports with the TCP protocol (Top-5);

• Charts indicating the five most accessed ports with the UDP protocol (Top-5);

• Charts indicating the five Applications with the highest presence in the internet traffic (Top-5);

• A Heat Map indicating the countries that have accessed the block of IP addresses or accessed the main Website indicated by PAGSEGURO INTERNET LTDA. The access distribution will be presented in addition to the graph referenced here distributed as a percentage for each listed country;

• An act intended to paralyze the service or an attempt to paralyze an element of the infrastructure that serves PAGSEGURO INTERNET LTDA’s business with the attacker exclusively positioned on the internet and making use of the internet access supplied by UOLDIVEO will be defined as a digital attack. Thus:

• Failure to receive malicious packets for a period between thirty and sixty minutes will be considered as the end of an attack;

• If the flow of malicious packets is resumed in thirty minutes or less it will be considered the continuation of the same attack;

• If the flow of malicious packets is resumed after a period of sixty minutes it will be considered a new attack;

• UOLDIVEO considers as a reference the time (hour:minute:second) when the digital attack stopped sending malicious packages was noticed;

• UOLDIVEO will register the evidence of each attack, using for its internal analysis the IP address used by the attacker, the attack volume, its start time and its stop time. These elements are joined with the other measurements that UOLDIVEO deems necessary.

• All transmissions with the NTP, ICMP, TCP, UDP protocol, or any other protocol containing the signature of a DDoS attack is defined as a “malicious packet”. Such signature has a volumetric behavior superior to the behavioral baseline identified by the UOLDIVEO MSS team for internet access monitored by the DDoS Protection product. The time of this anomalous volumetric analysis will also be taken into account to characterize the existence or not of an attack, and it is UOLDIVEO’s responsibility to interpret it and to define if the environment defense procedure will be started;

The information contained in this document is confidential and may not be published or disclosed without the prior written permission of UOLDIVEO.

▇▇▇ ▇▇▇▇▇▇▇ ▇▇▇▇▇▇ ▇▇▇. São Paulo – SP. CEP 04530-030. ▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇.▇▇

Execution Version

TECHNICAL PROPOSAL UOLDIVEO – OPT-17/21631-A

Page: 21/22

• Activities performed by UOLDIVEO MSS in conjunction with the other Data Center teams belonging to UOLDIVEO to prevent the client’s environment from being unavailable due to a digital attack are defined as a defense procedure;

• If the contracted attack limit is reached, UOLDIVEO will configure the blackholes for the protected IP address;

• If PAGSEGURO INTERNET LTDA has attacks below the limit, these will be mitigated until the time set forth in the agreement. Having exceeded this time, UOL DIVEO will configure the blackholes for the protected IP address;

• PAGSEGURO INTERNET LTDA will be entitled to a limited number of monthly mitigations when it reaches 50% of the protected bandwidth. If the number of mitigations in this range is exceeded, UOL DIVEO will configure the blackholes for the protected IP address or may, with the authorization of PAGSEGURO INTERNET LTDA, issue an additional charge;

Responsibilities:

☑ UOLDIVEO’s RESPONSIBILITIES:

• Supply the information and technical clarification requested by PAGSEGURO INTERNET LTDA on the execution of the services;

• Have access to the installations of the environments that are the subject matter of this proposal only with the knowledge and authorization supplied by PAGSEGURO INTERNET LTDA;

• Issue, in the due terms, all documents that are its responsibility;

☑ PAGSEGURO INTERNET LTDA’s RESPONSIBILTIES:

• Any item that comes to be altered or included will be the subject of an additional commercial proposal;

• Supply authorization to access their installations when necessary to execute the scope of activities in this proposal;

• Supply in a timely manner, when it is its responsibility, the data and clarification requested by UOLDIVEO;

• Place at UOLDIVEO’s disposal the technical information about managed environment devices, including manuals, plans and data on previously executed services;

The information contained in this document is confidential and may not be published or disclosed without the prior written permission of UOLDIVEO.

▇▇▇ ▇▇▇▇▇▇▇ ▇▇▇▇▇▇ ▇▇▇. São Paulo – SP. CEP 04530-030. ▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇.▇▇

Execution Version

TECHNICAL PROPOSAL UOLDIVEO – OPT-17/21631-A

Page: 22/22

• Make a focal point availale capable of supplying environmental information necessary for the execution of the activities contained in the schedule presented in this document;

• Supply physical space and infrastructure resources necessary for the project implementation, when the client’s environment is outside the UOLDIVEO Datacenter.

The information contained in this document is confidential and may not be published or disclosed without the prior written permission of UOLDIVEO.

▇▇▇ ▇▇▇▇▇▇▇ ▇▇▇▇▇▇ ▇▇▇. São Paulo – SP. CEP 04530-030. ▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇.▇▇

EXECUTION VERSION

Commercial Proposal

WAF – Web Application Firewall

OPT-17/21635

EXECUTION VERSION

Page: 2/12

São Paulo, January 1, 2017.

To PagSeguro

Att.: ▇▇▇▇▇▇ ▇▇▇▇▇▇▇

Re.: UOLDIVEO Proposal – OPT-17/21635-A

In answer to your request, we present a technology integrated solution proposal to meet the needs of PAGSEGURO regarding IT infrastructure services.

We offer PAGSEGURO our experience in high quality services provided to the corporate market. We prepared this Proposal according to our commitment to offer the best solution to meet the business needs of PAGSEGURO.

We present below our technical proposal and thank you for this opportunity. We remain at your disposal for any clarifications.

Kind Regards,

/s/ ▇▇▇▇▇ ▇▇▇▇▇▇▇

▇▇▇▇▇ ▇▇▇▇▇▇▇

ACCOUNT EXECUTIVE

(▇▇▇) ▇▇▇▇-▇▇▇▇

(▇▇▇) ▇▇▇▇▇-▇▇▇▇

EXECUTION VERSION

Page: 3/12

Table of Contents

Non-Disclosure Agreement			4
Presentation			5
About UOLDIVEO			5
Portfolio of Services			6
UOLDIVEO’s Experience			8
Quality			9
Certifications			9
Customers			10
Commercial Conditions:			11
Considerations:			11

EXECUTION VERSION

Page: 4/12

Non-Disclosure Agreement

All information included herein is strictly confidential and is provided exclusively to technically describe

UOLDIVEO solutions, as requested by PAGSEGURO, and it must not be used for any other purpose.

With regards to the services described herein, in the event PAGSEGURO chooses a provider other than UOLDIVEO, or does not choose a provider within 15 days from the date hereof, PAGSEGURO agrees to return all exclusive and confidential information to UOLDIVEO, including, but not limited to, this document. Moreover, PAGSEGURO will not use or disclose this information in any way to obtain an unfair business advantage for itself, its subsidiaries, affiliates or partners in future business opportunities in which it may, directly or indirectly, compete with UOLDIVEO.

PAGSEGURO will not publish or disclose this information, in full or in part, without the prior written consent of UOLDIVEO. A number of company and service names included herein are trademarks. All of them are recognized in this representation.

EXECUTION VERSION

Page: 5/12

Presentation

About UOLDIVEO

UOLDIVEO, a company of the UOL Group with over 17 years of experience, offers complete IT Outsourcing solutions for mission critical environments.

It has the biggest Data Center infrastructure in Brazil, the best and most flexible Business Cloud, and a wide range of managed services. All of this is supported by one of the largest certified technical teams in Brazil, standardized processes, and cutting-edge technology, which allow an IT Transformation approach, aimed at offering a fast, efficient, and business focused IT.

UOLDIVEO serviced more than 3,000 customers and has 1,500 employees with over 280 international certifications.

UOLDIVEO is headquartered in São Paulo and has offices in 7 Brazilian capitals.

Legend

17 anos Experiência ▇▇ ▇▇▇▇▇▇▇ = 17 years Market Experience

+ 3 mil Clientes = + 3,000 Customers

1.500 Colaboradores = 1,500 Employees

26 mil m2 Data Centers = 26,000 sq mt Data Centers

Rede Própria em 7 Cidades = Own Network in 7 Cities

15 Petabytes em Armazenamento = 15 Petabytes of Storage

Soluções Orientadas por Segmento ▇▇ ▇▇▇▇▇▇▇ = Solutions Developed by Market Segment

EXECUTION VERSION

Page: 6/12

Portfolio of Services

Our portfolio consists of complete and integrated solutions to meet a number of IT requirements from companies, awarding us our recognition as trusted advisors by our partners.

Legend

Exterior Circle; upper quadrant

SERVIÇOS GERENCIADOS = MANAGED SERVICES

GESTÃO DE WAN = WAN MANAGEMENT

GESTÃO DE REDES = NETWORK MANAGEMENT GESTÃO DE BACKUP = BACKUP MANAGEMENT GESTÃO DE STORAGE = STORAGE MANAGEMENT

GESTÃO DE BANCOS DE DADOS = DATABASE MANAGEMENT

GESTÃO DE SISTEMA OPERACIONAL = OPERATING SYSTEM MANAGEMENT

GESTÃO DE APLICAÇÕES = APPLICATION MANAGEMENT GESTÃO DE MIDDLEWARE = MIDDLEWARE MANAGEMENT

GESTÃO DE PROJETOS E ESPECIALISTAS = PROJECT AND SPECIALIST MANAGEMENT

EXECUTION VERSION

Page: ▇/▇▇

▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇; left quadrant

E-COMMERCE SERVICES = E-COMMERCE SERVICES

MIDDLEWARE SERVICES = MIDDLEWARE SERVICES

CORE TECHNOLOGIES SERVICES = CORE TECHNOLOGIES SERVICES

SOLUÇÕES PARA NEGÓCIO = BUSINESS SOLUTIONS

Exterior Circle; right quadrant

GOVERNANÇA DE TI = IT GOVERNANCE

ARQUITETURA DE TI = IT ARCHITECTURE

ENGENHARIA DE SOFTWARE = SOFTWARE ENGINEERING

CONSULTORIA = CONSULTING SERVICES

Exterior Circle; lower quadrant

SERVIÇOS À APLICAÇÃO = APPLICATION SERVICES

STRESS TEST = STRESS TEST

OTIMIZAÇÃO DE PERFORMANCE = PERFORMANCE OPTIMIZATION

MONITORAMENTO DE PERFORMANCE = PERFORMANCE MONITORING

TESTES FUNCIONAIS = FUNCTIONAL TESTING

▇^▇▇ ▇▇▇▇▇ ▇▇▇▇▇▇; left side

SERVIÇOS DE SEGURANÇA = SECURITY SERVICES

VULNERABILITY SCAN = VULNERABILITY SCAN

SMART CORRELATION = SMART CORRELATION

DDOS PROTECTION = DDOS PROTECTION

WEB APPLICATION FIREWALL = WEB APPLICATION FIREWALL

BRAND PROTECTION = BRAND PROTECTION

▇^▇▇ ▇▇▇▇▇ ▇▇▇▇▇▇; right side

PLATAFORMA E SOFTWARE = PLATFORM AND SOFTWARE

SERVIÇOS DE PAGAMENTOS = PAYMENT SERVICES

PIN PAD = PIN PAD

AUTOMAÇÃO E CONTROLE = AUTOMATION AND CONTROL

PREVENÇÃO À FRAUDE = FRAUD PREVENTION

EXCHANGE = EXCHANGE

WEBFILTER = WEBFILTER

Innermost Circle; upper half

DATACENTER = DATACENTER

COLOCATION = COLOCATION CENTER

SERVIÇOS COMPARTILHADOS = SHARED SERVICES

HOSTING = HOSTING

Innermost Circle; lower half

MPLS = MPLS

LAN TO LAN = LAN TO LAN

INTERNET = INTERNET

EXECUTION VERSION

Page: 8/12

UOLDIVEO’s Experience

We are a leading Brazilian company in IT Outsourcing. We are supported by a solid group with strong experience in the Brazilian market. In addition, we have experience in the management of mission critical and high-volume environments and offer robustness and agility in our operations.

Servicing and Operations:

☐ +2.2 billion security events

☐ +6,300 firewalls

☐ +169,000 security rules

☐ monitoring +500,000 infrastructure active elements

☐ +14 million active mail boxes

☐ +400,000 internet domain names

☐ +7,000 database instances

Backbone:

☐ + 200 Gbps in traffic capability

☐ + 1,800 points of presence

☐ + 3.7 million e-commerce transactions/month

☐ 70,000 simultaneous streaming sections/second

☐ 7 billion page views/month

☐ +34 million one-time visitors

Data Center:

☐ + 15PBytes of stored data, equivalent to +3 million hours of HD movies

EXECUTION VERSION

Page: 9/12

Quality

Through IT service management best practices, we prepare continuous improvement plans aiming at business maintenance and satisfaction of our employees and customers.

