Vixiees Software Terms and Conditions of Use

GENERAL AGREEMENT

SaaS service provider: Vixiees Tech-Hub, S.L., with tax ID B44570174 and registered office at C/ Lepant 270, 08013 Barcelona (Spain), registered in the Barcelona Commercial Registry, Volume 48,632, Folio 1, Sheet B-590.734, Entry 1 (hereinafter, "Vixiees"). The user of the service or services (hereinafter, the "CLIENT") accepts the conditions set out in these Terms and Conditions. Use of the service implies full acceptance of these conditions.

1. Scope of application

1.1. These Terms and Conditions and the Vixiees platform are intended exclusively for companies and professionals. The application is not intended for consumers or private users. The CLIENT declares that it is entering into this agreement in its capacity as a company or professional for the purposes of applicable law.

2. License of use and intellectual property

2.1. Vixiees grants the CLIENT a non-exclusive, non-transferable, non-sublicensable and revocable license to use the Vixiees software, limited to the term of the agreement and to web use through the assigned credentials.

2.2. All intellectual and industrial property rights over the software, the platform, the brand, the logos, the source code, the documentation, the interfaces, the models, the know-how and any improvement or derivative development belong exclusively to Vixiees or its licensors. No right other than the use license described is transferred to the CLIENT.

2.3. The CLIENT undertakes not to perform reverse engineering, decompilation, disassembly, resale, sublicensing, copying, modification, assignment or creation of derivative works from the platform, except where mandatory law permits it.

2.4. The data, contacts, recordings, transcripts, content and databases that the CLIENT enters or generates through use of the platform are and shall remain the property of the CLIENT. Vixiees will process them only under the terms set out in Annex 2 (DPA).

2.5. The CLIENT acknowledges that the access URLs for the contracted product are the property of Vixiees.

3. Data protection policy

Vixiees, in accordance with current data protection regulations, in particular Regulation (EU) 2016/679 (GDPR) and Organic Law 3/2018 of December 5 (LOPDGDD), informs:

3.1. The data collected through the forms located at https://vixiees.com or other domains or subdomains related to Vixiees are included in automated files for internal use whose controller and owner is Vixiees, for the purpose of providing the contracted services or providing the information requested by the CLIENT.

3.2. Vixiees guarantees the confidentiality of the data collected and adopts the technical and organizational measures necessary to ensure its security and integrity.

3.3. Vixiees will not sell, assign or transfer the collected data under any circumstances, without prejudice to communications to the competent public authorities when required under applicable law.

3.4. The CLIENT may exercise its rights of access, rectification, erasure, objection, restriction of processing, portability and not to be subject to automated individual decisions, by request to dpo@vixiees.com or contact@vixiees.com.

3.5. The CLIENT guarantees the truthfulness, accuracy, validity and authenticity of the data provided and undertakes to keep it updated.

3.6. The processing of personal data arising from the provision of the service shall be governed by the Data Processing Agreement (DPA) in Annex 2, which forms an integral part of this contract. In the event of any contradiction between this clause and the DPA, the DPA shall prevail.

3.7. All servers hosting Vixiees information and applications are located in Europe, within the territory of the European Union.

3.8. Additional cookie information: Cookie Policy.

4. Call recordings and Artificial Intelligence

4.1. The platform allows the CLIENT's communications to be recorded, transcribed and analyzed. It is the CLIENT's sole responsibility to obtain the consent of the interlocutors for the recording and processing of their data, as well as to comply with the information obligations arising from applicable law.

4.2. The maximum retention period for recordings and transcripts on the platform is 6 months, after which Vixiees will delete them unless the CLIENT expressly contracts a longer period.

4.3. Vixiees does not use the CLIENT's data, recordings, transcripts or content to train Artificial Intelligence models, whether its own or third-party models.

4.4. The CLIENT undertakes to use the Artificial Intelligence functionalities in accordance with applicable law, in particular Regulation (EU) 2024/1689 (Artificial Intelligence Act), refraining from fraudulent use or from carrying out any of the practices prohibited by that Regulation.

