Figaro Shield Field

Terms and Conditions

End-User Licence Agreement and Terms of Service for the Figaro Shield Field iOS application (iPhone + iPad).

Revenue-Protection, Chargeback-Defence and Aesthetic-Compliance Operating Layer for iPhone and iPad.

Sixty seconds at the counter. A chargeback pack on demand. Revenue defended.

DOCUMENT

Figaro Shield Field — Terms and Conditions

STRUCTURE

Master Terms + Schedule A (App Schedule)

VERSION

1.0

EFFECTIVE

2026-06-01

OPERATOR

ML Consulting MB · Legal entity code 306991112

JURISDICTION

Republic of Lithuania

DISTRIBUTION

Apple App Store · iOS, iPadOS (offline-first)

SUBSCRIBER PROFILE

Business User (B2B) — salons, aesthetic clinics, medspas, multi-branch beauty groups, franchise chains

BILLING CHANNEL

Direct Channel (Order Form) for all tiers

WEBSITE

mlconsulting.lt

SUPPORT

support+figaroshield@mlconsulting.lt


Contents

What is in this document.

PART I — MASTER TERMS AND CONDITIONS

1. Agreement and Parties

2. Apps Covered and Per-App Schedules

3. Eligibility and Intended Users

4. Definitions

5. Licence to Use the App

6. What the App Does, and What It Does Not Do

7. Accounts and Security

8. Your Data and Permitted Use by Us

9. Privacy and Data Protection

10. Subscriptions, Billing and App Store Rules

11. Direct Billing for the App

12. Acceptable Use

13. AI / ML Features and Probabilistic Outputs

14. Intellectual Property

15. Updates, Availability and Support

16. Suspension and Termination

17. Consumer Rights

18. Disclaimers

19. Limitation of Liability

20. Indemnity for Business Users

21. Governing Law and Disputes

22. Changes to this Agreement

23. General

24. Apple-Required Terms

25. Precedence — Schedules and Order Forms

PART II — SCHEDULE A · FIGARO SHIELD FIELD

A1. App-Specific Definitions

A2. Description of Figaro Shield Field

A3. Subscribing Customer Responsibilities

A4. Workers, Practitioners, App Clip Clients and Booking-Platform Integrations

A5. Aesthetic Consent and Apple Pencil Signatures — Not a Substitute for Informed Medical Consent

A6. Patient and Client Personal Data; Special-Category Data; Minors

A7. Chargeback Defence Packs and No Card-Scheme Endorsement

A8. Insurance-Aligned Incident Packs and No Insurance Role

A9. AI-Assisted Features, Repeat-Offender Risk Engine and On-Device CoreML

A10. Specific Prohibited Uses

A11. Plans, Billing and Liability

A12. Operational Contact Points


Preliminary Notice

Read together with Schedule A — Figaro Shield Field App Schedule.

READ THIS — MASTER TERMS + SCHEDULE A.

These Terms and Conditions apply whenever you download, install, sign in to, subscribe to or otherwise use the Figaro Shield Field iOS / iPadOS application (“Figaro Shield Field” or the “App”) published by ML Consulting MB on the Apple App Store, including its App Clip surface and any browser-accessible chargeback-defence or incident-pack share links it generates. The Master Terms (Part I) apply to every iOS / iPadOS application we publish; Schedule A (Part II) addresses Figaro Shield Field-specific definitions, plan tiers, data warranties, AI feature scope, medical / aesthetic and card-scheme carve-outs and liability adjustments. Where Schedule A expressly modifies a provision of the Master Terms, Schedule A prevails for Figaro Shield Field only (section 25).

NOT MEDICAL, NOT AESTHETIC, NOT CARD-SCHEME, NOT INSURANCE ADVICE.

Figaro Shield Field is an operational evidence-capture and revenue-protection tool. It is NOT a medical device, a clinical informed-consent system, a substitute for clinical judgement, an insurance product, a payment processor, an acquirer, a card-scheme certification authority, or an authority of Visa, Mastercard, American Express, Discover or any other card scheme or acquirer. Outputs (including Chargeback Defence Packs, Aesthetic Consent records, Insurance-Aligned Incident Packs and Repeat-Offender Risk indicators) are operational records only. See Schedule A, clauses A5, A6, A7 and A8.

This Agreement is concluded between you and ML Consulting MB, a Lithuanian small partnership (legal entity code 306991112) registered in Lithuania (“ML Consulting”, “we”, “us”, “our”). Apple Inc. (“Apple”) is not a party to this Agreement; Apple and its subsidiaries are third-party beneficiaries of the Apple-required terms in section 24.

Figaro Shield Field is enterprise software intended for business users (B2B) — salons, aesthetic clinics, medspas, multi-branch beauty groups and franchise chains, and the front-desk staff, practitioners, managers, owners and compliance officers they invite. Clients, patients, App Clip walk-ins and the banks, card schemes, acquirers and insurers who receive evidence packs interact with Figaro Shield Field as third parties of the Subscribing Customer.


PART I

Master Terms and Conditions

1

Agreement and Parties

Who is bound, by what, and from when.

1.1. These Master Terms and Conditions (the “Agreement”) form a binding contract between you and ML Consulting MB, a Lithuanian small partnership with legal entity code 306991112, website mlconsulting.lt, support email support+figaroshield@mlconsulting.lt (“ML Consulting”, “we”, “us”, “our”). They govern your download, installation and use of the Figaro Shield Field iOS / iPadOS application we publish on the Apple App Store (the “App”), its App Clip surface and any related services we make available through the App or our website (including the Chargeback Defence Pack and Incident Pack share-link surface).

1.2. By downloading, installing, creating an account, signing in, subscribing to, opening an App Clip session, opening a share link, or otherwise using the App, you accept this Agreement and our Privacy Policy (published at https://mlconsulting.lt/privacy-policy). If you do not accept, do not use the App or its surfaces.

1.3. The App is supplemented by Schedule A (Part II of this document), which addresses App-specific definitions, plan tiers, data warranties, AI feature scope, medical / aesthetic and card-scheme carve-outs and liability adjustments. Where Schedule A expressly modifies a provision of these Master Terms, Schedule A prevails for the App only (section 25).

1.4. The App is distributed exclusively through the Apple App Store. External share links are served by ML Consulting and reached via secure expiring links. This Agreement is between you and ML Consulting only. Apple is not a party. Your use of the App is also subject to Apple’s Media Services Terms and Conditions and Apple’s applicable Usage Rules. Apple-specific provisions are set out in section 24 (Apple-Required Terms).

1.5. The App is licensed, not sold. You acquire only the rights expressly granted to you in this Agreement and Schedule A.

2

Apps Covered and Per-App Schedules

The portfolio framework and the App Schedule that supplements these Master Terms for Figaro Shield Field.

These Master Terms apply to every iOS / iPadOS application published by ML Consulting MB on the Apple App Store. Figaro Shield Field is supplemented by Schedule A (Part II of this document). Additional Apps published by ML Consulting are listed at https://mlconsulting.lt/app-specific-schedules-hub.

2.1. Current App. Figaro Shield Field — a revenue-protection, chargeback-defence and aesthetic-compliance operating layer for salons, aesthetic clinics, medspas, multi-branch beauty groups and franchise chains. Schedule A sets out App-specific definitions, plan tiers, prices, data warranties, AI feature scope, regulatory and card-scheme carve-outs and liability adjustments.

2.2. Future Apps. ML Consulting may publish additional Apps under these Master Terms by adding new App Schedules. Each new App Schedule takes effect on its Effective Date and applies only to the App it identifies.

2.3. Withdrawn Apps. If we discontinue the App, Schedule A ceases to apply prospectively, but the rights and obligations relating to your use of the App before withdrawal continue under the version of the Agreement in force at the time of that use.

2.4. No silent override across Apps. A provision of Schedule A applies only to Figaro Shield Field. References in any App Schedule to a regulatory regime, evidentiary standard, data warranty or liability cap do not propagate to other Apps. Cross-App contagion is excluded.

3

Eligibility and Intended Users

Who may use the App, and in what capacity.

3.1. Age. You must meet any age requirement set by the law of your country of residence. Figaro Shield Field is rated 4+ but is not designed for use by minors as the contracting party. Where a minor is a client or patient referenced in the App (for example, a minor receiving a salon service or a permitted aesthetic procedure under applicable law), the Subscribing Customer is responsible for obtaining the parental / guardian notice and consent required by applicable law (see Schedule A, clause A6).

3.2. Capacity. You represent that you have the legal capacity to enter into a binding contract.

3.3. Consumer or business user. Figaro Shield Field is offered for business use by salons, aesthetic clinics, medspas, multi-branch beauty groups, franchise chains and the front-desk staff, practitioners, managers, owners and compliance officers they invite (each, a “Subscribing Customer” or its authorised user). Clients, patients and App Clip walk-ins interact with the App as third parties of the Subscribing Customer.

3.4. Authority for business users. Where you establish a Workspace (the “Salon / Clinic”), the individual creating the account or signing an Order Form represents and warrants that they are authorised to bind the Subscribing Customer, and that the Subscribing Customer will use the App in compliance with this Agreement and Schedule A.

3.5. Sanctions and export restrictions. You represent that you are not located in, controlled by, or a national or resident of any country subject to a comprehensive embargo by the European Union, the United States or the United Nations, and that you are not on any restricted-party list maintained by those authorities.

