Terms and Conditions of Sale (T&C) for the AppConsent® Solution, available in three plans: AppConsent® Enterprise/Premium, AppConsent® Standard, and AppConsent® Essential.

AppConsent®, the Consent Management Platform (CMP) developed and distributed by SFBX, is a comprehensive and high-performance trusted third-party solution. It enables digital businesses to optimize their consent rates and deliver a high-quality, personalized user experience.

WithAppConsent®, the Client can collect, verify, centralize, and distribute user consent across all of its digital channels.

These General Terms and Conditions of Sale (the “General Terms and Conditions of Sale”) describe the terms under which SFBX, a simplified joint-stock company (SAS) under French law with a capital of €88,240, registered with the Bordeaux Trade and Companies Register under number 831 303 896, whose registered office is located at 14 Place Canteloup, 33800 Bordeaux, represented by Mr. Alain Levy, duly authorized for the purposes hereof in his capacity as Chairman, may provide the Customer with the services resulting from its CMP.

By subscribing to and accessing the services offered by the AppConsent® solution published by SFBX, the Customer expressly and unconditionally accepts these Terms and Conditions and agrees to be bound by them.

SFBX may modify these Terms and Conditions at any time.

SFBX shall inform Clients of such changes by e-mail or any other form of communication accepted by the Clients, taking care to respect a notice period.

Article 1 - Definitions

The following terms have the following meanings in these General Conditions unless otherwise specified.

Terms and Conditions: these Terms and Conditions of Sale.

Digital channels: refers to the Customer’s applications and databases, for which the Customer is responsible, to which Consents are transmitted as part of the SaaS Service.

Client: means a natural or legal person, who is a consumer as defined by the Consumer Code, who has subscribed to and is using one of the AppConsent® solution’s offerings via a User ID.

Account: the consolidated set of the Customer’s data, comprising raw data and files uploaded by the Customer as part of the process of obtaining consent from users of its websites or mobile applications.

Consent: means any freely given, specific, informed, and unambiguous indication of the User’s wishes by which the User, through a statement or a clear affirmative action, accepts that personal data concerning him or her may be processed as defined by the Personal Data Regulations; such consent must be obtained prior to the Client installing cookies or trackers on the Visitor’s Device.

AppConsent® Agreement: refers to the legal document that the Customer must sign following the 14-day trial period in order to legally formalize the subscription to and use of the AppConsent® Solution. This document will govern the relationship between the Customer and the Service Provider.

Data: refers to any information or document that the Customer registers on his/her Account, and in the context of the application of contracts, any user data collected as part of the consent process.

Agreement: refers to the set of obligations arising from the Customer’s opening of an AppConsent® account and their acceptance of these Terms and Conditions.

Hosting Provider: an external service provider to which SFBX outsources the hosting of the AppConsent® Solution and Customer Data.

Username: the combination of the username and password required for the Customer to log in to their Account and access the AppConsent® Platform’s back office.

Consent Notice: The notice owned by the Service Provider containing the legal information required to obtain Consent and provided by the Service Provider to the Customer as a deliverable upon completion of the SaaS Service installation and implementation Services.

New Versions: refers to all functional and/or technical evolutions of the Platform developed at the initiative of the Service Provider as part of the SaaS Service, to enhance the Platform and meet needs that can be shared between SaaS Service customers and new obligations under the Personal Data Regulations.

Partner: organization with which the Customer agrees to share Data for the purpose of using and paying for the Provider's Saas Service.

AppConsent® Platform, also known as the AppConsent® Console: a SaaS service that the Customer must access via a mobile device, tablet, or personal computer in order to use the AppConsent® consent management solutions. Refers to the set of computer programs based on a permissioned blockchain or any other equivalent technology, for which the Provider holds the intellectual property rights or has licensed the necessary intellectual property rights, and which standardly meets the needs of SaaS Service customers, including New Versions developed and deployed automatically by the Provider.

Service provider: SaaS provider, i.e., SFBX.

Proof: refers to the retrieval from the Platform of information regarding a User’s Consents.

Personal Data Regulations: refers to the Act of January 6, 1978, known as the “Data Protection Act,” as amended by Act No. 2018-493 of June 20, 2018, and all associated implementing regulations or those replacing it, and European Regulation No. 2016/679 of April 27, 2016, applicable as of May 25, 2018 (hereinafter the EU Regulation 2016/679).

SaaS Service: refers to the collection, management, and automatic tracking of consent on the Platform for the Website(s).

