Terms of Service

1. Scope of application

1.1 BusinessOS GmbH, Saarbrücker Str. 20, 10405 Berlin, Deutschland (hereinafter referred to as the "Provider") provides software via the internet at https://cona.app that offers various functions in the areas of accounting, interface, conversion, export and automation (hereinafter "CONA").

1.2 CONA is exclusively available to businesses and not provided to individuals (hereinafter "Customer"). Businesses in the preceding sentence means a natural or legal person, or a partnership with legal personality, that acts in exercise of trade, business or profession while entering the Contract.

1.3 This user agreement governs the contractually limited use of CONA as a Software-as-a-Service (SaaS) product by the Customer and applies – unless otherwise agreed in individual cases – to all contracts concluded within the scope of the business relationship between the Provider and the Customer in connection with CONA (hereinafter "Agreement").

1.4 This Agreement exclusively governs the contractual relationship between the Provider and the Customer. Any deviating, conflicting or supplementary general terms and conditions of the Customer shall only become part of the Agreement if the Provider has expressly agreed to their validity in writing.

2. Subject matter of the Agreement, conclusion of the Agreement

2.1 The subject matter of this Agreement is the temporary, i.e. term- or subscription-based, provision of CONA via the Internet, as further described in Appendix 1 (Service Description), in accordance with the terms of this Agreement and against recurring payments of the agreed fees by the Customer ("hereinafter "Subscription"). This also includes all data generated in CONA during use (hereinafter "Data"). For this purpose, the Provider operates CONA on one or more servers (hereinafter "Server").

2.2 Provider may provide the Customer a limited license free-of-charge version of CONA (including a trial license and beta version).

2.2.1 Trial License: Provider may offer Customer the opportunity to use CONA for a defined trial period (hereinafter "Trial License").

2.2.2 Beta Version: Provider may, at its sole discretion, provide Customer with beta versions of selected CONA products or newly developed features that are in the testing phase, which Customer may use at its own risk. Beta Version is provided under the Free License and may be subject to additional terms and conditions. Beta Version may contain features under development, may not operate correctly and may undergo further changes.

2.3 The provision of access to CONA constitutes an offer by the Provider. The Customer accepts the offer by submitting and storing valid payment information within the CONA platform and confirming the subscription using the payment processing services of Stripe or another payment service provider. The user entering the payment information confirms that they are authorized to accept the Providers offer on behalf of the Customer.

2.4 Users who use CONA without being direct contractual partners (e.g. as employees of a company or tax consultant / accounting department) agree to this Agreement upon their first registration at CONA.

2.5 Legally relevant declarations and notifications by the contracting parties in relation to this Agreement (e.g. setting of deadlines or notifications) must be made in writing. Written form within the meaning of this Agreement includes written and text form (e.g. letter or e-mail). Statutory formal requirements and further evidence, in particular in the event of doubts about the legitimacy of the declaring party, shall remain unaffected.

3. Provision

3.1 The Provider is liable in accordance with the restrictions in Sec. 11 for ensuring that CONA is

3.1.1 suitable for the purposes set out in the service description in Appendix 1,

3.1.2 free from material defects for the entire term of this Agreement,

3.1.3 in particular free of viruses and similar malware that would render CONA unsuitable for use in accordance with this Agreement.

3.2 The Provider shall grant the Customer access to CONA by entering the Customer's e-mail address and a secure password, followed (in the event of a successful password entry) by identity verification using a two-factor authentication method (2FA). The password must be kept secret. In particular, disclosure to third parties is strictly prohibited. Each User must register with CONA and use their own access credentials. The Customer is responsible for ensuring that login information is kept confidential and is not disclosed or shared with any unauthorized person. The sharing of login credentials or access data with third parties is strictly prohibited.