4

Definitions

Terms used throughout this Agreement.

Capitalised terms used in this Agreement have the meanings set out below. Additional capitalised terms used in respect of Figaro Shield Field are defined in Schedule A, clause A1.

Account Your user identity in the App, established via Sign in with Apple or email magic-link.

Agreement These Master Terms and Conditions, Schedule A (Figaro Shield Field App Schedule), the Apple-Required Terms (section 24), the Privacy Policy and the relevant Order Form.

Apple Apple Inc. and its subsidiaries.

App The Figaro Shield Field iOS / iPadOS application published by ML Consulting MB on the Apple App Store, including its App Clip surface.

App Schedule / Schedule A The schedule specific to Figaro Shield Field that supplements these Master Terms, set out in Part II of this document.

Business User A natural or legal person using the App for purposes within their trade, business, craft or profession — in Figaro Shield Field, the Subscribing Customer.

Consumer A natural person using the App for purposes outside their trade, business, craft or profession (Article 2(1) of Directive 2011/83/EU). Figaro Shield Field is not offered to Consumers as the contracting party (clause 3.3).

Customer Data All data submitted by, or generated for, you through the App, App Clip surface or share links, including content you create, import or upload.

Direct Channel Billing by ML Consulting under an Order Form (typically by invoice and bank transfer or external card payment), as opposed to App Store IAP. All paid Figaro Shield Field tiers are sold via the Direct Channel.

Order Form A written or electronic ordering document signed or accepted by a Subscribing Customer that sets out the Plan, term, fees, limits and any agreed services.

Plan A tier of access to the App offered by ML Consulting from time to time, as specified in Schedule A and the Order Form.

Privacy Policy Our privacy notice published at https://mlconsulting.lt/privacy-policy.

Services The App together with the cloud-based services accessed through it, including any associated website services and share-link surfaces.

Subscribing Customer The legal entity identified in the Order Form as the account holder and data controller for Customer Data in Figaro Shield Field — the salon, aesthetic clinic, medspa, multi-branch beauty group or franchise chain that signed the Order Form. The term “Subscribing Customer” is used throughout this Agreement in place of more generic terms such as “workspace owner”, “client” or “tenant”.

Subscription A paid (fixed-term or renewing) plan giving access to the App’s paid features.

Subscription Term The period during which a Subscription is active.

Salon / Clinic / Workspace A tenant in Figaro Shield Field, scoped to a single Subscribing Customer and its authorised users.

You / Your The Subscribing Customer and any authorised user (including front-desk staff, practitioners, managers, owners, compliance officers and external viewers) acting on its behalf.

5

Licence to Use the App

What we grant you, and what you must not do.

5.1. Licence grant. Subject to your continuing compliance with this Agreement, ML Consulting grants you a personal, limited, non-exclusive, non-transferable, non-sublicensable, revocable licence to install and use the App on Apple-branded devices that you own or control, to launch and complete App Clip sessions to which you have been validly invited, and to open share links that have been validly issued to you, in accordance with the Usage Rules in the Apple Media Services Terms and Conditions, solely for the purposes for which the App is made available.

5.2. Restrictions. You shall not, and shall not permit any third party to:

copy, modify, distribute, rent, lease, sell, sublicence or commercially exploit the App, its surfaces or any part of them, except as expressly permitted by this Agreement, Schedule A or mandatory law;

reverse-engineer, decompile, disassemble, decrypt or otherwise attempt to derive the source code, non-public APIs, non-public algorithms, on-device CoreML models or non-public datasets of the Services, except to the extent applicable law (including Article 6 of Directive 2009/24/EC) expressly prohibits the foregoing restriction;

circumvent any Plan limit, paywall, role check, rate limit, audit log, biometric gate or other technical protection measure;

scrape, bulk-extract, reproduce or commercialise the App’s interface, outputs, datasets, Chargeback Defence Packs, Incident Packs, Repeat-Offender Risk Engine data, Aesthetic Consent records or other derived outputs outside personal or licensed use;

interfere with the integrity, performance or security of the Services, attempt unauthorised access to other users’ data, forge or replay a share link, falsify an Apple Pencil signature or biometric verification, or transmit malicious code;

use the Services in any way that may damage our reputation, Apple’s platform or other users.

5.3. Reservation of rights. All rights not expressly granted under this Agreement are reserved by ML Consulting and its licensors. No title, ownership or intellectual-property right in the App or the Services is transferred.

6

What the App Does, and What It Does Not Do

Operational evidence — not medical, card-scheme, insurance or regulatory authority.

6.1. Purpose. The App’s purpose is described in Schedule A, clause A2. Schedule A sets out what the App actually does.

6.2. Operational outputs, not guarantees. Where the App produces Event Captures, Chargeback Defence Packs, Aesthetic Consent records, before / after photos, product lot tracking, Insurance-Aligned Incident Packs, Repeat-Offender Risk Engine indications, branch revenue-leakage scores, AI-assisted drafts or any similar derived output, those outputs are deterministic or probabilistic operational records and are not medical, aesthetic, clinical, surgical, dermatological, pharmaceutical, card-scheme, payment-processing, insurance, banking, accounting, tax, legal or other professional advice.

6.3. The App is not, and shall not be relied on as:

a medical device, clinical decision-support system or substitute for clinical judgement by a qualified practitioner;

an informed-medical-consent system that of itself satisfies any national medical, dental, dermatological, surgical or cosmetic-procedure consent regime (see Schedule A, clause A5);

a pharmaceutical traceability, batch-recall or product-safety system, or a substitute for any required medical-device, cosmetic-product or biocidal-product register;

a payment processor, acquirer, card scheme, money-transmitter, e-money issuer or banking service;

a card-scheme rule authority, chargeback adjudicator or arbitrator (it is not Visa, Mastercard, American Express, Discover, JCB, UnionPay or any other card scheme or acquirer);

an insurer, broker, claims adjuster or claims-decision authority;

a booking, scheduling, calendar, point-of-sale, marketing, loyalty, marketplace or CRM platform;

a credit-rating, credit-decision, debt-collection, debt-recovery or financial-services authority;

a substitute for any regulated record-keeping (including national medical-device incident registers, cosmetic-product cosmetovigilance registers, pharmacovigilance registers, employer health-and-safety records or any statutory record);

an automated decision-making system within the meaning of Article 22 GDPR — see section 13.

6.4. Best-effort availability. The Services are provided on a best-effort basis. Where Schedule A or an Order Form sets a specific service-level commitment, that commitment governs and the corresponding remedies (typically service credits) are your exclusive remedy for unavailability, save for liability that cannot be excluded under mandatory law.

7

Accounts and Security

Authentication, credentials and account security.

7.1. Account creation. You must provide accurate and current information when creating an account. You are responsible for keeping your account information up to date.

7.2. Credentials. You are responsible for safeguarding your device, your Apple ID, your email account and any password you set within the App. We will not be liable for any loss arising from your failure to keep credentials secure, save where such loss results from our gross negligence or wilful misconduct, or where mandatory law provides otherwise.

7.3. Biometric gates. High-consequence operations (for example, finalising an Aesthetic Consent record, generating a Chargeback Defence Pack, issuing an Insurance-Aligned Incident Pack, accessing the audit log) can be gated by Face ID / Touch ID via the iOS LocalAuthentication framework. The Subscribing Customer controls which operations require biometric reauthentication.

7.4. Suspected unauthorised access. If you believe your account, device, App Clip session or share link has been compromised, contact us at support+figaroshield@mlconsulting.lt without undue delay.

7.5. One account per authorised user. Unless we agree otherwise in writing or Schedule A expressly permits, each authorised user holds one account per Workspace. Accounts are personal and not transferable.

7.6. Third-party authentication services. Where the App relies on Apple or other third-party services for authentication or storage, your access depends on those services and your settings. We are not responsible for third-party outages or restrictions outside our control.

8

Your Data and Permitted Use by Us

You own your data. We use it only to operate the Services.

8.1. Ownership. As between the parties, the Subscribing Customer retains ownership of all Customer Data submitted to or generated through the App, App Clip surface or share links.

8.2. Limited operational licence. You grant ML Consulting a worldwide, royalty-free, non-exclusive, non-transferable licence (with a sub-licence to our hosting and infrastructure providers, including our EU-hosted backend and Apple Inc. for App Store, APNs and platform services, strictly to provide the Services) to host, copy, transmit, display and process Customer Data solely to operate, secure, support and improve the Services and to comply with applicable law.

8.3. No sale; no AI training. We do not sell Customer Data. We do not share or sell patient / client data, aesthetic consent records, before / after photos, Chargeback Defence Pack content or Repeat-Offender Risk Engine data with any third party for advertising or commercial-intelligence purposes. We do not use Customer Data to train any third-party machine-learning model, except where you have given valid prior consent for a specific feature that is clearly described in the App and Schedule A.

8.4. On-device storage, offline-first and backups. The App is offline-first: Event Captures, Aesthetic Consent records, Apple Pencil signatures, before / after photos, voice memos and audit-log entries are captured on-device and synced when connectivity returns. If you delete the App, reset your device or fail to maintain a backup before sync, that data may be lost. You are responsible for maintaining exports and backups that matter to you, using the in-App export controls.

