Annex A: ApplicaDigital – Service Details, Encryption and Support

1. PURPOSE AND COMPLEMENTARY DEFINITIONS

1.1. The purpose of this Annex A is to detail the technical and operational characteristics, service levels, and specific conditions of the APPLICADIGITAL service (hereinafter, the "Service" or the "Platform"), as well as the associated file encryption and technical support services, provided by Producción Diseño e Informática, S.L. (hereinafter, "PDI") to the Client, within the framework of the APPLICADIGITAL Services Agreement (hereinafter, the "Main Agreement") of which this Annex A forms an integral part.

1.2. For the purposes of this Annex A, the following definitions shall apply, which complement those established in the Main Agreement:

• Software / Licensed Software / Platform: Refers to the APPLICADIGITAL hosted service provided by PDI, which includes the use of the underlying Adobe Content Server ("ACS") technology, applications developed or integrated by PDI for communication with the Client, and integration connectors that PDI makes available.
• Hosted Services / Software as a Service (SaaS): Service delivery modality whereby PDI provides the Client with the ability to use the APPLICADIGITAL application and its functionalities exclusively through the Internet, via a web browser or API interfaces designated by PDI. The execution of the main software and storage of service management data occur in the infrastructure managed by PDI or its cloud service providers.
• ALSS (Adobe License Signing Service): The service provided by Adobe Inc. for encryption and license signing of digital files, used by PDI as an integral part of APPLICADIGITAL.
• Web Application: The interface or set of interfaces (including web portals and/or APIs) provided by PDI for the Client to access and use APPLICADIGITAL functionalities.
• Client Data / Client Database: Refers to Client Content (digital files for encryption) and the collection of metadata, configurations, and transaction records associated with the Client's account in APPLICADIGITAL, arranged systematically or methodically and individually accessible by the Client through the Web Application.
• Authorized User: Person designated by the Client who has the right to use APPLICADIGITAL on behalf of the Client, through the Internet, using the provided access credentials.

2. APPLICADIGITAL SERVICE CONTENT

2.1. The APPLICADIGITAL Service will include, at minimum and according to the contracted plan:

1. Internet access to the APPLICADIGITAL Platform functionalities for managing, encrypting, and licensing Client Content, through the use of secure access credentials provided by PDI. Access is granted on a non-exclusive and non-transferable basis.
2. Platform and Management Data Backups: PDI will perform backups of the APPLICADIGITAL Platform configuration and the Client Database (excluding Client Content in open format, see Clause 2.1.d). A complete daily backup will be performed with a standard retention of one (1) week. PDI reserves the right to modify this policy with prior notification, always seeking to maintain an adequate level of protection.
3. Storage for Service Management: A base storage of 10 GB is included for data managed by the Platform (metadata, temporarily encrypted Client Content for processing, etc.), with no limit on the number of files as long as the total capacity is not exceeded.
   • i. Beyond 10 GB, the Client will assume a surcharge of €240 annually, having 5 GB of additional storage.
   • ii. For each additional 5 GB required subsequently, a charge of €240 annually will apply.
   • iii. The equivalence table is:

   Additional Capacity	Annual Cost	Total Available Capacity
   10 GB (included)	No cost	10 GB
   +5 GB	€240	15 GB
   +10 GB	€480	20 GB
   +15 GB	€720	25 GB

4. Client Content Management: PDI guarantees that it does not store in its infrastructure or any other long-term storage method any Client Content files (PDF, EPUB, EPUB3) in open or unencrypted format once they have been processed by the Platform. It is the Client's responsibility to maintain and safeguard their original files in open format.

2.2. Internet Server System Administration by PDI: PDI will be responsible for administering the infrastructure hosting APPLICADIGITAL, which includes permanent updating and security management of Adobe Content Server software and its certificates, antivirus systems, and server operating system updates, when PDI determines that such updates are stable and their operation is proven. It also includes management of the hardware and communications infrastructure necessary for the proper functioning of the Platform under PDI's control.

3. APPLICADIGITAL SERVICE EXCLUSIONS

Unless explicitly agreed otherwise in an Economic Proposal or professional services agreement, the APPLICADIGITAL Service will NOT include:

1. Adaptation or customization of the Web Application or APPLICADIGITAL Platform to the Client's special circumstances or new functional needs arising from use that are not part of the Service's standard features.
2. Incorporation of elements or adaptation of the Service to ensure compatibility with specific technological evolution in the Authorized User's or Client's end user's computers or devices (e.g., specific or non-standard versions of operating systems, Internet browsers, Client's particular hardware requirements, or Client's Internet connection configurations).
3. Technical support services related to the Client's connectivity to the Service, whether due to Client hardware problems (configuration of their equipment) or their communications (Internet access line, firewalls, proxies, Client's internal network configurations).
4. Tasks necessary to restore data or situations derived from incorrect, accidental, or negligent operations by the Client or their Authorized Users, or third parties acting under the Client's responsibility, that cause information loss, destruction, or disorganization of files in the Client's systems or in the way they manage their Content.
5. Correction of anomalies or access problems attributable exclusively to the computer or device used by the Client, deficiencies in their working environmental conditions, failures in their electrical network, or failures of their communications provider, and which, therefore, do not have a direct causal relationship with a failure of the APPLICADIGITAL Platform.
6. Performing or restoring backups of Client Content in original or open format, or applying backup policies different from the standard ones provided by PDI for Platform management data, as described in Clause 2.1.b.