3.3 The Provider shall notify the Customer in writing of any changes, updates or functional enhancements to CONA.

3.4 If the Customer does not object to the change in writing within a period of two weeks from receipt of the change, the change shall become part of this Agreement. Whenever changes are announced, the Provider shall draw the Customer's attention to the aforementioned deadline and the legal consequences of its expiry if the option to object is not exercised.

3.5 The Provider may make changes to CONA or updates at any time without notifying the Customer, as long as this does not result in a significant reduction in the scope of services or if these changes are advantageous for the Customer.

3.6 CONA and the Data are backed up daily on the Server. The Customer is responsible for compliance with retention periods under commercial and tax law.

3.7 The transfer point for CONA and the Data is the router output of the Provider's data center.

3.8 The access to CONA takes place by means of a suitable Internet browser. All current browsers are supported (see also Appendix 1).

4. Rights of use of the Customer

4.1 The right to use CONA is granted to the Customer herein as non-exclusive, worldwide, non-transferrable and not sub-licensable, and limited to the right to run and use CONA on Customer's own devices, or on any devices in the immediate possession of Customer, for the purpose of operating its own business activities and within the limits of the scope of use specified in this Agreement. The rights of use granted under this Agreement for subscription shall be limited in time to the specified term of subscription and end with the expiry or termination thereof.

4.2 The Customer may only provide use of CONA to authorized users as employees, agents, representatives or temporary workers authorized by Customer to CONA (hereinafter "Authorized User"). The Customer is responsible for the acts and omissions of its Authorized Users, as well as any other person that accesses and uses CONA by using the access credentials provided by Customer, as its own acts and omissions. All obligations of the Customer under this Agreement shall apply fully to any such Authorized Users or other persons as if they were Customers hereunder. The scope of support shall be as set out in Appendix 1 to this Agreement.

4.3 The Customer shall use CONA strictly within the granted scope and ensure compliant usage throughout their organization and network, including monitoring and preventing any unlicensed or improperly licensed use. In case of non-compliance, additional fees will be charged at the then current list price. The Customer shall take the necessary precautions to prevent the use of CONA by unauthorized persons.

4.4 The Customer is liable for ensuring that CONA is not used for unlawful purposes or purposes that violate official regulations or requirements, or that corresponding data is not created and/or stored on the server or locally.

4.5 The rights of use granted shall not include any rights to the source code of CONA.

4.6 As between the parties, the Provider retains all right, title and interest in and to CONA (including any customization and newer versions) and in all copies, modifications and derivative works of CONA.

4.7 The Customer may not modify CONA. In particular, he shall not be entitled to examine its functionality by means of so-called "reverse engineering", to decompile it, to break it down into its components and/or to use it as a basis for the creation of his own software programs. The Customer may not carry out any attacks or load tests with CONA that could reasonably be expected to impair the performance of CONA.

4.8 If the Provider makes new versions, updates, upgrades or other changes to CONA during the term, the above rights shall also apply to these.

4.9 The Customer is not entitled to any rights of use other than those listed here.

5. Obligations of the Customer

5.1 The Customer is responsible for ensuring that CONA is only used in accordance with the provisions of Sec. 4. and shall take suitable and necessary measures to this end.

5.2 In particular, the Customer shall ensure that only Authorized Users have access to their account. To this end, the Customer shall check which employee or tax consultant accounts have been set up in its environment. The Customer shall ensure that the Authorized Users are obliged to comply with the provisions of this Agreement and shall inform the Provider immediately if he suspects that one or more accounts may be used or viewed by unauthorized persons.

5.3 The Customer undertakes not to store on the storage space provided any unlawful content that violates the law, official requirements or the rights of third parties.

5.4 The Customer shall ensure that it creates its own backups of its DATA at appropriate intervals. The obligation of the Provider to make daily backups remains unaffected by this.

5.5 Without prejudice to the Provider's obligation to back up data, the Customer itself is responsible for entering and maintaining its data and information required to use the SaaS services.

