General Terms and Conditions

Last Updated: December 2025

Phase: Closed Early Access (Valid until Feb 28, 2026)

1. Part 1: General Terms and Conditions (AGB) — Includes Early Access Terms
2. Part 2: Data Processing Agreement (AVV)
3. Annex A: Model Withdrawal Form

MuseMachine UG (haftungsbeschränkt)

These General Terms and Conditions ("AGB") apply to all contracts between MuseMachine UG ("Provider") and the Customer regarding the use of the "MuseBoard" software.

The offer is directed at both Entrepreneurs (§ 14 BGB) and Consumers (§ 13 BGB).

The following provisions in this § 1a take precedence over conflicting provisions in the rest of the AGB for the duration of the Early Access Phase.

Duration: The "Closed Early Access" phase is currently active and ends automatically on February 28, 2026, unless extended by mutual agreement or terminated earlier due to insolvency.

Invitation & Access Restrictions (Closed Nature): Access to MuseBoard is strictly by invitation only. The Customer may not publicly share invitation links or account credentials with third parties. Exception (Client Access): The Customer is permitted to invite third parties (e.g., their own clients) if and only if such access is strictly necessary for collaboration on a specific MuseBoard project managed by the Customer.

Publicity & Sharing (Open Nature): Unlike typical non-disclosure agreements, the Customer is explicitly permitted and encouraged to share screenshots, workflows, and generated content from MuseBoard on public (social media) or private channels. Confidentiality regarding the existence of the tool is not required.

No Uptime Guarantee: During this phase, the software is provided for testing and development purposes. The availability guarantee mentioned in § 2.2 does not apply. The service may experience interruptions, data resets, or bugs.

Feedback License: The Customer grants the Provider a perpetual, royalty-free, exclusive, and transferable right to use any feedback, feature requests, or suggestions provided during this phase for the improvement of the software.

Termination Protection: To support the Customer's planning security during this phase, the Provider waives the right to ordinary termination of the service before February 28, 2026. The Provider generally only reserves the right to terminate access in cases of: Material breach of these terms by the Customer (e.g., misuse, illegal content); or Insolvency or liquidation of the Provider.

AI Disclaimer: The Customer acknowledges that image generation is performed by Artificial Intelligence. The Provider does not guarantee that: The generated images are factually correct or free of errors ("hallucinations"); The generated images are unique or exclusive to the Customer; The generated images are free from third-party intellectual property rights.

Availability: Subject to the limitations in § 1a, the Provider generally strives for high availability. However, during the Closed Early Access phase, no specific uptime percentage is guaranteed.

The Customer must provide truthful and complete information during registration.

Login credentials must be kept confidential.

Prices: All prices shown on the website are gross prices including applicable statutory VAT. For Entrepreneurs (B2B), the invoice will state the net amount and VAT separately.

Credits Expiry: B2B/B2C: Monthly subscription credits expire at the end of the billing month.

Downgrade: A downgrade becomes effective at the end of the current billing period.

Software: The Customer receives a non-exclusive, non-transferable right to access and use the software via a web browser.

Generated Content: To the extent legally possible, the Provider transfers all usage and exploitation rights to the Customer for the images they generate.

Prohibited Content and Acceptable Use: The Customer agrees that they and their Authorized Users will not use the Service to generate, upload, transmit, or store any content that violates applicable local, state, national, or international laws ("Prohibited Content"). Specifically, strictly prohibited activities include, but are not limited to:

Child Safety: Generating, uploading, or distributing Child Sexual Abuse Material (CSAM) or any content that exploits or harms minors. We maintain a zero-tolerance policy and will report such content to relevant authorities immediately.

Violence and Harm: Creating content that promotes, facilitates, or encourages acts of violence, self-harm, terrorism, or physical injury to persons or property.

Hate Speech: Generating content that promotes discrimination, hatred, or harassment based on race, ethnicity, religion, disability, gender, age, or sexual orientation.

Illegal Goods/Services: Content related to the sale or promotion of illegal drugs, weapons, or fraudulent schemes.