5. Technical support or inquiries

5.1. Vixiees will provide technical or administrative/commercial support according to what is established on the websites related to the product to be contracted.

5.2. Response time is a maximum of 24 hours in cases of incidents and technical or functional support, excluding Saturdays, Sundays and official public holidays in Spain.

5.3. The service will be provided during Vixiees' business hours: Monday to Friday from 9:00 a.m. to 6:00 p.m. (mainland Spain time).

5.4. Maintenance, updates and error resolution services are performed remotely. They do not include travel to the CLIENT's facilities.

6. Billing and payments

6.1. All applicable prices, fees and economic conditions will be published at all times in the pricing section within the Vixiees application. Such information forms an integral part of the contract.

6.2. Prices will always be published excluding taxes. Applicable taxes (VAT or other equivalents) will be added to the invoice based on the default country of the CLIENT's account.

6.3. Payment is monthly. On the signup date, an invoice will be issued for the proportional share of the remaining days of the month; subsequent invoices will be issued within the first five (5) days of each month. Payment will be made by SEPA transfer or credit/debit card.

6.4. Vixiees may modify prices and economic conditions by up to 10% per year, with at least 90 days' prior notice to the CLIENT. If that period elapses without the CLIENT's express objection, the new conditions shall be deemed accepted.

6.5. In the event of a chargeback, delay or non-payment 5 days after the billing date, Vixiees may suspend the service until payment is confirmed. In the event of a returned direct debit, the CLIENT will be charged an additional fifteen (15) € + VAT for bank fee costs.

6.6. After repeated delays or non-payments, Vixiees may request that the CLIENT provide a security deposit equal to the current fee.

6.7. If Vixiees has to cancel a service due to non-payment, it shall not be liable for any damages that may be caused to the CLIENT or its customers.

7. Duration and cancellation of the service

7.1. The duration of the contract will depend on the conditions agreed at the time of contracting and on the maintenance of the associated payments.

7.2. There is no minimum commitment. The CLIENT may cancel the service at any time from its own account within the application. No written notice or additional request is required.

7.3. Fees already invoiced or paid shall not be refunded, regardless of the time of the month in which the cancellation occurs.

7.4. The cancellation will become effective once processed by the system and, in any case, within 72 hours from its request in the application.

7.5. The CLIENT shall have the right to request a copy of its data within 72 hours following the effectiveness of the cancellation, in accordance with the provisions of the DPA (Annex 2). Vixiees will deliver the data in the technically feasible format, which may include, among others, CSV files, audio files and transcripts. The proper subsequent handling of the data shall be the CLIENT's responsibility.

7.6. In the hypothetical event that Vixiees cancels the service without the CLIENT having breached any of the conditions described herein, the amount corresponding to the proportional part of the unused period will be refunded.

8. Termination for breach

8.1. Either party may terminate this contract for material breach by the other party, following written notice identifying the breach and granting a 30 calendar day period to remedy it. If the period elapses without remedy, the contract shall be automatically terminated.

8.2. Notwithstanding the foregoing, cases of non-payment (clause 6) and unlawful use or misuse of the platform (clauses 9 and 10) shall be governed by the specific mechanisms of suspension or immediate cancellation provided for in the corresponding clauses, without the need for a cure period.

9. Acceptable use of the platform

9.1. The CLIENT undertakes to use the platform solely for the purposes permitted under this contract and in full compliance with applicable law. It is expressly prohibited to:

• use the platform for illegal, fraudulent or immoral purposes or purposes contrary to public order;

• host or transmit illegal content, including child pornography or content with reserved copying rights (music, video, software) without a license;

• use the service to carry out SPAM or mass and indiscriminate sending of emails, SMS or WhatsApp messages;

• perform reverse engineering, decompilation, disassembly, copying, resale or creation of derivative works;

• perform load testing, benchmarking, scraping or unauthorized mass data extraction;

• circumvent the security mechanisms or technical limits of the platform;

• create fake accounts, share credentials or allow access to unauthorized third parties;

• sublet or transfer the service to other clients or third parties unless expressly provided for in the specific conditions.

