Terms and conditions of use

Executive summary

This document sets out the main conditions under which AppByte, as owner and operator of the UWOD product, provides access to the UWOD platform under a B2B SaaS model. UWOD positions itself as a fitness-tech tool for managing gyms, boxes, studios and functional centers: class scheduling, reservations, attendance, plans and memberships, WODs and programming, spaces, equipment and inventory, finances, promotions, roles and permissions, multi-site operation, dashboards, and an athlete app for reservations, training and progress tracking.

AppByte/UWOD is not a bank, financial institution, lender, gym, healthcare provider, medical or fitness advisor or entity supervised by any financial or health authority. AppByte/UWOD does not operate a gym, does not provide training, coaching, medical or nutritional services, does not set membership prices or plan terms, does not deliver classes and does not guarantee any fitness, health or performance result. The relationship with members and athletes belongs exclusively to the Customer gym using the Platform. AppByte solely provides software technology.

UWOD is an operational management tool. Its dashboards, reports, statistics, training calculations and consolidations do not replace professional coaching, medical advice, official accounting, accounting books, tax returns, legal, tax or financial advice, or documents required by competent authorities, all of which remain the Customer's sole responsibility.

• Main document: governs the B2B SaaS relationship between AppByte/UWOD and the Customer.
• Brazil Annex: reference adjustments for LGPD, Marco Civil da Internet and applicable local rules.
• Chile Annex: adjustments for Law 19.628 and Law 21.719, considering their entry into force and institutional development.
• Colombia Annex: adjustments for Law 1581 of 2012, Decree 1377 of 2013 and the habeas data regime where applicable.
• Ecuador Annex: adjustments for the 2021 Organic Personal Data Protection Law and complementary regulations.

1. Definitions

• AppByte: AppByte Tecnología e Informática SpA, a stock company incorporated under the laws of the Republic of Chile, Tax ID 78.410.317-K, owner, developer and commercial operator of the UWOD product.
• UWOD: software product owned by AppByte, offered as a technology platform under a B2B SaaS model, together with a freemium app for athletes.
• Platform or Service: set of web applications, dashboards, the athlete mobile app, APIs, cloud services, databases, integrations, configuration modules, reports, auditing and functionality associated with UWOD.
• Customer: natural or legal person, typically a gym, box, studio or functional center, that contracts the Service for its own operation or for the organization it represents.
• Customer Users: persons authorized by the Customer to access the Platform, including owners, administrators, front-desk staff, coaches and other roles defined by the Customer.
• Data Subjects or Related Third Parties: natural persons whose personal data are recorded or managed by the Customer in the Platform, including members, athletes, prospective members, emergency contacts, representatives and other persons related to the Customer's operation.
• Customer Content or Customer Data: information, personal data, documents, images, schedules, class and reservation records, attendance, plans and memberships, membership payment metadata, WOD and training results, reports, notes, audit logs and other data entered, generated or stored by the Customer or its Users within the Platform.
• Data Controller: the party that decides the purposes and means of personal data processing. Except in exceptional cases, the Customer acts as Controller for Customer Data.
• Data Processor: the party that processes personal data on behalf of the Controller. AppByte, through UWOD, acts as Processor for Customer Data.
• Subscription plan: the gym plan agreed with the Customer, defining functionality, sites, users, usage limits, term and price. Depending on the commercial proposal it may cover a single site or multiple sites.
• Commercial plan: combination of subscription, sites, users, functionality, support, usage limits, term and price agreed with the Customer.

2. Acceptance of the terms

1. By registering, ticking an acceptance box, signing a commercial proposal, paying a subscription fee or using the Service, the Customer declares that it has read and accepts these terms, their annexes, the privacy policy, the data processing agreement and the applicable commercial conditions.
2. Anyone accepting these terms on behalf of an organization declares having sufficient powers to represent it and bind it contractually.
3. If the Customer does not agree with these terms, it must not register or use the Platform.
4. AppByte may update these terms. Material changes will be notified at least 30 calendar days in advance, except for changes required by law, security, competent authority or improvements that are not detrimental to the Customer.

3. Description and scope of the service

UWOD is a B2B SaaS platform designed to support the operational management of gyms, boxes, studios and functional centers, including class scheduling, reservations, attendance, plans and memberships, WODs and programming, spaces, equipment and inventory, finances, promotions, roles, multi-site operation and dashboards.

• Registration and management of members, athletes, plans, memberships, reservations, attendance and class schedules.
• Management of sites, users, roles, permissions, parameters, subscriptions and account-level configuration.
• WOD and training programming, spaces, equipment and inventory.
• Operational and financial dashboard (income, expenses, cash) with information entered or generated by the Customer.
• Auditing of actions, activity logs and operational traceability.
• Integrations with authorized external providers (transactional email, push notifications, storage, payment processors for the software subscription, cloud services, analytics, app distribution or others incorporated in the future).

