ACCEPTABLE USE POLICY

appaloosa.io

Last updated: October 1, 2025

1. INTRODUCTION

This Acceptable Use Policy covers the products, services, and technologies (collectively referred to as the “Services”) provided by OB2J under any current agreement. It is designed to protect us, our customers, and the wider Internet community against unethical, irresponsible, and illegal activities.

OB2J customers who engage in activities prohibited by this Acceptable Use Policy may be subject to service suspension and account termination. In extreme cases, we may be legally required to report such customers to the relevant authorities.

2. PUBLISHER IDENTITY

OB2J

Simplified joint-stock company (SAS) with share capital of €1,010.50

Registered office: 9 impasse Rolland, 64200 Biarritz, France

RCS Bayonne 901 232 520

VAT: FR82901232520

3. PURPOSE OF THE POLICY

appaloosa.io is a Mobile Device Management (MDM) solution enabling companies to deploy applications and configurations to computers, smartphones, and tablets. This policy defines acceptable and unacceptable uses of our Services in this specific context.

4. FAIR AND REASONABLE USE

We provide our Services on the assumption that your use will be “normal and professional,” consistent with our commercial offer. If your use is deemed excessive, additional fees may apply or capacity may be restricted.

Minimum quantity: All subscriptions require a minimum of 50 managed devices.

We oppose all forms of abuse, discrimination, rights violations, and/or any action that harms or disadvantages a group, an individual, or a resource. We expect our customers and, where applicable, their users (“end users”) to use our Services with similar intent.

5. CUSTOMER RESPONSIBILITY

5.1 General responsibility

We consider our customers responsible for their own actions as well as the actions of anyone using our Services with the customer’s authorization. This responsibility also applies to anyone using our Services without authorization due to the customer’s failure to implement reasonable security measures.

By accepting our Services, our customers agree to ensure compliance with this policy on behalf of anyone using the Services as end users. Complaints regarding the actions of customers or their end users will be forwarded to the designated contact for the account in question.

5.2 MDM-specific responsibility

As a user of a mobile device management solution, the customer is specifically responsible for:

Applications deployed:

• The legality of all applications deployed via our platform
• Compliance with software licenses for distributed applications
• Compliance of applications with the terms of use of app stores (Apple App Store, Google Play Store, Microsoft Store)
• Security and absence of malware in the deployed applications

Labor law compliance:

• Compliance with applicable labor law in the country(ies) where employees are based
• Prior information to employees regarding monitoring performed via managed devices
• Respect for employees’ privacy and right to disconnect
• Obtaining necessary consent where required by law

Geolocation:

• Device geolocation may only be used for reported cases of loss or theft
• The customer must provide evidence that geolocation is expressly provided for in the employment contract or written agreement of the employee concerned
• Geolocation must not be used to monitor employees’ daily movements without their consent

Access security:

• Implementing strong passwords for all administrator accounts
• Proper management of access rights within the organization
• Securing credentials and passwords against any unauthorized access
• Immediate revocation of access for employees leaving the organization

5.3 Sanctions

If a customer — or its end user or any person using our Services as a result of the customer’s actions — violates our Acceptable Use Policy, we reserve the right to:

• Terminate any Service associated with the offending account
• Terminate the account itself
• Take any corrective or preventive action we deem appropriate, without prior notice

To the extent permitted by law, no credit will be available for service interruptions resulting from a violation of our Acceptable Use Policy.

6. PROHIBITED ACTIVITIES

6.1 Copyright infringement and access to unauthorized material

Our Services must not be used to transmit, distribute, or store material in violation of any applicable law. This includes, without limitation:

• Any material protected by copyright, trademark, trade secret, or any other intellectual property right used without proper authorization
• Any obscene, defamatory material, material constituting an illegal threat, or violating export control laws

The customer is solely responsible for any material it enters, uploads, broadcasts, transmits, creates, or publishes via or on our Services, and for obtaining legal authorization to use any work included in such material.

MDM-specific application:

• Deployment of pirated or counterfeit applications is strictly prohibited
• Customers must hold appropriate licenses for all deployed applications
• The customer must not use our Services to circumvent applications’ technical protections (DRM)

6.2 SPAM activity and unauthorized messaging

Our Services must not be used to send bulk commercial or unsolicited messages in violation of applicable laws and regulations in your jurisdiction (“spam”). This includes, without limitation:

• Sending spam
• Soliciting customers based on spam sent from other service providers
• Collecting responses to spam sent from other service providers

MDM-specific application:

• Mass deployment of unsolicited push notifications
• Sending marketing messages via managed devices without appropriate consent
• Using the platform for aggressive marketing or unsolicited commercial communications

6.3 Unethical, exploitative, and malicious activities

Our Services must not be used to advertise, transmit, or make available any software, program, product, or service designed to violate this Acceptable Use Policy or another provider’s acceptable use policy.

