SaaS Terms of Service

These SaaS Terms of Service (hereinafter the "TOS") govern the relationship between the company DIGILAB, a Simplified Joint-Stock Company (Société par Actions Simplifiée) with a share capital of 10,000 euros, whose registered office is located at 55 avenue Foch, 75016 Paris, registered with the Paris Trade and Companies Register under number 999 221 831, and its clients (hereinafter referred to as the "Client").

The Provider and the Client are hereinafter collectively referred to as the "Parties," without any solidarity between them.

DIGILAB (hereinafter referred to as "DIGILAB" or the "Provider") is a company that provides and maintains software specialized in the management of orders, production workflows, and digital processes for dental laboratories, named DIGILAB (hereinafter the "Solution").

The Solution is accessible as a remote service (or "SaaS mode").

The Client has subscribed to the Services in the course of its professional activity.

These provisions come into effect as soon as the Client accesses the Services. They will be presented to the Client by any means prior to such access.

Article 1. Definitions

Anomaly: means any malfunction or non-conformity of the Solution's features compared to its normal operating state, when the Solution is used in accordance with its purpose and the Documentation. The different categories of Anomalies are described in Annex 3.

Documentation: means all documentation of any kind relating to the Solution and/or the Services, including any update, improvement, or other modification that may be made thereto, and any other element that may be added thereto, provided or made available by the Provider to the Client and relating to the Services.

Data: means the information (including Personal Data) of which the Client is the owner and/or controller, that the Client enters, provides, transmits, collects, stores, and/or processes under the TOS.

Personal Data: means any information relating to an identified or identifiable natural person, directly or indirectly.

License: means the provision of the Solution granted by the Provider to the Client under the terms of these TOS.

Services: means all services as described in the Annexes, which the Provider supplies to the Client in performance of these TOS, comprising (i) the provision of the Solution in SaaS mode to the Client (or the "License"), (ii) the hosting of the Solution and the Data, (iii) the support and corrective and evolutionary maintenance of the Solution, and (iv) the training of Users, depending on the plan subscribed to by the Client.

User: means any natural person under the responsibility of the Client and authorized by the Client to connect to the Solution and benefit from the Services in accordance with the provisions of the TOS. The number of Users authorized to connect to the Solution depends on the plan subscribed to by the Client.

Credentials: means the specific term by which each User identifies themselves to connect to the Services. This includes a login and a password specific to each User. User Credentials are confidential.

Article 2. Contractual documents

These TOS consist exclusively of the following documents:

• this document;
• the following Annexes:
  • Annex 1: Description of the Solution and Services and technical prerequisites
  • Annex 2: Security provisions
  • Annex 3: Service Levels (availability rate and incident management)
  • Annex 4: Financial terms
  • Annex 5: Personal Data Processing Agreement

It is understood that the contractual documents are mutually explanatory. However, in the event of a contradiction or discrepancy between the terms of the contractual documents, the Parties agree that this document shall prevail over the Annexes, which each have the same value.

It is expressly agreed between the Parties that the Client's general terms and conditions of purchase shall not apply to their commercial relationship.

The technical Annexes may be updated by the Provider and must be communicated to the Client by any means.

Article 3. Purpose

The purpose of these TOS is to define the conditions under which:

• the Provider makes the Solution available to the Client and provides the associated Services, and
• the Client agrees to use the Solution.

Article 4. Effective date and duration

A. Duration

The Client subscribes to the Services for a fixed term, according to the plan chosen by the Client at the time of subscription, which may be monthly or annual, under the conditions specified below.

Monthly subscription

The monthly subscription is entered into for an initial period of one (1) month. Payment of the monthly fee is due in full at the time of subscription to the License, for the upcoming month.

The subscription is automatically renewed for successive periods of one (1) month, subject to prior payment of the corresponding fee.

It may be terminated by the Client at any time, it being specified that any month commenced is due in full and is not eligible for any refund.

Termination takes effect at the end of the current month.

In the event of non-payment of the monthly fee by the due date, the Services will be automatically suspended without notice and the contract will be terminated as of right.

Annual subscription

The annual subscription is entered into for a firm period of twelve (12) months ("Initial Term").

Payment of the annual fee is due in full at the time of subscription to the License, for the entire Initial Term.

The subscription may be terminated by the Client at any time during the annual period. However, the full fees due for the current year remain payable, and no refund may be granted.

By way of derogation, in the event of termination based on a serious and unremedied breach by the Provider of its contractual obligations, duly notified by the Client in accordance with Article 4.B, only the fees accrued up to the effective date of termination shall be due.

In the event of non-payment of the annual fee by the end of the Initial Term, the Services will be automatically suspended without notice and the contract will be terminated as of right.

In the absence of termination at the end of the Initial Term and subject to prior payment of the corresponding annual fee, the Services will be tacitly renewed for successive periods of twelve (12) months (each renewal period is referred to as a "Renewed Period"), in accordance with the Financial Terms applicable at the time of renewal.

It is however specified that prior to subscribing to the Services under the conditions described above, the Client benefits from restricted access to the Solution as part of a free trial (the "Trial Phase"), in accordance with the terms set out in Article 5C.

B. Termination for breach

In the event of a breach by one of the Parties of any of its obligations under these TOS, the other Party may give formal notice to remedy such breach within a maximum period of fifteen (15) days, by registered letter with acknowledgment of receipt.

If, at the end of this fifteen (15) calendar day period, the breach has not been or could not be remedied, the other Party may, as of right, terminate the Services by registered letter with acknowledgment of receipt, without prejudice to any damages to which it may be entitled.

