TERMS OF SERVICE

Effective date: 4 March 2026

Balcony Production Ltd (company number: 09053937, registered in England and Wales, registered office: Flat 4, 17 Vicarage Gate, London, W8 4AA, United Kingdom) ("Balcony", "we", "us")

"Customer", "you" or "your" means the business entity that registers for or uses the Service, including any authorised users acting on its behalf.

These Terms of Service ("ToS") govern your access to and use of the Erna scheduling and optimisation platform (the "Service"), operated by Balcony Production Ltd. By registering for, accessing or using the Service, you agree to be bound by these ToS.


1. Business Use Only

1.1 The Service is provided solely for business-to-business (B2B) use.

1.2 You represent that you are acting in the course of your business or organisation and not as a consumer.

2. Service Overview

2.1 The Service enables you to submit workforce scheduling requirements ("Input Data") and produces suggested schedules ("Outputs").

2.2 You retain control and responsibility for all data you submit and all use of Output Data.

2.3 The Service may process scheduling requests using multi-step workflows and background execution processes. Such workflows may involve temporary or persistent storage of workflow parameters, intermediate results, and generated outputs within the hosting platform.

3. Licence and Access

3.1 Subject to your compliance with these ToS, we grant you a limited, non-exclusive, non-transferable licence to access and use the Service for internal business purposes.

3.2 We may suspend or terminate your access for security, policy, or compliance reasons.

4. Customer Data

4.1 "Customer Data" means Input Data and Output Data.

4.2 You retain ownership of all Customer Data.

4.3 You are responsible for ensuring that Customer Data submitted into the Service is accurate, lawful and appropriate.

5. Data Protection

5.1 You are the Data Controller of Customer Data.

5.2 Balcony acts as a Data Processor under the terms of the separate Data Processing Addendum attached below.

5.3 You must have all necessary rights, consents and legal bases to process and submit Customer Data.

6. AI and Third-Party Services

6.1 The Service utilises third-party large language models and other services to process Customer Data.

6.2 You acknowledge that Outputs are generated by probabilistic models and may contain inaccuracies. You agree to verify Outputs before relying on them for operational decisions.

6.3 Customer Data may be processed by third-party AI and infrastructure providers engaged by Balcony. Such providers may retain inputs and outputs for limited periods in accordance with their published policies and contractual terms. Balcony does not permit Customer Data to be used for training third-party models where such use is contractually prohibited.

7. Acceptable Use

7.1 You shall not use the Service to:

(a) submit personal data, including special category data (such as health or religious information), except where strictly necessary for workforce scheduling purposes and where the Customer has a valid lawful basis to process and disclose such data;

(b) Engage in any activity that violates applicable laws or rights of others;

(c) Interfere with the security, integrity or operation of the Service.

8. Fees

8.1 Use of the Service may be subject to fees as agreed between you and Balcony.

8.2 Fees are exclusive of VAT. If payments are not received, Balcony may suspend access.

9. Intellectual Property

9.1 All intellectual property rights in the Service (software, models, interfaces) remain the exclusive property of Balcony.

9.2 You retain ownership of Customer Data.

10. Warranties and Disclaimers

10.1 The Service is provided "as is" and "as available".

10.2 To the maximum extent permitted by law, Balcony disclaims all warranties, whether express or implied, including accuracy of Outputs and uninterrupted service.

11. Limitation of Liability

11.1 Nothing limits liability for death or personal injury caused by Balcony's negligence, fraud, or any liability that cannot be excluded by law.

11.2 Subject to Clause 11.1, Balcony's total liability shall not exceed the total fees paid by the Customer in the 12 months preceding the event giving rise to the claim.

12. Indemnity

You indemnify Balcony against any claims arising from your use of the Service, your Customer Data, or your breach of these ToS.

13. Termination

13.1 Balcony may suspend or terminate access if you materially breach these ToS.

13.2 Termination does not relieve you of accrued payment obligations.

14. Governing Law

14.1 These ToS are governed by the laws of England and Wales.

14.2 The courts of England and Wales have exclusive jurisdiction over disputes.


DATA PROCESSING ADDENDUM (DPA)

This DPA forms part of the Terms of Service and is intended to satisfy Article 28 of the UK GDPR. It governs Balcony's processing of Customer Data as provider of the Service.

A. Definitions

Capitalised terms have the meanings in the ToS or UK GDPR.

B. Roles and Responsibilities

B.1 You are the Controller of Customer Data.

B.2 Balcony is the Processor and only processes Customer Data on your documented instructions.

C. Purpose Limitation

C.1 Balcony processes Customer Data solely to provide the Service, including passing data to LLMs for transformation into Outputs.

D. Sub-Processors

D.1 You authorise Balcony to engage the following categories of Sub-processors:

D.2 Balcony remains responsible for Sub-processors' compliance with this DPA.

E. Data Security

E.1 Balcony will implement appropriate technical and organisational measures, including:

F. Personal Data Handling

F.1 Balcony processes and stores Customer Data as necessary to provide the Service. This includes processing and storage within Cloudflare-managed services such as databases, durable objects, workflow systems, and execution environments. Certain Customer Data (including scheduling instructions, employee identifiers, workflow state, cached logic and generated schedules) may persist until deleted by Balcony or the Customer, subject to technical and platform limitations.

F.2 You warrant that you have valid legal bases to process Customer Data.

F.3 Customer Data may be accessed by authorised Balcony personnel with administrative access to production systems where such access is reasonably necessary for maintenance, debugging, customer support, security, compliance, or incident response purposes. Such access is subject to access controls and platform-level audit logging.

G. International Transfers

G.1 Customer Data may be processed or stored outside the United Kingdom and the European Economic Area, including through Balcony's use of globally distributed cloud infrastructure and third-party service providers. Where such transfers occur, Balcony shall ensure that they are subject to appropriate safeguards in accordance with applicable data protection law, such as standard contractual clauses, the UK International Data Transfer Addendum, or other lawful transfer mechanisms.

H. Data Subject Rights

H.1 Balcony will, to the extent legally permitted, assist you in responding to data subject requests.

I. Deletion and Return

I.1 Upon termination of the Service or upon written request from the Customer, Balcony shall use commercially reasonable efforts to delete or anonymise Customer Data in its control, except to the extent retention is required by law or technically unavoidable.

I.2 The Customer acknowledges that (i) certain logs, metrics, audit records or platform-level data may be subject to fixed retention periods and cannot be selectively deleted, (ii) Customer Data processed by sub-processors is subject to their retention policies, and (iii) deletion may require manual administrative action and may not be immediate.

J. Audit and Compliance

J.1 You may reasonably audit Balcony's compliance with this DPA upon notice and under confidentiality.


AI USE POLICY

The Service uses machine-learning models to process scheduling instructions. Outputs are probabilistic and may contain inaccuracies. Customers must review and validate Outputs before operational use. Sensitive or special category data should not be submitted unless strictly necessary and lawfully processed.