10. Immediate suspension for misuse

10.1. Vixiees reserves the right to suspend or cut off the service immediately and without prior notice in the event of receiving any complaint, notice, request from a competent authority or reasonable evidence of misuse or unlawful use of the platform by the CLIENT.

10.2. Service interruption may occur before any clarification. Explanations, claims and any reinstatement shall be handled after the suspension.

10.3. Liability to third parties for misuse, hosted content or communications made through the platform shall rest entirely with the CLIENT, which shall hold Vixiees harmless against any claim, sanction or damage arising from such use.

11. Warranties and service level (SLA)

11.1. Vixiees shall be responsible for the proper functioning of the contracted product, resolving any incident arising from its malfunction as soon as possible.

11.2. Vixiees guarantees a monthly platform availability level of 99% (uptime), calculated on a natural monthly basis and excluding previously communicated scheduled maintenance windows, force majeure events and incidents attributable to third-party providers or to the CLIENT itself.

11.3. Vixiees is not responsible for service malfunction due to issues associated with its providers, nor for incidents arising from misuse by the CLIENT, in which case it may invoice the corresponding costs.

11.4. Vixiees does not guarantee that the services are suitable for the CLIENT's specific needs. Any unsuitability thereof shall not be grounds for termination of the contract or non-payment of the fees.

11.5. The CLIENT must report any incident to info@vixiees.com or through the channels indicated on the website related to the subscribed product.

11.6. Vixiees will make backups every 24 hours of the CLIENTS' databases, from which the service can be restored in the event of a serious incident. The foregoing does not exempt the CLIENT from ensuring its own backup processes. The specific retention and restoration conditions shall be governed, where applicable, by the DPA.

11.7. The CLIENT must use all means at its disposal to prevent access by unauthorized third parties and must ensure the secrecy of passwords, changing them at the slightest suspicion.

12. Technical requirements

12.1. The Vixiees platform is optimized for the latest versions of the Google Chrome browser. Other browsers may work, but Vixiees does not guarantee full compatibility or the optimal experience outside that environment.

12.2. The CLIENT is responsible for having Internet connection, hardware and appropriate configuration for use of the service.

13. API for developers

13.1. The uses, technical limits, call quotas and other terms applicable to the Vixiees API are published at https://developers.vixiees.com and must be consulted there by the CLIENT, and form an integral part of this contract.

14. Certifications and security

14.1. Vixiees holds the CASA Tier 2 certification required by Google, certifying the application of standard security controls over the service provided.

15. Liabilities and limitation of liability

15.1. Vixiees shall not be liable for loss of profits, lost revenue, loss of data or indirect or consequential damages arising from the use, operation or performance of the software.

15.2. Without prejudice to the CLIENT's mandatory rights, Vixiees' maximum aggregate liability for any claims arising from or related to this contract shall be limited to the amount actually paid by the CLIENT to Vixiees during the twelve (12) months immediately preceding the event giving rise to liability.

15.3. Vixiees shall not be liable for failure to perform its obligations if performance has been prevented, interfered with or delayed by circumstances beyond its reasonable control, including, among others, acts of force majeure, acts of God, strikes, riots, lockouts, acts of war, epidemics, official acts or regulations, fires, communication failures, power supply failures, lightning, earthquakes, floods and disasters.

15.4. Vixiees is not responsible for misuse of the platform with third-party services (for example Facebook, WhatsApp or others) and no type of compensation may be claimed for this.

15.5. Service means access to the platform and use of the functionalities designed by Vixiees. Any other functionality related to third-party integrations, which are not owned by Vixiees, is not directly related to Vixiees, which is not responsible for any issues arising from their use.

16. Amendments

16.1. The terms of this contract may be amended by Vixiees, with notice given by the means it deems necessary, 90 days in advance. If during this period the CLIENT does not expressly reject the change, the modifications shall be deemed accepted.

