What is Melis Platform?

Melis Platform is a free, Open Source Digital Experience Platform (DXP) made in France that unifies CMS, e-commerce, marketing and CRM, and natively embeds generative and agentic AI through Melis AI, with Model Context Protocol (MCP) integration.

How does Melis Platform use AI?

Melis AI brings generative AI (content creation, translation, page layout) and agentic AI (multi-step automated tasks) into the back office, and uses MCP to connect with external AI models and tools across CMS, commerce, marketing and CRM.

What is MCP integration in Melis Platform?

MCP (Model Context Protocol) lets Melis Platform connect to external AI models, tools and data, and expose its own content, commerce and CRM context to AI agents, so agentic workflows can operate on the DXP.

Is Melis Platform open source and free?

Yes. The Community Edition is free and Open Source. Professional and Enterprise editions add support, SLA and custom development.

What makes Melis Platform different from other DXPs or CMSs?

It is one of the few Open Source DXPs to combine CMS, e-commerce, marketing and CRM in one extensible PHP platform, and among the first to make the DXP intelligent with native generative and agentic AI and MCP, without vendor lock-in and with European / GDPR sovereignty.

Melis AI Try it now

Legal · Annex B

Hosting & Managed Services

Version 1 — in force since 10 April 2025

This English text is a translation provided for information only. The French version (“Conditions Particulières — Hébergement et infogérance”) is the sole legally binding text and prevails in the event of any discrepancy.

B.1. Specific definitions

The terms used in the contract and its annexes have the meaning assigned to them by the laws and orders on IT terminology. Terms that, by way of exception, have a meaning specific to the contract are defined in this article or in the text of the various contractual documents.

Service: IT use that runs on a technical infrastructure made up of hardware components (physical or virtual) and software in order to produce a certain value intended for a predefined set of users. It is associated with a service-level commitment and a service warranty period.

IT environment: set of physical or virtual components of the compute, storage and network type provided by the PROVIDER (Cloud IaaS or hosted in the hosting space) or made available by the COMPANY.

Cloud IaaS: service making available physical or virtual components of the compute, storage and network type, accessible over the Internet or a private network.

Cloud PaaS: service making available physical or virtual components and technical software (operating system, sub-system, service manager, database engine, file manager), accessible over the Internet or a private network.

Cloud: Cloud solution (IaaS, PaaS) whose use is shared between several companies while guaranteeing the watertightness of its operation between each of them.

Hosting space: space in which the COMPANY's equipment is hosted, in a private or shared physical zone of one of the PROVIDER's data centres.

Server: physical or virtual IT infrastructure component providing execution and computing services for software.

Storage: space allowing data to be physically stored.

Network: set of equipment providing services to exchange Data.

Bandwidth: maximum throughput of the Data exchanged over the Internet.

Inbound traffic: traffic from any origin received by the network to which the IT environment is connected.

Outbound traffic: traffic sent by the IT environment to the network to which it is connected.

Network latency (transit delay): the time needed for a data packet (transmission unit of the “network” layer, layer 3 of the OSI model) to travel from source to destination across a network.

Managed services: services entrusted to the PROVIDER with the aim of ensuring, on behalf of the COMPANY, that IT components grouped into an IT environment are kept in operational condition.

Managed component: manageable component monitored by control points and delivering one (or more) service(s); examples: processing/computing service (software or software package), presentation service (application server), printing service, web service, mobile-device management service, data-exchange and queue-management service (messages/files), directory and authentication service, security service, administration service, data/file management service.

Managed environment: set of managed components such as software (system, sub-system, database, technical tools) and technical resources (processing, storage, communication) necessary and sufficient (excluding shared components) to autonomously produce one (or more) service(s) in a specific use context (production, pre-production, development, test, acceptance, training, migration, integration, etc.) that is the subject of a managed-services engagement.

Ticket: electronic record gathering information about a defined subject (events, service requests, etc.) concerning a managed environment. It contains the information needed to understand and analyse the subject as well as data to track the progress of the operations carried out.

Subscription (or fee): flat-rate billing of resources made available to the COMPANY and of services operated by the PROVIDER, according to the periodicity defined in the contract.

Consumption (or pay-per-use billing): any use of resources or services calculated according to the volume consumed, and billed according to use. The readings of the consumption-monitoring tool made available to the COMPANY by the PROVIDER are authoritative in the event of a dispute.