8.5. Accuracy and provenance of inputs. You are responsible for the accuracy, lawfulness and provenance of data you input, import or upload, including booking-platform CSV imports, client / patient identifiers, deposit and policy text, treatment-product names, lot numbers, photographs and any data you copy from third-party sources. Schedule A imposes specific accuracy, attribution, consent and lawful-basis warranties for chargeback-defence content, aesthetic consent records and patient data captured in the App.

9

Privacy and Data Protection

GDPR-aligned. Two roles — controller and processor. EU data residency. See the Privacy Policy.

9.1. Privacy Policy. Our processing of personal data is described in the Privacy Policy, which is incorporated into this Agreement by reference for the purpose of describing data processing.

9.2. Two roles. Depending on the data category:

(a) in respect of Account Data, Telemetry, Communications and Billing Data, ML Consulting acts as data controller under the GDPR. The Privacy Policy describes that processing.

(b) in respect of Customer Data within Workspaces (including front-desk-staff personal data, practitioner personal data, client and patient personal data, aesthetic consent records, before / after photos, App Clip walk-in data and audit-log entries — see Schedule A, clauses A4 and A6), the Subscribing Customer is the data controller and ML Consulting is the data processor under a Master Data Processing Agreement (“Master DPA”).

9.3. Special-category (health) data. Where the Subscribing Customer enters Article 9 GDPR special-category data (in particular health data relating to aesthetic procedures — see Schedule A, clause A6), the Subscribing Customer is responsible for establishing and documenting a valid Article 9(2) GDPR lawful basis and for any sector-specific requirements (including any national medical-confidentiality or patient-rights obligation).

9.4. Apple’s role. Apple acts independently for App Store transactions, Apple ID services, Sign in with Apple, APNs push notifications and any iCloud / CloudKit storage. Apple’s processing is governed by Apple’s Privacy Policy, not by this Agreement or our Privacy Policy.

9.5. Your rights. Subject to applicable law, you may exercise rights of access, rectification, erasure, restriction, portability and objection, and withdraw consent where processing is based on consent. The Privacy Policy explains how. Workspace-controlled requests should generally be directed to the relevant Subscribing Customer first.

9.6. Permissions. The App may request access to camera and microphone (for before / after photos, event capture and voice memos), location (When In Use), photos (optional, for attaching prior media), calendar (optional, EventKit follow-ups for chargeback dispute deadlines and aesthetic follow-up appointments) and notifications (only when you enable push preferences in Settings). You can manage permissions in iOS settings. Certain features may not work if permissions are refused or withdrawn.

9.7. Data Protection Officer. ML Consulting is not currently required to designate a DPO under Article 37 GDPR. Privacy enquiries may be sent to support+figaroshield@mlconsulting.lt.

9.8. Lithuanian supervisory authority. Our lead supervisory authority is the Lithuanian State Data Protection Inspectorate (Valstybinė duomenų apsaugos inspekcija, VDAI), L. Sapiegos g. 17, LT-10312 Vilnius, vdai.lrv.lt.

10

Subscriptions, Billing and App Store Rules

Figaro Shield Field is sold exclusively via the Direct Channel — no App Store auto-renewable subscriptions are offered by default.

10.1. Plans. Figaro Shield Field is sold as a B2B subscription under an Order Form. The full Plan structure is set out in Schedule A, clause A11. Plan features, limits, prices, currencies and renewal periods are set out in the Order Form. No App Store auto-renewable Subscription is offered by default; clauses 10.2–10.7 apply only if and when ML Consulting separately offers an App Store paywall sheet for a specific feature.

10.2. Apple as merchant of record (where used). Any App Store Subscription, if ever offered, would be sold by Apple via your Apple ID using StoreKit. Your contract for that purchase would be concluded between you and Apple at the moment you confirm in the App Store sheet. ML Consulting sets the price and product configuration; Apple is the merchant of record.

10.3. Auto-renewable subscriptions — Apple-required disclosures (where used). Where an App Store auto-renewable Subscription is offered, it is governed by the following terms, which are also displayed in the App Store paywall sheet before purchase:

title and length of the subscription (presented in the paywall sheet);

price per period (presented in the paywall sheet, including local currency and applicable taxes);

any free trial or introductory offer (where offered, the duration and conversion mechanics are presented in the paywall sheet; any unused portion of a free trial is forfeited when a Subscription is purchased, where applicable law permits);

auto-renewal — payment is charged to your Apple ID account at confirmation of purchase. The Subscription automatically renews for an identical period at the then-current price, unless you cancel auto-renewal at least 24 hours before the end of the current period. Your account will be charged for renewal within 24 hours prior to the end of the current period;

how to manage and cancel — you can manage your Subscriptions and turn off auto-renewal in your Apple ID account settings (Settings → [your Apple ID] → Subscriptions) on your device after purchase;

links to the Privacy Policy and to this Agreement appear in the paywall sheet and in the App’s Settings → Legal (or equivalent).

10.4. Local price, currency and tax. For any App Store purchases, actual prices, local taxes, currency, renewal period and available offers are controlled by the App Store at the time of purchase and may vary by country. Where there is any inconsistency, the App Store paywall sheet at the moment of confirmation controls the App Store transaction.

10.5. Cancellation, deletion and continued access. You may cancel App Store auto-renewal at any time as described in clause 10.3. Cancellation takes effect at the end of the current paid period; you retain access until then. Deleting the App or your account does not cancel an active App Store Subscription — you must cancel separately in your Apple ID settings.

10.6. Refunds. Refunds for App Store purchases are governed by Apple’s policies and may be requested at reportaproblem.apple.com. We cannot directly refund App Store purchases unless Apple provides a mechanism for us to do so.

10.7. Price changes. Price changes for active App Store subscriptions are handled through Apple’s App Store process and, where required by law or by Apple’s policies, are subject to your consent. We will notify you of material changes at least thirty (30) days in advance where the law requires it.

11

Direct Billing for the App

Order Form path — the exclusive billing channel for Figaro Shield Field.

11.1. Direct Channel as exclusive path. Figaro Shield Field is sold exclusively via the Direct Channel for all tiers. The Subscribing Customer subscribes under a written or electronic Order Form with ML Consulting; payment never flows through Apple’s In-App Purchase system, in accordance with Apple’s App Store Review Guidelines for B2B and reader-app categories.

11.2. Order Form mechanics. The Order Form sets out the Plan, term, fees, currency, user / branch / chair / location limits, any onboarding or professional services, any add-ons and any service-level commitment. Subscription Fees are stated exclusive of value-added tax or equivalent indirect taxes, which are payable in addition where applicable. Currency is EUR unless otherwise stated.

11.3. Payment terms. Direct-Channel invoices are payable as set out in the Order Form (typically thirty (30) days net). Late-payment interest accrues at the statutory rate. If an undisputed invoice is unpaid when due, ML Consulting may, on at least seven (7) days’ written notice, suspend access until payment is received. Suspension does not relieve the Subscribing Customer of payment obligations.

11.4. Renewal. Direct-Channel Plans renew at the end of the Subscription Term in accordance with the Order Form (typically automatic renewal unless the Subscribing Customer gives written notice of non-renewal at least thirty (30) days before the end of the current Term).

11.5. Apple App Store policies preserved. Direct Channel arrangements do not circumvent Apple’s policies. Where Apple requires that a particular paid feature be sold via App Store IAP, ML Consulting will route that feature through StoreKit; the Direct Channel applies only to features that may lawfully be sold outside the App Store under Apple’s policies.

12

Acceptable Use

What you must not do with the App.

You must not, and must not permit any third party to:

12.1. Universal prohibitions.

use the App for any unlawful purpose or in any way that infringes the rights of any third party;

use the App to provide a paid service to third parties (for example, public marketplace, debt-collection service, payment-processing, card-scheme arbitration, insurance underwriting, medical-consent certification) without our prior written agreement and the agreement of Schedule A;

fabricate, alter or backdate Event Captures, Chargeback Defence Pack contents, Aesthetic Consent records, Apple Pencil signatures, biometric verifications, before / after photos, product lot numbers, voice transcripts, Repeat-Offender Risk Engine entries or audit-log entries, or attempt to remove or modify watermarks or the audit-trail block on any Pack;

forge, replay, share with unauthorised parties or otherwise abuse a share link, biometric verification, App Clip session or signed pack;

import content that infringes third-party intellectual property, privacy, publicity, confidentiality or database rights, or that you do not have a lawful basis to import;

circumvent any Plan limit, paywall, role check, rate limit, audit log, biometric gate or other technical protection;

scrape, bulk-extract, reproduce or commercialise the App’s interface, datasets, client / patient data, before / after photos, Repeat-Offender Risk Engine data or derived outputs outside personal or licensed use;

interfere with the integrity, performance or security of the Services, attempt unauthorised access to data of other users, or transmit malicious code;

use the App to make material decisions affecting individuals (for example, refusal of service, deposit forfeiture, mandatory pre-payment, treatment refusal, employment / disciplinary action) in reliance solely on App output without meaningful human review and an independent assessment.

12.2. App-specific additions. Schedule A (clauses A4, A5, A6, A7, A8 and A10) adds App-specific acceptable-use rules, including signature integrity, aesthetic-consent integrity, patient / client data discipline, chargeback-evidence integrity, Repeat-Offender Risk Engine discipline and prohibitions against covert worker / client surveillance.

13

AI / ML Features and Probabilistic Outputs

Optional, opt-in, on-device + backend, always reviewable, no third-party model training on your data.