17. Assignment of the contract

17.1. The CLIENT may not assign this contract, in whole or in part, to a third party without Vixiees' prior written consent.

17.2. Vixiees may assign the contract to any entity in its group or to third parties in the context of corporate transactions (mergers, spin-offs, asset sales, etc.), informing the CLIENT.

18. Number portability

18.1. Upon cancellation of the service, the CLIENT may request the portability of telephone numbers to another operator. Vixiees will not charge exit costs for numbers; if costs attributable to third parties (wholesale operators or others) arise in the process, such costs will be passed on in full to the CLIENT.

19. Server contents

19.1. Vixiees shall not be responsible for the contents and data hosted in the virtual server database of Vixiees' provider, since they are the property of the CLIENT.

19.2. The CLIENT is informed that the server hosting the information and web applications is located in Europe, within the territory of the European Union, and the CLIENT unequivocally accepts this fact.

20. Client and Users

20.1. Concepts:

• Client: account to which the subscription is assigned and on which the contracted users are generated.

• User: the various users contained in an account who access the contracted product.

• The minimum configuration is 1 Client / 5 Users.

21. Use of the CLIENT's name and logo

21.1. The CLIENT authorizes Vixiees to include the name and logo of its company in Vixiees' client list and on its website. If the CLIENT wishes to opt out, it may communicate this at any time to info@vixiees.com.

22. Commercial communications

22.1. By signing this contract, the CLIENT agrees to receive commercial communications, product updates and related content from Vixiees. The CLIENT may unsubscribe at any time through the mechanisms indicated in the communications themselves or by request to info@vixiees.com.

23. Surviving clauses

23.1. The clauses relating to intellectual property (clause 2) and the residual obligations regarding personal data processing set out in Annex 2 (DPA), as well as any other clauses which by their nature must remain in force after termination of the contract, shall survive the termination of this contract for any reason.

24. Jurisdiction and applicable law

24.1. This contract is governed by Spanish law.

24.2. Both parties submit to the Courts and Tribunals of Barcelona (Spain) for the resolution of any dispute that may arise, expressly waiving their own jurisdiction if it were different.

25. Order of precedence

25.1. In the event of any contradiction between the various documents comprising the contractual relationship, the following order shall prevail:

1. Specific Conditions (Annex 1).

2. Data Processing Agreement (Annex 2, DPA).

3. General Conditions of this contract.

4. Prices and conditions published within the application.

Notes

The contracted service includes access to Vixiees functionalities as configured in the application. The rest of the functionalities (integrations, calls, messages, AI, etc.) that entail an additional cost are not included in the fixed service pricing and are detailed within the application and, where applicable, in the specific conditions.

ANNEX 1 — SPECIFIC CONDITIONS

1. Economic conditions

1.1. All economic conditions applicable to the contracted services (license price, included call packs, rates per extra minute, SMS, WhatsApp, recordings, transcripts, AI-based solutions and other additional services) are published and updated in the pricing section within the Vixiees application.

1.2. Such economic conditions form an integral and inseparable part of this contract and shall be those in force at the time of accrual, without prejudice to clause 6.4 of the General Conditions regarding the annual cap of 10% and the 90-day prior notice.

1.3. Prices will be published excluding taxes. Applicable taxes will be added to the invoice based on the default country of the CLIENT's account.

2. Definition of Commercial Agent

2.1. The term "Commercial Agent" applies exclusively to those users who carry out any type of communication with contacts registered in the Vixiees system or use the task system.

2.2. Users who do not carry out direct communications (Supervisors, IT staff, managers or other equivalent profiles) shall not be classified as Commercial Agents and, consequently, shall not be subject to the corresponding license fee.

3. Use of telephony and derived services

3.1. The minute packs included per license, additional services (recording, transcription, AI, etc.) and excess usage costs will be those published within the application.

3.2. For the calculation of the minutes consumed during the contractual period, Vixiees will add the total minutes used by all active accounts under the CLIENT's subscription and divide them by the number of active commercial agents, in order to determine the average usage per agent.