Athlete mobile app. UWOD includes a freemium app for athletes (reservations, WOD of the day, timers, PRs and benchmarks, training history, calculators, statistics, community, gamification, rankings and optional AI training plans). The relationship with athletes belongs to the Customer gym; specific terms applicable to the athlete-facing portal and app are set out in the Athlete Portal terms.

Technological nature. AppByte, through UWOD, provides a technological tool. It does not act as a gym, coach, healthcare provider, medical or fitness advisor, bank, finance company or agent of the Customer before third parties.

4. Registration, account and users

1. The Customer must provide truthful, current and complete information to create and maintain its account, including legal name, tax ID, country, domicile, contact data, representative and billing information.
2. The Customer is responsible for managing its Users, permissions, roles, activations, deactivations, passwords and activity within the Platform.
3. Credentials are personal and non-transferable. Sharing them, disclosing them or allowing their use by third parties is prohibited. The Customer must without delay revoke access of staff who leave the organization or whose role changes.
4. The Customer will enable multi-factor authentication (MFA) where available and will apply good device protection practices.
5. The Customer assumes responsibility for all activity carried out from accounts or credentials it administers or authorizes, including operations resulting from breach of the obligations in this section.
6. The Customer must notify AppByte without delay of any unauthorized access, security incident, loss of credentials or misuse of the Service of which it becomes aware.
7. AppByte may suspend access where there are reasonable indications of illegal use, security risk, contractual breach, non-payment or impact on Platform stability.

5. Roles of the parties in data protection

This clause is essential for UWOD's operation. The Customer decides what data it uploads, for what purpose it processes them, which users access them, how long they are retained and which legal basis applies. AppByte processes those data only to provide, maintain, secure, back up and improve the Service in accordance with the Customer's instructions and these terms.

5.1. Customer obligations

• Have a valid legal basis to collect, upload, retain and process Personal Data in UWOD.
• Inform Data Subjects about purposes, rights, contact channels, processors and applicable transfers.
• Obtain consent where the law requires it, especially for health-adjacent or sensitive data, images, identity documents, payment metadata, emergency contacts or other protected data.
• Ensure that uploaded data are lawful, accurate, current, relevant and proportionate.
• Respond to Data Subjects, authorities and third parties for its own commercial, membership, labor, tax, accounting and regulatory activities.
• Hold AppByte harmless from claims arising from the Customer's breach as Controller.

5.2. AppByte / UWOD obligations

• Process Customer Data only to provide, maintain, secure, back up and improve the Service.
• Not sell Customer Data or share them for advertising or third-party commercial purposes.
• Apply reasonable technical and organizational measures, including access controls, logical segregation per account, encryption in transit, audit logs, backup, monitoring and incident management, as appropriate to the state of the Service.
• Keep Customer Data confidential and require equivalent obligations from personnel and providers involved in Service delivery.
• Reasonably assist the Customer with Data Subject requests or authority requirements, to the extent the information is available in the Platform.
• Notify the Customer of security incidents compromising Customer Data without undue delay and, where reasonably possible, within 72 hours of internal confirmation.

6. Sub-processors and international transfers

The Customer authorizes AppByte to use sub-processors necessary to provide the Service. AppByte will keep an updated list of relevant providers and will ensure that each provider assumes confidentiality, security and data protection obligations compatible with these terms.

The Customer acknowledges that the Service may operate through cloud infrastructure, email and push notification providers, payment processors, storage, analytics, security, monitoring, app distribution or other services located in countries different from the country of residence of the Customer or the Data Subjects. AppByte will adopt reasonable contractual, technical and organizational safeguards in accordance with applicable regulations.

7. Intellectual property and Customer content

1. AppByte ownership. AppByte retains all rights to UWOD, including software, source code, architecture, design, interfaces, documentation, trademarks, logos, models, structural databases, schemas, product business logic, know-how, improvements, integrations and associated intellectual and industrial property.
2. UWOD brand. Reproducing, modifying, registering, using as a domain name or presenting as one's own the "UWOD" trademark, logos or any distinctive element is prohibited without prior written authorization from AppByte. Holding oneself out to third parties as a representative, agent, partner, franchisee or affiliate of AppByte without such authorization is also prohibited.
3. Customer ownership. The Customer retains ownership of its operational Data and Content. By using the Service, it grants AppByte a limited, revocable, non-exclusive license necessary to host, process, back up, transmit and display that content solely to provide the Service.
4. Operational vs. structural distinction. The Customer's ownership covers its operational data; under no circumstances does it extend to the internal schema, code, data model, technical architecture, business logic or any structural element of the UWOD software.
5. Feedback. Suggestions, ideas or feedback provided by the Customer may be used by AppByte to improve UWOD without any compensation obligation, provided no Customer confidential information is disclosed.
6. Assignment. Any unauthorized assignment, transfer, sublicense or sale of the software or use rights is void as a matter of law.