13.1. Where the App offers AI features. The App may include optional AI-assisted helpers (for example, on-device CoreML product-lot-number OCR, on-device CoreML photo-quality check, voice-memo transcription, AI-assisted Chargeback Defence Pack narrative drafts, Repeat-Offender Risk Engine indicators, no-show prediction). Where present, those features are off by default and are activated only by an explicit configuration choice by an admin of the Subscribing Customer.

13.2. Always reviewable; never autonomous. AI output is assistive only. Event Captures, Aesthetic Consent records, Pack exports and signed material require explicit human confirmation before persistence or sending. Raw input (audio, photos, free-text, original CoreML inputs) is always retained alongside any AI-structured output, so you can audit and override. Schedule A (clause A9) sets specific safety rules for AI helpers in Figaro Shield Field.

13.3. No solely-automated decisions with legal or significant effects. ML Consulting does not subject you to decisions producing legal or similarly significant effects based solely on automated processing within the meaning of Article 22 GDPR. The Repeat-Offender Risk Engine is advisory only and must not be used as the sole basis for refusing service, demanding pre-payment, forfeiting deposits or any other material decision affecting an individual.

13.4. Estimates only. AI output is a probabilistic suggestion. It is not medical, aesthetic, card-scheme, insurance or other professional advice. AI-drafted Chargeback Defence Pack narratives carry a “Draft — review before submitting” watermark until a Subscribing Customer administrator explicitly finalises.

14

Intellectual Property

Who owns what.

14.1. Our IP. The App, the App Clip surface, the share-link surfaces, the Services, the underlying code, the design system, the workflow logic, deterministic engines (including the Event Capture pipeline, the Chargeback Defence Pack generator, the Repeat-Offender Risk Engine and the Aesthetic Consent workflow), the export templates (including the Chargeback Defence Pack and Insurance-Aligned Incident Pack), the on-device CoreML models, the Figaro Shield and ML Consulting word and figurative marks, the documentation and all related creative materials are the exclusive property of ML Consulting and its licensors, protected by copyright, database, trade-mark and other intellectual-property laws.

14.2. Your IP. As between the parties, you retain all rights in Customer Data and any branding you upload (for example, a salon or clinic logo on a Chargeback Defence Pack). The operational licence in clause 8.2 applies.

14.3. Personal use of outputs. You may use outputs generated for your own operational, management, bank / acquirer-handoff, card-scheme-evidence-handoff, insurer-handoff and recordkeeping purposes within the licensed scope of the App. You may not reproduce, publish, sell, licence, benchmark, train models on or commercially exploit App outputs (including Repeat-Offender Risk Engine data and the CoreML product-lot-recognition output) except as expressly allowed by this Agreement, Schedule A or our written agreement.

14.4. Feedback. If you send us suggestions or feedback, ML Consulting is granted a perpetual, irrevocable, worldwide, royalty-free, sub-licensable licence to use, modify and incorporate them into the Services, without obligation to you. We will not identify you as the source unless you ask us to.

14.5. Third-party trademarks — card schemes and booking platforms. References in the App to card schemes (including Visa, Mastercard, American Express, Discover, JCB, UnionPay), card-scheme dispute frameworks (including Visa Compelling Evidence 3.0 / Visa CE 3.0, Mastercard Compelling Evidence) and booking platforms (including Treatwell, Fresha, Booksy, Phorest, Timely, Boulevard) are descriptive only and identify the format that the App is capable of producing or the integration that the App is capable of supporting. Such references do not imply sponsorship, endorsement, affiliation, partnership, certification, accreditation or approval by any of those bodies or platforms. Client names, patient names, product names, supplier names and similar references appearing in Customer Data may be the trademarks or other protected designations of their respective owners.

15

Updates, Availability and Support

Best-effort availability; we may evolve the App.

15.1. Updates. We may release updates, fixes, security patches, new features or modifications. Some updates may be required for security, compatibility, App Store compliance or continued operation. Where a modification materially and adversely affects the App in respect of a paid Subscription mid-term, we will give reasonable advance notice and (subject to mandatory law) the right to terminate the affected Subscription Term and receive a pro-rata refund of pre-paid Subscription Fees attributable to the unused portion.

15.2. Availability. We aim to support the Services with reasonable care, but we do not promise uninterrupted availability, permanent compatibility with every iOS or iPadOS version or device, or indefinite availability of any specific feature. APNs, ActivityKit and other Apple platform services on which the Services rely may be unavailable in some regions or at some times. Where an Order Form sets a specific service-level commitment, that commitment governs (clause 6.4).

15.3. Support. Support requests may be sent to support+figaroshield@mlconsulting.lt. We may prioritise issues affecting security, access, purchases, data export, data deletion and active chargeback-dispute deadlines.

15.4. Beta features. Features marked “beta”, “preview” or similar are provided “as is”, may be discontinued and may carry additional terms presented at the point of access.

16

Suspension and Termination

How and when access can end.

16.1. Termination by you. You may stop using the App at any time. You may delete your account or local data through in-App controls where available. Deleting the App or your account does not automatically cancel an active Subscription (clause 11.4).

16.2. Suspension and termination by us. We may suspend or terminate access to the App, immediately and without refund (subject to mandatory law), where:

you materially breach this Agreement or Schedule A (including the Acceptable Use rules in section 12 and Schedule A clauses A4, A5, A6, A7, A8 and A10);

we are required to do so by law, court order or competent authority;

we have reasonable grounds to believe an account is being used to harm us, other users or third parties (for example, fraudulent purchases, security attacks, fabrication of Event Captures / Aesthetic Consent records / Pack contents, forging or replaying share links, manipulating Repeat-Offender Risk Engine data, scraping, or any conduct constituting fraud or money-laundering);

non-payment of an undisputed Direct-Channel invoice continues for more than seven (7) days after notice (clause 11.3).

16.3. Notice and cure. Where the alleged breach is capable of being remedied and where it is reasonable in the circumstances, we will give you notice and a reasonable opportunity to remedy before suspending or terminating.

16.4. Effect of termination. On termination, the licence in section 5 ends. Your data is treated in accordance with the data-export / retention provisions in Schedule A. Provisions intended to survive termination (including sections 8, 13, 14, 16, 17, 18, 19, 20, 21, 24 and 25, and Schedule A clauses A4, A5, A6, A7, A8, A9, A10 and A11) survive.

17

Consumer Rights

Mandatory protections preserved where applicable. Figaro Shield Field is offered to Business Users only (clause 3.3).

17.1. Mandatory rights preserved. If any provision of this Agreement is interpreted as excluding a right that cannot lawfully be limited, excluded or modified under applicable consumer-protection law, that provision is read down to the minimum extent necessary to preserve that right.

17.2. Withdrawal and conformity (Directives 2011/83/EU and 2019/770). Statutory rights of withdrawal (where applicable), digital-content conformity, remedies for defective digital content and protection against unfair contract terms apply where mandatory law grants them.

17.3. Apple as merchant of record. Because any App Store Subscriptions would be purchased from Apple as merchant of record, cancellation and refund requests for those tiers should normally be made through Apple. We will cooperate reasonably where a legal issue requires our involvement.

17.4. EU Online Dispute Resolution. Consumers resident in the EU may lodge a complaint via the European Commission’s Online Dispute Resolution platform: ec.europa.eu/consumers/odr. Lithuanian Consumers may also contact the Valstybinė vartotojų teisių apsaugos tarnyba (Vilniaus g. 25, LT-01402 Vilnius, www.vvtat.lt).

18

Disclaimers

What we do not warrant — to the maximum extent permitted by law.

18.1. As-is. Subject to mandatory consumer protection (section 17) and to any express service-level commitment in an Order Form, the Services are provided “as is” and “as available” to the maximum extent permitted by applicable law. We expressly disclaim all implied warranties of merchantability, satisfactory quality, fitness for a particular purpose, accuracy, quiet enjoyment and non-infringement.

18.2. Specifically and without limitation, we do not warrant that:

the Services will be uninterrupted, timely, secure or error-free;

all defects will be corrected;

any output (including Event Captures, Chargeback Defence Packs, Aesthetic Consent records, before / after photos, product lot recognition, Repeat-Offender Risk Engine indicators, Insurance-Aligned Incident Packs, AI-assisted drafts and similar) will be accurate, complete, reliable, admissible, persuasive, sufficient or accepted in any forum (including by any client, patient, bank, acquirer, card scheme, insurer, regulator, court, arbitrator or counterparty);

use of the App will result in any specific chargeback outcome, dispute outcome, insurance outcome, regulatory outcome, clinical outcome, aesthetic outcome or commercial outcome, or that it will prevent any chargeback loss, dispute loss, insurance claim, regulatory finding, complication, complaint or member-defection event;

AVFoundation, PencilKit, CoreML, APNs push, ActivityKit Live Activities, Apple App Store, Sign in with Apple, email, AI text APIs, payment processor or PDF rendering will be available at any specific time or accurate at any specific moment.

18.3. Not professional advice. The App does not provide medical, aesthetic, clinical, surgical, pharmacological, card-scheme, payment-processing, banking, insurance, financial, accounting, tax or legal advice. Schedule A sets out the App-specific disclaimers that apply to Figaro Shield Field.

19

Limitation of Liability

What may, and may not, be recovered. Read together with Schedule A, clause A11.

