Terms and Conditions for the AppConsent® Solution, available in four plans: AppConsent® Enterprise/Premium, AppConsent® Standard, AppConsent® Essential, and AppConsent® Free

AppConsent®, the Consent Management Platform (CMP) developed and distributed by SFBX, is a comprehensive and high-performance trusted third-party solution. It enables digital businesses to optimize their consent rates and ensure a high-quality, personalized user experience.

With AppConsent®, the Client can collect, verify, centralize, and distribute user consents across all of its digital channels.

These terms and conditions of use (the "Terms and Conditions") describe the conditions under which SFBX, a SAS under French law with a capital of €88,240, registered with the Bordeaux Trade and Companies Registry under number 831 303 896, whose registered office is at 14 Place Canteloup 33800 Bordeaux, represented by Mr. Alain Levy, duly authorized for the purposes hereof in his capacity as Chairman, may provide the Client with the services resulting from its CMP.

The subscription and access to the offers of the AppConsent® solution published by SFBX by the Customer implies the Customer's express and unreserved acceptance of these Terms and Conditions and agrees to be bound by them.

SFBX may modify these Terms and Conditions at any time.

SFBX shall inform Clients of such changes by e-mail or any other form of communication accepted by the Clients, taking care to respect a notice period.

Article 1 - Definitions

The following terms have the following meanings in these General Conditions unless otherwise specified.

CGU: the present General Conditions of Use.

Digital channels: refers to the Customer's applications and databases, under its responsibility, to which Consents are communicated within the framework of the SaaS Service.

Customer: refers to an individual or legal entity, a consumer as defined by the French Consumer Code, who has subscribed to and uses one of the AppConsent® solution offers thanks to an Identifier.

Account : consolidated set of customer data including raw data and files uploaded by the customer as part of the consent process for users of its websites or mobile applications.

Consent : means any free, specific, informed and unambiguous expression of will by which the User accepts, by a declaration or by a clear positive act, that personal data concerning him/her may be processed as defined by the Personal Data Regulations, which must be obtained prior to the installation by the Customer of cookies or tracers on the Visitor's Terminal.

AppConsent contract®refers to the legal document to be signed by the Customer after the 14-day trial period, in order to formalize legally the subscription and use of the AppConsent®. This document will govern the relationship between the Customer and the Service Provider.

Data: refers to any information or document that the Customer registers on his/her Account, and in the context of the application of contracts, any user data collected as part of the consent process.

Commitment : refers to the set of commitments constituted by the opening of an AppConsent® account by the Customer and his acceptance of these General Terms and Conditions.

Host: external service provider from whom SFBX subcontracts the hosting of the AppConsent® Solution and Customer Data.

Identifier: combination of user name and password required by the Customer to connect to his Account and access the AppConsent® Platform back office.

Consent Notice: The notice owned by the Service Provider containing the legal information required to obtain Consent and provided by the Service Provider to the Customer as a deliverable upon completion of the SaaS Service installation and implementation Services.

New Versions: refers to all functional and/or technical evolutions of the Platform developed at the initiative of the Service Provider as part of the SaaS Service, to enhance the Platform and meet needs that can be shared between SaaS Service customers and new obligations under the Personal Data Regulations.

Partner: organization with which the Customer agrees to share Data for the purpose of using and paying for the Provider's Saas Service.

AppConsent platform®Saas service to which the customer must connect from a cell phone, tablet or personal computer in order to use AppConsent® consent management solutions. Refers to the set of computer programs based on a permissioned blockchain or any other equivalent technology, of which the Service Provider owns the intellectual property or has licensed the necessary intellectual property rights, responding in a standard way to the needs of Saas Service customers, including New Versions developed and deployed automatically by the Service Provider.

Service provider: Saas service provider, i.e. SFBX.

Proof: refers to the extraction from the Platform of information relating to a User's Consent.

Regulation Personal Data: means the law of January 6, 1978 known as "Informatique & Libertés", as amended by law no. 2018-493 of June 20, 2018, and any associated or substitute implementing texts, and European Regulation no. 2016/679 of April 27, 2016 applicable as of May 25, 2018 (hereinafter EU Regulation 2016/679).