Accordingly, we developed out processes based on ISO/IEC 27001, ISAE 3402 (SAS 70), ISO 20000:2011, PCI requirements and ITIL v3 and CobiT methodologies.

Certifications

EXECUTION VERSION

Page: 10/12

Customers

We have a solid portfolio of customers:

☐ 250 among the top 500 companies in Brazil;

☐ 3 biggest airline companies in Brazil;

☐ 7 among the top 10 retail companies in Brazil (90% of big e-commerce companies);

☐ 6 biggest operators of mobile phones in Brazil;

☐ 3 among the top 4 education groups in Brazil;

☐ 6 among the top 10 contact centers in Brazil;

☐ 3 among the top 5 purchasers in Brazil;

☐ 6 among the top 10 real estate groups in Brazil;

☐ 3 among the top 4 cosmetic companies in Brazil;

☐ 2 among the top 3 chemical companies in Brazil;

☐ more than 100 companies of the financial segment.

EXECUTION VERSION

CONFIDENTIAL TREATMENT REQUESTED

Page: 11/12

Commercial Conditions:

Description of Services Refers to services described in the OPT-17/21635-A Technical Proposal		Monthly fee for an engagement period of 60 months
		Including taxes
WAF Web Application Firewall		[*****]

Considerations:

• expiration of the proposal: 15 business days. After this period, if the CUSTOMER does not return this proposal duly signed to UOLDIVEO, the terms and conditions provided herein may be reviewed by UOLDIVEO;

• taxes and tax rates will be charged pursuant to applicable law:

• Telecom services: PIS, COFINS, and ICMS apply (as applicable to each region);

• Data Center Solution services, Managed Services, Software Services, Application Services, and/or Security Management Services: ISS, PIS, and COFINS apply, according to the type of service;

• any changes in tax rates or tax calculation basis on the value of services provided hereunder, as well as the creation of any taxes as of the date hereof, even if arising out of the cancellation of a tax exemption, will result in an adjustment to the prices offered (representing a price increase or decrease), according to the relevant change;

• noncompliance with the obligations set forth in the Technical and Commercial Proposals by the CUSTOMER, resulting in delays in the originally proposed schedule, does not exempt the CUSTOMER from timely complying with its other obligations, primarily those regarding the amounts payable;

• monthly fees will be invoiced as follows:

• the first (1^st) installment will be invoiced on a pro rata basis and will be payable on the 10^th day of the month following the delivery of the contracted Solution, in full or in part, to be agreed by the Parties;

• the second (2^nd) installment, as well as the other instalments that become due until the expiration of the Agreement, will be invoiced by the 20^th day, payable on the 2^nd day of the following month;

[*****] Confidential material redacted and filed separately with the Securities and Exchange Commission.

EXECUTION VERSION

Page: 12/12

• the monthly payments for products with variable fees may vary, according to the effective consumption of resources listed and amounts provided in the Commercial Proposal.

EXECUTION VERSION

Technical Proposal

WAF – Web Application Firewall

EXECUTION VERSION

Page: 2/15

São Paulo, January 01, 2017.

To

PAGSEGURO INTERNET LTDA

Regarding the UOLDIVEO (OPT-17/21635-A) Proposal

In response to your request, we present a proposal for an integrated technology solution to meet the expectations of PAGSEGURO INTERNET LTDA in relation to IT infrastructure services.

We place at PAGSEGURO INTERNET LTDA’s disposal our experience in providing excellent quality services to the corporate market. We have developed this Proposal with the commitment to offer a solution that most adheres to the business needs of PAGSEGURO INTERNET LTDA.

We are grateful for the opportunity and remain at your entire disposal for any clarification that may be necessary.

Sincerely,

/S/ Paulo ▇▇▇▇▇▇ Nova ▇▇▇▇▇▇▇▇▇

▇▇▇▇▇ ▇▇▇▇▇▇ Nova ▇▇▇▇▇▇▇▇▇

            Solution Architect

EXECUTION VERSION

Page: 3/15

Summary
Summary			3
Confidentiality Agreement			4
Presentation			5
About UOLDIVEO			5
Portfolio of Services			6
About Multicloud			7
UOLDIVEO is Multicloud			7
UOLDIVEO’s Experience			8
Quality:			9
Certifications:			9
Partners:			10
Clients:			10
Introduction			11
Objective:			11
Preliminary Instructions:			12
Management of WAF (Web Application Firewall)			13
Considerations for the WAF Management Service:			13
Details of the WAF Management service:			13
Considerations for the Proposal:			14
Responsibilities:			15

EXECUTION VERSION

Page: 4/15

Confidentiality Agreement

All the information contained in this document is strictly confidential and is provided for the sole purpose of technically describing UOLDIVEO solutions at the request of PAGSEGURO INTERNET LTDA, and shall not be used for any other purpose.

With respect to the services described herein, if PAGSEGURO INTERNET LTDA chooses a supplier other than UOLDIVEO, or if it does not select any supplier within 15 days from the date of this proposal, PAGSEGURO INTERNET LTDA hereby agrees to return all UOLDIVEO’s exclusive and confidential information, including but not limited to this document, and will not use nor disclose this information in any way in order to gain an unfair business advantage for itself, its subsidiaries, associations or partners in any way, for future business opportunities in which it may be directly or indirectly competing with UOLDIVEO.

PAGSEGURO INTERNET LTDA will not publish nor disclose this information, in whole or in part, without the prior written permission of UOLDIVEO. Many of the service and business names mentioned in this document are registered trademarks. All of them are recognized through this declaration.

EXECUTION VERSION

Page: 5/15

Presentation

About UOLDIVEO

UOLDIVEO, a UOL Group company with more than 17 years of experience, has complete IT Outsourcing solutions to meet mission critical environments.

It has the largest Data Center infrastructure in the country, the best and most flexible Corporate Cloud, in addition to a wide range of managed services. All supported by one of the country’s largest certified technical bodies, standardized processes and cutting edge technology that enable an IT Transformation approach aiming to deliver IT with speed, efficiency and a focus on the business.

There are more than 3 thousand clients served and 1500 employees with more than 280 international certifications.

UOLDIVEO is headquartered in São Paulo with a presence in 7 Brazilian capitals.

EXECUTION VERSION

Page: 6/15

Portfolio of Services

Our portfolio is composed of complete and integrated solutions that meet the most diverse needs of IT companies, making us trusted advisors of our partners.

EXECUTION VERSION

Page: 7/15

About Multicloud

In recent years, companies with typically digital characteristics are changing the traditional markets, providing new experiences for clients. While established companies have to deal with traditional systems, processes and methodologies, they are at the same time under pressure to adapt, be innovative and agile. Driven by the “Internet of Things” and Big Data, companies will undergo a transformation that will make the largest part of the business digital and the technological basis of this transformation is precisely Cloud Computing. But before making the decision to take workloads to the clouds it must be kept in mind that:

“There is no single cloud for all applications and not every application consumes any cloud”

Therefore, a Multicloud approach, where companies use clouds with different technologies and characteristics, is so important.

UOLDIVEO is Multicloud

At UOLDIVEO, companies can rely on the services of leading players in the public cloud market, such as AWS, Microsoft Azure, VMWare and OpenStack, as well as Private Cloud offers on OpenStack and VMWare and also Virtual Data Center with Virtustream technology.

All these technologies and an extensive service layer, which starts with the analysis of the application characteristics and recommendation of the appropriate cloud, up to cloud use management and improvement services, make UOLDIVEO Multicloud the right way to go about the digital transformation of companies.

For us, Multicloud is more than offering alternative hardware, software, infrastructure or an access panel to different public clouds. It is being close to the client in order to understand its challenges and appropriately form a solution that meets the needs of each application, within a differentiated service context that allows the support to grow our clients business.

EXECUTION VERSION

Page: 8/15

UOLDIVEO’s Experience

We are the leading Brazilian IT Outsourcing company. We have a solid group with strong experience in the domestic market, experience in management of mission critical environments and high volume, in addition to robustness and agility in our operations.

Service and Operations:

☐ +2.2 Billlion security events

☐ +6,300 firewalls

☐ +169,000 security rules

☐ Monitoring of +500,000 active elements of infrastructure

☐ +14 million active mailboxes

☐ +400,000 internet domains

☐ +7,000 instances of databases

Backbone:

☐ + 200 Gbps traffic capacity

☐ + 1,800 points of presence

☐ + 3.7 million e-commerce transactions/month

☐ 70,000 simultaneous sections/second of streaming

☐ 7 Billion page views/month

☐ +34 million unique visitors

Data Center:

☐ + 15PBytes of stored data which is equivalent to +3 million hours of HD film

EXECUTION VERSION

Page: 9/15

Quality:

Through best practices in IT service management, we carry out continuous improvement plans aimed at maintaining both the business and the satisfaction of our employees and clients.

In order to do this, we have developed our processes based on the requirements of ISO/IEC 27001, ISAE 3402 (SAS 70), ISO 20000: 2011, PCI, SOX, and ITIL v3 and CobiT methodologies.

Certifications:

☑ COMPANY:

Focusing on Security, Quality, Performance and Reliability, it has the following certifications:

☑ PROFESSIONALS:

Highly qualified and certified professionals to provide high quality services:

EXECUTION VERSION

Page: 10/15

Partners:

To meet the needs of our clients, we offer solutions for their business. In order to do this we have several technological partnerships of which the following are highlighted:

Clients:

We have a solid portfolio of clients:

☐ 250 of the 500 largest companies in Brazil;

☐ the 3 largest airlines in Brazil;

☐ 7 of the 10 largest retail companies in Brazil (90% of the big e-commerces);

☐ the 6 largest mobile telephone operators in Brazil;

☐ 3 of the 4 largest education groups in Brazil;

☐ 6 of the 10 largest contact center companies in Brazil;

☐ 3 of the 5 largest purchasers in Brazil;

☐ 6 of the 10 largest real estate groups in Brazil;

☐ 3 of the 4 largest cosmetic industries in Brazil;

☐ 2 of the 3 largest chemical industries in Brazil;

EXECUTION VERSION

Page: 11/15

Introduction

Objective:

To present the UOLDIVEO bases of Managed Security Services for PAGSEGURO INTERNET LTDA, in accordance with the service below:

Management of WAF (Web Application Firewall);

This proposal replaces the terms and conditions of the proposal previously in force, becoming, therefore, the new reference for scope, terms and conditions for the operation of Managed Security Services for PAGSEGURO INTERNET LTDA.

EXECUTION VERSION

Page: 12/15

Preliminary Instructions:

This proposal includes the solution of WEB Application Firewall with the objective of protecting PAGSEGURO INTERNET LTDA’s web applications from vulnerability exploitation attacks.

EXECUTION VERSION

Page: 13/15

Management of WAF (Web Application Firewall)

Technical Solution:

The solution proposed to PAGSEGURO INTERNET LTDA includes the provision of Services as detailed below:

QTY		PART NUMBER		DESCRIPTION
01		Sec-MSS-WAF-Assessment		Analyzes the existing configuration of the equipment: 4 BIG-IPs 3900 and 2 BIG-IPs 4000
06		SEC-MSS-WAF-Management Service		Management of the Web Application Firewall (BIG-IP ASM) module.

The operation of the solution includes:

✓ Management and analysis of events related to the WAF module of the equipment.

Considerations for the WAF Management Service:

• Changes tests will only be performed when the client makes available or contracts an environment for testing and/or approval. If such an environment is not provided, the change will be implemented directly in the productive environment.

• The Web Application Firewall product does not include internet bandwidth, requiring that it has been contracted previously;

• The management proposed here will only address the BIG-IP Application Security Manager (ASM) in the set of its existing rules. Other elements of the management, configuration, operation and development of the equipment will be carried out by the current team.

• Service stabilization time: 3 months after the completion of the Assessment.

Details of the WAF Management service:

The UOLDIVEO MSS Web Application Firewall (WAF) product offers protection for the simplest to the most complex applications in accordance with the business and client’s needs.

The adoption of this product will allow the client to view threats in a timely manner in order to conduct improvements and corrections that are necessary, preserving the continuity of its operations, image and its business.