Generally prohibited activities:

• Accessing any account or electronic resource not owned by, or not authorized for, the group or individual attempting access (e.g., “hacking,” “cracking,” “phreaking,” etc.)
• Intentionally or negligently introducing viruses or malicious code into our Services and systems
• Intentionally engaging in activities designed to harass another group or individual
• Obtaining (or attempting to obtain) services from us with the intent to avoid payment
• Unauthorized access, alteration, or destruction (or any attempt thereof) of any information concerning our customers or end users
• Using our Services to interfere with other customers’ or authorized individuals’ use of our facilities and network
• Posting or transmitting any content or link that incites violence, depicts a violent act, depicts child pornography, or threatens anyone’s health and safety
• Any violation of consumer protection laws and regulations
• Any violation of an individual’s privacy

Strictly prohibited MDM-specific activities:

• Abusive employee monitoring:
  • Excessive or disproportionate monitoring of employee activities
  • Accessing employees’ personal data without a legal basis
  • Hidden or undeclared monitoring to employees
  • Using camera, microphone, or geolocation for monitoring without appropriate consent
• Deployment of malicious applications:
  • Installing spyware or stalkerware
  • Deploying hidden surveillance software
  • Installing keyloggers or unauthorized screen-capture tools
  • Deploying applications intended to circumvent security protections
• Privacy violations:
  • Collecting employees’ personal data without a legal basis
  • Accessing private communications (personal emails, messages, social networks) without legitimate grounds
  • Sharing employees’ personal data with unauthorized third parties
  • Retaining personal data beyond the necessary period
• Non-compliance with labor law:
  • Using geolocation without an appropriate contractual clause
  • Monitoring during rest periods, leave, or sick leave
  • Failure to respect the right to disconnect
  • Failure to inform employee representative bodies (social and economic committee, staff representatives, etc.)
• Misuse of purpose:
  • Using the platform for purposes other than professional mobile fleet management
  • Managing personal devices without explicit owners’ consent
  • Using our Services to monitor individuals outside the professional framework

6.4 Unauthorized use of OB2J property

We prohibit impersonating OB2J, misrepresenting a significant business relationship with OB2J, or ownership of any OB2J property (including our Services and brand) for the purpose of fraudulently obtaining services, clientele, patronage, or user trust.

7. SECURITY RECOMMENDATIONS

Although not mandatory, we strongly recommend the following security practices:

7.1 Access management

• Use multi-factor authentication (MFA) for all administrator accounts
• Implement a strong password policy (minimum 12 characters, complexity)
• Regularly review access rights and apply the principle of least privilege
• Immediately disable accounts of employees leaving the organization

7.2 Device security

• Enforce encryption on managed devices
• Keep operating systems and applications up to date
• Configure automatic lock policies
• Enable remote wipe in case of loss or theft

7.3 Training and awareness

• Train administrators in mobile fleet management best practices
• Inform end users of their rights and applicable policies
• Clearly document acceptable use policies within your organization

7.4 Legal compliance

• Consult a labor law attorney before implementing monitoring
• Declare data processing with the competent data protection authority (in France: CNIL)
• Inform and consult employee representative bodies where required
• Document the legal bases for all personal data processing

8. VIOLATION PROCESS

8.1 Detection and reporting

Violations of this policy may be detected by:

• Our automated monitoring systems
• Reports from other customers or users
• Third-party complaints
• Compliance audits

8.2 Investigation

When a potential violation is detected:

1. Initial assessment: Our team evaluates the severity and nature of the alleged violation
2. Customer notification: The customer is informed of the alleged violation and receives available details
3. Request for explanation: The customer has the opportunity to provide explanations or corrective measures
4. Full investigation: We conduct an in-depth investigation in collaboration with the customer if necessary

8.3 Corrective measures

Depending on the severity of the violation, we may take the following measures:

Minor violation:

• Formal written warning
• Request for immediate corrective actions
• Increased monitoring of the account for a defined period

Moderate violation:

• Formal notice to cease the prohibited activity within 48 hours
• Temporary suspension of the service until resolution
• Obligation to provide assurances of non-repetition
• Compliance audit of the account

Serious violation:

• Immediate suspension of the service
• Contract termination without notice
• Notification to competent authorities if required by law
• No refund for the unused period

8.4 Right of appeal

The customer may contest a suspension or termination decision by:

• Contacting our support at support@appaloosa.io within 15 days of notification
• Providing any relevant evidence or explanation
• Proposing a detailed corrective action plan

We will review the appeal within 10 business days and communicate our final decision in writing.

9. COMPLIANCE WITH APP STORE TERMS

9.1 Apple App Store

Customers using appaloosa.io to deploy iOS applications must comply with:

• App Store Terms and Conditions
• App Store Review Guidelines
• Apple Developer Enterprise Program

Prohibited in particular:

• Public distribution of applications developed with an Enterprise account
• Deployment of counterfeit or pirated applications
• Violation of Apple developer licenses

9.2 Google Play Store

Customers using appaloosa.io to deploy Android applications must comply with:

• Google Play Terms of Service
• Developer Program Policies
• Android Enterprise conditions

9.3 Microsoft Store

Customers using appaloosa.io to deploy Windows applications must comply with:

• Microsoft Store Policies
• Applicable Microsoft license terms

9.4 Customer responsibility

The customer acknowledges being solely responsible for:

• Obtaining appropriate licenses for deployed applications
• Complying with the terms of use of third-party platforms
• Any violations of app store terms resulting from its use of our Services

OB2J cannot be held liable for violations committed by the customer with respect to third-party platforms.