"Site " means the Client's website(s), mobile site(s), application(s), or software (such as Chatbot).

AppConsent® Solution: refers to the consent management and intermediation services offered by SFBX that enable the Client to store, manage, and share the consent of Users of its services (websites or applications) with partners in compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data. It is available in three packages offering specific features tailored to the Client’s needs: AppConsent® Enterprise/Premium, Standard, and Essential.

Mapping table: refers to the mapping that enables the identification of a User by linking the identifier assigned by the Service Provider to a Consent with the User’s personal data associated with their Device and collected on the Site. The blockchain thus contains the identifier assigned to the User but not their personal data (such as their IP address, MAC address, etc.).

Device: refers to computer hardware, smartphones, IoT devices, or any other device on which consent collection would be technically feasible, used by the User to access the Site.

Users: means any individual—whether an end customer of the Client or a general internet user—who accesses the Client’s Website using their Device to use the Services.

Article 2 - Characteristics of the services offered by SFBX

SFBX provides its Clients with a trusted third party solution to collect, prove, centralize and distribute the Consents collected from Users across all their digital channels. AppConsent® is a Consent Management Platform (CMP).

For the performance of the Services, the Parties process Users’ personal data, for which the Client is designated as the data controller and the Service Provider as the data processor in accordance with Article 28 of the GDPR (hereinafter the “User Processing”).

The Customer must connect to the Internet (SaaS solution) and then log in to the Platform to use the AppConsent® solution.

Following the deployment of the JavaScript/TAG script (synchronous or asynchronous) or other technologies (iOS and Android SDK) allowing the execution of webApps ("Notice") on the Client's websites, mobile or apps, the latter is ready to comply with the collection of consents and their management

The Platform respects the GDPR, the guidelines and recommendations of the CNIL and integrates the IAB standards (IAB Framework) in its latest versions but also our own non-IAB Framework.

It therefore allows the User's consent to be collected for a specific purpose, in a clear and unambiguous manner, and to be able to prove it, but also, if the User so wishes, to withdraw his consent at any time.

The design of all Consent Notices are customizable via the back office. Predefined templates are also available.

The information is available via REST APIs so that the Customer can query the status of consent before triggering a specific marketing action and if necessary expose the evidence.

These APIs can therefore also be used to propagate the Consents to the Customer's IS, CRM or DMP via the management console (integration required).

The platform also manages the propagation of Consents through sites/groups or the web. Concretely, depending on the settings made during the "setup" phase, a Consent can be collected for a Site A, a group of Sites (A+B+...) and/or any Site. In this way, the Consents of the Users can remain valid only on the perimeter of the Customer. In this case, the withdrawal of Consent will be symmetrical.

The Platform's technology is based on a private blockchain developed by SFBX, the consents as well as all mutations (acceptance/refusal/withdrawal/modifications...) are stored in secure, immutable and auditable ledgers.

The SaaS Customer will be able to deliver proof of Consent collection and User's choices regarding preferences upon request by a regulator or User.

The Platform is designed in its foundations respecting the concepts of Privacy by Default and Privacy by Design. Thus its default behavior will always make the decision that protects the personal data of the Users, as well as the Treatments.

The AppConsent® solution is available in three versions: AppConsent® Enterprise/Premium, AppConsent® Standard, and AppConsent® Essential. Details about their features can be found on the SFBX.io website (https://sfbx.io/pricing/ ) and are included in the these Terms and Conditions.

The AppConsent® solution and related offerings may be modified in response to improvements or updates without prior notice to the Customer.

Article 3 - Legal capacity

By subscribing to an offer, the Customer represents that they are of legal age and have the legal capacity to enter into a contract.

With regard to legally incapacitated individuals and minors, the Customer represents that he or she is legally authorized to represent them, either because he or she holds parental authority or because he or she has been designated as their legal representative by a court order. The Customer agrees to provide proof of this upon AppConsent®’s first request.

For any person working for a legal entity, the latter declares that it is authorized to bind the company it represents.

Article 4 - Registration, Account creation, connection to AppConsent® solutions and Trial period

The platform is shared across all three AppConsent® offerings.

For the AppConsent® Essential and Standard SaaS plans:

To access the AppConsent® Platform, the Customer must subscribe to one of the two plans available on the SFBX.io website (https://sfbx.io/pricing/ ) and provide the following information to activate the SaaS service:

Last name,
First name,
Company name or website,
E-mail address,
Password (must contain 12 characters, 1 uppercase letter, 1 lowercase letter, 1 number, and 1 special character),

By subscribing to an offer, the Customer accepts the General Terms of Use of the solution and the Privacy Policy.