3.3. The proportion of incoming calls received by the CLIENT may not exceed 5,000 minutes per contracted telephone line. Any excess will be billed according to the rates published in the application.

3.4. If the CLIENT exceeds the contracted pricing for additional services, Vixiees will make additional charges for excess usage. Such charges may be made daily, within a maximum period of 24 hours from their completion.

3.5. Vixiees will notify the CLIENT by email before the total minutes included in its package are reached, so that it may, if required, opt for a higher package.

4. SMS and WhatsApp service

4.1. The applicable SMS rates shall be those published in the application. An SMS segment is understood to mean a maximum of 160 characters; messages exceeding this length will be billed as additional segments.

4.2. Meta, as the owner of WhatsApp, is solely responsible for establishing and pricing the costs associated with each conversation window. The CLIENT may consult the updated costs at any time on the official Meta-WhatsApp page.

4.3. Vixiees acts solely as a technology provider (Tech Provider) and assumes no responsibility for the costs applied by Meta or for any variations thereof.

5. Geographic scope and contracted territory

5.1. The economic conditions and rates apply to the contracted territory, meaning the country that the CLIENT chose in its first subscription as the default country of the account.

5.2. If the CLIENT requires numbering or recurrent communications (calls, SMS, WhatsApp) from or to numbers in other countries, it must request from Vixiees the corresponding information on the applicable international pricing.

6. Future services

6.1. Any stipulated economic condition applies only to the services and products currently offered by Vixiees. Any new or modified product or service in the future will be communicated and agreed through an update or contractual annex.

ANNEX 2 — DATA PROCESSING AGREEMENT (DPA)

This Data Processing Agreement is entered into between:

• The CLIENT, hereinafter "the Data Controller", and

• Vixiees Tech-Hub, S.L., with tax ID B44570174 and registered office at C/ Lepant 270, 08013 Barcelona (Spain), registered in the Barcelona Commercial Registry, Volume 48,632, Folio 1, Sheet B-590.734, Entry 1, hereinafter "the Data Processor".

For the purposes of Regulation (EU) 2016/679 (GDPR), Organic Law 3/2018 (LOPDGDD) and applicable data protection legislation:

• The CLIENT acts as Data Controller, determining the purposes and means of the processing of the personal data hosted on the platform.

• Vixiees acts as Data Processor, processing such data only on behalf of the Controller and exclusively for the provision of the contracted services.

1. Purpose of the processing assignment

By means of these clauses, the Data Processor is authorized to process, on behalf of the Data Controller, the personal data necessary to provide the services described in the main contract and, where applicable, on behalf of other companies in the Controller's group to which services are also provided, detailed in Annex I to this DPA.

The Controller undertakes to communicate to the Processor the data of those third parties (companies in its group) that use the application under the granted license, as well as structural changes (mergers, spin-offs, segregations) relevant to data protection.

The processing shall consist of access to, consultation of and, where applicable, modification of the data, arising from the use of the license and the provision of the associated services.

2. Identification of the information affected

All personal data contained in the application are made available to the Processor, including:

• Identification data of the Controller's contacts (first name, last name, email, telephone number).

• Professional data (company, position).

• Communications, including voice recordings and transcripts.

• Metadata derived from the use of AI functionalities (summaries, labels).

• Data of the Controller's own users/employees with access to the platform.

The categories of data subjects include the Controller's business contacts, customers or leads and its employees or authorized collaborators.

3. Duration

This agreement shall remain in force for the same duration as the main contract entered into between the parties.

Once it ends, the Processor shall return to the Controller or transmit to another Processor designated by the Controller the personal data, and shall delete the copies in its possession. However, it may keep the data blocked in order to address administrative or jurisdictional liabilities.