19.1. Mandatory carve-outs. Nothing in this Agreement excludes or limits liability for:

(a) death or personal injury caused by negligence;

(b) fraud or fraudulent misrepresentation;

(c) gross negligence or wilful misconduct;

(d) breach by ML Consulting of the Master DPA insofar as such breach gives rise to liability that cannot be limited under Article 82 GDPR; or

(e) any other liability that cannot be excluded or limited under mandatory applicable law (including Lithuanian Civil Code, Articles 6.252 and 6.253; Directive (EU) 2019/770; Directive 2011/83/EU as transposed into Lithuanian law).

19.2. Indirect loss excluded. Subject to clause 19.1, neither party is liable to the other for indirect, consequential, special, incidental, punitive or exemplary loss; loss of profits; loss of revenue; loss of goodwill; loss of data caused by your failure to back up; loss of anticipated savings; loss of opportunity; loss of contract; loss of acquirer / card-scheme / insurer / franchisor relationship; loss of bookings, deposits or client / patient relationships; or business interruption — however arising.

19.3. Cap. Subject to clause 19.1 and to the App-specific cap in Schedule A, clause A11.3, our aggregate liability for any and all claims arising out of or relating to this Agreement is limited to the total Subscription Fees paid by you under this Agreement in the twelve-month period preceding the event giving rise to the claim. Schedule A confirms this cap and specifies that no higher fixed-amount cap applies for Figaro Shield Field.

19.4. App-specific carve-outs. Schedule A (clause A11.4) adds App-specific carve-outs reflecting the chargeback, medical / aesthetic, insurance, card-scheme, regulatory and client-relationship exposure profile of Figaro Shield Field.

19.5. Allocation of risk. The allocation of risk in this section reflects the Subscription Fees and is an essential basis for ML Consulting’s willingness to make the Services available.

20

Indemnity for Business Users

Reciprocal indemnities applicable to all use of Figaro Shield Field, which is a B2B App.

20.1. Indemnity by the Business User. The Subscribing Customer shall defend, indemnify and hold harmless ML Consulting and its officers, directors, employees and agents from and against any third-party claim, demand, damage, liability, loss or expense (including reasonable legal fees) arising out of or related to:

the Subscribing Customer’s (or any of its authorised users’) breach of this Agreement, Schedule A or applicable law;

Customer Data, including any claim that Customer Data infringes a third party’s intellectual property, privacy, publicity or other rights, or that the Subscribing Customer failed to provide a required notice or obtain a required consent (including front-desk / practitioner notices under Schedule A, clause A4, and patient / client notices under clause A6);

the Subscribing Customer’s use or external sharing of any output of the App (including any chargeback, dispute, medical, aesthetic, malpractice, defamation, competition-law, unfair-commercial-practices, anti-discrimination, anti-retaliation, anti-trust, card-scheme, insurance or data-protection claim arising from the use, sharing or publication of Chargeback Defence Packs, Aesthetic Consent records, Insurance-Aligned Incident Packs, Repeat-Offender Risk Engine data, before / after photos or any other App output);

the Subscribing Customer’s relationship with its authorised users, clients, patients, practitioners, App Clip walk-ins, branches, franchisees, banks, acquirers, card schemes, insurers, regulators or other counterparties, including any fee dispute, grievance, complication, complaint, regulatory finding or franchise-system dispute.

20.2. Indemnity by ML Consulting (IP). ML Consulting shall defend the Subscribing Customer against any third-party claim alleging that the App, as supplied by ML Consulting and used in accordance with this Agreement, infringes that third party’s intellectual property rights, and shall pay damages and reasonable legal fees finally awarded against the Subscribing Customer. This indemnity does not apply to claims arising from Customer Data, modifications not made by ML Consulting, combinations with materials not provided by ML Consulting where the claim would not have arisen but for the combination, or use of the App after ML Consulting has provided modified or non-infringing functionality and informed the Subscribing Customer.

20.3. Conditions. Each indemnity is conditional on the indemnified party (i) giving prompt written notice of the claim, (ii) granting the indemnifying party sole control of the defence and settlement (provided that no settlement may impose any non-indemnifiable obligation on the indemnified party without its written consent), and (iii) providing reasonable assistance at the indemnifying party’s expense.

21

Governing Law and Disputes

Lithuanian law. EU consumer protections preserved.

21.1. Governing law. This Agreement is governed by the laws of the Republic of Lithuania, excluding its conflict-of-laws rules and excluding the United Nations Convention on Contracts for the International Sale of Goods (CISG).

21.2. Consumer protection carve-out. If any individual ever uses the App as a Consumer notwithstanding clause 3.3, that Consumer also benefits from the mandatory consumer-protection rules of their country of habitual residence (Article 6 of Regulation (EC) 593/2008 — Rome I); nothing in this section deprives that person of that protection.

21.3. Jurisdiction (Business Users). For disputes between us and a Business User, the courts of Vilnius, Republic of Lithuania, have exclusive jurisdiction. The parties may agree in an Order Form to refer disputes to confidential arbitration under the rules of the Republic of Lithuania, seated in Vilnius, in Lithuanian; where so agreed, that arbitration is the exclusive forum subject to the carve-outs for injunctive relief and IP disputes.

21.4. Jurisdiction (Consumers). For disputes with Consumers, jurisdiction is determined under Articles 17–19 of Regulation (EU) 1215/2012 (Brussels I bis); a Consumer may bring proceedings in the courts of their country of habitual residence or in the Lithuanian courts; we may bring proceedings only in the courts of the Consumer’s country of habitual residence.

22

Changes to this Agreement

How updates take effect, and what we tell you.

22.1. Routine updates. We may update this Agreement, Schedule A and the Privacy Policy from time to time, for example to reflect new features, regulatory change or operational change.

22.2. Material changes. Where a change is material and adverse to you, we will give reasonable advance notice (at least thirty (30) days unless a shorter period is required by law) by in-App notice and, where we have your email address, by email. If you do not agree, you may terminate the affected Subscription without penalty before the change takes effect, with a pro-rata refund of pre-paid Subscription Fees attributable to the unused portion.

22.3. Non-material changes (typographical fixes, clarifications, contact details, sub-processor list updates) take effect on posting.

22.4. App-specific updates. Schedule A may be amended independently of these Master Terms. A material adverse change to Schedule A triggers the same notice and termination rights as a change to these Master Terms.

22.5. Versioning. Each version of this Agreement and Schedule A is dated and archived. The version in force at the time of the relevant use governs that use.

23

General

Severability, assignment, force majeure, notices, language.

23.1. Severability. If any provision of this Agreement is held invalid or unenforceable, the remaining provisions continue in full force, and the invalid provision is replaced by a valid provision that most closely reflects the parties’ intent, consistent with mandatory law.

23.2. Assignment. You may not assign or transfer this Agreement or your account without our prior written consent. We may assign this Agreement in connection with a merger, acquisition, reorganisation, sale of assets or by operation of law, provided the assignee assumes the obligations and your statutory rights are preserved.

23.3. Force majeure. Neither party is liable for failure or delay caused by events beyond its reasonable control (war, civil unrest, natural disaster, pandemic, governmental action, internet or major third-party-platform failure including the Apple App Store and Apple platform services such as APNs and ActivityKit), provided notice is given and reasonable mitigation is attempted.

23.4. No waiver. Failure or delay in enforcing any right does not waive that right. A waiver is effective only in writing and signed by us.

23.5. Entire agreement. This Agreement (with Schedule A, the Apple-Required Terms in section 24, the Privacy Policy and any signed Order Form) constitutes the entire agreement between you and ML Consulting in respect of the App and supersedes all prior or contemporaneous communications, save for any pre-contractual statements that cannot be excluded under mandatory law.

23.6. Notices. Notices to ML Consulting must be sent to support+figaroshield@mlconsulting.lt and, where required by law, by registered post to our registered address. Notices to you are sent in-App, by email to the address associated with your account, or by postal mail where reasonably required.

23.7. Language. This Agreement is concluded in English. Translations may be provided for convenience; in case of discrepancy, the English version prevails, save where mandatory consumer law of your country of habitual residence requires otherwise.

23.8. Headings. Headings are for convenience only and do not affect interpretation.

23.9. No agency. Nothing in this Agreement creates any agency, partnership, joint venture or employment relationship between us, and nothing in the App or its outputs creates any agency, employment, service, medical, aesthetic, insurance, banking, card-scheme, acquirer or franchise contract between any users.

24

Apple-Required Terms

Apple’s standard licensee provisions, applicable because the App is a Licensed Application distributed via the Apple App Store.

The following provisions apply because the App is a “Licensed Application” distributed via the Apple App Store. Apple Inc. and its subsidiaries are third-party beneficiaries of this section and may enforce its terms against you.

24.1. Acknowledgement. This Agreement is concluded between you and ML Consulting only, and not with Apple. ML Consulting, not Apple, is solely responsible for the App and the content thereof.

24.2. Scope of Licence. The licence granted in section 5 is limited to a non-transferable licence to use the App on any Apple-branded products that you own or control and as permitted by the Usage Rules in the Apple Media Services Terms and Conditions, except that the App may be accessed and used by other accounts associated with you via Family Sharing or volume purchasing.

24.3. Maintenance and Support. ML Consulting is solely responsible for providing any maintenance and support services with respect to the App, as specified in this Agreement or as required under applicable law. Apple has no obligation whatsoever to furnish any maintenance and support services with respect to the App.