5.6 The Customer is obliged to check his data and information for viruses or other harmful components before entering them and to use industry standard virus protection programs for this purpose.

5.7 The contents stored by the Customer on the storage space intended for him may be protected by copyright and data protection laws. The Customer hereby grants the Provider the right to make the content stored on the server accessible to the Customer during the Customer's queries via the Internet and, in particular, to reproduce and transmit it for this purpose and to be able to reproduce it for the purpose of data backup.

6. Violation of the provisions of Sec. 4. or Sec. 5. by the Customer

6.1 If the Customer breaches any provision of Sec. 4. or Sec. 5., the Provider may, after prior written notice to the Customer, suspend the Customer's access to CONA or the Data, provided that the breach can demonstrably be remedied.

6.2 If an Authorized User breaches their obligations under Sec. 4. or Sec. 5. while using contractually granted access, the Provider may, after prior written notice, immediately delete the affected Data if the breach can demonstrably be remedied.

6.3 If the Customer, despite a prior written warning from the Provider, continues or repeatedly breaches Sec. 4. or Sec. 5., and the Customer is responsible for such breaches, the Provider may terminate the Agreement extraordinarily without observing any notice period.

6.4 If the Customer is responsible for the breach of duty, the Provider may claim damages.

7. Liability for third-party rights

The Provider shall not be liable for any infringement of third-party rights by the Customer if and to the extent that this infringement results from exceeding the rights of use granted under this Agreement. In this case, the Customer is obliged to indemnify the Provider at the Provider's request against any claims by third parties arising from this.

8. Fee, payment methods, invoice

8.1 The Customer undertakes to pay the Provider the agreed monthly fee for the provision of the CONA. The fee as set out in the price list (Appendix 2) is based on the modules booked by the Customer. All prices quoted are exclusive of VAT at the statutory rate applicable at the time the service is provided.

8.2 The prices stated may be changed by the Provider by written announcement with a notice period of three (3) months before the new prices come into force if and to the extent that the costs relevant for the price calculation increase due to unforeseeable circumstances that are not caused by the Provider and cannot be influenced. This applies in particular if the necessary costs for the maintenance and further development of the technical infrastructure of the SaaS services, the costs for the licensing of third-party services or the (wage) ancillary costs have increased overall and only to the extent the total price – taking into account any cost savings that have occurred – has increased as a result.

8.3 The Customer has the right terminate the service affected by the price increase within one month of notification of the price increase when it comes into effect.

8.4 The fee for use is billed monthly in arrears for the preceding month. The Customer authorizes the Provider to automatically charge the applicable fees to the payment method provided via Stripe on each billing date.

8.5 Invoices are issued exclusively in electronic form as PDF files. By accepting these terms of use, the Customer expressly agrees to this method of invoicing.

8.6 An electronic invoice will be made available to the Customer via Stripe. All invoices issued can also be viewed in CONA.

8.7 Unless otherwise agreed with the Customer, the invoice is to be paid by SEPA direct debit or credit card. The Customer can enter the payment method himself in CONA.

9. Data security & data protection

9.1 The Customer shall comply with the applicable data protection regulations when using CONA. In this respect, the Provider is not the controller as defined in Art. 4 No. 7 GDPR (General Data Protection Regulation, (EU) 2016/676).

9.2 If the Customer collects, processes or uses personal data under his own responsibility, he shall be responsible for ensuring that he is authorized to do so in accordance with the applicable provisions, in particular those of data protection law, and shall indemnify the Provider against third-party claims in the event of a breach.

9.3 The Provider shall only collect and use Customer-related data to the extent required for the performance of this Agreement. The Customer agrees to the collection and use of such data to this extent.

9.4 A data processing agreement (DPA) is concluded between the parties in accordance with Art. 28 GDPR and attached as Appendix 3. This is an integral part of this Agreement and is concluded for the term of this Agreement.

