General Terms and Conditions of Sale and Use

Core Platform

The Pixacare application enables any healthcare professional to:

• capture, store, and securely transmit medical photographs of their patients;
• store photographs through Pixacare with a certified health data host whose servers are located in France and, where applicable, within the European Union;
• no data is retained on the physician's computer or mobile device.

Key Features

With Pixacare, healthcare professionals can:

• take patient photographs at any time and in any location;
• label photographs with customizable keywords;
• organize and manage their photo library: photographs are stored in chronological order through an ergonomic interface;
• automatically retrieve patient identification data (first name, last name, date of birth, and identification number where applicable) using the mobile application's scan feature;
• collect patient consent;
• share images with colleagues via a contact directory and instant messaging.

In accordance with these GTC, photographs are collected with patient consent and used exclusively for medical purposes. The Pixacare application is available on both web and mobile.

CDSS Modules

These modules enable users to:

• unlock additional capabilities within the Pixacare solution;
• support the specific management of a given pathology;
• leverage artificial intelligence algorithms (deep learning) for clinical decision support.

The Pixacare medical device bears the CE mark.

Article 1 – Purpose

These General Terms and Conditions of Sale and Use (hereinafter the "GTC") describe the terms and conditions under which Pixacare provides its customer — the user and healthcare professional — with access to the Pixacare application (hereinafter the "Application" or the "Service").

Use of the Service constitutes unconditional acceptance of the GTC. The user acknowledges having read and accepted these terms without reservation:

• by checking the designated box during registration on the Pixacare application;
• and prior to any payment.

By continuing to access or use Pixacare after updated GTC take effect, the user agrees to be bound by them.

The GTC apply to the exclusion of any other conditions which, without the prior and express acceptance of Pixacare, shall be unenforceable, regardless of when they may have been brought to Pixacare's attention.

The GTC are accessible at all times on the website and take precedence over any conflicting document.

Article 2 – Scope of Application

The GTC apply without restriction or reservation:

• between Pixacare, on the one hand,
• and any user, healthcare institution, or natural or legal person acting in a professional capacity, on the other hand, whether using the free or paid version of the Application (hereinafter the "User").

Pixacare and the User are hereinafter collectively referred to as the Parties.

Article 3 – Access to the Service

Upon acceptance of these GTC, the User accesses the application from:

• their mobile device or secured computer,
• equipped with an up-to-date web browser and a secure high-speed internet connection.

Authentication

To access their account, the User:

• logs in using their chosen email address and a password of at least 12 characters (including uppercase and lowercase letters, numbers, and at least one special character);
• is advised to choose a unique, hard-to-guess password and to renew it every 90 days for systems containing sensitive data.

Biometric Login

Where the device supports it, the User may authenticate via:

• fingerprint,
• facial recognition,
• or a four-digit PIN.

If the User checks "Stay logged in" during a previous session, they will be automatically signed in at the next launch, provided the data has been saved.

If biometric authentication fails after two attempts, the User is redirected to the login screen and must enter their regular password.

Responsibilities

• Based on the information provided, Pixacare creates a personal account reserved for the User.
• The User is responsible for all activities carried out through their account.
• The User must keep their password confidential and must not save it by default or store it in an accessible file.
• Pixacare may refuse to open an account or close an existing one in the event of failure to observe these essential precautions, without compensation.
• The User may at any time request a change to their credentials at: support@pixacare.com.
• In the event of loss, theft, or suspected unauthorized use, the User undertakes to notify Pixacare immediately.

Article 4 – Our Offerings

All Pixacare plans include:

• data security and traceability,
• hosted with a certified Health Data Host (HDS).

4.1 Independent Healthcare Professionals

Independent practitioners may choose from the following versions:

Free Trial

• Access to the mobile application.
• Limited storage space.
• Data stored in a shared database among free-trial users.
• No time limit; enables occasional secure sharing of photographs.