Except in the event of termination of the Services due to a breach by the Provider of its obligations, it is agreed between the Parties that the Client remains liable for all amounts due under the Services until the normal end of the Services (whether the Initial Term or a Renewed Period).

C. Consequences of termination

In the event of expiration or termination of the Services for any reason whatsoever, the Provider undertakes to carry out the reversibility services set out in the "Reversibility" Article.

Upon termination of the Services, for any reason whatsoever, the License granted by the Provider under these TOS shall be automatically terminated, and the Parties shall mutually return without delay or further formalities all documents of any kind in their possession belonging to the other Party (including the Documentation where applicable).

In all cases, and unless the Client requests the application of the "Reversibility" article of these TOS, the Provider shall delete the Data three (3) weeks after the effective date of termination of the Services, except where required by law.

Article 5. Conditions of use and implementation of the Services

A. Rights of use of the Solution and Services

In consideration of the payment of the price for the Services, the Provider grants the Client a non-exclusive, personal, non-assignable, and non-transferable right to access and use the Solution and its Documentation, through its Users, under the conditions and for the duration of these TOS.

The DIGILAB Solution is strictly reserved for internal professional use by dental laboratories and prosthetic factories, in the context of their prosthetic design, manufacturing, and management activities. It is strictly prohibited to use DIGILAB to create, operate, or feed, directly or indirectly, platforms for connecting or intermediating between Practitioners and prosthetic laboratories, when such uses are carried out by a Client outside the strict framework of the use of the Solution and the Services, as provided for and authorized by these Terms of Service.

The Solution shall be used by the Client under its sole control, direction, and responsibility. The Client vouches for compliance with these TOS by the Users.

The Client agrees not to (i) resell, sublicense, rent, share, or make the Solution and the Services available to any unauthorized third party in any way without the prior written authorization of the Provider; (ii) illegally access, disrupt the integrity or performance of the Solution or the data it contains; (iii) reverse engineer the Solution.

Any non-compliant use, as well as any attempt to divert the Solution for such purposes, will result in the immediate suspension or deactivation of access to the Solution, without notice or right to compensation.

B. Terms of provision of Services

The Services are provided within an infrastructure using the Provider's resources.

The Provider may, at any time, modify the Solution and/or the Services, or change the manner in which the Services are provided, provided that this does not result in a substantial regression of the performance and features of the Services, unless this is necessary to correct an Anomaly.

The Client acknowledges having been informed by the Provider of all the technical prerequisites necessary for the optimal functioning of the Services, accessible in Annex 1. The Client is also informed that these prerequisites may evolve, particularly for technical reasons.

The Client is solely responsible for access to the Services; it is the Client's responsibility to take all necessary steps to maintain such access. The Provider shall not be held liable in the event of inability to access the Services due to an event beyond its control.

The Client agrees not to allow access to the Services by unauthorized persons and must ensure that each authorized person complies with these TOS.

C. Validation of Services

The Services shall be subject to a Trial Phase, the duration of which shall be agreed between the Parties, without however exceeding fourteen (14) days.

During this Trial Phase, the Provider grants the Client limited access to the Solution, for one hundred (100) cases.

At the end of the Trial Phase, either upon expiry of the fourteen (14) day period or upon reaching the threshold of one hundred (100) cases processed, whichever occurs first, the Client must subscribe to a paid subscription in order to continue accessing the Solution and the Services.

In the absence of subscription under these conditions, access to the Solution and the Services shall be automatically suspended without notice, until the Client effectively subscribes to a subscription.

D. Access to Services - Availability

The Provider guarantees access to the Services and their performance in accordance with the SLA provisions in Annex 3.

The Solution is normally available 24 hours a day, 7 days a week, with the exception of:

• periods of unavailability related to maintenance operations necessary for the proper functioning of the Solution,
• periods of unavailability resulting from force majeure or an event beyond the Provider's control, such as incidents, bugs, or failures that may affect online applications or Internet access.

Where technically possible, the Provider shall endeavor to notify the User of any interruption as soon as possible and by any means.

Access to the Services by Users is carried out, for each use, using the Credentials from any desktop or laptop computer, tablet, or smartphone.

The Client is however informed that connection to the Services is via the Internet. In this respect, the Client is warned of the technical hazards that may affect this network and cause slowdowns or unavailabilities making connection impossible. The Provider cannot be held responsible for difficulties in accessing the Services due to disruptions to the Internet network.

Credentials are assigned to each User. The Client must ensure that Users maintain the confidentiality of Credentials. Credentials may only be used to allow access to the Services by Users authorized by the Client, in order to ensure the security of the Client's Data.

The Client is solely responsible for the use, and any loss or misuse of Credentials. The Client must immediately inform the Provider if it identifies a security breach related in particular to the voluntary disclosure or misuse of Credentials, so that the Provider can promptly take all appropriate measures to remedy the security breach.

In the event of loss or misuse of Credentials, the Provider reserves the right to close or suspend the account concerned, without incurring any liability.

Access to the Services may be temporarily interrupted, without compensation and without prior notice, for reasons of necessity related to the Services and in particular to ensure maintenance of the Solution or the Provider's servers. In such event, the Client shall be notified by any means at least twenty-four (24) hours in advance.

In the event of a security breach identified by the Provider that could seriously compromise the security of the Services and/or the Data, the Provider may, without notice, temporarily interrupt the Services in order to remedy the security breach as quickly as possible.