SaaS Service : refers to the collection, management and automatic tracking of Consent on the Platform for the Site(s).

Site : refers to the Customer's website(s), mobile site(s), application(s) or software (such as Chatbot).

AppConsent solution® AppConsent ® Solution: refers to the intermediation and consent management services offered by SFBX, which enables the Customer to store, administer and share the consents of Users of its services (websites or applications) with partners in compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of Data. It is available in 4 offers providing specific functionalities according to the Customer's needs: AppConsent® Enterprise, Standard, Essential and Free.

Correspondence table: refers to the reconciliation, enabling a User to be identified, between the identifier assigned by the Service Provider to a Consent and the User's personal data associated with his Terminal and collected on the Site. The blockchain thus contains the identifier assigned to the User, but not the User's personal data (IP address, MAC number, etc.).

Terminal : refers to the computer, smartphone, IOT, or any other device on which it would be technically possible to collect consent, used by the User to access the Site.

Users: refers to any natural person, end customer of the Customer or simple Internet user, accessing the Customer's Site with their Terminal and benefiting from the Services.

Article 2 - Characteristics of the services offered by SFBX

SFBX provides its Clients with a trusted third party solution to collect, prove, centralize and distribute the Consents collected from Users across all their digital channels. AppConsent® is a Consent Management Platform (CMP).

For the performance of the Services, the Parties process Users’ personal data, for which the Client is designated as the data controller and the Service Provider as the data processor in accordance with Article 28 of the GDPR (hereinafter the “User Processing”).

The customer must connect to the Internet (SaaS solution) and then to the Platform to use the AppConsent® solution.

Following the deployment of the JavaScript/TAG script (synchronous or asynchronous) or other technologies (iOS and Android SDK) allowing the execution of webApps ("Notice") on the Client's websites, mobile or apps, the latter is ready to comply with the collection of consents and their management

The Platform respects the GDPR, the guidelines and recommendations of the CNIL and integrates the IAB standards (IAB Framework) in its latest versions but also our own non-IAB Framework.

It therefore allows the User's consent to be collected for a specific purpose, in a clear and unambiguous manner, and to be able to prove it, but also, if the User so wishes, to withdraw his consent at any time.

The design of all Consent Notices are customizable via the back office. Predefined templates are also available.

The information is available via REST APIs so that the Customer can query the status of consent before triggering a specific marketing action and if necessary expose the evidence.

These APIs can therefore also be used to propagate the Consents to the Customer's IS, CRM or DMP via the management console (integration required).

The platform also manages the propagation of Consents through sites/groups or the web. Concretely, depending on the settings made during the "setup" phase, a Consent can be collected for a Site A, a group of Sites (A+B+...) and/or any Site. In this way, the Consents of the Users can remain valid only on the perimeter of the Customer. In this case, the withdrawal of Consent will be symmetrical.

The Platform's technology is based on a private blockchain developed by SFBX, the consents as well as all mutations (acceptance/refusal/withdrawal/modifications...) are stored in secure, immutable and auditable ledgers.

The SaaS Customer will be able to deliver proof of Consent collection and User's choices regarding preferences upon request by a regulator or User.

The Platform is designed in its foundations respecting the concepts of Privacy by Default and Privacy by Design. Thus its default behavior will always make the decision that protects the personal data of the Users, as well as the Treatments.

The AppConsent solution is available in three plans: AppConsent® Enterprise/Premium, AppConsent® Standard, and AppConsent® Essential. The features of these plans are detailed on the SFBX.io website (https://sfbx.io/pricing/) and outlined inthe Terms of Use.

An older product is still used by some customers but is no longer available for purchase: AppConsent® Free.

Since the AppConsent® Solution is available in four different packages, these four packages are governed by these Terms of Use.

TheAppConsent® solution and related offerings may be modified in response to improvements or updates without prior notice to the Customer.

Article 3 - Legal capacity

By proceeding to the creation of his Account, the Customer declares that he is of legal age and able to enter into a contract.