24.4. Warranty. ML Consulting is solely responsible for any product warranties, whether express or implied by law, to the extent not effectively disclaimed. In the event of any failure of the App to conform to any applicable warranty, you may notify Apple, and Apple will refund the purchase price for the App (if any) to you. To the maximum extent permitted by applicable law, Apple will have no other warranty obligation whatsoever with respect to the App, and any other claims, losses, liabilities, damages, costs or expenses attributable to any failure to conform to any warranty will be ML Consulting’s sole responsibility.

24.5. Product Claims. ML Consulting, not Apple, is responsible for addressing any claims of you or any third party relating to the App or your possession and/or use of the App, including: (i) product liability claims; (ii) any claim that the App fails to conform to any applicable legal or regulatory requirement; and (iii) claims arising under consumer protection, privacy or similar legislation, including in connection with the App’s use of HealthKit and HomeKit (where applicable).

24.6. Intellectual Property Rights. In the event of any third-party claim that the App or your possession and use of the App infringes that third party’s intellectual property rights, ML Consulting, not Apple, will be solely responsible for the investigation, defence, settlement and discharge of any such intellectual-property-infringement claim.

24.7. Legal Compliance. You represent and warrant that (i) you are not located in a country that is subject to a U.S. Government embargo, or that has been designated by the U.S. Government as a “terrorist-supporting” country; and (ii) you are not listed on any U.S. Government list of prohibited or restricted parties.

24.8. Developer Name and Address. ML Consulting MB, legal entity code 306991112, email support+figaroshield@mlconsulting.lt, is the licensor and the contact point for any user complaint, query or claim with respect to the App.

24.9. Third-Party Terms of Agreement. You must comply with applicable third-party terms of agreement when using the App.

24.10. Third-Party Beneficiary. You and ML Consulting acknowledge and agree that Apple, and Apple’s subsidiaries, are third-party beneficiaries of these Master Terms (and Schedule A which incorporates them), and that, upon your acceptance of this Agreement, Apple will have the right (and will be deemed to have accepted the right) to enforce this Agreement against you as a third-party beneficiary.

25

Precedence — Schedules and Order Forms

How conflicts between the Master Terms, Schedule A and an Order Form are resolved.

25.1. Order of precedence. In case of conflict between documents forming this Agreement, the order of precedence is:

(i) the Apple-Required Terms in section 24 (in respect of Apple’s role and Apple-required clauses);

(ii) the relevant Order Form (in respect of commercial terms specifically agreed between ML Consulting and the Subscribing Customer for the relevant Subscription Term);

(iii) Schedule A (in respect of Figaro Shield Field-specific provisions); and

(iv) these Master Terms.

25.2. Schedule A applies only to Figaro Shield Field. A reference in Schedule A to a particular regulatory regime, evidentiary standard, data warranty or liability cap applies only in respect of Figaro Shield Field. Cross-App contagion is excluded.

25.3. No silent override. Schedule A modifies these Master Terms only where it expressly says so. Where Schedule A is silent on a matter addressed in these Master Terms, the Master Terms apply unmodified.


PART II

Schedule A — Figaro Shield Field

HOW THIS SCHEDULE IS READ

This Schedule supplements the Master Terms in respect of Figaro Shield Field only. Where this Schedule expressly modifies a provision of the Master Terms, this Schedule prevails for Figaro Shield Field and that App only. Where this Schedule is silent, the Master Terms apply unmodified.

VERSION

1.0

EFFECTIVE

2026-06-01

APP

Figaro Shield Field — revenue-protection, chargeback-defence and aesthetic-compliance operating layer (iOS, iPadOS) + App Clip

SUBSCRIBER PROFILE

Business User (B2B) — salons, aesthetic clinics, medspas, multi-branch beauty groups, franchise chains

BILLING CHANNEL

Direct Channel (Order Form) for all tiers

READ WITH

Master Terms (Part I) v1.0

A1

App-Specific Definitions

Terms additional to section 4 of the Master Terms.

“Salon / Clinic” A salon, aesthetic clinic, medspa, dermatology / cosmetic practice or single branch managed in a Workspace.

“Subscribing Customer” As defined in section 4 of the Master Terms — the legal entity that signed the Order Form (the salon, clinic, medspa, group operator or franchisor). The term “Subscribing Customer” is used throughout this Schedule in place of more generic terms such as “workspace owner”.

“Event Capture” A structured front-desk record of a missed-revenue event — no-show, late cancellation, deposit dispute, chargeback, walk-out or similar — with policy snapshot, retention value, voice memo and audit-log entry.

“Aesthetic Consent” An Apple Pencil-signed record on iPad of a client’s acknowledgement of a pre-procedure consent template for an aesthetic procedure (for example, Botox, hyaluronic-acid fillers, laser, IPL, microneedling). Aesthetic Consent records are operational acknowledgements, not a substitute for informed medical consent under any national medical-consent regime (clause A5).

“Before / After Photographs” Photographic records captured in-App of a client / patient before and after a procedure, with optional anatomical region tags, lighting metadata, patient identifier link and on-device CoreML quality check.

“Product Lot Tracking” A record of a treatment-product container, vial, ampoule or supplier batch, including lot number, expiry date, supplier and optional on-device CoreML lot-number OCR.

“Chargeback Defence Pack” A watermarked PDF generated by Figaro Shield Field that assembles Event Capture, policy snapshot at booking time, deposit transaction record, voice transcript, audit-log entries and a card-scheme-aligned audit footer (for example, structured to support Visa Compelling Evidence 3.0 / Visa CE 3.0 or Mastercard Compelling Evidence dispute responses).

“Insurance-Aligned Incident Pack” A watermarked PDF combining the Aesthetic Consent record, the procedure protocol, Before / After Photographs, Product Lot Tracking and practitioner-identity verification for a defined incident scope.

“Repeat-Offender Risk Engine” A workspace-internal advisory engine that produces risk indicators for individual clients / patients based on their saved Event Capture history. Outputs of the Repeat-Offender Risk Engine are advisory and must not be used as the sole basis for material decisions affecting an individual (see clause A9).

“App Clip Check-In” A short-lived authenticated session that allows a walk-in client to scan a QR code at the counter and acknowledge the late-cancellation policy, deposit terms and (where applicable) consent disclosures before signing on the receptionist iPad.

“Revenue Leakage Score” A workspace-internal score derived from Event Captures and policy enforcement, used to surface branch-level revenue-leakage patterns to managers, owners and franchisor compliance officers.

“Booking Platform Integration” An integration that imports bookings, cancellations or deposit data from a third-party booking platform (for example, Treatwell, Fresha, Booksy, Phorest, Timely, Boulevard). Integrations are descriptive only and do not imply endorsement by, or affiliation with, those platforms.

A2

Description of Figaro Shield Field

Operational evidence — not medical, not card-scheme, not insurance authority.

A2.1. Purpose. Figaro Shield Field is a B2B iOS / iPadOS application that helps salons, aesthetic clinics, medspas, multi-branch beauty groups and franchise chains capture insurer-, bank- and card-scheme-grade operational evidence at two repeated, expensive on-site moments: the front-desk Event Capture of a no-show, late cancellation, deposit dispute or chargeback event; and the iPad Apple Pencil-signed Aesthetic Consent + Protocol + Before / After photograph capture for pre-procedure aesthetic workflows.

A2.2. Core functions. Salon / Clinic, branch, role and Workspace management; 60-second front-desk Event Capture; deterministic policy enforcement (deposit, late-cancellation, no-show); Chargeback Defence Pack generator with card-scheme-aligned audit footer; Apple Pencil-signed Aesthetic Consent records on iPad with biometric Face ID; AVFoundation Before / After Photograph capture with on-device CoreML quality check; Product Lot Tracking with optional on-device CoreML lot-number OCR; Insurance-Aligned Incident Pack; Repeat-Offender Risk Engine (advisory only); App Clip Check-In for walk-ins; Booking Platform Integrations; APNs Time-Sensitive notifications and ActivityKit Live Activities for chargeback-dispute windows; append-only audit log.

A2.3. What Figaro Shield Field is not. Figaro Shield Field is not, and shall not be relied on as, a medical device, clinical decision-support system, telemedicine service, prescribing platform, surgical-planning system, dermatology / aesthetic-medicine certification authority, pharmaceutical traceability or pharmacovigilance system, cosmetovigilance authority, payment processor, acquirer, card scheme, card-scheme rule authority, chargeback adjudicator, money-transmitter, e-money issuer, banking service, insurer / broker / claims-adjudicator, booking / scheduling / calendar platform, CRM, marketing or loyalty tool, marketplace, credit-rating / debt-collection / debt-recovery service, or a substitute for any regulated record-keeping. Outputs (including Chargeback Defence Packs, Aesthetic Consent records and Insurance-Aligned Incident Packs) are operational records only.

A2.4. No outcome guarantee. Figaro Shield Field supports the Subscribing Customer’s operational and evidentiary position but does not guarantee any specific outcome — including chargeback win or loss, dispute outcome, insurance acceptance or denial, regulatory finding, certification award, clinical or aesthetic result, complication avoidance, client retention or commercial outcome. The Subscribing Customer is responsible for the accuracy, lawfulness and use of every record.

A3

Subscribing Customer Responsibilities

What the Subscribing Customer must do before granting access and capturing records.