4. PLATFORM ACCESS AND USE CONDITIONS

4.1. The Client will receive access credentials (user code and password) to use the APPLICADIGITAL Platform exclusively through the Internet during the term of the Agreement. These credentials are personal and non-transferable for each Authorized User.

4.2. Authorized Users may, through the Web Application, process Client Content and manage licenses according to the Service functionalities and the limits of the contracted plan.

4.3. The Client may not transfer the APPLICADIGITAL usage license or commercially exploit the Platform in a manner different from the purpose of the Agreement, nor make the Service or its content (other than properly licensed Client Content) available to unauthorized third parties.

4.4. The Client may not create unauthorized "deep links" with the Service on the Internet, nor "adapt" or "duplicate" any content of the APPLICADIGITAL Platform (except their own Content) on any other server or device; nor use reverse engineering techniques or access the Service for the purpose of: (a) creating a competitive product or service; (b) creating a product using ideas, features, functions, or graphics similar to those of the Service; or (c) copying any idea, feature, function, or graphic of the Service.

4.5. Authorized User codes may not be shared or used by more than one individual simultaneously, but may, on certain occasions and with prior management with PDI, be reassigned to new Authorized Users who replace previous users who have ceased their relationship with the Client or whose function no longer requires use of the Service.

4.6. Data entered by the Client through the Web Application (Client Content and associated metadata) belong exclusively to the Client. They will be recorded and stored on servers managed by PDI or its cloud service providers, in accordance with PDI's Security and Data Protection Policies.

5. FORCE MAJEURE AND HOSTED SERVICE LIMITATIONS

5.1. Neither Party shall be liable to the other for damages and losses resulting from delay or impossibility of fulfilling their contractual obligations, if this is due to force majeure. Force majeure causes include, among others, unforeseen circumstances or circumstances that, being foreseen, were unavoidable and beyond the reasonable control of the affected Party (e.g., natural disasters, acts of public authorities, war, pandemics, widespread telecommunications or energy failures not attributable to the Party).

5.2. Regarding the use of the APPLICADIGITAL Service, which is a hosted service dependent on multiple technological factors, PDI does not absolutely guarantee:

1. That the Service will always be 100% secure (although PDI applies robust security measures), timely, uninterrupted at all times, or completely error-free.
2. That the Service will work without problems in combination with any other hardware, software, system, or Client data not previously validated by PDI as compatible.
3. That it will meet all particular requirements or expectations of the Client that have not been explicitly agreed upon and documented.
4. That data stored or processed through the service will always be 100% accurate and reliable, although PDI will apply measures for their integrity.
5. That the quality of any product, service, information, or other material obtained by the Client through the SaaS Service will unfailingly meet all user requirements or expectations if these were not previously defined.
6. That services provided by other telecommunications operators or Internet providers, necessary for the Client to access PDI's service, will be free from defects or other harmful components.

5.3. PDI's services may be subject to limitations, delays, and other incidents inherent to the use of the Internet and electronic communications. PDI will not be responsible for damages derived from such generic Internet incidents that are beyond its direct control.

6. TECHNICAL SUPPORT SERVICE

6.1. The technical support provided by PDI for APPLICADIGITAL is divided into three levels of attention, prioritizing agile and effective resolution of incidents for Clients with an active support subscription:

• Level 1: Initial attention provided by PDI, including assistance in installation (if applicable to any client component), activation, and product configuration. PDI performs a preliminary diagnosis to resolve the incident.
• Level 2: For incidents related to complex problems in the implementation or operation environment of APPLICADIGITAL that require deeper analysis or that may be linked to the Main Underlying Software (ACS/ALSS). These will be managed by PDI, who may escalate queries or incidents to Adobe's support program (e.g., "Annual Developer Support Plan" or equivalent) if PDI deems it necessary.
• Level 3: Resolution of advanced problems or possible defects in the Main Underlying Software, through direct coordination of PDI with Adobe's support teams, under criteria of confidentiality and shared responsibility.