Premium

• Full access to Pixacare (web + mobile).
• Expanded storage for a monthly fee.
• Any additional gigabyte is billed monthly.
• Seamless upgrade from the free trial to Premium with automated data migration.

4.2 Healthcare Institutions

The institutional version designed for hospitals includes:

• Full access to Pixacare (web + mobile).
• Unlimited user accounts.
• Centralized account management.
• Department-level management.
• Email and phone support.
• A dedicated Pixacare account manager.

Pixacare provides a trial version to allow institutions to evaluate the solution. Terms are defined by quote:

• the trial is free upon subscription;
• otherwise, access is automatically closed at the end of the trial period;
• the customer retrieves their data and pays a flat fee indicated in the quote.

This offering is reserved for hospital settings. Pricing is based on required storage volume and a personalized quote. Any healthcare professional may access this plan upon authorization by the subscribing institution.

Payment Terms

• Monthly payment by SEPA direct debit, on the 5th of each month.
• First payment due within 10 days of subscription.
• Subscription must be accompanied by a SEPA direct debit authorization and a bank account details form (RIB).
• Invoices are issued and sent by email.

Article 5 – Subscription Term

The Parties do not intend to make their commitment conditional upon any cooling-off period.

By accepting the GTC, the User enters into a Pixacare license agreement for a term of one month, at the rate in effect on the date of subscription.

This agreement is renewed automatically and tacitly for successive periods of equal duration, unless terminated in writing by the User:

• sent by registered mail with acknowledgment of receipt,
• with one month's notice prior to the contract anniversary date.

Article 6 – Non-Payment

Without prejudice to any damages and Pixacare's right to terminate the contract at the User's expense, any failure to pay an invoice by its due date shall automatically result in:

• late interest at the rate applied by the European Central Bank to its most recent refinancing operation, plus ten percentage points, accruing from the first day of delay;
• a fixed recovery fee of €40 per unpaid invoice;
• reimbursement of all procedural or collection costs (notices, formal demands, legal proceedings, precautionary measures).

Pixacare reserves the right to automatically suspend the User's access to the application without prior notice.

Article 7 – No Set-Off

Unless expressly, previously, and in writing agreed by Pixacare, and provided that the respective claims and debts are certain, liquidated, and due, no set-off may validly be made by the User between:

• penalties for delays in service delivery or non-conformity,
• and amounts owed to Pixacare for such services.

Article 8 – Liability

8.1 Liability for the Service

In connection with the service provided, Pixacare warrants the User, in accordance with applicable law, against any lack of conformity or latent defect arising from a failure in the performance of the ordered service, under the conditions, limits, and terms set out below.

The service provided by Pixacare complies with applicable French law. Pixacare shall not be held liable for failure to comply with the laws of the country in which the services are provided. It is the User's sole responsibility to verify such compliance.

Pixacare:

• takes all reasonable steps to ensure correct user authentication,
• uses services compliant with the PGSSI-S (General Security Policy for Health Information Systems),
• is bound by a best-efforts obligation.

Claims

To assert their rights, the User must notify Pixacare:

• in writing,
• within a maximum of 10 days from the date of service delivery,
• of the existence of any defect or lack of conformity.

Pixacare's liability is limited to:

• reimbursement of monthly fees actually paid by the User,
• or, where this is not possible, correction of the defective service as soon as reasonably practicable.

Pixacare shall not be liable for:

• delays or failures due to force majeure (as defined under French case law),
• direct or indirect damages suffered by the User, their patient, or any third party resulting from use of the service.

Unless proven otherwise, data recorded in Pixacare's information systems constitutes proof of all transactions concluded with the User.

8.2 Liability for the User's Network and Equipment

Pixacare shall not be held liable for:

• network outages,
• slowdowns or unavailability of access to the application,
• nor for the maintenance or security of the network used by the User.

The User remains solely responsible for the maintenance and security of their own equipment and network.