A3.1. Operational and regulatory responsibility. The Subscribing Customer is responsible for ensuring that use of the App is lawful in its operating jurisdictions and consistent with: medical-device, medicinal-product, biocidal-product, cosmetic-product and cosmetovigilance law (where aesthetic procedures are performed); national medical, dental, dermatological, surgical or cosmetic-procedure consent law (including any requirement for informed consent before procedures such as Botox, fillers, laser, IPL, microneedling); employment and labour law; consumer-protection law (including any national rule on cancellation terms, deposits and unfair commercial practices); card-scheme operating rules of the relevant card schemes and the contract with its acquirer; data-protection and patient-confidentiality law; franchise-system rules; and any other applicable rule.

A3.2. Policy text and deposit terms. The Subscribing Customer is responsible for the substantive accuracy and lawfulness of its published cancellation, no-show and deposit policies, and for ensuring that those policies are presented to the client / patient at booking time in a manner that complies with applicable consumer-protection and unfair-terms law.

A3.3. Consent templates. The Subscribing Customer is responsible for the substantive accuracy and lawfulness of every aesthetic consent template it configures in the App, including risk disclosures, contraindications, aftercare instructions and any required reference to a qualified practitioner. ML Consulting does not draft, prescribe, approve or endorse any consent template.

A3.4. Practitioner identity and qualifications. The Subscribing Customer is responsible for ensuring that every practitioner who uses the App for aesthetic procedures holds the qualifications, registrations, licences and insurance required under applicable national law for the relevant procedure.

A3.5. Authorised users and role configuration. The Subscribing Customer is responsible for inviting authorised users (front-desk staff, practitioners, managers, owners, compliance officers, external viewers) and ensuring that each authorised user sees only information appropriate to their role.

A4

Workers, Practitioners, App Clip Clients and Booking-Platform Integrations

GDPR Article 88, App Clip walk-ins, booking-platform integrations.

A4.1. Worker notices (Article 88 GDPR). Where the Subscribing Customer invites front-desk staff, practitioners, managers or other workers (employed or contractor) as authorised users, the Subscribing Customer shall, before access:

(i) provide a privacy notice meeting Articles 13–14 GDPR and the worker-information rules of the country where the worker normally works (in particular under national rules implementing Article 88 GDPR and applicable employment and sector-specific law);

(ii) where required, consult any works council, employee representative, trade union or sector-specific body and obtain any required co-determination or authorisation;

(iii) establish and document an appropriate lawful basis under Article 6(1) GDPR; and

(iv) use the App’s monitoring features (Apple Pencil signatures, biometric verifications, voice memos, Repeat-Offender Risk Engine, audit-log entries, Revenue Leakage Scores) proportionately and only for the legitimate operational purposes described in the worker privacy notice.

A4.2. App Clip Check-In walk-ins. Where the Subscribing Customer invites a walk-in client to acknowledge cancellation / deposit / consent terms via the App Clip Check-In, the Subscribing Customer is responsible for providing, on or before the first App Clip session, the privacy notice required by Articles 13–14 GDPR and any consumer-information notice required by applicable consumer-protection law. The App Clip Check-In does not create any agency, contractual or service relationship between ML Consulting and the walk-in client.

A4.3. Booking-Platform Integrations. Where the Subscribing Customer enables a Booking-Platform Integration (Treatwell, Fresha, Booksy, Phorest, Timely, Boulevard or similar), the Subscribing Customer is responsible for the underlying contract with the booking platform and for ensuring that data exchanged via the integration is lawful and authorised by the booking platform’s terms. The Booking-Platform Integration does not create any sponsorship, partnership, certification or affiliation between ML Consulting and the named booking platform; references in the App to those platforms are descriptive only (Master Terms, clause 14.5).

A4.4. No covert surveillance. The Subscribing Customer must not configure, describe or use Figaro Shield Field as a covert worker, client or patient monitoring tool. Any use involving workers or clients must be transparent and supported by an appropriate lawful basis.

A5

Aesthetic Consent and Apple Pencil Signatures — Not a Substitute for Informed Medical Consent

Operational acknowledgement — not an e-signature, not informed medical consent, not a contract.

READ FIRST

Aesthetic procedures (including Botox, hyaluronic-acid fillers, laser, IPL, microneedling and similar) are regulated medical procedures in many jurisdictions. Figaro Shield Field is not a substitute for informed medical consent compliance, clinical judgement or qualified-practitioner regulation. The Subscribing Customer and the practitioner remain solely responsible for satisfying every substantive consent and regulatory requirement applicable to each procedure under the law of the country where it is performed.

A5.1. Operational acknowledgement. Apple Pencil-signed Aesthetic Consent records captured in the App are operational acknowledgements that a defined consent template was presented to the client / patient and that the client / patient signed in the App at a specific time. They evidence what was presented and acknowledged; they do not, by themselves, satisfy any informed-consent regime.

A5.2. No qualified e-signature. Aesthetic Consent signatures, deposit-acknowledgement signatures and similar Apple Pencil captures are not Qualified Electronic Signatures, Advanced Electronic Signatures or any other formally defined electronic signature under Regulation (EU) 910/2014 (eIDAS) or any equivalent regime. The App is not an electronic-contract execution platform, an e-signature trust service or a notary.

A5.3. No informed-medical-consent substitute. An Aesthetic Consent record in the App does not, and shall not be relied on as, a complete or sufficient informed medical consent under any national medical, dental, dermatological, surgical or cosmetic-procedure consent regime. The practitioner remains solely responsible for delivering a face-to-face informed consent process consistent with applicable national law, including discussion of the procedure, risks, alternatives, expected outcomes, aftercare and the client’s opportunity to ask questions and to refuse or withdraw consent.

A5.4. Signature integrity. Fabricating, replaying, copying, transferring or otherwise forging an Aesthetic Consent signature (or the associated biometric verification, before / after photographs, product lot record or audit-log entry) is a material breach of this Agreement and may result in immediate suspension or termination under section 16 of the Master Terms.

A6

Patient and Client Personal Data; Special-Category Data; Minors

Health data, image rights, minors and cosmetovigilance.

A6.1. Article 9 GDPR special-category data. Personal data relating to aesthetic procedures — including health data, biometric data and any data revealing health status or condition — is special-category data within the meaning of Article 9 GDPR. The Subscribing Customer is the controller for that data and shall:

establish and document a valid Article 9(2) GDPR lawful basis (typically explicit consent under Article 9(2)(a), or processing for the provision of health or social care or treatment by or under the responsibility of a qualified professional under Article 9(2)(h));

comply with any national medical-confidentiality, patient-rights and sector-specific rule (including any cosmetovigilance reporting obligation under Regulation (EC) 1223/2009 and national medical-device incident-reporting obligations under Regulation (EU) 2017/745);

ensure that before / after photographs are captured and retained on the basis of explicit consent (or another valid Article 9(2) GDPR basis) and that image-rights restrictions are respected;

use the App’s in-built retention, archive and erasure controls to honour data-subject rights, subject to legal retention obligations.

A6.2. Minors. Where a minor is a client or patient referenced in the App, the Subscribing Customer shall:

obtain and document parental / guardian consent under Article 8 GDPR or the applicable national age-of-digital-consent rule;

comply with any national or sector-specific rule restricting cosmetic or aesthetic procedures on minors (including any national prohibition or age limit on Botox, fillers, laser or other procedures);

adapt the privacy notice and consent template to the language and rights regime applicable to minors;

configure the App so that the minor’s data is processed proportionately and only for the legitimate operational purposes described in that notice.

A6.3. No medical-record substitute. Figaro Shield Field is not a Patient Administration System, Electronic Health Record, electronic medical record, clinical-trial management system, ePRO platform or other clinical system. The Subscribing Customer must not use the App as the sole or primary medical record for any client / patient.

A6.4. No diagnostic, prescribing or treatment role. The App does not diagnose, prescribe or treat any condition. The practitioner remains solely responsible for clinical judgement, diagnosis, prescription, dosing, technique and treatment outcome.

A7

Chargeback Defence Packs and No Card-Scheme Endorsement

Operational evidence — not card-scheme certification, not adjudication, no win warranty.

A7.1. Operational PDFs. Chargeback Defence Packs are operational PDFs generated from saved Event Captures, policy snapshots, deposit transaction records, voice transcripts and audit-log entries. They are watermarked and carry an audit-trail block. Where the Subscribing Customer selects a card-scheme-aligned template (for example, structured to support Visa Compelling Evidence 3.0 or Mastercard Compelling Evidence), the template is a layout format only.

A7.2. No card-scheme endorsement. The named card schemes (including Visa, Mastercard, American Express, Discover, JCB, UnionPay) and their dispute frameworks (including Visa Compelling Evidence 3.0 / Visa CE 3.0 and Mastercard Compelling Evidence): (a) have not endorsed, certified, approved, audited or warranted the App, any template or any Pack; (b) are not affiliated with ML Consulting and are not parties to this Agreement; (c) are not contractually committed to accept any Pack produced using the template; and (d) retain all rights in their trademarks; their appearance in the App is a descriptive reference only and does not imply sponsorship, endorsement or affiliation.

A7.3. No payment-services role. ML Consulting is not a payment service provider, payment institution, e-money institution, acquirer, payment facilitator or money transmitter, and Figaro Shield Field is not a payment service. The App does not process payments, hold customer funds, settle disputes between cardholders and merchants or interact with card-scheme dispute systems on behalf of the Subscribing Customer.