6.2. Protocol for Critical Incidents: For incidents that the Client categorizes as critical and that seriously affect the operability of APPLICADIGITAL in the Client's production environment, PDI will activate an escalation and priority management protocol:

1. Critical Incident Identification: Examples include: widespread failures in encryption or license signing capability that prevent distribution of Client Content; severe interruptions in access to the APPLICADIGITAL platform that directly and demonstrably affect the Client's business; serious compatibility problems with the service after critical updates made by PDI to the Platform.
2. Priority Notification: The Client must mark the incident as "CRITICAL" in their initial communication to soporte@pdi.es. PDI will confirm receipt of the critical incident within a maximum of two (2) business hours (within PDI's support hours), assigning a specialized technical manager.
3. Immediate Intervention and Escalation: The highest available technical level at PDI (Level 3 coordination) will be assigned to directly manage the incident. If necessary, PDI will contact Adobe on a priority basis under the mechanisms of the "Annual Developer Support Plan" or equivalent.
4. Continuous Updates: The Client will receive periodic progress updates to ensure transparency and peace of mind, allowing the Client to plan parallel actions if necessary.
5. Final Report: Once the incident is resolved, PDI will deliver to the Client a detailed report (if the nature of the incident allows) with the actions taken, response times (approximate if dependent on third parties), and recommendations to avoid similar problems.
6. The Client must provide PDI with all necessary technical access (secure remote, if agreed) and relevant and detailed information to facilitate effective support management.

6.3. Conditions Excluding PDI Support: PDI Support will not cover the cases detailed in Clause 3 of this Annex A, nor those derived from:

1. Unauthorized software modifications.
2. Use outside the scope of license agreement warranties.
3. Problems derived from hardware or software external to the Adobe product (and the APPLICADIGITAL platform managed by PDI).
4. Installations or configurations on the Client side not conforming to technical specifications recommended by PDI or Adobe for interaction with APPLICADIGITAL.

6.4. Contact Protocol and PDI Support Response Times:

1. Communication Channel: Incidents must be communicated exclusively through soporte@pdi.es.
2. Incident Confirmation: All requests receive an initial confirmation within the first 24 business hours, with assignment of a case number.
3. Response/Resolution Times (Objectives):
   • Level 1 (basic incidents by PDI): First qualified response in 4-8 business hours. Resolution within 24 to 48 business hours.
   • Level 2 (complex incidents managed by PDI with possible consultation with Adobe): First qualified response in 8-16 business hours. Resolution within 3 to 5 business days (depending on complexity and if Adobe intervention is required).
   • Level 3 (coordination with Adobe): Timelines depend on Adobe and will be communicated to the Client.
4. For critical incidents, the specific protocol applies.

7. ADDITIONAL SERVICES AND RATES

7.1. PDI offers additional technical consulting and advanced engineering services to complement standard support, which will be billed separately upon budget acceptance:

• Specialized technical consulting: €100/hour. (Includes advice on implementation, optimization, and software customization).
• Advanced engineering and development: €150/hour. (Applicable for complex projects requiring design, development, or advanced integration).
• On-site services: Subject to additional charges for travel, per diem, and hours worked, determined according to location and nature of service.

7.2. Note: Rates are indicative and may be adjusted. A detailed quote will be provided upon request.

8. RESOURCE OPTIMIZATION AND QUALITY COMMITMENT (PDI)

8.1. PDI commits to optimizing its support and management resources through:

• Delegated license administration (when the Client authorizes it and Adobe programs allow it) to improve management and access to support.
• Prioritization of critical incident management according to the protocol defined herein.
• Periodic review and audit of its own support processes to ensure and improve the quality of service provided by PDI.

9. REGULATORY COMPLIANCE (PDI)

9.1. PDI Support and maintenance activities described in this Annex A are performed in strict compliance with intellectual property, data privacy, and software licensing regulations in force in 2025, ensuring protection of Client and user rights, and respecting Adobe Terms.

9.2. Export restrictions and prohibited territories. The Client acknowledges that the APPLICADIGITAL® Platform and underlying Adobe Content Server technology are subject to U.S. export control regulations (including, without limitation, the Export Administration Regulations and OFAC sanctions programs). Consequently, the Service may not be marketed, licensed, or made available, directly or indirectly, in: (a) countries subject to total or partial U.S. embargo —Cuba, Iran, North Korea, Syria, Russia, and Belarus—, nor in the regions of Crimea, Donetsk (DNR), Luhansk (LNR), Kherson, and Zaporizhia; or (b) individuals or legal entities included in restricted lists (Denied Persons, SDN, Entity List, or other equivalents).

The Client agrees to:

1. Implement screening procedures prior to any registration, sublicense, or transaction.
2. Prevent the Service from being accessed or redirected from the indicated territories or by the indicated subjects.
3. Notify PDI Consultores immediately if a possible breach is detected.
4. Indemnify and hold PDI harmless against sanctions or claims arising from violation of this clause.

Update note: Jurisdictions and restricted lists may vary; PDI will communicate any changes with 30 days' notice and the Client must adapt to the current version.