In the case of incapacitated persons and minors, the Customer declares that he is legally authorized to represent them, either that he has parental authority or that he has been appointed as legal representative by a court decision. The Customer undertakes to provide proof of this at AppConsent®'s first request.

For any person working for a legal entity, the latter declares that it is authorized to bind the company it represents.

Article 4 - Registration, Account creation, connection to AppConsent® solutions and Trial period

The platform is shared across all four AppConsent® offerings.

For the AppConsent® Free, Essential, and Standard SaaS plans:

To access the AppConsent® Platform, he Customer must subscribe to one of the three offerings on the SFBX.io website (https://sfbx.io/pricing/) and provide the following information to activate the SaaS service:

Last name,
First name,
Company name or website,
E-mail address,
Password (must contain 12 characters, 1 uppercase letter, 1 lowercase letter, 1 number, and 1 special character),

By subscribing to an offer, the Customer accepts the General Terms of Use of the solution and the Privacy Policy.

A verification email is sent to the address provided to activate the Account and access the platform.

For technical reasons, the AppConsent® Platform automatically collects the unique device identifier (IP and/or IMEI) of the device used to create the Account, as well as of any other devices subsequently authorized by the Customer to connect to the Account.

The Customer is responsible for keeping his login and password.

The Client undertakes to immediately inform SFBX of any loss and/or disclosure of his/her login or password.

Access to AppConsent® solutions can be granted through a digital identity authentication process (such as a PIN or other method) that ensures the Customer has secure access to their Account, in addition to the email address and password chosen when the Account was created.

Following registration and subscription to the offer, the Customer has a 14-day trial period during which he has access to all the features of the Solution permitted by the offer to which he has subscribed.

During this 14-day trial period, the Customer must provide the following information for billing purposes regarding the subscription to the plan they have chosen, as well as to complete the contract they will be required to sign:

Company name,
Postal address and country,
Siret and RCS numbers,
Intracommunity VAT number,
Name of the legal representative,
Name and surname of the contact person,
Last name, first name, and email address of the accounting contact,
Bank details :
- Credit card: Credit card number, name on the card, validity date and CVV code
- Direct debit and bank transfer: Bank identification statement

Bank and billing information is neither stored nor managed by SFBX but by its partner Stripe: https://stripe.com/fr whose privacy policy and Terms of Service are available here: https://stripe.com/fr/privacy .

Following this 14-day trial period, the subscription will automatically become a paid subscription, and payment for the first 30-day period will be automatically processed by Stripe, even if the Customer does not use the product.

The Customer must also sign the Agreement governing the relationship between the Customer and the Service Provider in order to legally formalize the subscription to the service, if the Customer has not already signed it during the trial period. Effective the 15th^day day, as long as the contract has not been signed by the Customer, the Customer will not be able to navigate the AppConsent Platform, as access will be blocked at the Dashboard level by a message indicating that they must sign the contract.

They can find the signed contract in their "Account," under "Company Information," then "Contract," and download it as a PDF.

The Customer may cancel their subscription at any time during the trial period by going to “Account,” “Billing,” and “Cancel Plan.” The subscription will then be canceled at the end of the trial period, and the Customer will receive an email confirming the cancellation.

If the contract has not been signed or if the first payment has not yet been made by the 30th^day day after subscription, the subscription will be automatically canceled by SFBX and the Customer will no longer have access to their account, even if they are using the product, and the collection of consents will be suspended.

For the AppConsent® Enterprise/Premium SaaS offering:

To access the AppConsent Platform and subscribe to the AppConsent Enterprise/Premium SaaS plan, the customer must fill out the contact form https://sfbx.io/contact/ and provide the following information so that SFBX can contact them:

Full name,
Company name or website,
E-mail address,
The subject of the message by checking the "AppConsent Enterprise" box,
Any information you would like to include in the "Message" field;

This information will be collected and processed for the purpose of receiving and handling your message and being able to contact you in response to your request. This processing is based on your consent, which you provide by clicking the “Send” button on the “Contact Us” form.