8.3 User Liability

The User remains solely responsible for the use of their account. Healthcare institutions using the service are responsible for:

• managing access rights,
• and the use of accounts by personnel authorized to access the application.

Article 9 – Maintenance and Service Availability

Pixacare is bound by a best-efforts obligation in the provision of the service.

In the event of an outage or anomaly attributable solely to the application (excluding user error), Pixacare will:

• use all reasonable means to restore normal operation as quickly as possible,
• carry out necessary maintenance, updates, or corrections to ensure proper functioning.

Pixacare reserves the right to interrupt access to the application at any time for such operations. Pixacare commits to maintaining annual service availability of 99.5%.

The User:

• may not object to such operations,
• nor claim compensation for any temporary unavailability.

The User consents to any updates to the application decided and implemented by Pixacare.

Article 10 – Termination

10.1 At Contract Expiry

Either party may terminate the contract by observing the notice period set out in Article 5. Upon unsubscription, the User's medical data is returned in a readable, structured format.

10.2 For Cause

In the event of a breach by the User of any obligation under these GTC, Pixacare may, at its discretion:

• suspend the User's account, or
• terminate the subscription.

In the latter case:

• all remaining amounts owed under the subscription become immediately payable,
• and are retained in full by Pixacare as a lump-sum indemnity.

10.3 Mutual Termination

Pixacare may request mutual termination of the contract if, during performance, it encounters strictly unforeseeable difficulties requiring resources disproportionate to the contract value.

Article 11 – Personal Data Protection

Pixacare commits to complying with applicable personal data processing regulations, in particular Regulation (EU) 2016/679 (GDPR). Pixacare undertakes to:

• process data solely for purposes necessary for the performance of the service;
• integrate data protection by design and by default;
• implement appropriate technical and organizational measures;
• ensure the confidentiality, integrity, and availability of data;
• guarantee the traceability and security of patient data.

11.1 User Data

As data controller, Pixacare processes the personal data entered by users at registration, with their consent.

Data collected

• First and last name
• Postal address and email address
• Profession, medical specialty, associated CPAM code
• RPPS and/or ADELI registration number
• Phone number
• Employer name and address
• Banking information

Purposes

Pixacare uses this data to:

• provide access to the application;
• manage subscriptions and related communications;
• process payments and issue invoices;
• maintain and update user files and accounts;
• prevent and detect fraud or misuse.

Administrator Access

Pixacare may, if necessary, connect to the application as an administrator:

• for maintenance or technical support purposes,
• without viewing, modifying, or deleting any medical data.

User Rights

The User has the following rights: access, rectification, erasure, portability, restriction of processing, withdrawal of consent, and the right to object. The User may also define how their data is to be handled after their death.

Requests must be sent to gdpr@pixacare.com, including the User's first name, last name, address, phone number, and the subject of the request. Pixacare may require a copy of a government-issued ID for verification.

Retention

• User data is retained for the duration of the subscription.
• Upon termination, medical data is returned in a structured format (encrypted ZIP file sent by email) and then deleted within 30 days.

11.2 Patient Data Processing

These clauses define the conditions under which Pixacare (the Processor) processes personal data on behalf of the Data Controller (the healthcare professional or institution). Both parties undertake to comply with the GDPR.

11.2.1 Description of Processing

The Processor processes:

• patients' photographs, personally identifiable information, and medical data,
• contact details of healthcare professionals added to the User's directory.

Operations performed include:

• retrieval and secure hosting of data via the Pixacare application,
• authentication of the data controller,
• provision of an ergonomic, structured interface.

11.2.2 Right to Information of Data Subjects

The Data Controller must inform patients at the time of data collection and obtain their written consent prior to any photograph being taken. For healthcare institutions, this consent is obtained at admission.

Pixacare includes a chat feature for information exchange between healthcare professionals. These exchanges generally take place within the same institution but may involve an external professional. In that case, the patient must be informed and may object. For any external exchange, express consent is required.