A verification email is sent to the address provided to activate the Account and access the platform.

For technical reasons, the AppConsent® Platform automatically collects the unique device identifier (IP and/or IMEI) of the device used to create the Account, as well as of any other devices subsequently authorized by the Customer to connect to the Account.

The Customer is responsible for keeping his login and password.

The Client undertakes to immediately inform SFBX of any loss and/or disclosure of his/her login or password.

Access to AppConsent® solutions can be granted through a digital identity authentication process (such as a PIN or other method) that ensures the Customer has secure access to their Account, in addition to the email address and password chosen when the Account was created.

Following registration and subscription to the offer, the Customer has a 14-day trial period during which he has access to all the features of the Solution permitted by the offer to which he has subscribed.

During this 14-day trial period, the Customer must provide the following information for billing purposes regarding the subscription to the plan they have chosen, as well as to complete the contract they will be required to sign:

Company name,
Postal address and country,
Siret and RCS numbers,
Intracommunity VAT number,
Name of the legal representative,
Name and surname of the contact person,
Last name, first name, and email address of the accounting contact,
Bank details:

– Credit card: Card number, name on the card, expiration date, and CVV code

– Direct debit and bank transfer: Bank account information

Bank and billing information is neither stored nor managed by SFBX but by its partner Stripe: https://stripe.com/fr whose privacy policy and Terms of Service are available here: https://stripe.com/fr/privacy .

Following this 14-day trial period, the subscription will automatically become a paid subscription, and payment for the first 30-day period will be automatically processed by Stripe, even if the Customer does not use the product.

The Customer must also sign the Agreement governing the relationship between the Customer and the Service Provider in order to legally formalize the subscription to the service, if they have not already signed it during the trial period. Starting on the 15th day, as long as the contract has not been signed by the Client, the Client will not be able to navigate the AppConsent® Platform, as access will be blocked at the Dashboard level by a message indicating that the contract must be signed.

They can find the signed contract in their "Account," under "Company Information," then "Contract," and download it as a PDF.

The Customer may cancel their subscription at any time during the trial period by going to “Account,” “Billing,” and “Cancel Plan.” The subscription will then be canceled at the end of the trial period, and the Customer will receive an email confirming the cancellation.

If the contract is not signed or if the first payment has not been made by the 30th day after enrollment, the subscription will be automatically canceled by SFBX, and the Customer will no longer have access to their account—even if they continue to use the product—and the collection of consents will be suspended.

For the AppConsent® Enterprise/Premium SaaS offering:

To access the AppConsent® Platform and subscribe to the AppConsent® Enterprise/Premium SaaS plan, the customer must fill out the contact form https://sfbx.io/contact/ and provide the following information so that SFBX can contact them:

Full name,
Company name or website,
E-mail address,
The subject of the message by checking the AppConsent® Enterprise box,
Any information you would like to include in the "Message" field;

This information will be collected and processed for the purpose of receiving and handling your message and being able to contact you in response to your request. This processing is based on your consent, which you provide by clicking the “Send” button on the “Contact Us” form.

An email will then be sent to the Client requesting details about their website(s) or application(s) so that we can provide them with a quote for the appropriate solution and schedule a meeting to discuss these details.

Once the Client and SFBX have agreed on the price and the terms of implementation for the solution, a draft contract will be sent to the Client for signature. To this end, the Client must also provide SFBX with the following information to complete the contract:

Company name,
Postal address and country,
Siret and RCS numbers,
Intracommunity VAT number,
Name of the legal representative,
Name and surname of the contact person,
Last name, first name, and email address of the accounting contact,
Invoice delivery method.

Once the contract has been signed by SFBX and the client, the client will receive their login credentials via email so they can log in to the AppConsent® platform.

The Customer is responsible for keeping his login and password.

The Client undertakes to immediately inform SFBX of any loss and/or disclosure of his/her login or password.

SFBX issues invoices directly, and the Customer makes payment by bank transfer to SFBX’s bank account, the details of which are provided on the invoices. SFBX does not retain any of the Customer’s bank details.

This offer does not include a trial period, unless otherwise specified in the contract.

The Customer may cancel their subscription in accordance with the terms set forth in the contract.

If the Customer has an outstanding balance that is more than 90 days past due, SFBX will automatically cancel the subscription, the collection of consents will be suspended, and the Customer will no longer have access to their account.