10. COOPERATION WITH AUTHORITIES

10.1 Legal obligation

We fully cooperate with:

• Judicial authorities and law enforcement
• Data protection authorities (CNIL in France)
• Competent regulatory bodies
• Any authority legally empowered to request information

10.2 Disclosure of information

We may disclose information about a customer or their use of our Services:

• In response to a subpoena, court order, or legal request
• To protect our rights, property, or safety
• To protect the rights, property, or safety of others
• In case of suspected illegal activity

10.3 Notification

To the extent permitted by law, we will endeavor to notify the customer before disclosing their information, unless:

• Notification is prohibited by law
• Notification could compromise an investigation
• There is an imminent danger to people’s safety

11. LIMITATION OF LIABILITY

11.1 General limitation

To the extent permitted by law, OB2J cannot be held liable for:

• The customer’s use of our Services
• Actions of the customer’s end users
• Violations of this policy by the customer or its end users
• Consequences of service suspension or termination in the event of a violation
• Any damage resulting from non-compliant use of our Services

11.2 Indemnification

The customer agrees to indemnify and hold harmless OB2J, its officers, directors, employees, and agents against:

• Any claim arising from the customer’s use of the Services
• Any violation of this policy by the customer or its end users
• Any third-party rights violation by the customer
• All costs and expenses (including reasonable attorneys’ fees) incurred in defending such claims

12. ABOUT THIS POLICY

12.1 Scope

This policy presents a non-exhaustive list of activities and intents that we consider unacceptable and incompatible with our brand and values.

We reserve the right to assess each situation on a case-by-case basis and take any action we deem appropriate, even if the activity is not explicitly mentioned in this policy.

12.2 Changes

We reserve the right to amend this policy at any time by posting the revised version on our website. The revised version will be effective from the earlier of the following events:

• The date on which the customer uses our Services after we have posted the revised version on our website
• 30 days after we have posted the revised version on our website

Material changes will be notified to customers by email at least 30 days before they take effect.

12.3 Language

If this policy is translated into other languages, the French version shall prevail in case of discrepancy or dispute.

12.4 Document hierarchy

This policy forms an integral part of our Terms and Conditions of Sale. In the event of inconsistency between this policy and the T&Cs, the provisions of the T&Cs prevail unless otherwise stated.

13. INTERPRETATION AND ENFORCEMENT

13.1 Principles of interpretation

This policy must be interpreted in a manner that:

• Protects individuals’ rights and privacy
• Ensures ethical and responsible use of technology
• Complies with applicable laws and regulations
• Maintains the security and integrity of our Services

13.2 Proportionate enforcement

We are committed to enforcing this policy in a manner that is:

• Proportionate to the severity of the violation
• Fair to all customers
• Consistent with principles of natural justice
• Respectful of the right to be heard

13.3 Good faith

We will always act in good faith in enforcing this policy and expect the same from our customers.

14. RESOURCES AND SUPPORT

14.1 Legal compliance

For specific questions about the legal compliance of your use of our Services, we recommend consulting:

• A labor law attorney
• A Data Protection Officer (DPO)
• Your country’s data protection authority (in France: CNIL)

14.2 Best practices

We provide our customers with:

• Documentation on fleet management best practices
• GDPR compliance guides
• Acceptable use policy templates
• Technical support for security questions

Access to documentation: https://support.appaloosa.io

14.3 Support

For any questions about this policy:

Email: support@appaloosa.io

Phone: +33 5 18 25 12 52

Hours: Monday–Friday, 9:00–18:00 (Paris time)

15. ACKNOWLEDGMENT AND ACCEPTANCE

By using our Services, you acknowledge that you have read, understood, and accepted this Acceptable Use Policy.

You commit to:

• Comply with all terms of this policy
• Inform and train your end users on these terms
• Immediately report any known or suspected violation
• Cooperate with OB2J in any violation investigation

16. CONTACT

For any questions or concerns regarding this policy, please contact:

OB2J

9 impasse Rolland

64200 Biarritz

France

Email: support@appaloosa.io

Phone: +33 5 18 25 12 52

Website: https://www.appaloosa.io

Data Protection Officer (DPO):

Email: dpo@appaloosa.io

17. JURISDICTION AND GOVERNING LAW

This policy is governed by French law.

Any dispute relating to the interpretation or performance of this policy shall fall under the exclusive jurisdiction of the courts within the Pau Court of Appeal, France.

Document updated on October 1, 2025 – Version 2.0