Anonymized data may subsequently be used for purposes of predictive medicine, precision medicine, clinical decision support, or prevention.

Patient consent form: https://pixacare.com/patient-consent

11.2.3 Exercise of Data Subject Rights

If a data subject exercises their rights directly with the Processor, Pixacare shall immediately forward the request to the Data Controller at the address provided by the latter.

11.2.4 Data Fate

Data is retained only for the duration required for processing, as defined by the Data Controller. Upon unsubscription, data is returned and then permanently deleted.

11.2.5 Sub-Processing

11.2.5.1 Principles
Pixacare may engage a sub-processor for specific activities, following written notification to the Data Controller specifying the sub-processor's identity, contact details, and the activities concerned. The Data Controller has 2 months to raise objections. In the absence of objection, the sub-processing is deemed accepted. The sub-processor must provide the same GDPR guarantees.

11.2.5.2 List of Sub-processors
The Pixacare application is hosted by Microsoft Azure, a certified health data host with servers located in France and within the European Union.

11.2.6 Transfers Outside the European Union

Pixacare undertakes not to transfer any personal data outside the European Economic Area without the prior written consent of the Data Controller.

11.2.7 Security Measures

The Processor undertakes to:

• ensure the confidentiality, integrity, availability, and resilience of systems;
• enable rapid data restoration in the event of an incident;
• conduct regular testing of the effectiveness of security measures;
• maintain full traceability of all processing operations.

11.2.8 Data Breach Notification

In the event of a personal data breach, Pixacare shall:

• notify the Data Controller within 24 hours,
• provide all relevant documentation,
• specify: the nature and extent of the breach, the contact details of the Data Protection Officer, the likely consequences, and the remedial measures taken.

Where certain information cannot be provided immediately, it will be communicated progressively as soon as possible.

11.2.9 Data Protection Officer

Pixacare shall communicate to the Data Controller the name and contact details of its Data Protection Officer (DPO), in accordance with Article 37 of the GDPR.

11.2.10 Records of Processing Activities

Pixacare maintains a record of processing activities including:

• the name and contact details of the Data Controller, sub-processors, and DPO;
• the categories of processing carried out;
• the security measures implemented;
• any transfers to third countries or international organizations.

11.2.11 Assistance to the Data Controller

Pixacare may assist the Data Controller in conducting a Data Protection Impact Assessment (DPIA) and in demonstrating GDPR compliance for the aspects within Pixacare's scope of intervention.

11.2.12 Documentation and Audit

Pixacare undertakes to:

• provide documentation demonstrating compliance with its obligations,
• allow audits or inspections by the Data Controller or their authorized representative.

The costs of any audit are borne by the party initiating it.

11.2.13 Pixacare's Obligations toward the Data Controller

As software publisher, Pixacare undertakes to:

• provide software compliant with applicable regulations;
• enable all data protection rules by default;
• ensure traceability and confidentiality;
• follow current cybersecurity best practices and up-to-date protocols.

11.2.14 Data Controller's Obligations toward Pixacare

The Data Controller undertakes to:

• collect data in accordance with applicable regulations and obtain explicit patient consent;
• provide Pixacare with a signed consent template;
• document any changes to processing purposes;
• ensure the Processor's compliance with the GDPR;
• oversee processing operations, audits, and inspections.

Article 12 – Cookies

A cookie is a small text file placed on the hard drive or browser memory when visiting a website. It records certain browsing information (session identifier, language, date, etc.).

When logging into their Pixacare account, cookies necessary for the proper functioning of the application are installed.

Article 13 – Hyperlinks

Outbound hyperlinks may be present on the website, but the pages they link to do not engage Pixacare's liability, as Pixacare has no control over them. The User therefore agrees not to hold Pixacare liable for the content or external resources linked from the site.

Article 14 – Intellectual Property and Granted Rights

The content of the website www.pixacare.com and the application is the exclusive property of Pixacare and is protected by French and international intellectual property laws. Any total or partial reproduction of this content is strictly prohibited and constitutes an act of infringement.