In the event of a proven or suspected breach by the Client of its obligations referred to above, the Provider may take any measures it deems necessary, including in particular the immediate suspension without notice of access to the Solution, without incurring any liability whatsoever.

Article 6. Obligations of the Parties

A. Obligations of the Provider

The Provider undertakes to make the Solution available to the Client and to provide the Services to the Client in accordance with these provisions and in accordance with best industry practices, from the date the Services are made available, as a best-efforts obligation.

In this context, the Provider undertakes to:

• provide the Services in compliance with the Service Levels (SLA) defined in Annex 3;
• assign qualified and competent personnel to the performance of the Services.

B. Client's obligation to cooperate

In addition to the obligations relating to the use of the Solution and the Services and to the payment obligations for the Services described herein, the Client undertakes to cooperate with the Provider and to provide or guarantee access to any information or elements that the Provider may reasonably need in order to fulfill its obligations under these TOS.

The Client undertakes to use the Services in compliance with applicable laws and regulations.

Article 7. Intellectual property

A. Ownership rights and use of the Solution

The Solution and its associated Documentation are and remain the property of the Provider or its licensors.

The Provider warrants that it is the author or holder of the exclusive exploitation rights to the Solution in accordance with the provisions of the French Intellectual Property Code. The Provider retains all intellectual property rights relating to the Solution and the confidential information of which it is the owner.

Consequently, the Client understands and acknowledges that the License granted under these TOS does not entail any transfer of ownership in its favor. The Client is prohibited from infringing upon the Solution in any way, and in particular from using the Solution in a manner inconsistent with its professional purpose and the conditions set out herein.

The Parties warrant that they acknowledge and respect each other's intellectual property rights.

This Article shall survive the termination or expiration of these TOS for any reason whatsoever.

B. Warranty against eviction

The Provider warrants that it holds all intellectual property rights enabling it to provide the Solution, and that to its knowledge, these do not infringe on the intellectual property rights of third parties.

The Provider indemnifies the Client against any third-party claims based on infringement resulting from the Client's use of the Solution.

Accordingly, the Provider shall bear all awards for principal, costs, and incidentals to which the Client may be sentenced by a final court decision.

If, as a result of such action, the Client is prevented from using the Solution, the Provider shall, at its expense, take one of the following measures, which it considers most appropriate, constituting the Client's sole and exclusive remedy:

• Obtain the right for the Client to use the Solution in accordance with these TOS;
• replace or modify the Solution in order to avoid such action while maintaining an equivalent level of functionality and relevance;
• refund the Client the amounts paid under these TOS, proportionally to the duration during which the Services could not be performed pursuant to this Article.

Article 8. Maintenance and support

The Provider provides maintenance and support services for the Solution under the terms and conditions expressly and exclusively set out in Annexes 1 and 2.

Article 9. Data

A. Ownership of Data

The Client is the sole holder of the rights to the Data that may be processed by the Provider in the context of the Services.

The Client grants, as may be necessary, to the Provider and its potential subcontractors, a non-exclusive, worldwide, free, and assignable license, allowing in particular access to, hosting, use, and copying of said Data for the purpose of performing the Services.

This license shall automatically terminate upon the cessation of these TOS, except where continued hosting and processing of the Data is necessary, particularly in the context of Reversibility operations.

The Provider reserves the right to use the Data resulting from the Client's use of the Solution and the Services, in a strictly anonymized form, for the purposes of producing statistics, analyses, or studies aimed at improving the performance, quality, and features of the Solution and the Services. Such processing is carried out in compliance with the Applicable Regulations and does not in any way allow the direct or indirect identification of the Client or its Users.

The Client represents and warrants that it has all the authorizations necessary for the exploitation of the Data in the context of the Services and that it may freely grant a license under the above terms to the Provider and its potential subcontractors. The Client further represents and warrants that in creating, installing, or uploading the Data in the context of the Services, it does not exceed any rights that may have been granted to it over all or part of the Data and does not infringe on third-party rights.

The Client undertakes to ensure that Users do not enter or communicate, in the context of using the Solution, any Personal Data, sensitive data, confidential data, or data protected by business secrecy.

It is the Client's responsibility to implement the necessary internal controls and instructions to prevent any unauthorized entry or transmission of such Data. The Provider shall not be held liable for any involuntary or inappropriate processing resulting from the transmission of such Data by the Client or its Users in violation of these provisions.

The Client shall ensure that it does not communicate, in connection with the use of the Services, any Data that would require the Provider to comply with specific laws or regulations other than those provided for in the normal provision of the Services.

The Client undertakes to indemnify the Provider for all financial consequences that the Provider may have to bear as a result of a breach by the Client of the aforementioned warranties regarding the Data.

B. Security

The Provider undertakes to perform the Services in compliance with the security document set out in Annex 2.

C. Personal Data

In the context of the provision of the Services, the Parties undertake to comply with all obligations arising from the application of any applicable legislation relating to the protection of personal data, in particular those arising from the French Data Protection Act of January 6, 1978, as amended, and, since May 25, 2018, from EU Regulation 2016/679 of April 27, 2016, relating to the protection of natural persons with regard to the processing of personal data and the free movement of such data ("Applicable Regulations").

In the context of the Services, the Provider has the capacity of Processor within the meaning of the Applicable Regulations. The conditions relating to the processing carried out in this context are described in the Personal Data protection document (Annex 5).

With regard to Personal Data collected and processed by each of the Parties for their own account for the purposes of the administrative management of these TOS, each of the Parties acknowledges that it processes such data as Data Controller within the meaning of the GDPR and undertakes in this capacity to comply with all obligations incumbent upon it in this capacity.