10. Secrecy

10.1 Information to be treated confidentially is information expressly marked as confidential by one of the contracting parties and information whose confidentiality is clearly evident from the circumstances of the transfer. The DATA processed and stored by the Provider is to be regarded as confidential.

10.2 There is no information to be treated confidentially if the contractual partner receiving the information proves that

10.2.1 it were known or generally accessible to him before the date of receipt;

10.2.2 were known or generally accessible to the public before the date of receipt;

10.2.3 became known or generally accessible to the public after the date of receipt, without the contractual partner receiving the information being responsible for this.

10.3 The contracting parties shall maintain secrecy about all confidential information that has come to their knowledge in the context of this contractual relationship and shall only use such information vis-à-vis third parties with the prior written consent of the other contracting party. Public declarations by the contracting parties on cooperation shall only be made by prior mutual agreement.

10.4 The obligations arising from this Section shall continue to exist beyond the end of the Agreement for an indefinite period of time, as long as an exception Sec. 10.2 is not proven.

11. Liability

11.1 The parties to this Agreement shall be liable to each other without limitation for all damage caused by them and their legal representatives or vicarious agents in the event of intent or gross negligence.

11.2 In the event of slight negligence, the parties to this Agreement shall be liable without limitation in the event of injury to life, limb or health.

11.3 Otherwise, a party to this Agreement shall only be liable if it has breached a material contractual obligation. Essential contractual obligations are those obligations that are of particular importance for the achievement of the contractual objective, as well as all those obligations which, in the event of a culpable breach, could lead to the achievement of the contractual purpose being jeopardized. In these cases, liability is limited to compensation for foreseeable, typically occurring damage. This amounts to a maximum of six times the monthly usage fee agreed with the Customer.

11.4 The Provider shall not be liable for the loss of data insofar as the damage is due to the fact that the Customer failed to perform data backups and thereby ensure that lost data can be restored with reasonable effort.

11.5 The Provider's strict liability for damages (Sec. 536a of the German Civil Code (Bürgerliches Gesetzbuch – BGB)) for defects existing at the time of conclusion of the contract is excluded; Sec. 11.1 and Sec. 11.2 remain unaffected.

11.6 Liability under the German Product Liability Act (Produkthaftungsgesetz – ProdHaftG) remains unaffected.

11.7 The above limitations of liability also apply with regard to the personal liability of the Provider's employees, vicarious agents and legal representatives.

12. Term & Termination

12.1 The contractual relationship begins with the conclusion of the Agreement and is concluded for an indefinite period.

12.2 The Agreement can be terminated by the Customer with a notice period of one (1) working day, by the Provider with a notice period of four (4) weeks to the end of a month. The termination must be in text form. In addition, the Customer may terminate or suspend the subscription at any time by stopping or cancelling the payment authorization through Stripe. Termination via Stripe will take effect immediately, and the Customer will not be charged for any subsequent billing periods. Fees already charged for periods prior to termination remain due and non-refundable.

12.3 Extraordinary termination remains unaffected by this. In particular, the Provider is entitled to terminate the Agreement without notice if the customer fails to make due payments despite reminders and the setting of a grace period.

12.4 Irrespective of the previous provisions, the Provider may terminate the Agreement without notice if the Customer is in arrears with payment of the price for two consecutive months.

13. Obligations upon termination of the Agreement

13.1 Upon termination of the contractual relationship, the Customer is obliged to download the DATA stored by him to his area of responsibility using the export function, to store it securely and to check whether the export is valid and complete.

13.2 The Customer's DATA will be deleted by the Provider after a period of eight (8) weeks in the event of termination, regardless of the party involved.

14. Force majeure

Events of force majeure which make it significantly more difficult or temporarily impossible for one of the contracting parties to fulfil its contractual obligations and which are beyond the control of the respective contracting party shall entitle the latter to postpone the fulfilment of its contractual obligations affected by force majeure for the duration of the hindrance and for a reasonable start-up period, as notified to the other contracting party immediately after the occurrence of the event, giving details of the nature and consequences of the event. Strike, lockout and other industrial action directly or indirectly affecting the respective contracting party shall be deemed equivalent to force majeure.