An email will then be sent to the Client requesting details about their website(s) or application(s) so that we can provide them with a quote for the appropriate solution and schedule a meeting to discuss these details.

Once the Client and SFBX have agreed on the price and the terms of implementation for the solution, a draft contract will be sent to the Client for signature. To this end, the Client must also provide SFBX with the following information to complete the contract:

Company name,
Postal address and country,
Siret and RCS numbers,
Intracommunity VAT number,
Name of the legal representative,
Name and surname of the contact person,
Last name, first name, and email address of the accounting contact,
Invoice delivery method.

Once the contract has been signed by SFBX and the client, the client will receive their login credentials via email so they can log in to the AppConsent platform.

The Customer is responsible for keeping his login and password.

The Client undertakes to immediately inform SFBX of any loss and/or disclosure of his/her login or password.

SFBX issues invoices directly, and the Customer makes payment by bank transfer to SFBX’s bank account, the details of which are provided on the invoices. SFBX does not retain any of the Customer’s bank details.

This offer does not include a trial period, unless otherwise specified in the contract.

The Customer may cancel their subscription in accordance with the terms set forth in the contract.

If the Customer has an outstanding balance that is more than 90 days past due, SFBX will automatically cancel the subscription, the collection of consents will be suspended, and the Customer will no longer have access to their account.

Article 5 - Use of AppConsent® solutions and Data processing

Access to the AppConsent® platform and conditions of use are the same for customers of all 4AppConsent® offers.

The Customer has the right to access the Platform from its fixed or mobile equipment using the Identifiers provided to the Customer and in its custody. The Identifiers are intended to restrict access to the Platform to the Customer's administrators authorised by the Customer to manage the Customer's account, to protect the integrity and availability of the Platform and the integrity, availability and confidentiality of Users' data.

The Identifiers are personal and confidential. They are managed by the Customer. The Customer undertakes to do everything possible to ensure that its administrators keep the Identifiers confidential and respect the security instructions.

The Customer is fully responsible for the materials and the Credentials and for the implementation of adequate security measures.

SFBX grants the Client, for the duration of the Contract, a personal, non-exclusive, non-assignable and non-transferable right to use the Platform, for the purposes of the activity of its website(s) or mobile applications.

For the performance of the Services, the Parties implement a processing of Users' personal data for which the Customer is qualified as the data controller and the Service Provider as the data processor in accordance with article 28 of GDPR (hereinafter the "Users' Processing").

The purpose of User Processing is to manage the Visitor's consent to the installation of cookies or tracers on his Terminal.

The data processed for this purpose are :

identification data, i.e. the attribution of a unique identifier to each Visitor in order to keep the characteristics relating to his consent;
IP address ;
MAC address
IMEI number
IDFA number
connection data.

The nature of the operations carried out on Users' personal data is defined below:

Hosting
Consent operations
Consent Management Operations
Operations related to the withdrawal of consent
Data archiving
Destruction of documents
Realization of statistics

The Platform automatically collects, manages, tracks, and stores Consents on behalf of the Client; these Consents are time-stamped and immutable. Upon collection, each Consent is recorded in accordance with the Consent Notice and linked to a User through the creation of a mapping table. The Client can retrieve proof of consent and its context directly from the Platform.

Article 6 - Financial conditions

For the Free, Essential, and Standard SaaS plans

This service is subject to a fee in accordance with the terms and conditions described on the SFBX.io website (https://sfbx.io/pricing/) and included in these Terms of Use.

The Customer is entitled to an initial 14-day trial period, after which the subscription automatically becomes a paid subscription.

The subscription is monthly. Billing occurs at the beginning of the 30-day period known as the monthly billing cycle and automatically renews for the same period.

Every three months, SFBX verifies that the monthly subscription fee paid by the Customer corresponds to the number of monthly unique visitors (Monthly Active Users (MAU)) for whom the CMP was called and/or displayed, and/or for whom consent was obtained. If the number of visitors exceeds the volume covered by the paid subscription for three consecutive months, the subscription amount will be automatically adjusted to the appropriate volume tier based on the observed figures.