4. Obligations of the Data Processor

The Processor and all its personnel undertake to:

a) Use personal data solely for the purpose of this assignment. It may not use them for its own purposes. In particular, the Processor will not use the Controller's data, recordings, transcripts or content to train Artificial Intelligence models, whether its own or third-party models.

b) Process the data in accordance with the Controller's instructions. If the Processor considers that any instruction infringes the GDPR or other data protection regulations, it shall immediately inform the Controller.

c) Keep, in writing, a record of all categories of processing activities carried out on behalf of the Controller.

d) Implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, in compliance with Article 32 of the GDPR.

e) Not disclose the data to third parties, except with the express authorization of the Controller or in legally admissible cases.

f) Subcontract with the authorized providers referred to in clause 9 of this DPA. To subcontract any other service, the Processor shall notify the Controller in writing; if the Controller does not object within two calendar days, the subcontracting may proceed.

g) Observe the duty of confidentiality and professional secrecy regarding the data to which it has access, this obligation surviving termination of the contract.

h) Ensure that the authorized personnel has the necessary knowledge regarding personal data protection.

i) Notification of security breaches: the Processor shall notify the Controller, without undue delay, of any personal data security breaches of which it becomes aware.

j) Data subject rights: when affected persons exercise their rights before the Processor, the Processor shall communicate this to the Controller immediately and, in any case, no later than the following business day.

k) Make available to the Controller the information necessary to demonstrate compliance with its obligations, allowing inspections or audits with at least 30 days' prior notice.

l) Assist the Controller in implementing the necessary security measures to guarantee the permanent confidentiality, integrity, availability and resilience of systems.

m) Support the Controller in data protection impact assessments, where applicable.

n) Make backups of the Controller's databases every 24 hours.

o) Destination of the data: destroy the data once the service has been provided. However, it may retain a blocked copy while liabilities may arise from the execution.

5. Obligations of the Data Controller

a) Provide the Processor with access to the data in order to provide the contracted service.

b) Apply appropriate technical and organizational measures and demonstrate that the processing complies with current law.

c) Carry out a risk analysis and, where appropriate, a data protection impact assessment for the processing to be carried out by the Processor.

d) Ensure compliance with the GDPR throughout the processing.

e) Monitor the processing, including the necessary checks and audits.

f) Ensure that the Data Protection Officer, or failing that the Security Officer, participates appropriately and in a timely manner in all related matters.

g) Obtain the consent of the interlocutors in cases of communication recording and transcription, and inform end customers about the processing of their personal data, including the use of AI technology where applicable.

h) Use the AI-based tools and solutions provided by the Processor in accordance with Regulation (EU) 2024/1689 (Artificial Intelligence Act).

6. General clauses

a) The failure of either party to enforce its rights shall not be deemed a future waiver of those rights.

b) The legal relationship between the parties regarding data protection is governed by this single Agreement.

c) Both parties undertake to comply with the regulatory provisions in force at all times regarding the protection of personal data.

d) The Processor shall not be liable for the consequences to third parties of following the Controller's instructions.

e) If any provision is found to be null and void, the rest shall remain unaffected.

7. Processing of personal data collected in this contract

The legal representatives of the parties are informed that their personal data will be processed by each party during the contractual relationship and thereafter for the period necessary to comply with any applicable legal obligation or to address possible claims. The legal basis is Article 6.1.b) of the GDPR.

The rights of access, rectification, erasure, objection, restriction of processing, portability and not to be subject to automated individual decisions may be exercised by sending a request to dpo@vixiees.com.

If either party considers its rights to have been infringed, it may lodge a complaint with the Spanish Data Protection Agency (www.aepd.es).

8. Notices

a) Any notice between the parties shall be in writing and by any means that certifies receipt.

b) Any change of address must be notified to the other party immediately.

9. Authorized sub-processors

The Controller expressly authorizes the Processor to subcontract, as sub-processors, the providers listed below. All of them apply the technical and organizational measures required by the GDPR and are subject to contractual obligations equivalent to those of the Processor.

All servers used for processing are located in the European Union. Any addition or replacement of a sub-processor shall be communicated to the Controller with reasonable advance notice.