Service Levels (or SLO: Service Level Objective): measurable indicators and minimum value to be reached, allowing the level of quality and effectiveness of the services to be expressed factually.

Reversibility: technical hand-back operation by which the COMPANY takes back the services it had entrusted to the PROVIDER following the end of the contract, whatever the cause.

User: person placed under the COMPANY's responsibility (agent, employee, representative, etc.) who has access to the Data and Software hosted by the PROVIDER.

Authentication: technique whereby any access to a service requires the user to identify themselves using a login and a password.

Credentials: all the personal and confidential elements (login and password) allowing the user to identify and connect to the Internet.

Password: secret code which, combined with the login (user id, login), allows a user to ensure that their subscription will not be used by a third party.

Severity 1: critical malfunction, i.e. a critical managed item is unavailable, or connections to the services of the managed environment are impossible.

Severity 2: major malfunction, i.e. connections to the services of the managed environment are possible but sensitive managed items are unavailable.

Severity 3: minor malfunction affecting a limited number of users; availability and operation of the managed items of the managed environment little affected.

B.2. Retention of title

In the event of a sale of equipment or assignment of intellectual property rights, the transfer of ownership, excluding software, shall take place in favour of the COMPANY on the date on which it has paid the price in full, including charges and taxes.

Consequently, the PROVIDER expressly reserves the right to assert its ownership of the product sold in accordance with the applicable provisions of the Commercial Code, and to repossess it at any time in the event of non-payment. Even in the event of partial payment, the COMPANY personally undertakes to the PROVIDER not to dispose of it by any means whatsoever, whether in full ownership or by creating a pledge or charge over the product, before payment of the full price.

It undertakes to ensure that the goods are always available and identifiable.

B.3. Transfer of risk

The COMPANY is held liable, whether or not it is the owner, for all risks of loss, deterioration or destruction, partial or total, whatever the cause of the damage, suffered by the items handed over to it by the PROVIDER in performance of the services, from their date of installation on its premises or their handover, which may be evidenced by a report signed by both parties. Before that date, the COMPANY shall not be liable, except for losses or damage caused by its fault or where such liability falls on it by law.

The COMPANY shall fully indemnify the PROVIDER for all loss suffered by the PROVIDER as a result of the deterioration or total or partial destruction of the equipment handed over to the COMPANY for the performance of the services.

B.4. Implementation and service-delivery phases

B.4.1. Phases

During the contract, different phases are distinguished for the services:

Pre-implementation phase: it begins on the date the contract is signed by the company and ends as soon as one of the initial go-live tasks has started.
Initial implementation phase: it begins as soon as one of the implementation-service tasks has started and ends upon approval of the last deliverable of the implementation services.
Probationary period phase: it begins at the end of the initial implementation for a duration defined in the contract.
Production phase: it begins at the end of the probationary period.

B.4.2. Probationary period

The probationary period is a phase during which the recurring services are delivered in transitional mode.

Its purpose is:

to verify the assumptions established when negotiating the contract, such as:
- components of the environment necessary for the proper performance of the service,
- scope of the services,
- volume and sizing data for the items contributing to the production of the services,
to finalise the procedures for managing the services and governing the contract,
to complete the initial implementation phase so as to ensure the proper operation of the services with a view to meeting the commitment and service levels,
to adjust the service levels accordingly.

During this period, the clauses relating to failure to meet service levels do not apply. If it turns out that the probationary period is not representative of the normal operational environment, the PROVIDER and the COMPANY shall agree on another period that is representative.

At the end of the probationary period, the PROVIDER draws up a report observing the activity during the probationary period. This report compares the initial assumptions with the findings from the observations made during the probationary period. This report is submitted to the COMPANY for approval and any decisions.

Should the items contained in the report lead to an update of the technical and human resources needed to produce the services in order to reach the expected service levels, the Parties decide on:

either a re-assessment of the resources and the corresponding price of the services concerned by means of an amendment to the contract, in particular the initial implementation services,
or a reduction of the service levels and/or of the technical and functional scope so as not to exceed the resources and budgets initially planned.

Depending on the decisions taken, the PROVIDER completes the contract and its annexes to reflect the arrangements made.

Should the items contained in the report make it impossible for the PROVIDER to implement the services covered by the contract at acceptable service levels, or should the COMPANY not accept the changes made to the contract in terms of pricing and service levels, the Parties decide by mutual agreement to terminate the contract in accordance with the early-termination arrangements.