☑ BENEFITS:

• Behavioral analysis and more than 2,000 signatures for active protection against attacks and threats to web applications;

• Geographical protection to mitigate access from countries with which the client has no relationship;

• Classification mechanism based on respected databases, capable of denying access to sources known to be suspicious;

• Reduction of fraud and theft of critical information;

EXECUTION VERSION

Page: 14/15

• Monitoring and management 24x7x365 with a team specializing in web application attacks and incident response;

• Integration with UOLDIVEO’s Security Operation Center (SOC) intelligent correlation system;

• Intelligent and customized protection for the applications allowing the development team flexibility to correct without the risk of attacks on the systems;

• Compliance with PCI-DSS requirement 6.6;

• Maximization of the performance of critical web applications through SSL Offloading;

• Raises connection security for applications that require Two-Way SSL;

• Avoids negative image and financial impact on your company, caused by “stuck” websites or exposure of confidential information.

☑ SLA:

Activity		Item
Monitoring and management of contracted MSS service assets		24x7x365
Start of operation in the event of an Incident		15 minutes (after detection by the SOC monitoring)
Service Requisitions (Information, Analysis and Policy Changes)		40 hours after the opening of the call, except when a maintenance window is necessary.
Alteration and inclusion of attack recognition signatures		08 hours after release of the updates by the manufacturer, conditional on approval by UOLDIVEO
Assistance time for Service Requisitions		Monday to Friday from 09:00 to 18:00. (Calls opened outside of these hours will be assisted on the next business day)
Time for Opening a Service Requisition		24x7x365
Assistance Time for incidents		24x7x365
Periodical Report		Monthly
Root Cause Analysis Report		05 business days after the incident has been closed.
Stabilization Period (SLO)		03 months (after entering into operation)
Changes in the environment made by the client that might impact on the contracted services		Report 48 (forty-eight) hours in advance
Programmed interruptions by UOLDIVEO for preventive and/or corrective maintenance		Will be communicated to the Client 48 (forty-eight) hours in advance

Considerations for the Proposal:

• UOLDIVEO reserves the right to change any type of supplier, brand, or software version of products used in its standard portfolio of services without adversely affecting the services of PAGSEGURO INTERNET LTDA for matters of technological updating or adaptation to market standards. UOLDIVEO is responsible for communicating in advance any type of change in its environment;

EXECUTION VERSION

Page: 15/15

Responsibilities:

☑ UOLDIVEO’S RESPONSIBILITIES:

• Supply the information and technical clarification requested by PAGSEGURO INTERNET LTDA on the execution of the services;

• Have access to the installations of the environments that are the subject matter of this proposal only with the knowledge and authorization supplied by PAGSEGURO INTERNET LTDA;

• Issue, in the due terms, all documents that are its responsibility;

☑ PAGSEGURO INTERNET LTDA’S RESPONSIBILITIES:

• Any item that comes to be altered or included will be the subject of an additional commercial proposal;

• Supply authorization to access their installations when necessary to execute the scope of activities in this proposal;

• Supply in a timely manner, when it is its responsibility, the data and clarification requested by UOLDIVEO;

• Place at UOLDIVEO’s disposal the technical information about managed environment devices, including manuals, plans and data on previously executed services;

• Make a focal point available capable of supplying environmental information necessary for the execution of the activities contained in the schedule presented in this document;

• Supply physical space and infrastructure resources necessary for the project implementation, when the client’s environment is outside the UOLDIVEO Datacenter.

EXECUTION VERSION

Commercial Proposal

Brand Protection – OPT-17/21636

EXECUTION VERSION

Page: 2/12

To PagSeguro São Paulo, January 1, 2017.

Att.: ▇▇▇▇▇▇ ▇▇▇▇▇▇▇

Re.: UOLDIVEO Proposal – OPT-17/21636-A

In answer to your request, we present a technology integrated solution proposal to meet the needs of PAGSEGURO regarding IT infrastructure services.

We offer PAGSEGURO our experience in high quality services provided to the corporate market. We prepared this Proposal according to our commitment to offer the best solution to meet the business needs of PAGSEGURO.

We present below our technical proposal and thank you for this opportunity. We remain at your disposal for any clarifications.

Kind Regards,

/s/ ▇▇▇▇▇ ▇▇▇▇▇▇▇

▇▇▇▇▇ ▇▇▇▇▇▇▇

ACCOUNT EXECUTIVE

(▇▇▇) ▇▇▇▇-▇▇▇▇

(▇▇▇) ▇▇▇▇▇-▇▇▇▇

EXECUTION VERSION

Page: 3/12

Table of Contents

Non-Disclosure Agreement			4
Presentation			5
About UOLDIVEO			5
Portfolio of Services			6
UOLDIVEO’s Experience			8
Quality			9
Certifications			9
Customers			10
Commercial Conditions:			11
Considerations:			11

EXECUTION VERSION

Page: 4/12

Non-Disclosure Agreement

All information included herein is strictly confidential and is provided exclusively to technically describe UOLDIVEO solutions, as requested by PAGSEGURO, and it must not be used for any other purpose.

With regards to the services described herein, in the event PAGSEGURO chooses a provider other than UOLDIVEO, or does not choose a provider within 15 days from the date hereof, PAGSEGURO agrees to return all exclusive and confidential information to UOLDIVEO, including, but not limited to, this document. Moreover, PAGSEGURO will not use or disclose this information in any way to obtain an unfair business advantage for itself, its subsidiaries, affiliates or partners in future business opportunities in which it may, directly or indirectly, compete with UOLDIVEO.

PAGSEGURO will not publish or disclose this information, in full or in part, without the prior written consent of UOLDIVEO. A number of company and service names included herein are trademarks. All of them are recognized in this representation.

EXECUTION VERSION

Page: 5/12

Presentation

About UOLDIVEO

UOLDIVEO, a company of the UOL Group with over 17 years of experience, offers complete IT Outsourcing solutions for mission critical environments.

It has the biggest Data Center infrastructure in Brazil, the best and most flexible Business Cloud, and a wide range of managed services. All of this is supported by one of the largest certified technical teams in Brazil, standardized processes, and cutting-edge technology, which allow an IT Transformation approach, aimed at offering a fast, efficient, and business focused IT.

UOLDIVEO serviced more than 3,000 customers and has 1,500 employees with over 280 international certifications.

UOLDIVEO is headquartered in São Paulo and has offices in 7 Brazilian capitals.

Legend

17 anos Experiência ▇▇ ▇▇▇▇▇▇▇ = 17 years Market Experience

+ 3 mil Clientes = + 3,000 Customers

1.500 Colaboradores = 1,500 Employees

26 mil m2 Data Centers = 26,000 sq mt Data Centers

Rede Própria em 7 Cidades = Own Network in 7 Cities

15 Petabytes em Armazenamento = 15 Petabytes of Storage

Soluções Orientadas por Segmento ▇▇ ▇▇▇▇▇▇▇ = Solutions Developed by Market Segment

EXECUTION VERSION

Page: 6/12

Portfolio of Services

Our portfolio consists of complete and integrated solutions to meet a number of IT requirements from companies, awarding us our recognition as trusted advisors by our partners.

Legend

Exterior Circle; upper quadrant

SERVIÇOS GERENCIADOS = MANAGED SERVICES

GESTÃO DE WAN = WAN MANAGEMENT

GESTÃO DE REDES = NETWORK MANAGEMENT GESTÃO DE BACKUP = BACKUP MANAGEMENT GESTÃO DE STORAGE = STORAGE MANAGEMENT

GESTÃO DE BANCOS DE DADOS = DATABASE MANAGEMENT

GESTÃO DE SISTEMA OPERACIONAL = OPERATING SYSTEM MANAGEMENT

GESTÃO DE APLICAÇÕES = APPLICATION MANAGEMENT GESTÃO DE MIDDLEWARE = MIDDLEWARE MANAGEMENT

GESTÃO DE PROJETOS E ESPECIALISTAS = PROJECT AND SPECIALIST MANAGEMENT

EXECUTION VERSION

Page: ▇/▇▇

▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇; left quadrant

E-COMMERCE SERVICES = E-COMMERCE SERVICES

MIDDLEWARE SERVICES = MIDDLEWARE SERVICES

CORE TECHNOLOGIES SERVICES = CORE TECHNOLOGIES SERVICES

SOLUÇÕES PARA NEGÓCIO = BUSINESS SOLUTIONS

Exterior Circle; right quadrant

GOVERNANÇA DE TI = IT GOVERNANCE

ARQUITETURA DE TI = IT ARCHITECTURE

ENGENHARIA DE SOFTWARE = SOFTWARE ENGINEERING

CONSULTORIA = CONSULTING SERVICES

Exterior Circle; lower quadrant

SERVIÇOS À APLICAÇÃO = APPLICATION SERVICES

STRESS TEST = STRESS TEST

OTIMIZAÇÃO DE PERFORMANCE = PERFORMANCE OPTIMIZATION

MONITORAMENTO DE PERFORMANCE = PERFORMANCE

MONITORING TESTES FUNCIONAIS = FUNCTIONAL TESTING

▇^▇▇ ▇▇▇▇▇ ▇▇▇▇▇▇; left side

SERVIÇOS DE SEGURANÇA = SECURITY SERVICES

VULNERABILITY SCAN = VULNERABILITY SCAN

SMART CORRELATION = SMART CORRELATION DDOS PROTECTION = DDOS PROTECTION

WEB APPLICATION FIREWALL = WEB APPLICATION FIREWALL

BRAND PROTECTION = BRAND PROTECTION

▇^▇▇ ▇▇▇▇▇ ▇▇▇▇▇▇; right side

PLATAFORMA E SOFTWARE = PLATFORM AND SOFTWARE

SERVIÇOS DE PAGAMENTOS = PAYMENT SERVICES

PIN PAD = PIN PAD

AUTOMAÇÃO E CONTROLE = AUTOMATION AND CONTROL

PREVENÇÃO À FRAUDE = FRAUD PREVENTION

EXCHANGE = EXCHANGE

WEBFILTER = WEBFILTER

Innermost Circle; upper half

DATACENTER = DATACENTER

COLOCATION = COLOCATION CENTER

SERVIÇOS COMPARTILHADOS = SHARED SERVICES

HOSTING = HOSTING

Innermost Circle; lower half

MPLS = MPLS

LAN TO LAN = LAN TO LAN

INTERNET = INTERNET

EXECUTION VERSION

Page: 8/12

UOLDIVEO’s Experience

We are a leading Brazilian company in IT Outsourcing. We are supported by a solid group with strong experience in the Brazilian market. In addition, we have experience in the management of mission critical and high-volume environments and offer robustness and agility in our operations.

Servicing and Operations:

☐ +2.2 billion security events

☐ +6,300 firewalls

☐ +169,000 security rules

☐ monitoring +500,000 infrastructure active elements

☐ +14 million active mail boxes

☐ +400,000 internet domain names

☐ +7,000 database instances

Backbone:

☐ + 200 Gbps in traffic capability

☐ + 1,800 points of presence

☐ + 3.7 million e-commerce transactions/month

☐ 70,000 simultaneous streaming sections/second

☐ 7 billion page views/month

☐ +34 million one-time visitors

Data Center:

☐ + 15PBytes of stored data, equivalent to +3 million hours of HD movies

EXECUTION VERSION

Page: 9/12

Quality

Through IT service management best practices, we prepare continuous improvement plans aiming at business maintenance and satisfaction of our employees and customers.

Accordingly, we developed out processes based on ISO/IEC 27001, ISAE 3402 (SAS 70), ISO 20000:2011, PCI requirements and ITIL v3 and CobiT methodologies.

Certifications

EXECUTION VERSION

Page: 10/12

Customers

We have a solid portfolio of customers:

☐ 250 among the top 500 companies in Brazil;

☐ 3 biggest airline companies in Brazil;

☐ 7 among the top 10 retail companies in Brazil (90% of big e-commerce companies);

☐ 6 biggest operators of mobile phones in Brazil;

☐ 3 among the top 4 education groups in Brazil;

☐ 6 among the top 10 contact centers in Brazil;

☐ 3 among the top 5 purchasers in Brazil;

☐ 6 among the top 10 real estate groups in Brazil;

☐ 3 among the top 4 cosmetic companies in Brazil;

☐ 2 among the top 3 chemical companies in Brazil;

☐ more than 100 companies of the financial segment.