The Provider shall in no event be liable for the Client's failure to comply with its legal or contractual obligations with regard to Personal Data potentially integrated into the Solution by the User.

This Article shall survive the termination or expiration of these TOS for any reason whatsoever.

Article 10. Financial terms

In consideration of the provision of the Services, the Client shall pay the Provider the amounts indicated in the Financial Terms Annex, expressed in the currency of the relevant country and determined according to the type of plan subscribed to by the Client and any case overages (Annex 4).

The prices set out in the Financial Terms Annex may be revised at the Provider's initiative.

Payment is made online, at the time of subscription and then automatically at each due date, by automatic debit from the payment method provided by the Client. By providing its bank details, the Client expressly authorizes the Provider to debit the amounts due under the Services.

Invoices are issued and made available to the Client via the Solution. In the event of a disputed invoice, payment of the disputed invoice remains due. If the dispute is accepted, a credit note shall be sent to the Client as soon as possible.

Article 11. Warranties

The Provider warrants the conformity of the Services with its Documentation.

The Provider does not warrant that the Services are free from any defect or contingency and undertakes to remedy only the Anomalies detected in accordance with Annex 3.

The conformity of the Services shall not extend to any other express or implied warranty relating to the Services, including, in particular, any implied warranty of merchantability or fitness of the Solution for a particular purpose or result that the Client may have set for itself and/or to perform particular tasks that may have motivated its decision to subscribe to the Services. The Provider does not warrant that the features of the Services, including the Solution, will meet the Client's requirements.

To the extent permitted by law, any warranty other than those expressed herein is expressly excluded.

Article 12. Liability

The Provider shall under no circumstances be held liable for indirect damages suffered by the Client that may arise from or in connection with the performance of these TOS and their consequences. Indirect damages shall include, without limitation, loss of earnings or profits, loss of opportunity, commercial damages, loss of Data, notwithstanding the fact that the Provider may have been advised of the possibility of their occurrence.

In the event that the Provider's liability is established as a result of a breach by the Provider of its contractual obligations, the amount of total and cumulative compensation, all causes combined, including principal, interest, and costs, to which the Client may be entitled, shall be limited to the direct and foreseeable damage suffered by the Client and shall not exceed an amount equal to the sums paid by the Client to the Provider under the Services during the six (6) months preceding the event giving rise to the Provider's liability.

However, the liability of the Parties may not be excluded or capped in the event of personal injury or damage caused by willful misconduct or gross negligence.

In any event, the Provider's liability may under no circumstances be invoked in the event of:

• use of the Services in a manner not provided for in the Documentation and/or not expressly authorized by these TOS or the Documentation;
• modification of all or part of the Solution and the Services without the Provider's consent by the Client or a third party;
• continued use of all or part of the Solution and the Services when the Provider had recommended suspending their use;
• use of the Solution and the Services in an environment or configuration that does not comply with the Provider's technical prerequisites, or in connection with third-party programs or data not expressly endorsed by the Provider;
• occurrence of any damage resulting from a fault or negligence by the Client, or that the Client could have avoided by seeking the Provider's advice;
• use in connection with the Solution and the Services of programs not provided or endorsed by the Provider and likely to affect the Solution, the Services, or the Client's Data.

Article 13. Confidentiality

Unless expressly provided otherwise by the disclosing Party, all information, data, documents, deliverables, and/or know-how of any kind communicated by one Party to the other in the context of the performance of these TOS, as well as the terms of these TOS, shall be considered confidential ("Confidential Information"). Furthermore, the Parties undertake not to use information gathered during pre-contractual negotiations or the performance of these TOS in any manner that may cause harm to the other Party.

This undertaking shall remain in force for the duration of these TOS, and for a period of five (5) years from its termination or expiration, for any reason whatsoever.

The following shall not be considered Confidential Information: information (i) that was in the possession of the receiving Party prior to its disclosure by the other Party, provided that such possession did not result directly or indirectly from the unauthorized disclosure of such information by a third party, (ii) that is in the public domain on the date of its disclosure or subsequently enters the public domain without this being attributable to any fault of the Recipient, (iii) that was legitimately obtained from a third party without breach of a confidentiality obligation.

To the extent permitted by law, the Parties undertake to return or destroy, according to the instructions of the other Party, all Data and Information, upon request from the Party concerned, within a maximum period of fifteen (15) days from receipt of the request.

This Article shall survive the termination or expiration of these TOS for any reason whatsoever.

Article 14. Reversibility

In the event of expiration and/or termination of the Services, the Client has the Data retention period provided for by the subscribed plan to retrieve the Data accessible through the features of the Solution.

Article 15. Applicable law and jurisdiction

These TOS and any dispute relating thereto shall be governed by and construed in accordance with French law.

In the event of a dispute between the Provider and the Client regarding the validity, performance, nullity, or interpretation of these TOS, the Parties undertake to cooperate diligently and in good faith with a view to finding an amicable solution.

If, however, no agreement is reached within a reasonable period, the courts within the jurisdiction of the Paris Court of Appeal shall have exclusive jurisdiction, including in the event of multiple defendants, warranty claims, or summary proceedings.

These TOS are drafted in the French language, and any translation into a foreign language is provided for information purposes only, French being the only authoritative language.

Article 16. Miscellaneous provisions

A. Entirety

These TOS render null and void and replace any discussion, negotiation, and/or contract that may have previously existed between the Parties regarding the same subject matter and the same Services.