B.4.3. Cancellation or postponement before the go-live phase

The PROVIDER may agree, without being obliged to do so, upon a request from the COMPANY made by registered letter with acknowledgement of receipt:

to cancel the contract against payment of an amount of fifty percent (50%) of the implementation costs as a fixed indemnity, if the cancellation occurs before the start of the implementation phase,
to cancel the contract against payment of an amount of fifty percent (50%) of the subscription planned for the initial term of the contract as a fixed indemnity if the cancellation occurs during the implementation phase, with the amount of the implementation phase remaining due in full,
to postpone, by a maximum of one month, the contractually defined go-live date; beyond that, the recurring services will be billed.

B.5. Service-level commitment

B.5.1. Indicators

The service-level indicators are intended to determine the level of quality of the services provided by the PROVIDER in relation to the commitments made.

These indicators give an objective view of the overall quality of the services performed and provided.

ITG – Intervention Time Guarantee

This guarantee is defined as the time, expressed in hours, that elapses between the detection of the event (hour H) and its handling (1st action taken in connection with the event) by the PROVIDER over the subscribed service period. The service-level commitment depends on the criticality of the detected event. It is calculated on the rolling three-month average of the time of all incidents for each severity level and each managed environment.

Intervention Time Guarantee	Subscribed service level
	Low	Normal	Enhanced
Severity 1 incident	H+4	H+2	H+1
Severity 2 incident	H+8	H+4	H+2
Severity 3 incident	H+12	H+6	H+3

RTG – Restoration Time Guarantee for managed services

This guarantee is defined as the time, expressed in hours, that elapses between the handling (hour H: time of the 1st action taken in connection with the event) and the return to nominal service of the managed service by the provider over the subscribed service period. The service-level commitment depends on the criticality of the detected event. It is calculated on the rolling three-month average of the time of all incidents for each severity level and each managed environment.

Restoration Time Guarantee	Subscribed service level
	Low	Normal	Enhanced
Severity 1 incident	H+8	H+4	H+2
Severity 2 incident	H+16	H+8	H+4

The following times are excluded from the calculation of this indicator:

the correction of malfunctions attributable to items under the COMPANY's responsibility in accordance with the scope defined for the managed environment,
the correction of malfunctions by the publishers of the software concerned, whether or not they are under the PROVIDER's responsibility,
waiting for information from the COMPANY or a software publisher at the PROVIDER's request,
the validation of actions or documents by the COMPANY at the PROVIDER's request,
a stoppage of the services at the request of administrative or judicial authorities,
an interruption of the services decided by the PROVIDER in the event of danger to maintaining the security or availability of the hosting platform.

AR – Availability Rate

Given the high-availability architecture of the technical platform, the standard availability rate of the managed environment provided is 99.9%.

This rate is calculated as follows:

Total monthly downtime of the platform
___________________________________________________
Monthly duration of the service subscription period

The downtime concerns the periods during which the managed environment:

is not accessible,
no longer provides the expected service(s),
is severely disrupted.

Scheduled maintenance periods are excluded from the environment's downtime.

The Provider undertakes to inform the COMPANY of the schedule of these periods at least two weeks in advance.

If maintenance is necessary to resolve problems severely impacting the operation of the hosting platform, the PROVIDER reserves the right to inform the COMPANY four hours in advance.

B.5.2. Service-level management

The PROVIDER is responsible for investigating service-level failures:

by launching investigations into problems, in order to identify the root causes of failures relating to not meeting the Service Levels,
by informing the company, once identified, of the problems relating to the services that could reasonably be considered likely to cause a significant adverse effect on the COMPANY's operations,
by making written recommendations to the COMPANY's project manager regarding the improvement of the procedures relating to the services.

The PROVIDER identifies the root causes, corrects the problems and endeavours to reduce the repetition of Service Levels missed through the provider's fault. The COMPANY agrees to correct the problems and to endeavour to reduce the repetition of problems for which the COMPANY is responsible and which prevent the PROVIDER from reaching the Service Levels.

B.5.3. Penalties

Depending on the Service Level reached over each evaluation period, penalties may be applied according to the rules defined below.