15. Reservation of right of amendment

15.1 The Provider reserves the right to change the services offered in CONA or to offer different services, unless this is unreasonable for the Customer.

15.2 In addition, the Provider reserves right to change the services offered in CONA or to offer different services if it is obliged to do so due to a change in the law, a court ruling against it, an official decision or to rectify security loopholes. The Provider also reserves the right to make changes if the change is only beneficial to the Customer or if the change has no significant impact on the Customer.

15.3 This Agreement may be amended by the Provider at any time without stating reasons, unless this is unreasonable for the Customer. The Provider shall inform the Customer of any changes to the contract in good time.

15.4 If the Customer does not object within six (6) weeks of notification, the amended Agreement shall be deemed to have been accepted by the Customer. The Provider shall inform the Customer in the notification of his right of objection and the significance of the objection period.

15.5 The Agreement may also be amended by the Provider if the amendment is only beneficial to the Customer or has no significant impact on the Customer, or if the Provider is obliged to do so due to a change in the law, a judgment against it or an official decision.

15.6 The Agreement may also be amended by the Provider if significant new functions or services are offered that require a description, provided that this does not have a detrimental effect on the Customer.

15.7 The Provider shall inform the Customer of any changes to the Agreement in writing.

16. Miscellaneous

16.1 The contractual relationship shall be governed by German law to the exclusion of the UN Convention on Contracts for the International Sale of Goods.

16.2 The appendixes referred to in this Agreement shall become an integral part of this Agreement.

16.3 No oral ancillary agreements have been made. Any amendments, supplements and additions to this Agreement shall only be valid if they are agreed in writing between the parties.

16.4 The Customer is only authorized to offset or exercise rights of pledge or retention if the claims asserted by him have been recognized by the Provider or have been legally established by a court of law.

16.5 The authorized dealer may not transfer the rights and obligations arising from this Agreement to third parties without the prior written consent of the Provider.

16.6 Should any provision of this Agreement be or become invalid, this shall not affect the validity of the remainder of the Agreement. The invalid provision shall be deemed to be replaced by a valid provision that comes as close as possible to the economic purpose of the invalid provision. The same shall apply in the event of a gap in the Agreement.

16.7 The place of jurisdiction for all disputes arising from this Agreement shall be the registered office of the Provider, insofar as this is permissible.

Currently valid version dated

Appendix 1

Service description

The Provider provides CONA as a tool that supports the Customer's accounting processes by generating proposals for accounting entries (including the import of data from third-party systems, preparation of data for accounting and the creation of invoice documents). All proposals generated by CONA are non-binding and must be reviewed, verified and approved by the Customer before use.

The imported data is processed by the Provider and prepared as proposals for target systems (e.g. DATEV).

This preparation includes the import of data from third-party systems, the generation of posting proposals for accounting, proposed pre-assignment of VAT matters, display of delivery thresholds and the creation of invoice documents. All outputs are proposals that require verification by the Customer.

The service does not include checking the content of data from upstream systems entered by the Customer. The same applies to incorrect data created by third-party providers. The Customer remains solely responsible for the correctness of all accounting entries.

Requirements for using CONA

• Internet-enabled device with a screen with a resolution of at least 1024×768 pixels;
• Internet connection;
• Current, modern Javascript-enabled Internet browser, e.g. Google Chrome, Microsoft's Internet Explorer / Edge browser, Mozilla Firefox or Apple Safari;
• Support for mobile devices is provided, but is not guaranteed to have the full functionality, performance and appearance of use on a desktop PC;
• The functionality, performance & appearance of CONA may vary depending on the setup used.