B. Headings

The headings of the paragraphs and articles of the TOS are inserted for ease of reading but may under no circumstances be used to guide their interpretation.

C. Partial invalidity

If one (or more) of the provisions of the TOS is held, rendered, or declared invalid by reason of a law, regulation, or decision of a competent court, the Parties shall consult each other to agree on one or more provisions to replace the invalid provision(s) and to achieve, to the extent possible, the purpose intended by the original clause(s). All other provisions of the TOS shall remain in full force and effect.

D. Non-waiver

The failure by one of the Parties to enforce any breach by the other Party of any of its obligations shall not be construed as a waiver of the obligation in question or as an amendment to these TOS, and shall not prevent the non-defaulting Party from relying on it in the future.

E. Force majeure

Only events that are unforeseeable and irresistible in nature and prevent one or the other Party from partially or fully performing its obligations under these TOS shall be expressly considered as force majeure events (as defined in Article 1218 of the French Civil Code and the case law of the Court of Cassation). The Provider and the Client agree that internal labor disputes within their respective companies and/or their subcontractors do not constitute a force majeure event within the meaning of this article.

In the event of a force majeure event, the obligations undertaken under the TOS shall be suspended for the duration of said event. The Party invoking a force majeure event must inform the other Party as soon as it occurs. Should the effects of the force majeure event exceed one (1) month, either Party may terminate the Services as of right and without prior formal notice, subject to a minimum notice period of one (1) month.

F. Insurance

Each Party declares that it has taken out and maintains with a well-known and solvent insurance company insurance covering the consequences of its Professional Liability and General Liability.

G. Notification

Unless otherwise stipulated, notifications shall be made by registered letter with acknowledgment of receipt. Any notification shall take effect from the date of its first presentation.

H. Modification

The Provider reserves the right to modify these TOS and their Annexes at any time, provided that such modifications do not result in a substantial reduction of the Client's rights. Any modification shall be brought to the Client's attention by any means the Provider deems appropriate. The modified TOS shall come into effect on the date specified in the notification sent to the Client.

ANNEX 1 – DESCRIPTION OF THE SOLUTION AND SERVICES AND TECHNICAL PREREQUISITES

General Overview

DIGILAB is a web-based software platform designed for dental prosthesis laboratories and dental practitioners, enabling centralized management of digital orders from intraoral scanners.

The solution unifies access to orders from multiple dental scanner manufacturer cloud platforms within a single interface, thereby facilitating the management, traceability, and processing of digital cases.

DIGILAB is accessible via a secure internet browser and relies on a cloud infrastructure hosted on Google Cloud.

Main Software Features

The DIGILAB solution notably enables:

• Automatic centralization of digital orders from various intraoral scanner brands;
• Viewing and downloading orders and associated files (STL, PLY, images, complete archives);
• 3D visualization of digital impressions directly from the web interface;
• Complete production cycle management, including:
  • validation,
  • planning,
  • modeling,
  • manufacturing,
  • shipping;
• Order tracking and traceability with history and action timeline;
• Production status management by treatment type (prostheses, surgical guides, aligners);
• Integrated communication via discussion spaces between dentists and laboratories;
• Order creation and modification;
• Laboratory and user management;
• Automatic document generation, including:
  • purchase orders,
  • declarations of conformity,
  • labels with QR codes,
  • invoices;
• Data export (notably in Excel format);
• Integration with third-party software for dental CAD and laboratory management;
• Interface customization with the laboratory's colors and logo (depending on plan).

The platform enables management of various types of dental treatments:

• Dental prostheses
• Surgical guides
• Alignment trays

Available Modules and Options by Plan

BASIC Plan

Allows:

• order viewing;
• simple search and filters;
• file downloading;
• 3D scan visualization;
• integration with third-party software.

ESSENTIAL Plan

Includes all BASIC features as well as:

• advanced order management;
• order modification and creation;
• custom filters and views;
• collaborative discussion spaces;
• laboratory graphic customization;
• automatic document generation;
• production status management;
• data exports;
• advanced user and laboratory management;
• comprehensive traceability tools.

Optional Module: DL Desktop

Installable software module for Windows workstations enabling:

• automatic local retrieval of DIGILAB orders;
• automatic file downloading;
• automatic generation of compatible exports:
  • EXOCAD (.dentalProject),
  • 3Shape Dental System (.3OXZ);
• automatic file organization on the user's workstation;
• direct case opening in CAD software.

2. Associated Services

Technical Support

Provision of a Frequently Asked Questions (FAQ) section accessible online, gathering answers to common platform usage issues.

Provision of an assistance chatbot accessible from the DIGILAB interface, providing immediate help on main features and standard procedures.

Access to a ticketing platform enabling users to submit technical support requests, report anomalies, and track incident handling by the DIGILAB team.

Training

Online onboarding program in video format, enabling progressive familiarization with the DIGILAB solution, including:

• initial account configuration;
• connection to scanner platforms;
• order management;
• production tracking;
• use of the platform's main features.

Maintenance and Updates

The DIGILAB solution benefits from:

• regular application updates;
• continuous functional improvements;
• security patches;
• cloud infrastructure maintenance.

The infrastructure is subject to:

• daily automatic backups;
• continuous technical monitoring;
• data and communication encryption.