The service-level compliance rate is calculated as follows:

Effective measured value of the indicator
Compliance rate = _________________________________________________
Target value of the indicator

Below the minimum compliance rate defined for each managed environment, penalties apply according to the table below:

Service-level compliance rate	Penalty ⁽¹⁾
< 95%	5.0%
< 90%	10.0%
< 85%	15.0%
< 80%	20.0%

This penalty rate applies to the amount of the flat-rate subscription billed over the service-level calculation period for each impacted managed environment.

The total amount of penalties applied per calendar year may not exceed an amount equal to ten percent (10%) of the flat-rate subscription billing of each managed environment.

By express agreement, the said penalties constitute a fixed indemnity covering the company's loss and exclude any claim for damages.

B.5.4. Repeated failure to meet service levels

In the event of repeated failure to meet the service levels and insofar as the provider is unable to apply the corrections necessary to meet its commitments, the termination-for-breach procedure described in the general terms of use may apply.

B.6. Modification of subscribed resources and services

The COMPANY must inform the PROVIDER by registered letter with acknowledgement of receipt of any modification of the subscribed resources or services, specifying the date of application of the said modification and respecting a notice period of at least two (2) weeks.

B.7. End of contract and reversibility

At the end of the contract, for whatever reason, the COMPANY must, without delay, cease all use of the services provided.

At least three (3) months before the expiry of the Contract, or when requesting termination, or before the date of total or partial termination of the resources or services provided for in the Contract, the COMPANY informs the PROVIDER in writing of its intention to benefit from Reversibility Assistance. To meet this request, the PROVIDER performs, towards the COMPANY or a Third Party, the reversibility-assistance plan defined by mutual agreement.

This assistance plan takes place under the following conditions:

it begins as soon as the settlement of all the provider's invoices awaiting payment has been made, including the invoice for the services relating to the reversibility plan,
it ends at the latest on the Expiry Date or on the date of termination of the Contract,
the COMPANY or a Third Party actively collaborates with the PROVIDER, in particular by providing the necessary resources to fulfil its obligations,
the work carried out by the PROVIDER, which will be counted on a time-spent basis in half-day units, as well as the travel costs of the PROVIDER's resources, are borne by the COMPANY or the Third Party according to the pricing conditions set by the contract.

If, during the assistance plan defined initially, the COMPANY or a Third Party wishes to benefit from additional services, or to have different or additional resources to those used by the PROVIDER under the contract, it makes a written request to the PROVIDER, which analyses it and provides a quotation as soon as possible.

B.8. Early termination

Each party may terminate this contract in its entirety by sending a registered letter with acknowledgement of receipt, with three (3) months' notice.

The company, terminating the contract before the end of the term (except in the event of breach by the other party) and respecting the required notice, may not claim any refund.

Termination for convenience is only authorised after an initial period representing a quarter of the commitment duration.

The PROVIDER may require an exit penalty from the COMPANY. This exit penalty is 10% of the instalments remaining due over the commitment period.

The COMPANY specifies, when terminating, whether it wishes to call on the PROVIDER for a reversibility-assistance plan.

B.9. Termination for breach

B.9.1. Scope

In the event of a serious breach by one of the Parties of any of the provisions of the Contract, the other Party may choose to terminate the Contract by following the procedure set out below.

In addition, the PROVIDER reserves the right to terminate this contract by following the provisions described in article B.9.2 without the intervention of a judge, in particular where:

the COMPANY breaches one of the conditions of use of the services or resources,
the COMPANY makes available to the public content that is manifestly contrary to the laws and regulations currently in force in France, in particular but not limited to child pornography, incitement to racial hatred, denial of crimes against humanity, incitement to murder, or procuring,
the PROVIDER observes acts of hacking or attempts to make unlawful use of the information circulating on the network caused by or originating from the connection with the COMPANY,
the PROVIDER observes the non-payment, when due, of any of the sums owed by the COMPANY under this contract, and where payment instruments are returned by the bank as unpaid.

In the event of use, dissemination or storage by the COMPANY of unlawful Data, the PROVIDER reserves the right to suspend or interrupt the Service by following the provisions described in article B.9.2, without any indemnity being owed to the Client, and without prejudice to the fees due, which the latter acknowledges.