Protection of Third-Party Rights and Personality Rights: The Customer represents and warrants that they have all necessary rights, licenses, and consents to use any input data uploaded to the Service.

Intellectual Property Violations: Generate or publish content that infringes upon the copyrights, trademarks, trade secrets, or patents of any third party.

Deepfakes and Impersonation: Create synthetic media ("deepfakes") or realistic AI-generated representations of real persons—living or deceased—without their explicit, written consent. This includes misappropriating an individual's name, image, likeness, or voice ("Right of Publicity") for commercial gain, deception, or defamation.

Defamation: Generate content intended to slander, libel, or defame any person or entity, or to portray any individual in a false light.

Indemnification: The Customer agrees to indemnify, defend, and hold harmless the Provider, its officers, directors, employees, and agents from and against any and all claims, liabilities, damages, losses, and expenses arising out of or in any way connected with: Violation of Laws; Content Liability; or Breach of Terms.

The Provider is liable without limitation for damages caused by intent, gross negligence, and for injury to life, limb, or health.

For slight negligence, liability is limited to the breach of essential contractual obligations (Kardinalpflichten). Liability is limited to typically foreseeable damage.

Strict liability for initial defects in the software (§ 536a BGB) is excluded.

If the Customer (B2B) processes personal data of third parties via MuseBoard, the Data Processing Agreement (AVV) in Part 2 applies automatically.

Applies only to Consumers (§ 13 BGB).

Instruction on Withdrawal: You have the right to withdraw from this contract within 14 days without giving a reason.

Expiry of Right: For digital content not supplied on a tangible medium, the right of withdrawal expires prematurely if you have expressly consented to the execution of the contract before the end of the withdrawal period and confirmed your knowledge that you lose your right of withdrawal thereby.

Governing Law: The law of the Federal Republic of Germany applies.

Jurisdiction: The place of jurisdiction is Böblingen, Germany (for merchants/legal entities).

Dispute Resolution (Consumer): The European Commission provides a platform for online dispute resolution (OS), which you can find at https://ec.europa.eu/consumers/odr. We are not obliged and generally not willing to participate in a dispute settlement procedure before a consumer arbitration board.

Pursuant to Art. 28 GDPR. Between The Customer (as registered in the Team Plan) — "Controller" and MuseMachine UG (haftungsbeschränkt) — "Processor"

The subject matter is the processing of personal data (including names, emails, and image content) by the Processor on behalf of the Controller via the MuseBoard SaaS application.

The Processor processes data only upon documented instructions from the Controller. The technical use of the software functionalities constitutes such an instruction.

The Processor takes all necessary technical and organizational measures (Art. 32 GDPR), including: Encryption: TLS 1.2+ (transit) and AES-256 (rest); Access Control: Strict authentication via Appwrite and RBAC; Availability: Regular backups and redundant storage via Appwrite.

The Controller authorizes the engagement of: Microsoft Azure (Hosting/AI, Europe & USA); Appwrite Code Ltd. (Backend, Europe/Frankfurt nodes); Mollie (Payment); PLUS FIVE FIVE, INC. (Resend) (Email Transactional Services, USA) — Covered by EU-U.S. Data Privacy Framework or SCCs.

Support: The Processor supports the Controller in answering data subject requests and reporting data breaches.

Audits: The Controller has the right to audit compliance. On-site audits are limited to once per calendar year and primarily rely on valid certifications (ISO/SOC) provided by the Processor.

Upon termination of the main contract, all personal data will be permanently deleted, unless statutory retention obligations require continued storage.

(If you wish to withdraw from the contract, please fill out this form and send it back.)

To: MuseMachine UG (haftungsbeschränkt)
Röhrer Weg 8
71032 Böblingen
Deutschland
Email: contact@musemachine.de

I/we (*) hereby withdraw from the contract concluded by me/us (*) for the purchase of the following goods (*)/the provision of the following service (*):

Ordered on (*)/received on (*):

Name of the consumer(s):

Address of the consumer(s):

Signature of the consumer(s) (only if notification is on paper):

Date:

(*) Delete as appropriate.