3. Technical Prerequisites

Minimum Configuration for Web Solution Access

DIGILAB being a SaaS application accessible via browser:

Compatible browsers:

• Google Chrome (recommended)
• Microsoft Edge
• Any recent Chromium-based browser

Compatible operating systems:

• Windows 10 or higher
• Recent macOS
• Linux

Internet connection:

• Broadband connection recommended
• Recommended minimum speed: 5 Mbps

Hardware:

• Standard computer workstation capable of displaying 3D models
• Recommended screen size ≥ 1920×1080 for optimal comfort

Prerequisites for the DL Desktop Module

• Windows 10 or Windows 11
• Intel Core i3 processor or equivalent minimum
• 4 GB RAM minimum (8 GB recommended)
• 500 MB minimum disk space
• Authorized access to local storage folders
• Stable internet connection

Integration Prerequisites

For proper operation, the laboratory must have:

• an active cloud account with compatible intraoral scanner manufacturers, including:
  • 3Shape
  • Medit
  • Dexis
  • Shining 3D
  • 3Disc
  • iTero
  • Alliedstar (AS Connect)
  • Panda / Freqtek
  • DScore
• the necessary access credentials for any third-party software used (e.g., CAD or laboratory management software).

DIGILAB offers assistance with configuring these connections.

ANNEX 2 – SECURITY DOCUMENT

1. Technical Security Measures

1.1 Data Protection

The Solution relies on a secure cloud infrastructure hosted on Google Cloud Platform (GCP), located in the European Union, GCP region europe-west9-a (Paris), europe-west4-a (Netherlands), europe-west9-b (Belgium).

The following measures are implemented:

Data Encryption

• All communications with the DIGILAB platform are secured via the HTTPS protocol (TLS), with SSL certificates issued by Google Cloud or by the Caddy server.
• User passwords are never stored in plain text and are protected by a strong hashing algorithm (bcrypt).
• Credentials required for connecting to dental scanner platforms are encrypted using AES before storage.
• Data stored on Google Cloud virtual machines benefits from native encryption at rest via encryption keys managed by Google.

Secure Storage

• Application data is stored in an isolated MongoDB database within the cloud infrastructure.
• Network access to the database is restricted by IP filtering, authorizing only the necessary internal services.
• A migration to MongoDB Atlas (managed secure service) is underway to further strengthen security and high availability mechanisms.

Backups

• Virtual machines are subject to automatic daily backups (daily snapshots).
• Backups are managed by the Google Backup and Disaster Recovery service.
• Automatic restart mechanisms enable rapid service restoration in the event of an incident.

Certification and Hosting

• The infrastructure is based on Google Cloud Platform, a provider holding numerous international security certifications (ISO 27001, ISO 27017, ISO 27018). Google Cloud Platform is also SOC 2 and SOC 3 certified.
• The DIGILAB platform processes data that may qualify as health data within the meaning of Article L.1111-8 of the French Public Health Code.

1.2 Access Control

Authentication

• Access to the DIGILAB platform requires authentication via username and password.
• Auto-login mechanisms between the various DIGILAB applications are secured on the server side.
• Passwords are stored exclusively in hashed form.

Permission Management

• Users can only access orders and data associated with their laboratory.
• Role separation limits access to authorized administrators.

Administrator and Infrastructure Access

• Access to virtual machines is exclusively via individual SSH keys.
• Access is limited to authorized accounts.
• Google Cloud service accounts have restricted API rights following the principle of least privilege.

1.3 Network and Infrastructure Security

Secure Architecture

• The DIGILAB infrastructure is distributed across several isolated services:
  • application services,
  • Cloud Run functions,
  • databases,
  • third-party integration servers.
• Critical services use fixed IPs and VPC connectors to limit public exposure.

Network Protection

• Google Cloud firewall rules restrict incoming traffic to the necessary ports (HTTP/HTTPS).
• The MongoDB database is protected by IP address filtering.
• Inter-service communications are carried out via secure internal networks.

Monitoring and Logging

• Services use Google Cloud Logging and Monitoring (Stackdriver) for:
  • event logging,
  • performance tracking,
  • anomaly detection.
• VM integrity monitoring is enabled.

System Protection

• VMs benefit from:
  • an enabled vTPM module,
  • integrity monitoring,
  • automatic migrations during host maintenance,
  • automatic restart in the event of failure.

Application Protection

The DIGILAB infrastructure is based on a hybrid architecture combining serverless services (Cloud Run, Firebase Hosting) and GCP Compute Engine virtual machines, whose security is largely managed natively by Google Cloud Platform.

• Application containers are built from maintained base images and benefit from the built-in security mechanisms of the GCP platform (isolation, sandboxing, gVisor).
• This serverless architecture renders the deployment of a traditional third-party antivirus on execution environments irrelevant.

Security Controls

DIGILAB may carry out or commission vulnerability scans and/or security tests at a frequency adapted to the risk level and the evolution of the Solution, without guaranteeing exhaustive coverage, and shall implement reasonable corrective actions based on criticality.

Maintenance and Updates

• Systems, dependencies, and application images are subject to regular updates to address known vulnerabilities.
• Application deployments follow a continuous delivery process (CI/CD) including quality and security checks.

2. Operational and Organizational Measures

2.1 Security Incident Management

DIGILAB applies an incident management process comprising:

• detection via cloud monitoring tools;
• technical analysis of the incident;
• isolation of the affected service if necessary;
• data restoration via backups;
• correction and deployment of a fix;
• traceability of actions taken.

In the event of a security incident affecting data, DIGILAB undertakes to notify the client within a maximum period of 72 hours after becoming aware of it, in accordance with applicable regulatory obligations (notably GDPR).