CONFIDENTIAL TREATMENT REQUESTED

EXECUTION VERSION

Page: 11/12

Commercial Conditions:

Description of Services Refers to services described in the OPT-17/21636-A Technical Proposal		Monthly fee for an engagement period of 60 months Including taxes
Brand Protection		[*****]

Considerations:

• expiration of the proposal: 15 business days. After this period, if the CUSTOMER does not return this proposal duly signed to UOLDIVEO, the terms and conditions provided herein may be reviewed by UOLDIVEO;

• taxes and tax rates will be charged pursuant to applicable law:

• Telecom services: PIS, COFINS, and ICMS apply (as applicable to each region);

• Data Center Solution services, Managed Services, Software Services, Application Services, and/or Security Management Services: ISS, PIS, and COFINS apply, according to the type of service;

• any changes in tax rates or tax calculation basis on the value of services provided hereunder, as well as the creation of any taxes as of the date hereof, even if arising out of the cancellation of a tax exemption, will result in an adjustment to the prices offered (representing a price increase or decrease), according to the relevant change;

• noncompliance with the obligations set forth in the Technical and Commercial Proposals by the CUSTOMER, resulting in delays in the originally proposed schedule, does not exempt the CUSTOMER from timely complying with its other obligations, primarily those regarding the amounts payable;

• monthly fees will be invoiced as follows:

• the first (1^st) installment will be invoiced on a pro rata basis and will be payable on the 10^th day of the month following the delivery of the contracted Solution, in full or in part, to be agreed by the Parties;

• the second (2^nd) installment, as well as the other instalments that become due until the expiration of the Agreement, will be invoiced by the 20^th day, payable on the 2^nd day of the following month;

[*****] Confidential material redacted and filed separately with the Securities and Exchange Commission.

EXECUTION VERSION

Page: 12/12

• the monthly payments for products with variable fees may vary, according to the effective consumption of resources listed and amounts provided in the Commercial Proposal.

EXECUTION VERSION

Technical Proposal

Brand Protection

EXECUTION VERSION

Page: 2/21

São Paulo, January 01, 2017.

To

PAGSEGURO INTERNET LTDA

Regarding the UOLDIVEO (OPT-17/21636-A) Proposal

In response to your request, we present a proposal for an integrated technology solution to meet the expectations of PAGSEGURO INTERNET LTDA in relation to IT infrastructure services.

We place at PAGSEGURO INTERNET LTDA’s disposal our experience in providing excellent quality services to the corporate market. We have developed this Proposal with the commitment to offer a solution that most adheres to the business needs of PAGSEGURO INTERNET LTDA.

We are grateful for the opportunity and remain at your entire disposal for any clarification that may be necessary.

Sincerely,

/S/ Paulo ▇▇▇▇▇▇ Nova ▇▇▇▇▇▇▇▇▇

▇▇▇▇▇ ▇▇▇▇▇▇ Nova ▇▇▇▇▇▇▇▇▇

Solution Architect

EXECUTION VERSION

Page: 3/21

Summary

Summary			3
Confidentiality Agreement			4
Presentation			5
About UOLDIVEO			5
Portfolio of Services			6
About Multicloud			7
UOLDIVEO is Multicloud			7
UOLDIVEO’s Experience			8
Quality			9
Certifications			9
Partners:			10
Clients:			10
Introduction			11
Objective:			11
Preliminary Instructions:			12
Managed security services			13
Brand Protection			13
Considerations for the Brand Protection service:			14
Details of the Brand Protection service:			14
General View:			▇▇
▇▇▇▇▇▇ ▇▇ ▇▇▇▇▇▇▇▇▇▇▇▇▇ MSS:			17
Processes:			18
Schedule of Activities:			18
Security Hotline:			18
Considerations for the Proposal:			20
Responsibilities:			21

EXECUTION VERSION

Page: 4/21

Confidentiality Agreement

All the information contained in this document is strictly confidential and is provided for the sole purpose of technically describing UOLDIVEO solutions at the request of PAGSEGURO INTERNET LTDA, and shall not be used for any other purpose.

With respect to the services described herein, if PAGSEGURO INTERNET LTDA chooses a supplier other than UOLDIVEO, or if it does not select any supplier within 15 days from the date of this proposal, PAGSEGURO INTERNET LTDA hereby agrees to return all UOLDIVEO’s exclusive and confidential information, including but not limited to this document, and will not use nor disclose this information in any way in order to gain an unfair business advantage for itself, its subsidiaries, associations or partners in any way, for future business opportunities in which it may be directly or indirectly competing with UOLDIVEO.

PAGSEGURO INTERNET LTDA will not publish nor disclose this information, in whole or in part, without the prior written permission of UOLDIVEO. Many of the service and business names mentioned in this document are registered trademarks. All of them are recognized through this declaration.

EXECUTION VERSION

Page: 5/21

Presentation

About UOLDIVEO

UOLDIVEO, a UOL Group company with more than 17 years of experience, has complete IT Outsourcing solutions to meet mission critical environments.

It has the largest Data Center infrastructure in the country, the best and most flexible Corporate Cloud, in addition to a wide range of managed services. All supported by one of the country’s largest certified technical bodies, standardized processes and cutting edge technology that enable an IT Transformation approach aiming to deliver IT with speed, efficiency and a focus on the business.

There are more than 3 thousand clients served and 1500 employees with more than 280 international certifications.

UOLDIVEO is headquartered in São Paulo with a presence in 7 Brazilian capitals.

EXECUTION VERSION

Page: 6/21

Portfolio of Services

Our portfolio is composed of complete and integrated solutions that meet the most diverse needs of IT

companies, making us trusted advisors of our partners.

EXECUTION VERSION

Page: 7/21

About Multicloud

In recent years, companies with typically digital characteristics are changing the traditional markets, providing new experiences for clients. While established companies have to deal with traditional systems, processes and methodologies, they are at the same time under pressure to adapt, be innovative and agile. Driven by the “Internet of Things” and Big Data, companies will undergo a transformation that will make the largest part of the business digital and the technological basis of this transformation is precisely Cloud Computing. But before making the decision to take workloads to the clouds it must be kept in mind that:

“There is no single cloud for all applications and not every application consumes any cloud”

Therefore, a Multicloud approach, where companies use clouds with different technologies and characteristics, is so important.

UOLDIVEO is Multicloud

At UOLDIVEO, companies can rely on the services of leading players in the public cloud market, such as AWS, Microsoft Azure, VMWare and OpenStack, as well as Private Cloud offers on OpenStack and VMWare and also Virtual Data Center with Virtustream technology.

All these technologies and an extensive service layer, which starts with the analysis of the application characteristics and recommendation of the appropriate cloud, up to cloud use management and improvement services, make UOLDIVEO Multicloud the right way to go about the digital transformation of companies.

For us, Multicloud is more than offering alternative hardware, software, infrastructure or an access panel to different public clouds. It is being close to the client in order to understand its challenges and appropriately form a solution that meets the needs of each application, within a differentiated service context that allows the support to grow our clients business.

EXECUTION VERSION

Page: 8/21

UOLDIVEO’s Experience

We are the leading Brazilian IT Outsourcing company. We have a solid group with strong experience in the domestic market, experience in management of mission critical environments and high volume, in addition to robustness and agility in our operations.

Service and Operations:

❑ +2.2 Billlion security events

❑ +6,300 firewalls

❑ +169,000 security rules

❑ Monitoring of +500,000 active elements of infrastructure

❑ +14 million active mailboxes

❑ +400,000 internet domains

❑ +7,000 instances of databases

Backbone:

❑ + 200 Gbps traffic capacity

❑ + 1,800 points of presence

❑ + 3.7 million e-commerce transactions/month

❑ 70,000 simultaneous sections/second of streaming

❑ 7 Billion page views/month

❑ +34 million unique visitors

Data Center:

❑ + 15PBytes of stored data which is equivalent to +3 million hours of HD film

EXECUTION VERSION

Page: 9/21

Quality

Through best practices in IT service management, we carry out continuous improvement plans aimed at maintaining both the business and the satisfaction of our employees and clients.

In order to do this, we have developed our processes based on the requirements of ISO/IEC 27001, ISAE 3402 (SAS 70), ISO 20000: 2011, PCI, SOX, and ITIL v3 and CobiT methodologies.

Certifications

☑ COMPANY:

Focusing on Security, Quality, Performance and Reliability, it has the following certifications:

☑ PROFISSIONALS:

Highly qualified and certified professionals to provide high quality services:

EXECUTION VERSION

Page: 10/21

Partners:

To meet the needs of our clients, we offer solutions for their business. In order to do this we have several technological partnerships of which the following are highlighted:

Clients:

We have a solid portfolio of clients:

❑ 250 of the 500 largest companies in Brazil;

❑ the 3 largest airlines in Brazil;

❑ 7 of the 10 largest retail companies in Brazil (90% of the big e-commerces);

❑ the 6 largest mobile telephone operators in Brazil;

❑ 3 of the 4 largest education groups in Brazil;

❑ 6 of the 10 largest contact center companies in Brazil;

❑ 3 of the 5 largest purchasers in Brazil;

❑ 6 of the 10 largest real estate groups in Brazil;

❑ 3 of the 4 largest cosmetic industries in Brazil;

❑ 2 of the 3 largest chemical industries in Brazil;

EXECUTION VERSION

Page: 11/21

Introduction

Objective:

To present the UOLDIVEO bases of Managed Security Services for PAGSEGURO INTERNET LTDA., including the service below:

• Brand Protection;

This proposal replaces the terms and conditions of the proposal previously in force, becoming, therefore, the new reference for scope, terms and conditions for the operation of Managed Security Services for PAGSEGURO INTERNET LTDA.

EXECUTION VERSION

Page: 12/21

Preliminary Instructions:

This proposal includes the solution of Brand protection with the objective of protecting the brand and avoiding undue use of the brand on social networks, in malicious emails, generating injury to the reputation of the brand.

EXECUTION VERSION

CONFIDENTIAL TREATMENT REQUESTED

Page: 13/21

Managed security services

Brand Protection

Scope of service:

Elements considered for this proposal:

Brand: PagSeguro

• Key words pagseguro, pag seguro, pague seguro, pagueseguro, pagseg, moderninha

• Profile on social networks to be monitored

• [*****]

• [*****]

• Websites to be monitored:

• [*****]

• [*****]

• [*****]

• [*****]

• [*****]

• [*****]

• [*****]

• [*****]

• Scope

• Spam and Phishing: analyze malicious websites transmitted by e-mail;

• Social Networks: monitoring and analysis of information published on Social Networks and Blogs on the Internet;

• Social Media: monitoring and analysis of the news disseminated on the main national content portals on the Internet.

Service is implemented and running, disregard implementation activities and activity schedule.

Technical Solution:

The solution proposed to PAGSEGURO INTERNET LTDA includes the provision of Services as detailed below:

QTY		PART NUMBER		DESCRIPTION
01		SEC-Brand Protection-ADV-1y		Advanced Brand Protection with 10 non-accumulative monthly takedowns for 12 months.

[*****] Confidential material redacted and filed separately with the Securities and Exchange Commission.

EXECUTION VERSION

Page: 14/21

Considerations for the Brand Protection service:

During the evaluation and generation of the baseline period the application of contractual fines penalizing UOLDIVEO due to the stabilization and adjustment period made in the initial configuration will not be considered.

• Brand Protection:

• The UOLDIVEO MSS team will takedown false or cloned websites whether they are inside or outside UOL/UOLDIVEO.

• Up to 10 non-cumulative takedowns/month will be considered within the product-defined SLA. From the 11th takedown, UOLDIVEO MSS will act in the preparation of the takedown, but the burden of the SLA defined by the Brand Protection product will not be imputed to it.

• For websites outside the UOL environment or outside the UOLDIVEO environment, start of action will be considered in up to 60 minutes (after being detected by SOC monitoring).

• Changes in the environment made by PAGSEGURO INTERNET LTDA that may impact on contracted services must be reported 48 hours in advance;

Details of the Brand Protection service:

UOLDIVEO’s Brand Protection product aims to Identify the undue use of its clients’ brand in domain registrations, on social networks, social media, WEB pages, in the malicious flow of e-mail (“phishing” and SPAM), piracy and cases involving intellectual property, dealing with each type of case appropriately.