Payments are made via monthly direct debit from the Customer’s credit card or via direct debit from the Customer’s bank account through the Stripe Partner, or in accordance with the terms set forth in the contract.

Invoices are payable upon receipt.

The Customer’s bank and billing information, as well as the issuance and delivery of invoices, are managed and stored by its Stripe Partner: https://stripe.com/fr whose privacy policy and Terms of Service are available here: https://stripe.com/fr/privacy, and not by SFBX.

SFBX shall not be liable for any breach or improper handling of the Client Data by the Stripe Partner.

The Client is obliged to inform SFBX in the event of non-compliance or breach by the Stripe Partner of its obligations to manage its Data.

If the first payment has still not been made by the 30th^day days after subscription, or if the Customer has an outstanding balance of more than 30 days during the use of the solution, the Customer’s subscription will be automatically canceled by SFBX, the collection of consents will be suspended, and the Customer will no longer have access to their account, even if they still wish to use the product.

For the Enterprise/Premium SaaS plan

SFBX issues invoices directly at the end of each month based on the price specified in the contract, according to actual monthly usage—that is, the number of monthly unique visitors (Monthly Active Users (MAU)) for whom the CMP was called and/or displayed, and/or for whom consent was obtained.

Payments are made by bank transfer directly to SFBX’s bank account, the details of which are listed on the invoices. SFBX does not retain any of the Customer’s bank details.

Invoices are due 30 days from the invoice date.

This offer does not include a trial period, unless otherwise specified in the contract.

Article 7 - Data Security

The hosting of the AppConsent® Platform and Data complies with the highest standards of protection and security.

The Data that the Customer registers in his AppConsent® Account is encrypted.

SFBX and its Host cannot decrypt the Data.

The Customer may at any time upload, download or delete the Data in his account, under his sole responsibility.

SFBX guarantees that in the Client Account Data only the email, and the encrypted password are stored and that they :

- are kept in accordance with the authorizations granted by the Client;

- are hosted, saved and secured according to the best technical standards in force in order to prevent any attempt of diversion or accidental loss;

- are available, accessible and portable at any time at the first request of the Customer;

- are strictly confidential and are not communicated to third parties except with the prior authorization of the Client, in cases provided for by law or in the event of a judicial requisition.

The AppConsent® platform undertakes not to make any copies of the Data, other than for technical reasons.

Only an SFBX administrator is authorized to work on the Encrypted Data for well-defined technical needs: maintenance and update of the AppConsent Platform.

The customer's banking and billing information is not administered or hosted by SFBX but by its Stripe partner: https://stripe.com/fr, whose privacy policy and T&Cs are as follows: https://stripe.com/fr/privacy.

SFBX shall not be held responsible for any breach of security of the Client Data by the Stripe Partner.

The Client is obliged to inform SFBX in the event of non-compliance or breach by the Stripe Partner of its obligations to protect its Data.

Article 8 - Duration of the appointment

The SaaS Service takes effect from the time the Customer subscribes to the Offer for an indefinite period.

The Customer may terminate the agreement at any time by canceling the subscription on the Platform in accordance with the terms set forth in the contract. The termination will take effect at the end of the current billing period or in accordance with the terms set forth in the contract.

The Customer may cancel their subscription by going to "Account," "Billing," "Cancel Plan," or by sending an email to billing@sfbx.io.

SFBX may, as of right, terminate the commitment at any time in the event of non-compliance by the Client with the obligations set forth in these general terms and conditions, in accordance with the contractual terms and conditions.

Article 9 - Effects of the end of the appointment

The end of the commitment leads to the closing of the Account and the archiving of the Data.

SFBX guarantees the Portability of Data to the Client (return or transfer) or their deletion in the cases provided for by law, as soon as possible.

The restitution will be made by providing a link to download the Data, in json format. This link will be available for 10 days after the effective termination date.

Beyond that, the Customer's data will be deleted without further notice.

Article 10 - Suspension of access to the Account

SFBX reserves the right to suspend access to the Account in the event of non-compliance with any of the clauses contained in these GTC or in the signed contract.