B.9.2. Procedure

The Non-Defaulting Party shall send the Defaulting Party, by registered letter with acknowledgement of receipt, a notification within thirty (30) days following the said serious breach. This notification shall describe in detail the nature and specific dates of the serious breach and shall allow the Defaulting Party to remedy it within the following times:

within ten (10) days following receipt of the said notification, in the event of non-payment of a sum due on the Payment Date provided for in the contract,
within forty-five (45) days following receipt of the notification, in all other cases of serious breach. If the nature of a non-financial breach is such that it would not be feasible to rely on remedy within the initial period, an additional period of fifteen (15) days will be granted.

If the serious breach is not remedied during the cure period defined above, the Contract may be terminated for serious breach, at the initiative of the Non-Defaulting Party by notification sent by registered letter with acknowledgement of receipt to the Defaulting Party, within sixty (60) days following the expiry of the cure period indicated above; the termination shall take effect on the date indicated in the said notification.

B.10. Price revision

The prices of the services are revised on 1 January each year according to the increase in the Syntec index, using the following formula:

P = P0 x (S / S0) where:

P represents the prices of the Services after revision,
P0 represents the prices stipulated at the date of signature in this services contract or in its annexes,
S represents the most recent Syntec index known at the revision date,
S0 represents the reference Syntec index defined in the Price Schedule.

If the Syntec index disappears, the Parties will agree on the choice of a replacement index. Failing agreement between the Parties, express jurisdiction is given to the President of the Paris Commercial Court to determine the new index to be included in the aforementioned revision formula. The resulting costs will be shared equally between the Parties.

Any delay in determining the replacement index shall have no effect on the payments, which will be made on the scheduled due dates and will be subject to a later adjustment.

B.11. Measures relating to data

It is for the COMPANY to make the declarations and administrative formalities relating to the French Data Protection Act of 6 January 1978 as amended, to Regulation (EU) 2016/679 on the protection of personal data, and more generally to the regulations relating to data hosting.

If the COMPANY's Data hosted by the PROVIDER includes data covered by such regulations, the COMPANY warrants to the PROVIDER that it has carried out all the obligations incumbent on it and that it has informed the natural or legal persons concerned of the use made of the said data. In this respect, the COMPANY indemnifies the provider against any claim, complaint or action from any natural or legal person whose data is reproduced and hosted via the Service.

Insofar as the provisions of the aforementioned law and other associated regulations allow, the PROVIDER must take, upon prior information communicated by the COMPANY by registered letter with acknowledgement of receipt, all technical or security measures required for the processing, files and data, provided that the required level is not higher than the contractual security level. Otherwise, an amendment to the contract will be examined between the two parties.

Subject to the aforementioned provisions, the PROVIDER undertakes to fully comply with the provisions relating to the regulations in force that have been communicated to it beforehand. The terms of the processing of personal data carried out by the PROVIDER on behalf of the COMPANY, as well as the allocation of responsibilities under Regulation (EU) 2016/679, are governed by the “Personal Data Processing” annex, which prevails over this article in the event of any discrepancy.

B.12. Internet rules of use

The COMPANY declares that it accepts the characteristics and limits relating to the use of the Internet, and in particular:

that the PROVIDER exercises no control over the data passing through its data centre,
that the Internet, by its very constitution — preventing knowledge of the recipient's throughput, the path taken by the Data or the availability rate of the bandwidth — presents:
- technical hazards that may lead to slowdowns or interruptions of services; consequently, the PROVIDER will not be held liable for any unavailability or slowdowns of the service inherent to the Internet,
that the data accessible on the Internet may be protected by an intellectual property right,
that the COMPANY is solely responsible for the use it makes of its data.

The COMPANY undertakes not to carry out actions prohibited on the Internet involving services made available to it by the PROVIDER, such as:

harming Third Parties by DoS (Denial of Service) or DDoS (Distributed Denial of Service) attacks or by spreading viruses or malware,
using the messaging features or any other message-broadcasting software to send unsolicited messages en masse (SPAM) or emails to persons who have previously notified that they do not wish to receive them.

B.13. Software

B.13.1. Suitability of the software making up the proposed solution

The COMPANY acknowledges:

having become aware of the potential, purpose, features, standard nature and operating mode of the subscribed solution,
having received from the PROVIDER all the information needed to assess the suitability of the solution to its needs and to take all useful precautions for its use.

It is for the COMPANY to ensure:

that it has the necessary skills to use the software,
that its staff is able to use the software with all the required effectiveness,
that the results obtained using the solution comply with its needs.