Analysis of the malicious flow of email uses an intelligent detection and correlation system that continually analyzes millions of malicious e-mails processed through the use of honeypot technologies, the largest in Latin America, strategically distributed, providing the unique construction of a knowledge base of the main models of attacks and undue use of the clients’ brand.

The study of social networks consists of dealing with the correlation of existing events on existing Web pages on blogs and in social networks that have been created with the purpose of denigrating a brand or representing the name of a person. Such activity makes it possible to identify cloned pages, false websites, or positive or negative comments. While social media analysis makes it possible to recognize how the media contribute negatively or positively to the promotion or not of a brand or the name of a specific person.

☑ BENEFITS:

• Prevention of use of the Brand against fraud;

• Proliferation of malicious code via e-mail (“phishing” and SPAM);

• Monitoring and management 24x7x365 through specialized teams;

EXECUTION VERSION

Page: 15/21

• Contact with authorities, security companies and intelligence networks;

• Visibility of undue use of the client’s brand;

• Protection of reputation and income;

• Sending of malicious code for treatment appropriate to the type of case;

• Integration with Safe Browser and main antivirus manufacturers;

• Following the trends and methodologies used by fraudsters;

• Identification of new threats and Zero-Day attacks.

☑ OFFERED MODEL:

Through advanced dashboards and statistical data from the internet, your company is constantly monitored by the UOLDIVEO SOC (Security Operation Center). If fraud is detected, our specialized team starts to control the fraudulent activity, reducing risk exposure and implementing countermeasures. The company is notified from detection until the end of an attack.

☑ TECHNICAL CHARACTERISTICS:

Technical Characteristics of the Business Model		Basic Protection		Advanced Protection
Antiphishing		☐		☐
Notifying the world’s main antiphishing groups				☐
Safe browser				☐
Sending brand misuse alerts		☐		☐
Assistance and Monitoring 24x7x365		☐		☐
“Takedown” service to deactivate malicious websites resident on UOL / UOLHost / UOLDIVEO*		☐		☐
“Takedown” service to deactivate malicious websites resident on other providers*				☐

* Takedown service is not included in this technical proposal.

☑ SLA:

Activity		Item
Monitoring and management of contracted MSS service assets		24x7x365
Start of operation in the event of an Incident		30 minutes (after detection by the SOC monitoring)
Service Requisitions (Information, Analysis and Policy Changes)		08 hours after the opening of the call, except when a maintenance window is necessary.
Assistance time for Service Requisitions		Monday to Friday from 09:00 to 18:00. (Calls opened outside of these hours will be assisted the next business day)
Time for Opening a Service Requisition		24x7x365

EXECUTION VERSION

Page: 16/21

Activity		Item
Assistance Time for incidents		24x7x365
“Takedown” service to deactivate malicious websites resident on UOL/UOLHost/UOLDIVEO		48 hours
“Takedown” service to deactivate malicious websites resident on other providers		Start of operation in up to 60 minutes (after detection by the SOC monitoring).
Standard Quantity of “Takedowns” for malicious websites resident on other providers		05 Takedown procedures/month, non-accumulative.
Periodical Report		Monthly, delivered in the month following the service provision
Analysis and Treatment of the Incident Report		05 business days after the incident has been closed.
Stabilization Period (SLO)		01 month (after entering into operation)
Changes in the environment made by the client that might impact on the contracted services.		Report 48 (forty-eight) hours in advance
Programmed interruptions by UOLDIVEO for preventive and/or corrective maintenance		Will be communicated to the Client 48 (forty-eight) hours in advance, except in emergencies

EXECUTION VERSION

Page: 17/21

General View:

Key:
Escopo Contratado Gerenciamento Contato Sistema Operacionais Monitoração Alertas Consolidação Reprioritização Correlacionamento Reposta a Incidentes Profissionais Especialistas Consoles de Gerência Tendências Mundiais Painel do Cliente		Contracted Scope Management Contact Operational Systems Monitoring Alerts Consolidation Re-prioritization Correlation Response to Incidents Specialist Professionals Management Consoles World trends Client Panel

MSS Escalation Model:

Key:
Gerenciamento do Cliente Analise e resposta Plantão de Gerenciamento do Cliente Resposta a Incidentes ▇▇▇▇▇ ▇, ▇▇▇▇▇ ▇, ▇▇▇▇▇ 1 Especializado Analista Segurança Senior Especialistas Analista Segurança ▇▇▇▇▇ experiênc ia em vários produtos Equipe no SOC durante horário comercial Especializados em vários produtos Equipe no SOC 24x7 Ponto único de atendimento Plantão 7x24		Client Management Analysis and response Continuous Client Management Response to Incidents ▇▇▇▇▇ ▇, ▇▇▇▇▇ ▇, ▇▇▇▇▇ ▇ Specialized Senior Security Analyst Specialists Security Analyst Vast experience in various products Team in SOC during commercial hours Specialized in various products Team in SOC 24x7 Sole point of assistance Continuous assistance 7x24

EXECUTION VERSION

Page: 18/21

Processes:

• Security Management;

• Incident Management;

• Problem Management;

• Configuration Management;

• Change Management.

Schedule of Activities:

Item		Description		Responsibilities		Term*
1.		Project Kick-off meeting		UOLDIVEO / PAGSEGURO INTERNET LTDA		D
2.		Planning and Implementation		UOLDIVEO / PAGSEGURO INTERNET LTDA		D+15
3.		Activation of Managed Services		UOLDIVEO / PAGSEGURO INTERNET LTDA		D+30
4.		Acceptance of Project Meeting		UOLDIVEO / PAGSEGURO INTERNET LTDA		D+40
5.		Continuous Operation		UOLDIVEO		45 ▇▇▇▇

Security Hotline:

PAGSEGURO INTERNET LTDA has a direct security line consisting of a telephone for queries, requests and troubleshooting in which some joint verification with an information security analyst is necessary.

EXECUTION VERSION

Page: 19/21

Through the Hotline it is possible to verify calls, ask questions about releases or blocks, and verify the existence of any attacks or security-related events. The hotline’s number is 3092-6871 (ext. 6871).

EXECUTION VERSION

Page: 20/21

Considerations for the Proposal:

• UOLDIVEO reserves the right to change any type of supplier, brand, or software version of products used in its standard portfolio of services without adversely affecting the services of PAGSEGURO INTERNET LTDA for matters of technological updating or adaptation to market standards. UOLDIVEO is responsible for communicating in advance any type of change in its environment;

EXECUTION VERSION

Page: 21/21

Responsibilities:

☑ UOLDIVEO’S RESPONSIBILITIES:

• Supply the information and technical clarification requested by PAGSEGURO INTERNET LTDA on the execution of the services;

• Have access to the installations of the environments that are the subject matter of this proposal only with the knowledge and authorization supplied by PAGSEGURO INTERNET LTDA;

• Issue, in the due terms, all documents that are its responsibility;

☑ PAGSEGURO INTERNET LTDA’s RESPONSIBILTIES:

• Any item that comes to be altered or included will be the subject of an additional commercial proposal;

• Supply authorization to access their installations when necessary to execute the scope of activities in this proposal;

• Supply in a timely manner, when it is its responsibility, the data and clarification requested by UOLDIVEO;

• Place at UOLDIVEO’s disposal the technical information about managed environment devices, including manuals, plans and data on previously executed services;

• Make a focal point available capable of supplying environmental information necessary for the execution of the activities contained in the schedule presented in this document;

• Supply physical space and infrastructure resources necessary for the project implementation, when the client’s environment is outside the UOLDIVEO Datacenter.

EXECUTION VERSION

Commercial Proposal

BPAG & NOTANET – OPT-17/21638

EXECUTION VERSION

Page: 2/12

São Paulo, January 1, 2017.

To PagSeguro

Att.: ▇▇▇▇▇▇ ▇▇▇▇▇▇▇

Re.: UOLDIVEO Proposal – OPT-17/21638-A

In answer to your request, we present a technology integrated solution proposal to meet the needs of PAGSEGURO regarding IT infrastructure services.

We offer PAGSEGURO our experience in high quality services provided to the corporate market. We prepared this Proposal according to our commitment to offer the best solution to meet the business needs of PAGSEGURO.

We present below our technical proposal and thank you for this opportunity. We remain at your disposal for any clarifications.

Kind Regards,

/s/ ▇▇▇▇▇ ▇▇▇▇▇▇▇

▇▇▇▇▇ ▇▇▇▇▇▇▇

ACCOUNT EXECUTIVE

(▇▇▇) ▇▇▇▇-▇▇▇▇

(▇▇▇) ▇▇▇▇▇-▇▇▇▇

EXECUTION VERSION

Page: 3/12

Table of Contents

Non-Disclosure Agreement			4
Presentation			5
About UOLDIVEO			5
Portfolio of Services			6
UOLDIVEO’s Experience			8
Quality			9
Certifications			9
Customers			10
Commercial Conditions:			11
Considerations:			12

EXECUTION VERSION

Page: 4/12

Non-Disclosure Agreement

All information included herein is strictly confidential and is provided exclusively to technically describe

UOLDIVEO solutions, as requested by PAGSEGURO, and it must not be used for any other purpose.

With regards to the services described herein, in the event PAGSEGURO chooses a provider other than UOLDIVEO, or does not choose a provider within 15 days from the date hereof, PAGSEGURO agrees to return all exclusive and confidential information to UOLDIVEO, including, but not limited to, this document. Moreover, PAGSEGURO will not use or disclose this information in any way to obtain an unfair business advantage for itself, its subsidiaries, affiliates or partners in future business opportunities in which it may, directly or indirectly, compete with UOLDIVEO.

PAGSEGURO will not publish or disclose this information, in full or in part, without the prior written consent of UOLDIVEO. A number of company and service names included herein are trademarks. All of them are recognized in this representation.

EXECUTION VERSION

Page: 5/12

Presentation

About UOLDIVEO

UOLDIVEO, a company of the UOL Group with over 17 years of experience, offers complete IT Outsourcing solutions for mission critical environments.

It has the biggest Data Center infrastructure in Brazil, the best and most flexible Business Cloud, and a wide range of managed services. All of this is supported by one of the largest certified technical teams in Brazil, standardized processes, and cutting-edge technology, which allow an IT Transformation approach, aimed at offering a fast, efficient, and business focused IT.

UOLDIVEO serviced more than 3,000 customers and has 1,500 employees with over 280 international certifications.

UOLDIVEO is headquartered in São Paulo and has offices in 7 Brazilian capitals.

Legend

17 anos Experiência ▇▇ ▇▇▇▇▇▇▇ = 17 years Market Experience

+ 3 mil Clientes = + 3,000 Customers

1.500 Colaboradores = 1,500 Employees

26 mil m² Data Centers = 26,000 sq mt Data Centers

Rede Própria em 7 Cidades = Own Network in 7 Cities

15 Petabytes em Armazenamento = 15 Petabytes of Storage

Soluções Orientadas por Segmento ▇▇ ▇▇▇▇▇▇▇ = Solutions Developed by Market Segment

EXECUTION VERSION

Page: 6/12

Portfolio of Services

Our portfolio consists of complete and integrated solutions to meet a number of IT requirements from companies, awarding us our recognition as trusted advisors by our partners.