Access will be restored once the Customer has remedied the deficiencies that caused the suspension.

Article 11 - Client's obligations

The Customer is designated as the Data Controller and is solely and entirely responsible for the processing of User Data in accordance with the consent obtained through the AppConsent® Solution.

The Customer is aware that the Data may be regulated in terms of use or be protected by property rights. The Customer is therefore solely responsible for the use of the Data.

The Customer undertakes to respect the rights of third parties, in particular personal rights, intellectual or industrial property rights such as copyright, patent rights, designs and models or trademarks.

Article 12 - Obligations of SFBX

The obligation undertaken by SFBX is an obligation of means. SFBX is classified as a processor in accordance with Article 28 of GDPR.

In this context, SFBX undertakes to take all the necessary care and diligence to provide a quality service in accordance with the practices of the profession.

SFBX will endeavor to provide 24-hour access to the Platform every day of the year, except in cases of force majeure, as defined by law, in the event of outages, failures attributable to the Cloud Host, or maintenance work necessary for the proper functioning of the Platform.

In case of absolute necessity, SFBX reserves the right to interrupt access to the Platform in order to carry out technical maintenance or improvement work to ensure the proper functioning of its services, regardless of the time and duration of the work.

Interruptions in service shall not entitle the Customer to any compensation.

Article 13 - Responsibility of SFBX

The Customer acknowledges that he is aware of all his obligations and, more generally, of all the conditions relating to the use of AppConsent® solutions.

Under no circumstances and to the extent permitted by law, SFBX may be held responsible, directly or indirectly, for any prejudice caused to the Customer or a third party as a result of the use of AppConsent® solutions, regardless of the cause.

In the same way and within the same limits, SFBX may not be held directly or indirectly liable for any prejudice caused to the Customer or a third party as a result of the non-availability or malfunction of AppConsent® solutions, whatever the cause or duration.

SFBX does not assume responsibility for compensation of direct or indirect, material or immaterial damages caused by the use of AppConsent® solutions.

This clause is considered essential and determining by SFBX which would not have contracted without it.

Article 14 - Right of withdrawal

In accordance with article L.221-18 of the French Consumer Code, any consumer Customer, within the meaning of the Consumer Code, has a period of 14 days to exercise his right of withdrawal, without having to give any reason or pay any fees or penalties.

The withdrawal period expires 14 days after subscription to AppConsent® services and corresponds to the trial period.

To exercise this right of withdrawal, the Customer must notify SFBX of their decision to withdraw by means of an unambiguous statement, either through the platform by going to “Account,” “Billing,” “Cancel Plan,” or by email: billing@sfbx.io, or by mail to the following address: SFBX SAS – 15 Place Canteloup 33800 Bordeaux FRANCE.

In order for the withdrawal period to be respected, it is sufficient for the member to send SFBX his or her communication concerning the exercise of the right of withdrawal before the expiration of the withdrawal period.

Article 15 - General

The nullity of one of the clauses of the Contract in application of a law, a regulation or following a decision of a competent court which has become final shall not entail the nullity of the other clauses of these General Conditions which shall retain their full effect and scope between the parties.

The fact that SFBX does not take advantage at a given time of any of the clauses of these General Terms and Conditions and/or of a breach by the Client of any of its contractual obligations may not be interpreted as a waiver by SFBX of its right to take advantage at a later date of any of the said clauses or contractual obligations.

Article 16 - Applicable law and jurisdiction

This Agreement is governed in its entirety by French law.

In the event of a dispute arising from the interpretation or performance of this Contract, the undersigned shall endeavour to settle it amicably before taking any legal action.

The Customer who is a consumer is informed that he may in any case have recourse to conventional mediation, in particular with the National Consumer Mediator (www.mediation-conso.fr), or to any other alternative dispute resolution method.

In case of persistent disagreement on the interpretation or execution of this Agreement, exclusive jurisdiction is attributed to the Courts of Bordeaux.

By clicking on this link, you can view theData Protection Agreement (DPA).