2.2 Business Continuity and Disaster Recovery Plan

To ensure service continuity:

• application components are distributed across several independent cloud services;
• daily backups enable rapid environment restoration;
• instances have automatic restart capabilities;
• Google Cloud infrastructure guarantees high hardware and network availability;
• services can be rapidly redeployed via Docker containers and managed services (Cloud Run, Firebase Hosting).

These measures help limit service interruptions and ensure operational recovery according to the following objectives:

• Recovery Point Objective (RPO): 24 hours.
• Recovery Time Objective (RTO): 24 to 48 hours depending on the nature of the incident.

2.3 Data Retention and Deletion

User data is retained for the entire duration of the contractual relationship. User data such as received orders is retained for a maximum of 3 months, depending on the plan:

• BASIC: 3 weeks,
• ESSENTIAL: 90 days

2.4 Personal Data Protection

The processing of personal data carried out in connection with the use of the DIGILAB platform is governed by a specific annex "Data Protection – GDPR (DPA)" incorporated into the Terms of Service.

3. Security Contacts

The designated contacts for questions relating to the security of the DIGILAB platform are:

• Contractual contact: Morgan ABBOU (CIO) – morgan.abbou@stemmerlife.com
• Technical security contact: Mickael ANOUFA – mickael.anoufa@DIGILAB.dental

ANNEX 3 – SERVICE LEVELS

1. Solution Availability

1.1 Availability Rate

The Provider undertakes to ensure a monthly availability of the DIGILAB Solution of:

99.5% of the time during business days,
Monday to Friday from 09:00 AM to 06:00 PM (CET).

Availability refers to the ability of authorized users to:

• access the DIGILAB platform;
• view orders;
• download associated files;
• use the main features of the service.

The following are excluded from the availability calculation:

• scheduled maintenance windows;
• interruptions due to force majeure;
• failures of the Client's internet networks or equipment;
• unavailability resulting from third-party services or external scanner platforms.

1.2 Scheduled Maintenance

Maintenance operations may be carried out to ensure:

• application updates;
• security patches;
• cloud infrastructure upgrades.

Applicable conditions:

• prior notification at least 24 hours before the intervention;
• priority scheduling outside business hours where possible;
• communication of a post-incident report within 3 business days in the event of a major incident.

1.3 Recovery Objectives

The DIGILAB infrastructure benefits from backup and recovery mechanisms enabling the following objectives:

• RPO (Recovery Point Objective): 12 hours maximum
  (maximum data loss in the event of a major incident)
• RTO (Recovery Time Objective): 5 hours maximum
  (target time for service restoration)

2. Performance and Anomaly Management

2.1 Anomaly Classification

Anomalies are classified by severity level:

Blocking Anomaly (Critical)

Includes but is not limited to:

• complete inability to access the DIGILAB platform;
• general service unavailability;
• data loss or corruption preventing normal use.

Major Anomaly

Includes but is not limited to:

• failure to automatically receive orders from scanners;
• malfunction affecting an essential feature without complete service shutdown.

Minor Anomaly

Includes but is not limited to:

• display defect;
• interface anomaly;
• incomplete information or non-blocking platform behavior.

2.2 Response Commitments

The Provider undertakes to acknowledge receipt of Client requests within the following timeframes (business hours):

2.3 Resolution Commitments

Resolution times are understood as a reasonable objective for correction or implementation of a workaround.

2.4 Anomaly Reporting and Tracking Procedure

Anomalies may be reported via:

• the DIGILAB ticketing platform;
• the integrated assistance chatbot;
• email: support@digilab.dental.

Each report is subject to:

• registration;
• severity qualification;
• tracking until closure.

The Client undertakes to provide all information necessary to reproduce the anomaly.

3. Support and Assistance

3.1 Contact Methods

DIGILAB technical support is accessible via:

• Email: support@digilab.dental
• Ticketing portal integrated into the platform
• DIGILAB assistance chatbot

3.2 Support Hours

Technical support is provided:

Monday to Friday
from 09:00 AM to 05:00 PM (CET), excluding public holidays.

Request processing is prioritized according to the anomaly severity level.

4. Service Credits

4.1 Principle

In the event of a proven failure to meet the availability commitments defined in this annex, the Client may request the granting of a service credit.

Credits exclusively take the form of a credit note applied to a future DIGILAB invoice.

Service credits represent DIGILAB's sole liability and the Client's sole remedy in the event of non-compliance of the Services with the Service Levels.

4.2 Limitation

The total amount of service credits granted shall not exceed an amount equal to the sums paid by the Client for the Services during the month preceding the event giving rise to the Provider's liability.

4.3 Eligibility Conditions

Any credit request must:

• be submitted in writing within 30 days following the incident;
• contain the elements enabling verification of the alleged breach.

ANNEX 4 – FINANCIAL TERMS

DigiLab Pricing Schedule

Pricing tailored to your activity

Our pricing philosophy

• Flexibility — From small workshops to large industrial labs
• Transparency — No hidden fees, everything is clear
• Scalability — Your subscription grows with your activity

Quick comparison

BASIC: Who is it for?

• Small structures
• Standard daily use
• Controlled budget
• Small team

ESSENTIAL: Who is it for?