Legend

Exterior Circle; upper quadrant

SERVIÇOS GERENCIADOS = MANAGED SERVICES

GESTÃO DE WAN = WAN MANAGEMENT

GESTÃO DE REDES = NETWORK MANAGEMENT

GESTÃO DE BACKUP = BACKUP MANAGEMENT

GESTÃO DE STORAGE = STORAGE MANAGEMENT

GESTÃO DE BANCOS DE DADOS = DATABASE MANAGEMENT

GESTÃO DE SISTEMA OPERACIONAL = OPERATING SYSTEM MANAGEMENT

GESTÃO DE APLICAÇÕES = APPLICATION MANAGEMENT

GESTÃO DE MIDDLEWARE = MIDDLEWARE MANAGEMENT

GESTÃO DE PROJETOS E ESPECIALISTAS = PROJECT AND SPECIALIST MANAGEMENT

EXECUTION VERSION

Page: ▇/▇▇

▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇; lft quadrant

E-COMMERCE SERVICES = E-COMMERCE SERVICES

MIDDLEWARE SERVICES = MIDDLEWARE SERVICES

CORE TECHNOLOGIES SERVICES = CORE TECHNOLOGIES SERVICES

SOLUÇÕES PARA NEGÓCIO = BUSINESS SOLUTIONS

Exterior Circle; right quadrant

GOVERNANÇA DE TI = IT GOVERNANCE

ARQUITETURA DE TI = IT ARCHITECTURE

ENGENHARIA DE SOFTWARE = SOFTWARE ENGINEERING

CONSULTORIA = CONSULTING SERVICES

Exterior Circle; lower quadrant

SERVIÇOS À APLICAÇÃO = APPLICATION SERVICES

STRESS TEST = STRESS TEST

OTIMIZAÇÃO DE PERFORMANCE = PERFORMANCE OPTIMIZATION

MONITORAMENTO DE PERFORMANCE = PERFORMANCE MONITORING

TESTES FUNCIONAIS = FUNCTIONAL TESTING

▇^▇▇ ▇▇▇▇▇ ▇▇▇▇▇▇; left side

SERVIÇOS DE SEGURANÇA = SECURITY SERVICES

VULNERABILITY SCAN = VULNERABILITY SCAN

SMART CORRELATION = SMART CORRELATION

DDOS PROTECTION = DDOS PROTECTION

WEB APPLICATION FIREWALL = WEB APPLICATION FIREWALL

BRAND PROTECTION = BRAND PROTECTION

▇^▇▇ ▇▇▇▇▇ ▇▇▇▇▇▇; right side

PLATAFORMA E SOFTWARE = PLATFORM AND SOFTWARE

SERVIÇOS DE PAGAMENTOS = PAYMENT SERVICES

PIN PAD = PIN PAD

AUTOMAÇÃO E CONTROLE = AUTOMATION AND CONTROL

PREVENÇÃO À FRAUDE = FRAUD PREVENTION

EXCHANGE = EXCHANGE

WEBFILTER = WEBFILTER

Innermost Circle; upper half

DATACENTER = DATACENTER

COLOCATION = COLOCATION CENTER

SERVIÇOS COMPARTILHADOS = SHARED SERVICES

HOSTING = HOSTING

Innermost Circle; lower half

MPLS = MPLS

LAN TO LAN = LAN TO LAN

INTERNET = INTERNET

EXECUTION VERSION

Page: 8/12

UOLDIVEO’s Experience

We are a leading Brazilian company in IT Outsourcing. We are supported by a solid group with strong experience in the Brazilian market. In addition, we have experience in the management of mission critical and high-volume environments and offer robustness and agility in our operations.

Servicing and Operations:

☐ +2.2 billion security events

☐ +6,300 firewalls

☐ +169,000 security rules

☐ monitoring +500,000 infrastructure active elements

☐ +14 million active mail boxes

☐ +400,000 internet domain names

☐ +7,000 database instances

Backbone:

☐ + 200 Gbps in traffic capability

☐ + 1,800 points of presence

☐ + 3.7 million e-commerce transactions/month

☐ 70,000 simultaneous streaming sections/second

☐ 7 billion page views/month

☐ +34 million one-time visitors

Data Center:

☐ + 15PBytes of stored data, equivalent to +3 million hours of HD movies

EXECUTION VERSION

Page: 9/12

Quality

Through IT service management best practices, we prepare continuous improvement plans aiming at business maintenance and satisfaction of our employees and customers.

Accordingly, we developed out processes based on ISO/IEC 27001, ISAE 3402 (SAS 70), ISO 20000:2011, PCI requirements and ITIL v3 and CobiT methodologies.

Certifications

EXECUTION VERSION

Page: 10/12

Customers

We have a solid portfolio of customers:

☐ 250 among the top 500 companies in Brazil;

☐ 3 biggest airline companies in Brazil;

☐ 7 among the top 10 retail companies in Brazil (90% of big e-commerce companies);

☐ 6 biggest operators of mobile phones in Brazil;

☐ 3 among the top 4 education groups in Brazil;

☐ 6 among the top 10 contact centers in Brazil;

☐ 3 among the top 5 purchasers in Brazil;

☐ 6 among the top 10 real estate groups in Brazil;

☐ 3 among the top 4 cosmetic companies in Brazil;

☐ 2 among the top 3 chemical companies in Brazil;

☐ more than 100 companies of the financial segment.

EXECUTION VERSION

CONFIDENTIAL TREATMENT REQUESTED

Page: 11/12

Commercial Conditions:

BPAG

Description of Services Refers to services described in the OPT-17/21638-A Technical Proposal		Monthly fee for an engagement period of 60 months (including taxes)
BPAG Monitoring dedicated to the E-commerce environment of PAGSEGURO, on a 24/7 basis, according to the scope set forth in the technical proposal.		[*****]

NOTANET

Description of Services Refers to services described in the OPT-17/21638-A Technical Proposal		Monthly fee for an engagement period of 60 months (including taxes)
NOTANET (Minimum amount) •    Compliance with Service Level commitments; •    compliance with legal obligations.		[*****]

Monthly assessment based on the number of processed/stored Invoices.

Description of Services Number of Issued Invoices for the assessment of the Monthly Fee
From 0 to 1,000		[*****]
From 1,001 to 2,000		[*****]
From 2,001 to 3,000		[*****]
From 3,001 to 4,000		[*****]
From 4,001 to 5,000		[*****]
From 5,001 to 10,000		[*****]
From 1,001 to 100,000		[*****]
From 100,001 to 100,000,000		[*****]

The price per Invoice varies based on the number of invoices issued and service contracted, as assessed on a monthly basis. In the event the assessed amount is below the Monthly Minimum Amount, the monthly minimum amount becomes due.

[*****] Confidential material redacted and filed separately with the Securities and Exchange Commission.

EXECUTION VERSION

CONFIDENTIAL TREATMENT REQUESTED

Page: 12/12

Number of Stored Invoices for assessment of the Monthly Fee
From 0 to 1,000		[*****]

The price per Invoice varies based on the number of stored invoices and service contracted, as assessed on a monthly basis. In the event the assessed amount is below the Monthly Minimum Amount, the monthly minimum amount becomes due.

Considerations:

• taxes and tax rates will be charged pursuant to applicable law:

• Data Center Solution services, Managed Services, Software Services, Application Services, and/or Security Management Services: ISS, PIS, and COFINS apply, according to the type of service;

• any changes in tax rates or tax calculation basis on the value of services provided hereunder, as well as the creation of any taxes as of the date hereof, even if arising out of the cancellation of a tax exemption, will result in an adjustment to the prices offered (representing a price increase or decrease), according to the relevant change;

• noncompliance with the obligations set forth in the Technical and Commercial Proposals by the CUSTOMER, resulting in delays in the originally proposed schedule, does not exempt the CUSTOMER from timely complying with its other obligations, primarily those regarding the amounts payable;

• monthly fees will be invoiced as follows:

• the first (1st) installment will be invoiced on a pro rata basis and will be payable on the 10th day of the month following the delivery of the contracted Solution, in full or in part, to be agreed by the Parties;

• the second (2nd) installment, as well as the other instalments that become due until the expiration of the Agreement, will be invoiced by the 20th day, payable on the 2nd day of the following month;

• the monthly payments for products with variable fees may vary, according to the effective consumption of resources listed and amounts provided in the Commercial Proposal.

[*****] Confidential material redacted and filed separately with the Securities and Exchange Commission.

EXECUTION VERSION

Technical Proposal

Payment Means Management Services

EXECUTION VERSION

Page: 2/29

São Paulo, January 01, 2017.

To

PAGSEGURO INTERNET LTDA

Regarding the UOLDIVEO (OPT-17/21638-A) Proposal

In response to your request, we present a proposal for an integrated technology solution to meet the expectations of PAGSEGURO INTERNET LTDA in relation to IT infrastructure services.

We place at PAGSEGURO INTERNET LTDA’s disposal our experience in providing excellent quality services to the corporate market. We have developed this Proposal with the commitment to offer a solution that most adheres to the business needs of PAGSEGURO INTERNET LTDA.

We are grateful for the opportunity and remain at your entire disposal for any clarification that may be necessary.

Sincerely,

/S/ Paulo ▇▇▇▇▇▇ Nova ▇▇▇▇▇▇▇▇▇

▇▇▇▇▇ ▇▇▇▇▇▇ Nova ▇▇▇▇▇▇▇▇▇    

Solution Architect            

EXECUTION VERSION

Page: 3/29

Summary

Summary			3
Confidentiality Agreement			4
Presentation			5
About UOLDIVEO			5
Portfolio of Services			6
About Multicloud			7
UOLDIVEO is Multicloud			7
UOLDIVEO’s Experience			8
Quality			9
Certifications			9
Partners:			10
Clients:			10
Introduction			11
Objective			11
Preliminary Instructions:			12
Payment means management services			13
Monitoring means of payment – BPAG			13
Characteristics of the Monitoring Service			13
Issue and Receipt of SAAS electronic Invoices			20
Technical Solution			20
Issue of electronic Invoice			20
Receipt of electronic Invoice			22
Premises and Restrictions – Issue and Receipt			24
Responsibilities			24
Service Level Commitment			26
Considerations for the Proposal:			28
Responsibilities:			29

EXECUTION VERSION

Page: 4/29

Confidentiality Agreement

All the information contained in this document is strictly confidential and is provided for the sole purpose of technically describing UOLDIVEO solutions at the request of PAGSEGURO INTERNET LTDA, and shall not be used for any other purpose.

With respect to the services described herein, if PAGSEGURO INTERNET LTDA chooses a supplier other than UOLDIVEO, or if it does not select any supplier within 15 days from the date of this proposal, PAGSEGURO INTERNET LTDA hereby agrees to return all UOLDIVEO’s exclusive and confidential information, including but not limited to this document, and will not use nor disclose this information in any way in order to gain an unfair business advantage for itself, its subsidiaries, associations or partners in any way, for future business opportunities in which it may be directly or indirectly competing with UOLDIVEO.

PAGSEGURO INTERNET LTDA will not publish nor disclose this information, in whole or in part, without the prior written permission of UOLDIVEO. Many of the service and business names mentioned in this document are registered trademarks. All of them are recognized through this declaration.

EXECUTION VERSION

Page: 5/29

Presentation

About UOLDIVEO

UOLDIVEO, a UOL Group company with more than 17 years of experience, has complete IT Outsourcing solutions to meet mission critical environments.

It has the largest Data Center infrastructure in the country, the best and most flexible Corporate Cloud, in addition to a wide range of managed services. All supported by one of the country’s largest certified technical bodies, standardized processes and cutting edge technology that enable an IT Transformation approach aiming to deliver IT with speed, efficiency and a focus on the business.

There are more than 3 thousand clients served and 1500 employees with more than 280 international certifications.

UOLDIVEO is headquartered in São Paulo with a presence in 7 Brazilian capitals.

EXECUTION VERSION

Page: 6/29

Portfolio of Services

Our portfolio is composed of complete and integrated solutions that meet the most diverse needs of IT companies, making us trusted advisors of our partners.

EXECUTION VERSION

Page: 7/29

About Multicloud

In recent years, companies with typically digital characteristics are changing the traditional markets, providing new experiences for clients. While established companies have to deal with traditional systems, processes and methodologies, they are at the same time under pressure to adapt, be innovative and agile. Driven by the “Internet of Things” and Big Data, companies will undergo a transformation that will make the largest part of the business digital and the technological basis of this transformation is precisely Cloud Computing. But before making the decision to take workloads to the clouds it must be kept in mind that:

“There is no single cloud for all applications and not every application consumes any cloud”

Therefore, a Multicloud approach, where companies use clouds with different technologies and characteristics, is so important.

UOLDIVEO is Multicloud

At UOLDIVEO, companies can rely on the services of leading players in the public cloud market, such as AWS, Microsoft Azure, VMWare and OpenStack, as well as Private Cloud offers on OpenStack and VMWare and also Virtual Data Center with Virtustream technology.

All these technologies and an extensive service layer, which starts with the analysis of the application characteristics and recommendation of the appropriate cloud, up to cloud use management and improvement services, make UOLDIVEO Multicloud the right way to go about the digital transformation of companies.

For us, Multicloud is more than offering alternative hardware, software, infrastructure or an access panel to different public clouds. It is being close to the customer in order to understand their challenges and appropriately form a solution that meets the needs of each application, within a differentiated service context that allows the support to grow our clients business.

EXECUTION VERSION

Page: 8/29

UOLDIVEO’s Experience

We are the leading Brazilian IT Outsourcing company. We have a solid group with strong experience in the domestic market, experience in management of mission critical environments and high volume, in addition to robustness and speed in our operations.