B.13.2. Rights of use

As regards the software that is the subject of the service, the rights to use the software are granted on a non-exclusive, personal and non-transferable basis, in accordance with the Intellectual Property Code. The COMPANY refrains from any use of the said Software outside the Service.

In any event, the user undertakes to respect the ownership right that the author of the software retains over its work.

B.13.3. Licence agreement

If a licence agreement exists, the use of the Software is governed by the terms of the licence agreement. The user must accept the terms of the licence agreement.

Any reproduction or redistribution of the software that does not comply with the stipulations of the licence agreement is expressly prohibited by law.

The software is warranted, where applicable, only in accordance with the terms of the licence agreement; except for any warranty stipulated in the licence agreement, the PROVIDER excludes any implied warranty relating to the software, in particular any implied warranty of quality, fitness for a particular purpose, title and non-infringement.

The user undertakes not to decompile or disassemble any Software outside the legal framework defined in Article L.122-6-1 II to IV of the Intellectual Property Code.

B.13.4. Subscription models

The applicable subscription model is specified in the Special Conditions or the purchase order. Two models are possible:

SaaS mode. The right to use the Melis Platform solution and the Applications is granted to the COMPANY for the duration of the subscription only, on a non-exclusive, personal and non-transferable basis. This right is included in the price of the service, with no separate licence fee, and renews according to the periodicity of the subscription. It ceases automatically at the end of the service, without any copy being retained.

Licence and hosting model. The licence to use the Melis Platform solution is granted for a fixed term (term licence), renewable annually, and is subject to a licence fee billed separately from the hosting and managed services, which are themselves subscribed and renewed annually under this annex. Non-renewal or non-payment of the licence fee results in the cessation of the right to use the solution, without prejudice to the possible continuation of the hosting and managed services alone under the conditions provided for in the contract.

The license is granted for a minimum fixed term of one (1) year and is automatically renewed for successive one-year periods, unless terminated by either party with three months' notice prior to the expiration date.

Article B.14. Liability

The PROVIDER undertakes to apply, in performing all the services for which it is responsible hereunder, all care and to implement all the diligence required, to perform its tasks in accordance with the practices of the profession and the state of the art.

The PROVIDER is released from all liability in the event of non-performance resulting from:

a delay or suspension of the performance of the services where they are attributable to the Client or to an act of a Third Party having the characteristics of force majeure,
a case of force majeure or the act of a third party, as defined by the case law of the French courts,
an interruption of service:
- expressly requested of the PROVIDER by an administrative or judicial authority,
- decided by the PROVIDER in the event of:
  - danger to maintaining the security or availability of the hosting platform, whether following the hacking of a managed environment made available to the COMPANY under the contract (virus, denial of service, etc.), a hardware or software malfunction related to the environment, or following a failure to update a component of the environment resulting in the detection of a security vulnerability,
  - blacklisting of the IP addresses used by the PROVIDER, extending beyond the IP address(es) allocated to a managed environment made available to the COMPANY.

The PROVIDER's liability can only be engaged for the PROVIDER's fault in relation to the services defined in the contract, duly proven by the COMPANY.

It is expressly acknowledged that if the PROVIDER's liability were to be retained in the performance of this contract, and whatever the basis of the action for compensation under which damages are claimed, the Parties agree that the PROVIDER will only be liable and the COMPANY may only claim compensation, for any other loss, up to the lower of the following two amounts:

EUR 150,000, or if applicable,
the refund of the invoices for the last four (4) months relating to the flat-rate subscriptions of the services in question.

The COMPANY waives, as do its insurers for whom it stands surety, all recourse against the PROVIDER beyond this amount.

In addition to the points described in the “Internet rules of use” article for which the COMPANY acknowledges that the PROVIDER could in no event be held liable for any loss, direct or indirect, such as any commercial loss, loss of customers, loss of orders, commercial disturbance, loss of profit, loss of productivity, damage to brand image or the result of erroneous studies, it is specified that:

the COMPANY undertakes not to carry out actions liable to harm the integrity and proper operation of the PROVIDER's technical platform and associated resources, in particular by carrying out port scans, performance-saturation tests, active vulnerability searches, usurpation of access rights, attempts to breach the logical-partitioning mechanisms, etc., nor to access data not belonging to it,
the COMPANY is solely responsible for any loss, direct or indirect, material or immaterial, caused by itself or one of its agents to the PROVIDER or to third parties as a result of misuse of the contractually defined services,
the COMPANY may be ordered to pay indemnities to the PROVIDER on account of the loss caused,
the PROVIDER's liability cannot be engaged in the event of use of the service that does not comply with this contract,
the PROVIDER cannot be held liable in the event of legal proceedings against the COMPANY on account of the use of the PROVIDER's services and of any service accessible via the Internet,
the PROVIDER can in no event be liable for the content of the services accessed, the nature of the data queried, transferred or put online by users, and generally for any information accessed by the COMPANY,
the PROVIDER disclaims all liability as to the compatibility, reliability and operation of the software used by the COMPANY,
the PROVIDER cannot be liable for the unauthorised introduction of data into the space dedicated to the COMPANY despite all the security measures it may have taken,
the PROVIDER cannot be liable for the incorrect sizing of telecommunications lines, databases or, more generally, the capacity of the technical resources made available following erroneous or non-updated information provided by the COMPANY,
the PROVIDER cannot be held liable for the accidental destruction of the Data by the COMPANY or a third party who has accessed the service by means of the Credentials given to the Company.

B.15. Hosted data

B.15.1. Ownership

The following are considered data belonging to the COMPANY: all of the COMPANY's files or data transmitted to the PROVIDER for the performance of the subscribed services, entered by the COMPANY in the software hosted by the PROVIDER, as well as the data collected or processed by the PROVIDER in connection with the service subscribed by the COMPANY. The COMPANY grants the PROVIDER a personal, non-assignable, non-exclusive and non-transferable right to reproduce its data, for the sole purpose of performing the subscribed services, for the term of the contract and worldwide.

B.15.2. Warranty

The COMPANY is solely responsible for the quality, lawfulness, accuracy, relevance and integrity of the Data it transmits for the performance of the subscribed services. It further warrants that it holds all the intellectual property rights enabling it to use the Data and to entrust its hosting to the PROVIDER. Accordingly, the PROVIDER disclaims all liability in the event of non-compliance of the Data with laws and regulations, public order, or the COMPANY's needs.

Consequently, the COMPANY shall, at its own expense, defend the PROVIDER in any proceedings brought against it on the grounds that Data stored or distributed via the service infringes the rights of third parties, provided that:

the PROVIDER notifies the COMPANY, as soon as it becomes aware of it, of any summons or formal notice;
the PROVIDER provides, at the COMPANY's reasonable request, all assistance as well as the information and items in its possession.

B.15.3. Data liability

The COMPANY is also responsible for editorial direction, both for a site or a software package or specific software hosted by the PROVIDER, and for the content of any product developed at its request. As the PROVIDER exercises no control over the content and data owned by the COMPANY, it is for the COMPANY alone to assume responsibility for disputed content.
The PROVIDER's liability may be engaged after the fact, on the sole condition that, once the PROVIDER is aware of an issue with content, it has not acted promptly to remove it or make access to it impossible.

The PROVIDER cannot be held liable following any action or claim brought by a third party on account of the unlawful nature of the hosted content, and in particular on account of:

any content contrary to the laws and regulations in force, distributed by the COMPANY,
the infringement of intellectual property rights relating to works contained or distributed, in whole or in part, linked to the managed environment made available to the COMPANY,
the circumvention of technical protection measures.

The hosted pages, the multimedia products and, more generally, all publications or data used by the software must not be contrary to, or give access to (in particular through hyperlinks), information or services contrary to legal and regulatory provisions.

It is recalled that the following are in particular prohibited and criminally punishable:

infringement of the privacy of others,
defamation and insult,
the reproduction, representation or distribution of a work of the mind in breach of the author's rights,
inciting minors to commit unlawful or dangerous acts,
facilitating the corruption of a minor, the pornographic exploitation of the image of a minor; the distribution of violent or pornographic messages liable to be seen by a minor,
incitement to crimes and offences, and incitement to suicide,
incitement to discrimination, hatred or violence, in particular racial,
the glorification of certain crimes, in particular murder, rape, theft, war crimes and crimes against humanity, and the denial of crimes against humanity.

The COMPANY acknowledges that it has all the legal, regulatory or administrative authorisations necessary to use the chosen service(s) and undertakes to comply with the provisions of all legislation applicable to the processing of personal data, to the creation of audiovisual communication services and to cryptology techniques, and to make or obtain all declarations or authorisations necessary for this purpose. The COMPANY warrants to the PROVIDER that it has verified that the subscribed services allow it to fulfil its obligations relating to the regulations in force on the storage and processing of the hosted data. To this end, it undertakes to keep the PROVIDER regularly informed of these obligations.