Article 5 – Financial Terms

Monthly package price (excluding taxes) based on the monthly volume of MAU/VU for which the CMP was invoked and/or displayed, and/or for which consent was obtained, and on the subscribed plan:

	Essential	Standard	Enterprise/Premium
Price excluding tax	€15 (excluding tax) per month	Starting at €35 (excluding tax) per month for 100,000 unique visitors per month. + €10 (excluding tax) for every additional 200,000 unique visitors per month	Starting at €250 per month (excluding tax) or upon request.
Volume limit	40,000 unique visitors per month	3,000,000 unique visitors per month	Unlimited monthly unique visitors
Number of domains	1 website or mobile app	5 websites or mobile apps Option to purchase packages of 5 additional domains for €15 (excluding tax) per month	50 websites or mobile apps Additional lighting can be added upon request (quote required)
Support	Mail support 5 days a week	Mail support 5 days a week	Support via Slack and email 5 days a week

This price includes the cost of requests for proof (referring to monthly proofs, not subject to CNIL oversight, requested by the Customer).

For the Enterprise/Premium subscription, billing is on a postpaid basis based on the actual volume of monthly unique visitors (Monthly Active Users (MAU)) for whom the CMP was called and/or displayed, and/or for whom consent was obtained.

For Essential and Standard plans, the subscription fee is billed at the start of each month based on the number of monthly active users (MAU) selected at sign-up.

Every three months, SFBX verifies that the monthly subscription fee paid by the Customer corresponds to the number of monthly unique visitors for whom the CMP was called and/or displayed, and/or for whom consent was obtained. If the number of visitors exceeds the volume covered by the paid subscription for three consecutive months, the subscription amount will be automatically adjusted to the appropriate volume tier based on the observed figures.

Article 6 – Billing and Payment Terms

Subscriptions to the SaaS service are billed monthly.

All prices listed herein are in euros, excluding VAT and any other taxes, which will be charged in addition at the rate applicable on the date of invoicing.

The Customer is entitled to an initial 14-day trial period, after which the subscription automatically becomes a paid subscription.

For the SaaS Essential and Standard plans, billing is handled by our partner Stripe at the beginning of the 30-day period known as the monthly billing cycle and automatically renews for the same period.

Every three months, SFBX verifies that the monthly subscription fee paid by the Customer corresponds to the number of monthly unique visitors (Monthly Active Users (MAU)) for whom the CMP was called and/or displayed, and/or for whom consent was obtained. If the number of monthly active users (MAU) exceeds the volume covered by the paid subscription for three consecutive months, the subscription amount will be automatically adjusted to the appropriate volume tier.

Payments are made via monthly direct debit from the Customer’s credit card or via direct debit from the Customer’s bank account through the Stripe Partner, or in accordance with the terms set forth in the contract.

Invoices are payable upon receipt.

The Customer’s bank and billing information, as well as the issuance and delivery of invoices, are managed and stored by Stripe: https://stripe.com/fr whose privacy policy and Terms of Service are available here: https://stripe.com/fr/privacy, and not by SFBX.

SFBX shall not be liable for any breach or improper handling of the Client Data by the Stripe Partner.

The Client is obliged to inform SFBX in the event of non-compliance or breach by the Stripe Partner of its obligations to manage its Data.

If the first payment has not been made by the 30th day after subscription, or if the Customer has an outstanding balance of more than 30 days during the term of the service, the subscription will be automatically canceled by SFBX, the collection of consents will be suspended, and the Customer will no longer have access to their account, even if they still wish to use the product.

For the Enterprise/Premium SaaS plan, billing is handled directly by SFBX at the end of the month based on actual monthly usage, i.e., the number of monthly unique visitors (Monthly Active Users (MAU)) for whom the CMP was called and/or displayed, and/or for whom consent was obtained.

Payments are made by bank transfer directly to SFBX's bank account, the details of which are listed on the invoices.

Invoices are due 30 days from the invoice date.

Article 7 – Term of the Agreement and Termination

The SaaS Service takes effect from the time the Customer subscribes to the Offer for an indefinite period.

The Customer may terminate the agreement at any time by canceling the subscription on the Platform in accordance with the terms set forth in the contract. The termination will take effect at the end of the current billing period or in accordance with the terms set forth in the contract.

SFBX may, as of right, terminate the commitment at any time in the event of non-compliance by the Client with the obligations set forth in these general terms and conditions, in accordance with the contractual terms and conditions.

Article 8 – Effects of the Termination of the Agreement

The end of the commitment leads to the closing of the Account and the archiving of the Data.