Service and Operations:

☐ +2.2 Billlion security events

☐ +6,300 firewalls

☐ +169,000 securirty rules

☐ Monitoring of +500,000 active elements of infrastructure

☐ +14 million active mailboxes

☐ +400,000 internet domains

☐ +7,000 instances of databases

Backbone:

☐ + 200 Gbps traffic capacity

☐ + 1,800 points of presence

☐ + 3.7 million e-commerce transactions/month

☐ 70,000 simulataneous sections/second of streaming

☐ 7 Billion page views/month

☐ +34 million unique visitors

Data Center:

☐ + 15PBytes of stored data which is equivalent to +3 million hours of HD film

EXECUTION VERSION

Page: 9/29

Quality

Through best practices in IT service management, we carry out continuous improvement plans aimed at maintaining both the business and the satisfaction of our employees and clients.

In order to do this, we have developed our processes based on the requirements of ISO/IEC 27001, ISAE 3402 (SAS 70), ISO 20000: 2011, PCI, SOX, and ITIL v3 and CobiT methodologies.

Certifications

☑ COMPANY:

Focusing on Security, Quality, Performance and Reliability, it has the following certifications:

☑ PROFESSIONALS:

Highly qualified and certified professionals to provide high quality services:

EXECUTION VERSION

Page: 10/29

Partners:

To meet the needs of our customers, we offer solutions for their business. In order to do this we have several technological partnerships of which the following are highlighted:

Clients:

We have a solid portfolio of clients:

☐ 250 of the 500 largest companies in Brazil;

☐ the 3 largest airlines in Brazil;

☐ 7 of the 10 largest retail companies in Brazil (90% of the big e-commerces);

☐ the 6 largest mobile telephone operators in Brazil;

☐ 3 of the 4 largest education groups in Brazil;

☐ 6 of the 10 largest contact center companies in Brazil;

☐ 3 of the 5 largest purchasers in Brazil;

☐ 6 of the 10 largest real estate groups in Brazil;

☐ 3 of the 4 largest cosmetic industries in Brazil;

☐ 2 of the 3 largest chemical industries in Brazil;

EXECUTION VERSION

Page: 11/29

Introduction

Objective

We present the UOLDIVEO service bases of Managed Services for PAGSEGURO INTERNET LTDA, in accordance with the services below:

• Monitoring means of payment – BPAG

• Issue and Receipt of SaaS Electronic Invoices

This proposal replaces the terms and conditions of the proposal previously in force, becoming, therefore, the new reference for scope, terms and conditions for the operation of Managed Services for PAGSEGURO INTERNET LTDA.

EXECUTION VERSION

Page: 12/29

Preliminary Instructions:

This proposal includes the solution for monitoring the BPAG means of payment and use of Notanet to carry out the Issue and Receipt of electronic Invoices in the SaaS modality.

EXECUTION VERSION

Page: 13/29

Payment means management services

Monitoring means of payment – BPAG

Scope of service:

The scope of this document deals with the description of the monitoring service that UOLDIVEO offers PAGSEGURO.

Characteristics of the Monitoring Service

To monitor PAGSEGURO’s sales it is important to understand the architecture of this environment. The environment can be understood as described below:

Monitored Flow

In accordance with the flow, the following is defined:

A.     Represents the SITE’s verification:

a.      Identification of availability.

b.      Performance of test to check the availability of the Financial Institutions.

c.      Performance of test to check the re-directioning between the site and BPag.

B. BPag Application:

a. Following the availability of the environment.

b. Following the availability of the application.

c. Following the volume and effectiveness of sales.

C. Financial Institutions / Suppliers:

a. Availability charge for third party environment.

b. Contact and notifications about availability.

EXECUTION VERSION

Page: 14/29

Purchase flow

Means of payment: Online Debit (Transfers)

A. Represents the communication between PAGSEGURO and BPag, sending of information for the start of the payment requisitions.

B. BPag communicates with the financial institution and redirects the user to the FI’s environment.

C. The institution returns the authorization information to BPag, or the probe queries the status of the request at the financial institution from time to time until it obtains a response.

D. PAGSEGURO performs queries to verify the status of the payment. E. BPag returns the result of the query with status of the request.

Means of payment – Bank Billet

A. Represents the communication between PAGSEGURO and BPag, sending of information for the start of the payment requisitions.

B. BPag returns the url of the generated bank billet.

C. The FI sends BPag the EDI file daily to be processed.

D. PAGSEGURO performs a consultation at 06:00, 12:00 and 18:00 to verify the status of the requests generated for bank billet means of payment.

EXECUTION VERSION

Page: 15/29

Means of payment – Credit Card

A. Represents the communication between PAGSEGURO and BPag, sending of information for the start of the payment requisitions.

B. BPag communicates with the financial institution.

C. The institution returns the authorization information to BPag. D. BPag returns the result of the query with status of the request.

PAGSEGURO Stores

PAGSEGURO uses the BPag ASP stores, through these stores registered in the BackOffice it will be possible to follow the flow of transactions and their origin, if they come from more than one channel.

Monitoring

The UOLDIVEO Group has an automatic checking tool (Quebec), which performs the HOSTS and SERVICES checks for the BPag ASP environment. A team of operators will also be available to work on a 24-hour handover basis 7 days a week.

Below are the points monitored and the way in which monitoring will be performed.

Automatic checking

The following BPag ASP items are checked automatically:

• Bandwidth consumption of each server;

• CPU usage of each server;

• Disk usage of each server;

• Memory usage of each server;

• Total availability of the BPag application on each server;

• Total availability of the BPag DB.

EXECUTION VERSION

Page: 16/29

Manual checking

The following BPag ASP items are checked manually by the team:

• Purchase Requisition: verification of the quantity/time ratio of the entry of orders into the PAGSEGURO stores that can be analyzed by BPag ASP’s BackOffice;

• Communication with the FI’s: analysis of the mentioned tools in order to visualize the transactions and their due status (Payment, Not effected, etc.) With this, we have a way of visualizing if the transactions are occurring and being approved correctly.

• Availability of the Site: Performance of transactions at ▇▇▇▇://▇▇▇.▇▇▇▇▇▇▇▇▇.▇▇▇.▇▇/ for communication tests between the payment gateway nucleus (BPag ASP) and the Financial Institutions.

▇▇▇▇▇ ▇ Actions

Monitoring consists of the following activities:

• Verification of the transaction flow

• Verification of volume and effectiveness

• Processing of Bank Billets.

• Verification of the tool for receiving and sending calls.

• Monitoring of transactions in general.

Verificatoin of the transactions.

Access data:

URL: ▇▇▇▇▇://▇▇▇▇.▇▇▇.▇▇▇.▇▇/▇▇▇▇▇/▇▇▇▇▇

Store: PAGSEGURO

User: consult table of users

Pasword: consult table of passwords

1^st - In the Back Office, perform a search of the transactions paid for each means of payment. With this, we can validate if the transactions are being approved successfully;

2^nd - In the Back Office, perform a search of the transactions in all the statuses for each means of payment. With this, we can validate if BPag is receiving new transactions;

3^rd - Taking into account the quantity/time ratio for the time of day, verify if there are new transactions paid or if there are new transactions. If there is any indication of a problem, activate the support alert/standby.

EXECUTION VERSION

Page: 17/29

Monitoring of transactions in general

Access data:

URL: ▇▇▇▇://▇▇▇▇.▇▇▇.▇▇▇.▇▇/▇▇▇▇▇▇▇

User: consult table of users

Password: consult table of passwords

Domain: ▇▇▇▇://▇▇▇▇.▇▇▇.▇▇▇.▇▇

Context: monitor

At once, with the BLOG open, select the BPag ASP application events and in the user field type “pagseguro”. Monitor the events in real time with an update rate of 5 seconds.

1^st – Verify if there are new events;

2^nd – Verify if the events are happening correctly without incidence of errors that characterize the shutdown of the environment.

3^rd - If there is any indication of a problem, collect information of the event (store, means of payment, event ID, order number);

4^th - In the Back Office perform a search to verify if there are paid transactions with a time of day later than the time of day of the error in the BLOG;

5^th - Perform a test transaction to validate the functioning of the environment;

6^th - If a problem is identified, activate the support alert/standby.

Size of the team

For the execution of the monitoring activities, UOLDIVEO offers a team of five Operators, each performing six-hour work shifts. A Support Supervisor and a Support and Monitoring Manager working during business hours.

Duties

S&M-E Manager

• Act as point of contact for PAGSEGURO;

• Prepare service measurement reports;

• Evaluate during the monitoring period the activities with the responsible technician indicated by PAGSEGURO;

• Coordinate the activities of team members;

• Ensure communication between team members, providing direction;

EXECUTION VERSION

Page: 18/29

• Generate and consolidate new ideas for service improvement.

Support Supervisor

• Coordinate the Level 1 monitoring and support activities;

• Ensure compliance with the 24x7 monitoring team roster during the monitored period;

• Disseminate changes in procedures to the team;

• Design monitoring routines and determine actions for occurrences;

• Evaluate activities weekly with the PAGSEGURO responsible technician;

• Generate new ideas for service improvement.

Monitoring Operator

• Verify the 24x7 system and act as Operator during the monitored period;

• Identify errors or nonconformities;

• Open calls with the Level 1 support of the responsible supplier;

• Follow the call from start to finish;

• Record all occurrences;

• Generate new ideas for service improvement.

Monitoring management

The monitoring management that UOLDIVEO offers PAGSEGURO in this service will be executed as described below:

Record of the incidents

The detected incidents will be recorded by e-mail and in the UOLDIVEO call control tool. The calls will provide information on:

• Identification of the incident;

• Start of the unavailability/intermittence;

• End of the unavailability/intermittence;

• Total time of the unavailability/intermittence;

• Action taken to resolve the incident.

EXECUTION VERSION

Page: 19/29

Meetings

UOLDIVEO will present the reports for the monitored period remotely through a previously agreed conference call.

Scope

It is understood that the items defined in this document include all UOLDIVEO’s monitoring responsibilities for PAGSEGURO. Any other request must be previously agreed upon and the possibility of execution verified, and it may be charged on acceptance.

EXECUTION VERSION

Page: 20/29

Issue and Receipt of SAAS electronic Invoices

Technical Solution

The solution consists of the use of Notanet to perform the Issue and Receipt of electronic invoices in the SaaS modality (solution hosted in the UOLDIVEO Datacenters) integrated with the already available means, which are detailed below. The following activities must be performed in order to complete it:

• Configuration of the SaaS Notanet application (service mode) and of specific connectors during the implementation process in accordance with the integration means chosen by PAGSEGURO INTERNET LTDA;

• Understanding of the PAGSEGURO INTERNET LTDA operational model, meeting the company’s characteristics and business rules, as well as security policies and integration of systems and applications. In this way, the best way of using the Notanet application is sought;

• The specialized UOLDIVEO Implementation Team follows the entire integration process to resolve queries and validate the final results together with PAGSEGURO INTERNET LTDA;

• Remote training of final users.

It is important to mention that our solutions will always be able to process the Electronic Financial Documents (issue, receipt, among others) in accordance with the specific legislation in force and its mandatory functional scope is also included in this proposal.

In general, all persons responsible for delivering the solutions described in this commercial proposal and detailed in the technical proposal will carry out their activities on the premises of UOLDIVEO and its affiliates.

Issue of electronic Invoice

Notanet’s solution for the issue of electronic Invoices allows great integration flexibility in addition to facilitating the management of the invoices and compliance with the legal requirements, since the invoices are also distributed and stored in addition to being issued.

Details of the Solution

The issue of the invoices will be possible through the following integration models:

• Bank to bank: PAGSEGURO INTERNET LTDA inserts records into a database. From there our solutions query this database and process the issue of the invoices and the frequency of returns;

• Free SEFAZ standard text files: PAGSEGURO INTERNET LTDA generates the files and makes them available in a directory for consumption by the UOLDIVEO connector;

• UOLDIVEO Standard text files: PAGSEGURO INTERNET LTDA generates the files and makes them available in a directory for consumption by the UOLDIVEO connector;

• Webservices: PAGSEGURO INTERNET LTDA consumes the web services made availble by UOLDIVEO to process the issue of the invoices.

EXECUTION VERSION

Page: 21/29

Our solution is based on the JAVA language with the following characteristics:

• Fully JEE;

• Application server compatible with JEE (WebLogic, TomCat, etc.);

• Apache Web Server (Linux or UNIX) or MS IIS;

• Digital Signature: BoldCryptotm.