The PROVIDER has set up a mechanism allowing any person to report to it the presence of unlawful data concerning the glorification of crimes against humanity, incitement to racial hatred or child pornography.

The PROVIDER reserves the option to remove, without notice and at any time, access to content:

that would be contrary to public order, morality or “netiquette”,
that would not comply with the general conditions or would prevent the proper operation of the service,
upon requisition by the judicial or administrative authority.

Where the PROVIDER creates or hosts a site including an online discussion space (for example a forum), the COMPANY designates, within its structure, moderator(s) responsible for approving the messages sent by users. Each contributor nevertheless remains responsible for their own remarks. The PROVIDER reserves the right to suspend any discussion groups deemed unlawful.

B.15.4. Security

The PROVIDER undertakes to take all the necessary measures, in line with the state of the art and technology, to protect the COMPANY's Data hosted on the PROVIDER's platform.

Subject to the “Liability” article, the PROVIDER undertakes to preserve the integrity and confidentiality of the Data contained on its platform. The PROVIDER will implement the technical and organisational measures of a nature to prevent any fraudulent access to or use of the Data and to prevent any loss, alteration or destruction of the Data.

The COMPANY undertakes to put in place protection measures adapted to the Internet connection linking its sites to the services hosted by the PROVIDER.

B.15.5. Fate of the data

On termination of the COMPANY's subscription Service, the PROVIDER will retain the COMPANY's Data for a maximum period of three (3) months and, if requested during this period, the PROVIDER will provide the COMPANY with a copy of this data in a standard format determined by the PROVIDER. The costs arising from this return are borne by the COMPANY, billing being carried out on a time-spent basis according to the pricing provided for in the contract.

The PROVIDER will in no way be required to retain the COMPANY's Data beyond this period. The PROVIDER will confirm to the COMPANY the destruction of the Data.

B.15.6. Protection of cross-border data flows

These conditions comply with the Community provisions relating to the protection of cross-border data flows, and in particular Directive 95/46, transposed in France by the Data Protection Act of 6 January 1978 as amended, Regulation (EU) 2016/679 on the protection of personal data and, more generally, the regulations relating to data hosting.

On the date of entry into force of the Contract, the place of provision of the services is specified in the contract or its annexes.

B.16. Reporting of complaints and security vulnerabilities

The PROVIDER undertakes to inform the COMPANY of the occurrence of any security vulnerability on the services, as well as any complaint addressed to it by any individual concerned by the service performed under the Contract. This communication must be made as soon as possible and at the latest forty-eight hours after the discovery of the security vulnerability or following receipt of a complaint.

In the event of a complaint involving a service linked to the COMPANY, the PROVIDER, after technical verification of the validity of the information transmitted by the complainant and a finding of non-compliance with the COMPANY's commitment, will be entitled to limit, restrict, interrupt or permanently suspend all or part of the service in question for a period of at least twenty-four (24) hours up to thirty (30) days, or even permanently terminate the contract in the event of:

failure to comply with the warnings for SPAM activity sent to the COMPANY,
blacklisting of the IP addresses used by the PROVIDER, extending beyond the IP address(es) allocated to a managed environment made available to the COMPANY.

B.17. Use of the service access credentials

All the elements allowing the beneficiary of the services to identify and connect to the services are personal and confidential. The latter undertakes to keep them secret and not to disclose them, in any form whatsoever. They may in no case be transferred to third parties, free of charge or for a fee.

B.18. Connection data

The PROVIDER informs the COMPANY that it is required:

to hold and retain the data of a nature to allow the identification of the content creators of the applications it hosts or to which it provides Internet access (Article 6 II of the French LCEN),
to communicate to the authorities the information relating to the use of the Internet service by the COMPANY, whenever these authorities make a reasonable request to that effect.

B.19. Evidence of operation and use of the services

By express agreement between the PROVIDER and the COMPANY, the recording, control or supervision systems of the PROVIDER implemented in connection with the services delivered under the contract will be considered to constitute evidence of the date, duration, conditions of access to and use of the services by the COMPANY, in particular for the calculation of the fee for the services consumed.

Version 1 — in force since 10 April 2025 — Melis Technology