Availability of CONA (Service Level Agreement)

1. The contractual CONA provided is designed as a highly available system with an availability of 24 hours a day, seven days a week and 365 days a year ("operating time"). Availability is the Customer's ability to use the entire functionality of the relevant contract CONA and the associated data at the time of service delivery at the point of transfer.

2. The Provider guarantees 95,00 % availability of CONA at the agreed transfer points during the operating period.

3. The percentage of availability is calculated according to the following formula:

availability = (operating time in minutes − downtime in minutes) / operating time in minutes × 100 %

4. All times are given according to Central European Time (CET) or Central European Summer Time (CEST). The times are calculated in whole, rounded minutes per calendar month. The operating time corresponds to 44,640 minutes for a calendar month of 31 days, 43,200 minutes for a calendar month of 30 days, 41,760 minutes for a calendar month of 29 days and 40,320 minutes for a calendar month of 28 days.

5. Downtime is defined as those minutes during which the Customer cannot establish connectivity to the respective transfer point within the operating time or the affected contractual service is not available overall or not available in all its essential basic functionalities for more than an insignificant proportion of users.

6. When calculating the downtime, failures/impairments caused by one of the following events are not taken into account:

• 6.1 Scheduled maintenance work, e.g. due to necessary updates, upgrades or scheduled restarts of a system, (i) including unannounced time windows of a maximum of four (4) hours on weekend (Saturday/Sunday), on national holidays and on weekday evenings from 10 p.m. onwards; (ii) and longer downtimes with notification via the Provider's website seven (7) days in advance;
• 6.2 Unscheduled maintenance work due to (i) compliance with specifications of a third-party Provider (e.g. installation of critical security patches), provided that the use of the third-party Provider has been agreed with the Customer or (ii) urgently required maintenance measures that could not be foreseen by the Provider and therefore could not be carried out as scheduled maintenance work;
• 6.3 Problems within the network, the infrastructure (including local database systems) or the network connection of the Customer or of third parties commissioned by the Customer;
• 6.4 Failures/impairments that are based on the non-contractual actions or omissions of the Customer or a third party not commissioned by the Provider;
• 6.5 Failure by the Customer to comply with agreed requirements/specifications regarding required configurations, architectures and execution environments;
• 6.6 Actions of unauthorized users, insofar as the unauthorized user's ability to act is attributable to the Customer;
• 6.7 Contractual suspension of access due to a security incident to protect the Customer as well;
• 6.8 Events that are based on force majeure and cannot be compensated by the Provider through appropriate measures.

7. The Provider continuously logs various measured values on the status and performance of the cloud CONA and the cloud infrastructure and evaluates these to monitor the availability of the contract CONA using a log management system. The measurement data logged by the Provider is decisive for proving the availability of the contract CONA.

8. In the event that the availability is not met, the parties agree the following service credits:

9. Under the contract and this Service Level Agreement, service credits are the concretization of the statutory claims for remedies in the event of performance or availability problems.

10. The service credits shall be offset against the invoice for the billing period following the fault. The Customer is not entitled to offset the service credits themselves.

Support

1. Support by the Provider includes troubleshooting problems with CONA as well as troubleshooting in situations where the integration or the API do not behave as documented. Support by the Provider does not include the development of modules or applications for Customers or answering questions about the application architecture or further development of CONA, troubleshooting and performance optimization of the Customer's IT infrastructure or answering questions about the further development of CONA.

2. The Provider responds to support requests by email within 48 hours on working days (Monday to Friday).

Appendix 2 – Price list

The Provider shall invoice the Customer for the modules activated in CONA. Additional modules may be activated by the Provider at any time at the Customer's request.

Until 01.04.2026, the use of CONA is free of charge. Following this period, the fees set forth in the price list shall apply.

Monthly fees by order volume

Additional services may be purchased by the Customer directly within CONA. The applicable fees for such services are displayed in the application prior to purchase.

All prices are exclusive of VAT at the statutory rate applicable at the time the service is provided.