SFBX guarantees the Portability of Data to the Client (return or transfer) or their deletion in the cases provided for by law, as soon as possible.

The restitution will be made by providing a link to download the Data, in json format. This link will be available for 10 days after the effective termination date.

Beyond that, the Customer's data will be deleted without further notice.

Article 9 – Suspension of Account Access

SFBX reserves the right to suspend access to the Account in the event of non-compliance with any of the clauses contained in these GTC or in the signed contract.

Access will be restored once the Customer has remedied the deficiencies that caused the suspension.

Article 10 – Customer Obligations

The customer is required to sign the contract and pay for the services within the timeframes and under the terms set forth herein and in the contract.

The Customer is designated as the Data Controller and is solely and entirely responsible for the processing of User Data in accordance with the consent obtained through the AppConsent® Solution.

The Customer is aware that the Data may be regulated in terms of use or be protected by property rights. The Customer is therefore solely responsible for the use of the Data.

The Customer undertakes to respect the rights of third parties, in particular personal rights, intellectual or industrial property rights such as copyright, patent rights, designs and models or trademarks.

Article 11 – Obligations of SFBX

The obligation undertaken by SFBX is an obligation of means. SFBX is classified as a processor in accordance with Article 28 of GDPR.

In this context, SFBX undertakes to take all the necessary care and diligence to provide a quality service in accordance with the practices of the profession.

SFBX will endeavor to provide 24-hour access to the Platform every day of the year, except in cases of force majeure, as defined by law, in the event of outages, failures attributable to the Cloud Host, or maintenance work necessary for the proper functioning of the Platform.

In case of absolute necessity, SFBX reserves the right to interrupt access to the Platform in order to carry out technical maintenance or improvement work to ensure the proper functioning of its services, regardless of the time and duration of the work.

Interruptions in service shall not entitle the Customer to any compensation.

Article 12 – Liability of SFBX

The Customer acknowledges that they have read and understood all of their obligations and, more generally, all terms and conditions relating to the use of AppConsent® solutions.

Under no circumstances, and to the extent permitted by law, shall SFBX be held liable, directly or indirectly, for any damage caused to the Customer or a third party as a result of the use of AppConsent® solutions, regardless of the cause.

Similarly, and subject to the same limitations, SFBX shall not be held liable, either directly or indirectly, for any loss or damage incurred by the Customer or a third party as a result of the unavailability or malfunction of the AppConsent® solutions, regardless of the cause or duration.

SFBX is not liable for any direct or indirect, tangible or intangible damages resulting from the use of AppConsent® solutions.

This clause is considered essential and determining by SFBX which would not have contracted without it.

Article 13 – Right of Withdrawal

In accordance with article L.221-18 of the French Consumer Code, any consumer Customer, within the meaning of the Consumer Code, has a period of 14 days to exercise his right of withdrawal, without having to give any reason or pay any fees or penalties.

The cancellation period expires 14 days after subscribing to AppConsent® services and corresponds to the trial period for the Essential and Standard plans.

To exercise this right of withdrawal, the Customer must notify SFBX of their decision to withdraw by means of an unambiguous statement, either on the platform by going to “Account,” “Billing,” “Cancel Plan,” or by email to billing@sfbx.io, or by mail to the following address: SFBX SAS – 15 Place Canteloup 33800 Bordeaux FRANCE.

To ensure that the withdrawal period is met, the Customer need only notify SFBX of their intention to exercise their right of withdrawal before the withdrawal period expires.

Article 14 – General Provisions

The nullity of one of the clauses of the Contract in application of a law, a regulation or following a decision of a competent court which has become final shall not entail the nullity of the other clauses of these General Conditions which shall retain their full effect and scope between the parties.

The fact that SFBX does not take advantage at a given time of any of the clauses of these General Terms and Conditions and/or of a breach by the Client of any of its contractual obligations may not be interpreted as a waiver by SFBX of its right to take advantage at a later date of any of the said clauses or contractual obligations.

Article 15 – Governing Law and Jurisdiction

This Agreement is governed in its entirety by French law.

In the event of a dispute arising from the interpretation or performance of this Contract, the undersigned shall endeavour to settle it amicably before taking any legal action.

The Customer who is a consumer is informed that he may in any case have recourse to conventional mediation, in particular with the National Consumer Mediator (www.mediation-conso.fr), or to any other alternative dispute resolution method.

In case of persistent disagreement on the interpretation or execution of this Agreement, exclusive jurisdiction is attributed to the Courts of Bordeaux.