• Data base:

• Oracle - 9i, 10g and 11g;

• MSSQL Server - 2000, 2005, and 2008.

The ERP system may communicate with the UOLDIVEO solution from the integration model chosen by the client.

If PAGSEGURO INTERNET LTDA opts for integration via txt file, it is necessary to install and configure a UOLDIVEO application module called “ConectorTXT”.

This module is responsible for processing the requisitions generated by the ERP. The process is detailed below:

1) The user sets the electronic Invoice parameters from the ERP system (sender, recipient, products).

2) The ERP system generates a file in TXT format (UOLDIVEO standard) and writes the file to a directory - on the server or on the network;

3) The “ConectorTXT” module receives the text file, converts it to SEFAZ standard XML and sends it to the UOLDIVEO servers for processing;

4) The generated XML is signed and sent to SEFAZ;

5) After processing the XML by SEFAZ, the “ConectorTXT” module generates a file with the processing result and writes to a directory - on the server or on the network;

6) The ERP uses the return file information to update the electronic Invoice status.

Available Services

The following services and functionalities are available in the tool:

• Integration

• Issue of electronic Invoice;

• Normal;

• Contingency (all modalities approved by SEFAZ);

• Storage of the electronic Invoice’s XML for the legal term (5 years plus the current year);

• Automatic sending of the distribution XML to the recipient;

• Automatic printing of the DANFE;

• All layouts approved by SEFAZ;

• Electronic Invoice status query;

EXECUTION VERSION

Page: 22/29

• Cancelation of electronic Invoice;

• Disabling of electronic Invoice numbering;

• Issue of CC-e (Electronic Correction Letter).

• WEB

• Issue of electronic Invoice;

• Normal;

• Contingency (all modalities approved by SEFAZ);

• Storage of the electronic Invoice’s XML for the legal term;

• Manual sending of the distribution XML to the recipient;

• Manual printing of the DANFE;

• All layouts approved by SEFAZ;

• Electronic Invoice status query;

• Cancelation of electronic Invoice;

• Disabling of electronic Invoice numbering;

• Issue of CC-e (Electronic Correction Letter);

• Registration of suppliers;

• Registration of recipients;

• Registration of transporters.

Receipt of electronic Invoice

Automation of the receiving process for the XML of electronic Invoices – Invoices in the SaaS modality. Part of the scope of this proposal is the receipt of electronic Invoices with availability of the information from the documents received via WEB portal, e-mail, webservices or database.

Once the XML has been received, the Notanet system will process the files and perform the following validations:

• Validation of the XML Schema of the electronic Invoice;

• Verification of the digital signature’s validity;

• Status query of the electronic Invoice with SEFAZ;

• Only invoices properly authorized by SEFAZ will be successfully received;

• Storage of the XML of the electronic Invoice on a database.

The system has a graphical interface (WEB Portal) so that users can verify the status of the XMLs of the received electronic Invoices.

EXECUTION VERSION

Page: 23/29

Users may also validate the DANFE on the portal upon receipt of the merchandise. Through the portal validation and receipt of the XML, the system performs a data cross-checking (XML x DANFE), offering greater security for the physical receipt of the merchandise when compared with the receipt of the XML file.

Details of the solution:

The receipt of documents will be possible through the following integration models:

• WEB Portal: the XMLs are uploaded directly to Notanet;

• Bank to bank: PAGSEGURO INTERNET LTDA inserts records into a database. From there our solutions query this database and process the receipt of the invoices and the frequency of returns;

• E-mail: An e-mail account is set up where all XMLs must be sent. The Notanet solution will connect to the e-mail server downloading all XMLs. Another possibility is PAGSEGURO INTERNET LTDA creating redirection rules in its mailboxes to the e-mail set up by UOLDIVEO;

• Webservices: XMLs are sent directly to UOLDIVEO through the consumption of web services conferring flexibility and independence of operational system platforms or programming languages.

This solution is totally web, based on the JAVA language with the following characteristics:

• Fully JEE;

• Application server compatible with JEE (WebLogic, TomCat, etc.);

• Apache Web Server (Linux or UNIX) or MS IIS;

• Data base:

• Oracle - 9i, 10g and 11g;

• MSSQL Server - 2000, 2005, and 2008.

The ERP system may integrate with the Notanet system to receive information that is part of the XML files. This integration will be analyzed on a case by case basis by the UOLDIVEO Solution Architects generating a new solution design that may or may not incur additional implementation and deployment costs.

Available Services

The following services, functionalities and business rules are available in the tool:

• Funcionalities;

• Query;

• History;

• Maintenance and Security;

• User authentication;

• Failure tolerance in the event of unavailable SEFAZ/SEFIN;

• Communication via WS;

• Secure operations, with transparent authentication for the user;

EXECUTION VERSION

Page: 24/29

• Monitoring and control;

• The system is available on a 24x7x365 basis;

• The system is multiuser.

• Business Rules

• Invalid XML files will be discarded by the system;

• Any file with an extension other than XML (.pdf, .doc, .jpg, .gif, etc) will be discarded by the UOLDIVEO system;

• The system will receive the XML file with this extension or in a zip file without a password; o The system will only accept XMLs in the “distribution” format (containing the nfeproc tag); o XMLs received without the “nfeproc”tag will be discarded;

• Unsigned XMLs will be discarded;

• All electronic Invoices received by the system will be stored for the legal term (five years plus the current year).

Premises and Restrictions – Issue and Receipt

The following are premises and restrictions:

• During the Kick-off meeting the contact details for the Support and Implementation team and for escalation will be presented by UOLDIVEO;

• At this meeting the detailed implementation schedule will be defined;

• The Kick-off meeting takes place within 15 days of signing the agreement. This meeting marks the start of the implementation project;

• SLA established between UOLDIVEO à PAGSEGURO INTERNET LTDA;

• No customizations are provided for in the Issue or Receipt tools for this project;

• UOLDIVEO may involve subcontractors and other third parties to perform their obligations under this proposal, provided that they are presented in advance and approved by PAGSEGURO INTERNET LTDA;

• During the implementation, if PAGSEGURO INTERNET LTDA opts for an integration model that requires the installation of connectors in the cleint’s infrastructure, PAGSEGURO INTERNET LTDA will provide access to this environment for our Implementation Team. Any and all access will be previously agreed with PAGSEGURO INTERNET LTDA so that the procedures can be followed.

Responsibilities

Responsibilities are obligations that must be fulfilled both by PAGSEGURO INTERNET LTDA and by UOLDIVEO in order to deliver the proposed solution successfully.

EXECUTION VERSION

Page: 25/29

PAGSEGURO INTERNET LTDA

• Supply, in writing, all technical data that might come to be requested by UOLDIVEO, necessary for the execution of the Services;

• Assign its employees to participate in the Kick Off meeting to be scheduled from the signing of the

• Agreement, in order to establish the implementation schedule of the contracted Services;

• Make access available to the PAGSEGURO INTERNET LTDA systems necessary for the provision of the Services contracted herein;

• Communicate with its internal and external suppliers in order to guarantee the consistency of the data necessary for the performance of the Services provided by UOLDIVEO;

• Comply with UOLDIVEO’s technical and safety criteria. Security criteria means the protected storage of information and its sending through secure channels using passwords and protocols that make use of encryption is .

UOLDIVEO

• Perform preventive and corrective maintenance on the items provided by UOL DIVEO;

• Maintain its solutions always updated as required by law;

• Maintain PAGSEGURO INTERNET LTDA duly informed of any changes or updates to the solutions that make up this proposal;

• Set up appropriate infrastructure, put together qualified and appropriate teams to provide the contracted Services;

• Make its best efforts to comply with agreed schedules and SLAs.

EXECUTION VERSION

Page: 26/29

Service Level Commitment

Introduction

In this section we deal with the indicators and also with the teams involved in ensuring that the information processing will always be performed and guaranteed in the best way possible.

Therefore, our Technical Support team has multidisciplinary professionals trained in the solution of our client’s queries and will be available by email and telephone during business hours Monday to Friday. Outside this period, we have Monitoring team attendants who are also able to assist the client.

Depending on the severity of the incident, other teams will be involved as appropriate, always aiming to best serve the client. In this proposal indicators for Shared Monitoring and Support are referenced.

PAGSEGURO INTERNET LTDA will receive the technical support and monitoring channels during the implementation kick-off.

Below we present the service levels of the support team as well as the Availability SLA for the electronic invoices in the SaaS modality.

Service Level Agreement (SLA)

The Service Level Agreements are considered in accordance with the severity level classification. The severity levels are classified as follows:

• Critical - When the system or environment is given as completely inoperative, that is, unavailable.

• High - when the functioning of the system or the environment is intermittent.

• Medium – when the system or environment is presenting behaviour that can affect the productivity of our client’s business.

• Low – Isolated incidents without operational impact.

Severity Levels and Resolution Times

This describes the activities involved in assisting and resolving calls by the monitoring and technical support teams with their respective times.

Type of Service		Critical		High		Medium		Low
Understanding the incident and start of technical intervention		30 min. (24X7)		2 hours (24X7)		2 days (Business)		4 days (Business)
Managing the incident (workaround or definitive solution)		2 hours (24X7)		4 hours (24X7)		N/A
Incident report (descriptive report of the incident)		2 days (Business)		2 days (Business)
Managing the problem (action plan /definitive solution)		4 days (Business)		4 days (Business)		10 days (Business)		20 days (Business)

EXECUTION VERSION

Page: 27/29

The goal is that 90% of the calls are answered in the times listed above. If there is no credit of 1% (one percent) in the monthly ▇▇▇▇ for each type of Severity (SLA not OK) up to a maximum of 6% added to the results of Availability metrics.

Monthly Availability SLA

This measures the percentage of time in the current month that the Electronic Financial Document tools must be available and fully usable by PAGSEGURO INTERNET LTDA.

Metrics		Target		Penalty for failure to comply
Monthly Availability		Above 99.90%		—
		From 99.90% to 99.00%		2.5% of discount in the monthly ▇▇▇▇
		From 99.00% to 98.00%		5.0% of discount in the monthly ▇▇▇▇
		From 98.00% to 97.00%		7.5% of discount in the monthly ▇▇▇▇
		Below 97.00%		10.0% of discount in the monthly ▇▇▇▇

EXECUTION VERSION

Page: 28/29

Considerations for the Proposal:

• UOLDIVEO’s operations are restricted to the supply of management services presented in this proposal. Any elements, inputs or activities that are not explicitly specified are not part of the scope and, if necessary, must be contracted additionally or supplied / executed directly by PAGSEGURO INTERNET LTDA.

• Proposal does not include upgrade of database version, operational systems or any applications;

• When necessary PAGSEGURO INTERNET LTDA must ensure that professionals are available and able to support the activities inherent to the solution contracted and described in this proposal.

• Third-party products (hardware, software, etc.) acquired by PAGSEGURO INTERNET LTDA will follow the manufacturers’ standard lifecycle, and it is therefore at UOLDIVEO’s discretion whether or not to supply support for the items mentioned when they are beyond their life cycles (there will be no SLA for products the life cycle of which has been terminated by manufacturers);

• UOLDIVEO reserves the right to change any type of supplier, brand, or software version of products used in its standard portfolio of services without adversely affecting the services of PAGSEGURO INTERNET LTDA for matters of technological updating or adaptation to market standards. UOLDIVEO is responsible for communicating in advance any type of change in its environment;

EXECUTION VERSION

Page: 29/29

Responsibilities:

☑ UOLDIVEO’S RESPONSIBILITIES:

• Supply the information and technical clarification requested by PAGSEGURO INTERNET LTDA on the execution of the services;

• Have access to the installations of the environments that are the subject matter of this proposal only with the knowledge and authorization supplied by PAGSEGURO INTERNET LTDA;

• Issue, in the due terms, all documents that are its responsibility;

☑ PAGSEGURO INTERNET LTDA’S RESPONSIBILITIES:

• Any item that comes to be altered or included will be the subject of an additional commercial proposal;

• Supply authorization to access its installations when necessary to execute the scope of activities in this proposal;

• Supply in a timely manner, when it is its responsibility, the data and clarification requested by UOLDIVEO;

• Make available to UOLDIVEO the technical information about managed environment devices, including manuals, plans and data on previously executed services;

• Make a focal point available capable of supplying environmental information necessary for the execution of the activities contained in the schedule presented in this document;