Pixacare retains all intellectual property rights over: software, photographs, presentations, studies, drawings, logos, trademarks, models, and prototypes created in connection with the provision of services. Only the User who is a signatory to these GTC benefits from the right to use the application, without any transfer of ownership.

Prohibited Uses

The User may not, directly or indirectly:

• assign or sublicense the right to use the software to a third party;
• reproduce all or part of the software;
• decompile, manipulate, disassemble, modify, or reprogram the software;
• transcribe the software into another programming language;
• incorporate all or part of the software into another program;
• create or distribute derivative products or features;
• sell, rent, lend, or exchange the software;
• remove or alter proprietary notices or markings;
• transfer the software in any form;
• access the source code;
• attempt to correct any errors in the software.

Pixacare alone retains the exclusive right to corrective maintenance and error correction.

Pixacare's Commitments

Pixacare undertakes to:

• keep proprietary notices visible on programs, media, and documentation;
• inform and raise awareness among its staff and contractors regarding the protection of these rights.

Any other use of the software requires the prior and express written consent of Pixacare and may be subject to additional compensation.

Article 15 – Confidentiality

The User undertakes to treat as strictly confidential all documents, information, results, or data — whether technical, scientific, commercial, financial, industrial, or otherwise — to which they have access through Pixacare.

The User undertakes, on their own behalf and on behalf of their collaborators:

• not to disclose such information to third parties,
• not to use it for personal purposes,
• to take all necessary precautions to preserve its confidentiality.

This obligation survives termination of the contract.

Article 16 – Force Majeure

Any failure to perform resulting from a force majeure event suspends the obligations of both parties. If the force majeure event persists for more than three months, the contract shall be automatically terminated without formality.

Events constituting force majeure include, in particular:

• total or partial strikes, internal or external;
• lockouts, severe weather, epidemics;
• disruption of transportation or supply chains;
• earthquakes, fires, floods, storms;
• government restrictions, legislative changes;
• IT failures, telecommunications outages;
• and any other event beyond the control of the parties preventing normal performance of the contract.

Pixacare will notify the User in a timely manner of any such event.

Article 17 – Severability

If one or more clauses of the contract are held invalid, the remaining provisions shall remain in full force and effect, provided that the overall economic balance of the contract is preserved. The parties undertake to replace any invalid clause with an equivalent provision consistent with the spirit of the contract.

Article 18 – Waiver

The fact that a party tolerates non-performance or imperfect performance of the GTC, or any conduct contrary to the contract, shall not constitute a modification of or a waiver of its contractual rights.

Article 19 – Miscellaneous Provisions

Section headings and subheadings are for informational purposes only and have no interpretive value.

The GTC may be subject to subsequent amendments. The applicable version is the one in effect on the website at the date of subscription. Pixacare endeavors to notify users at least 30 days before any amendment takes effect.

Article 20 – Language, Governing Law, and Disputes

Pixacare is a company incorporated under French law. French law is the sole law applicable to the contract. Only the French version of the GTC is legally binding, even in the event of a translation.

In the event of a dispute:

• the parties shall first seek an amicable resolution, with or without a mediator;
• failing that, the dispute shall be submitted to the competent court within the jurisdiction of the Colmar Court of Appeal.

Article 21 – User Acceptance

These GTC:

• take effect on the date they are published online,
• are enforceable upon subscription,
• remain applicable until replaced by updated terms.

The GTC are permanently accessible at: https://pixacare.com/cgvu

The User may:

• download and save them from the website (at their own responsibility),
• retain the PDF version sent by email upon acceptance.

In the event of an update, only the version held by Pixacare shall prevail in the event of a dispute. Each amendment takes effect immediately upon publication, with no retroactive effect on existing subscriptions.

By subscribing, the User:

• accepts the GTC and the Privacy Policy,
• acknowledges full awareness of their content,
• and waives the right to invoke any conflicting document.