• Growing laboratories
• Subcontractor collaboration
• Multiple teams
• Customization needs

SMALL LABORATORIES

Two plans, two uses

BASIC — The essentials to get started

• Universal inbox
• 2 collaborators
• 4-week backup

ESSENTIAL — The power to perform

• Universal inbox
• 5 collaborators
• 3-month backup
• Platform customization
• Direct subcontractor access

Small Laboratories — 100 to 500 cases/month

LARGE LABORATORIES

Two plans, two uses

BASIC — The essentials to get started

• Universal inbox
• 5 collaborators
• 6-week backup

ESSENTIAL — The power to perform

• Universal inbox
• 10 collaborators
• 4-month backup
• Platform customization
• Direct subcontractor access

Large Laboratories — 1,000 to 5,000+ cases/month

Overage Rates

SMALL LABS — Overage rate - 100-case plan

SMALL LABS — Overage rate - 200-case plan

Beyond: automatic upgrade to the 500-case plan

SMALL LABS — Overage rate - 500-case plan

Beyond: automatic upgrade to the 1,000-case plan (Large Labs)

LARGE LABS — Overage rate - 1,000-case plan

LARGE LABS — Overage rate - 2,000-case plan

LARGE LABS — Overage rate - 5,000-case plan

Volume Management

Monthly Subscription

Plan overage?

• Upgrade to a higher plan possible, or
• Purchase additional credit packs

Annual Subscription

• Credits allocated monthly
• Unused credits roll over
• Additional credits available for purchase within the month if needed
• Unused credits lost at end of year
• By choosing the annual plan, one month is offered (-8% compared to the monthly subscription price)

API - White Label

Integrate DigiLab into your ecosystem

$4,200

Includes:

• Full API access
• Technical support for installation
• Integration documentation
• Dedicated hotline
• 4-week backup

Ideal for laboratory groups and networks

Smart Upgrade

Change plans without constraint

Our system automatically calculates:

• 01 — Amount already paid
• 02 — Remaining pro rata
• 03 — New monthly payment

Your anniversary date remains unchanged.

API: Who is it for?

• Industrial groups
• Massive volumes
• Complex IS integrations
• Priority support

Benefits Summary

All plans include:

• Universal multi-practitioner inbox
• Real-time notifications
• Intuitive interface
• AI technical support
• Updates included
• Data security (HDS)

Additionally with ESSENTIAL (SMALL LABORATORIES):

Everything in the Basic plan plus

• 3 additional users
• Interface customization
• 11 additional months of backup
• Subcontractor connection

Our Commitments

• No commitment on monthly plans
• Transparent pricing changes
• Clear billing with no surprises
• Easy migration between plans

Ready to digitize your laboratory?

Get started today

Free trial: 100 cases within a 14-day limit

Contact: contact@digilab.fr

Long-Term Archiving — Premium Option

Beyond included durations

• Option 1 — $0.12 per case per additional month
• Option 2 — Unlimited archiving package +$60/month
• Option 3 — Annual 12-month archiving pack +$48/month

Instant access at any time via the platform

ANNEX 5 – PERSONAL DATA PROCESSING

• Personal Data: means any information relating to an identified or identifiable natural person, directly or indirectly, in particular by reference to an identification number or to one or more specific elements concerning them. "Client's Personal Data" means those communicated by the Client to the Provider as well as those collected, produced, or otherwise Processed by the Provider in connection with the performance of the Contract;
• Processing: means any operation or set of operations applied to Personal Data, whether or not carried out by automated means, such as collection, recording, organization, retention, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination, or any other form of making available, matching or interconnection, as well as blocking, deletion, or destruction;
• The expressions "Data Subjects", "Data Controller", and "Processor" have the meaning given to them in Article 4 of the GDPR; their related terms shall be interpreted accordingly.

A) General Provisions

The Parties acknowledge that for the Processing operations carried out in the context of the performance of the Contract, the Client has the capacity of Data Controller and the Provider of Processor. As Processor, the Provider undertakes to:

1. Process Personal Data solely for the purposes that are the subject of the subcontracting;
2. Process Personal Data in accordance with the Client's documented instructions. If the Provider considers that an instruction constitutes a violation of the Applicable Regulations, it shall immediately inform the Client;
3. Guarantee the confidentiality, security, and integrity of Personal Data processed hereunder;
4. Ensure that persons authorized to process Personal Data comply with the Applicable Regulations;
5. Inform the Client of any potential transfer of Personal Data outside the European Union, or to an inadequate country, and guarantee that such transfer and/or hosting is carried out to countries that ensure a sufficient level of data protection;
6. The Provider has a general authorization to engage another processor (hereinafter, the "sub-processor") to carry out specific processing activities. In the event of the addition or replacement of a sub-processor, the Provider shall inform the Client in advance and in writing, and the Client shall have a period of one (1) month from the date of receipt of this information to raise objections.
7. Right to inform Data Subjects: It is the Client's responsibility to provide information to the Data Subjects affected by the processing operations at the time of collection of Personal Data.
8. Exercise of data subjects' rights: To the extent possible, the Provider shall assist the Client in fulfilling its obligation to respond to requests for the exercise of the rights of data subjects. When data subjects exercise their rights with the Provider, the Provider shall forward them to the Client within seventy-two (72) hours of receipt;
9. Notification of personal data breaches: the Provider shall notify the Client of any Personal Data breach within a maximum period of 48 (forty-eight) hours after becoming aware of it, by email to the email address provided by the Client for this purpose.
10. DPIA: to the extent possible, the Provider shall assist the Client in carrying out data protection impact assessments.
11. Fate of Personal Data: Upon termination hereof, the Provider undertakes to destroy all Personal Data, unless otherwise required by law.

B) Description of Processing Operations – Sub-processors

Identity and contact details of the Data Protection Officers (DPO)