A7.4. No outcome warranty. ML Consulting does not warrant that any Chargeback Defence Pack will be accepted by, or persuasive to, any bank, acquirer, card scheme, payment facilitator, court or arbitrator, or that any chargeback will be won, reversed, recovered or avoided.

A7.5. Watermarking and audit trail. Removal, modification or obscuring of the watermark or audit-trail block on any Pack is a material breach of this Agreement and may result in immediate suspension or termination under section 16 of the Master Terms.

A8

Insurance-Aligned Incident Packs and No Insurance Role

Operational evidence — not insurance, not endorsement.

A8.1. No insurance role. ML Consulting is not an insurer, reinsurer, broker, agent, MGA, claims adjuster, loss adjuster, surveyor or other insurance professional, and Figaro Shield Field is not an insurance product or service. The App does not underwrite, broker, place, bind, administer or adjudicate any policy or claim.

A8.2. Subscribing Customer’s claim is the Subscribing Customer’s claim. Where the Subscribing Customer uses an Insurance-Aligned Incident Pack in connection with a claim, dispute, denial, recovery or recourse against an insurer, broker, complainant, patient, regulator or counterparty, the Subscribing Customer does so on its own account and risk.

A8.3. No outcome warranty. ML Consulting does not warrant that any Insurance-Aligned Incident Pack will be accepted, found sufficient, found admissible or be persuasive in any claim, complaint, regulatory inquiry, court or arbitration.

A9

AI-Assisted Features, Repeat-Offender Risk Engine and On-Device CoreML

Optional, opt-in, on-device + backend, never autonomous, raw input always retained.

A9.1. On-device CoreML. The App may include on-device CoreML helpers (product-lot-number OCR, before / after photograph quality check, voice-to-text first pass). These run locally on your device and are not transmitted to any third-party AI provider. They are advisory; below a 70% confidence threshold the App surfaces a “needs review” badge and does not auto-publish a classification.

A9.2. Backend AI narrative drafts. The App may include opt-in backend AI helpers for narrative drafts (for example, Chargeback Defence Pack narrative, Insurance-Aligned Incident Pack narrative). These are activated only when an admin of the Subscribing Customer explicitly enables them in Settings.

A9.3. Repeat-Offender Risk Engine — advisory only. The Repeat-Offender Risk Engine produces workspace-internal advisory indicators based on saved Event Capture history. The Subscribing Customer shall:

keep Repeat-Offender Risk indicators confidential within the Subscribing Customer;

not use a Repeat-Offender Risk indicator as the sole basis for any material decision affecting an individual (refusal of service, mandatory pre-payment, deposit forfeiture, no-future-booking decision) without meaningful human review and an independent assessment;

not use a Repeat-Offender Risk indicator in a defamatory, retaliatory, discriminatory or otherwise unlawful manner;

not share Repeat-Offender Risk indicators between unaffiliated Subscribing Customers or with third-party scoring, credit-rating or blacklisting services;

not publish a Repeat-Offender Risk indicator or any derived ranking in a way that creates a substitute for an industry blacklist or a public scoring service.

A9.4. AI safety rules. Where AI helpers are enabled:

AI never auto-publishes an Event Capture, Aesthetic Consent record, Pack export or Repeat-Offender Risk indicator;

AI-drafted Pack narratives carry a “Draft — review before submitting” watermark until an authorised user explicitly finalises;

AI never changes deposit-state, policy-state, biometric verification, billing or audit-log state;

AI never replaces clinical judgement, medical consent, card-scheme arbitration or insurance underwriting;

we do not allow the AI sub-processor to use your inputs or outputs to train any third-party model;

AI usage is metered per tier; above-cap usage is paused and manual flows remain primary.

A9.5. Opt-out. The Subscribing Customer may disable AI features globally in Settings at any time. Manual workflows remain fully usable.

A10

Specific Prohibited Uses

In addition to section 12 of the Master Terms.

The Subscribing Customer and its authorised users must not:

use the App for covert monitoring of workers, practitioners, clients, patients or other persons, or describe the App to any person as anything other than a revenue-protection and operational-evidence tool;

enter false Event Capture, Aesthetic Consent, policy-snapshot, deposit, Product Lot Tracking, voice memo, photograph, GPS or audit-log data into the App;

fabricate, alter or backdate Event Captures, Apple Pencil signatures, biometric verifications, before / after photographs, product lot numbers, voice transcripts, Pack contents or audit-log entries;

forge, replay, share with unauthorised parties or otherwise abuse a share link, biometric verification, App Clip session or signed Pack;

use the App to present an Apple Pencil signature as a Qualified or Advanced Electronic Signature under Regulation (EU) 910/2014 (eIDAS), or as a notarised contract, or as a complete informed medical consent under any national medical-consent regime;

use the App to present a Pack as a card-scheme certification, card-scheme arbitration decision, insurance certificate, regulatory submission, court exhibit, court order, settlement or contract;

represent or imply that ML Consulting, the App or any Pack is endorsed, certified, approved, audited or warranted by Visa, Mastercard, American Express, Discover, JCB, UnionPay, any other card scheme, any acquirer, any booking platform (including Treatwell, Fresha, Booksy, Phorest, Timely, Boulevard), any insurer, any medical regulator, any cosmetovigilance authority or any other named third party;

use the App as a substitute for any required pharmacovigilance / cosmetovigilance reporting, medical-device incident reporting, national medical-record system, financial-services authorisation or other regulated obligation;

use Repeat-Offender Risk Engine data, Revenue Leakage Score data or any other App output to coordinate boycotts, exclusion campaigns or industry blacklists, or to share scoring with unaffiliated third parties;

use the App as a public marketplace, public client-rating service, public scoring platform, debt-collection service or credit-decision service;

remove, modify, obscure or attempt to forge the watermark or audit-trail block on any Pack;

reverse-engineer the on-device CoreML product-lot, photo-quality or other classifiers, extract their weights, redistribute them, or train derivative models on App outputs.

A11

Plans, Billing and Liability

Direct Channel for all tiers; liability cap is the 12-month Subscription Fees, no fixed-amount floor.

A11.1. Plans. Figaro Shield Field is sold under the following indicative Plan structure (EUR/year, ex-VAT, billed annually unless otherwise stated):

Salon Pro (public anchor): €2,400 — Direct Channel; independent salon with reception desk and 4–8 chairs / providers.

Aesthetic Clinic / Medspa (strategic tier): €4,800 — Direct Channel; aesthetic clinic, medspa, dermatology / cosmetic practice with €150+ average ticket.

Multi-Branch: €9,600 — Direct Channel; salon groups, regional medspa chains, multi-location operators (3–15 branches).

Franchise / Chain: ≥ €18,000 — Direct Channel; franchisors and chain operators (15–100+ units).

Add-ons (Insurance-Aligned Incident Pack, AI photo / lot classifier, Multi-Year Client History, Branded Portal) and Onboarding / Migration: per Order Form.

Actual Plan composition, limits and any service-level commitment are set out in the Order Form.

A11.2. Billing channel rule. All Figaro Shield Field tiers are billed via the Direct Channel. Payment never flows through Apple’s App Store In-App Purchase system, in accordance with Apple’s App Store Review Guidelines for B2B and reader-app categories.

LIABILITY CAP — 12 MONTHS’ SUBSCRIPTION FEES ONLY

Notwithstanding any reference in the Master Terms to a higher floor or fixed-amount alternative, ML Consulting’s aggregate liability for any and all claims arising out of or relating to this Agreement during any twelve-month period in respect of Figaro Shield Field is limited to the total Subscription Fees actually paid by the Subscribing Customer — the salon, aesthetic clinic, medspa, multi-branch beauty group or franchise chain that signed the Order Form — to ML Consulting under this Agreement in the twelve-month period preceding the event giving rise to the claim. No fixed-amount floor (such as a EUR-denominated minimum cap) applies for Figaro Shield Field; the cap follows the twelve-month Subscription Fees exactly.

A11.4. Operational and outcome limitation. Without prejudice to clause 19.1 of the Master Terms, ML Consulting is not liable for: (i) any chargeback outcome, dispute outcome, card-scheme arbitration result, acquirer decision, payment-processor decision or bank decision; (ii) any clinical, aesthetic, dermatological or surgical outcome, including any complication, injury, infection, scarring, dissatisfaction or other treatment outcome; (iii) any insurance, malpractice, medical-device or cosmetovigilance claim, denial, recovery, recourse, premium increase or coverage decision; (iv) any regulatory finding, professional-conduct finding, fine or suspension by any health, dental, dermatology, cosmetic, consumer-protection, competition, data-protection or sector-specific regulator; (v) any client / patient relationship outcome, complaint outcome, refund decision, booking-platform sanction, deposit or fee dispute; (vi) the actual conduct of any third-party client, patient, practitioner, worker, bank, acquirer, card scheme, insurer, booking platform, regulator or counterparty; or (vii) any decision the Subscribing Customer takes in reliance on App output, AI draft, Repeat-Offender Risk indicator, Live Activity, notification or Pack.

A11.5. Pre-paid Subscription Fees. Where a Subscription Term is terminated for cause attributable to ML Consulting under clause 22.2 of the Master Terms, ML Consulting will refund pre-paid Subscription Fees attributable to the unused portion of the affected Term on a pro-rata basis.

© 2026. All rights reserved.