8. Acceptable use

The Customer undertakes not to use UWOD for unlawful, abusive purposes or contrary to these terms. In particular, the following is prohibited:

• Violating data protection, consumer, competition, tax, anti-corruption, anti-money-laundering, sports, health or any other applicable regulations.
• Uploading data without sufficient legal basis or without properly informing Data Subjects.
• Carrying out abusive, intimidating, deceptive or discriminatory practices against members, athletes or staff, or activities contrary to Data Subjects' rights.
• Attempting to access third-party accounts, interfering with the infrastructure, executing attacks, extracting information in bulk, bypassing controls, reverse engineering or compromising Service security.
• Reselling, sublicensing, sharing, publishing or exploiting the Service beyond the limits of the contracted plan.
• Using UWOD to store unlawful, malicious, defamatory, discriminatory content or content infringing third-party rights.

9. Pricing, subscriptions and billing

UWOD is offered to gyms under subscription plans. Public pricing is not published on the landing; the applicable price, scope and term are set out in the commercial proposal or plan agreed with each Customer. The athlete app is freemium, with optional Premium features and AI credits. The base commercial conditions are as follows:

1. AppByte may adjust prices for future renewals with at least 60 calendar days' notice.
2. Non-payment authorizes AppByte to suspend access to the Service. If non-payment exceeds 30 calendar days, AppByte may cancel the account, without prejudice to recovery of amounts owed.
3. Upgrading the plan or adding sites or users may generate proportional or full charges depending on the commercial proposal.
4. Downgrading the plan or removing sites does not extinguish accrued payment obligations or generate automatic refunds.
5. Electronic payments from the Customer to AppByte. The Customer's payment of the software subscription may be processed through external providers, including Transbank, Mercado Pago and Binance Pay, depending on the means chosen by the Customer. AppByte does not store full payment instrument data. Chargebacks, refunds, rejections, banking fees, currency conversion and settlement times are governed by the terms of the applicable payment provider. For payments in digital assets, the Customer acknowledges the inherent volatility of such assets.
6. AppByte/UWOD does not receive, transmit, hold, settle or process the membership payments that members or athletes make to the Customer gym. Those payments occur directly between the member/athlete and the Customer, through the channels the Customer defines; the Platform only records membership payment metadata for operational and traceability purposes.

10. Availability, support and maintenance

1. AppByte will use commercially reasonable efforts to keep UWOD available, secure and operational.
2. There may be scheduled maintenance, incident-related interruptions, updates, infrastructure changes, provider failures, force majeure or events outside AppByte's reasonable control.
3. Unless a signed SLA exists, UWOD does not guarantee uninterrupted availability, complete absence of errors or compatibility with requirements not included in the contracted plan.
4. Support will be provided through the channels, hours and priorities defined in the current commercial plan or proposal.

11. Information security

AppByte will implement measures that are reasonable and proportionate to the risk, size and state of development of the Service. These may include access controls, encryption in transit, credential management, multi-tenant segregation, auditing, backups, monitoring, dependency review, event logging and incident response processes.

The Customer acknowledges that no system is completely invulnerable and undertakes to apply security best practices, including strong passwords, user management, timely deactivation of accounts, device protection, permission review and internal training.

12. Reports, statistics, training data and Customer decisions

Dashboards, reports, attendance and occupancy figures, financial balances, training statistics, PRs and benchmarks, calculator outputs, alerts, summaries and any indicator generated by UWOD are operational and informational in nature. The Customer is solely responsible for reviewing, validating and using that information for commercial, membership, accounting, tax, labor, sports, training, judicial or regulatory purposes.

AppByte does not guarantee training results, fitness or health outcomes, the legality or suitability of the programming defined by the Customer or its coaches, the Customer's tax compliance or the validity of documents uploaded by the Customer. Training metrics and statistics are not medical advice.

13. Beta, automation and AI features

1. AppByte may offer beta, experimental or early-access features. These features may change, be suspended, limited or present errors.
2. If UWOD incorporates automations, generative AI, AI training plans, smart suggestions, classification or operational recommendations, those outputs will be auxiliary and informational. The Customer, its coaches and athletes must review them before making decisions, and they are not a substitute for professional coaching or medical advice.
3. These features must not be used as the sole basis for decisions producing legal, financial, health, labor or equivalent effects on natural persons, unless the Customer has sufficient legal basis and adequate human review.
4. AppByte will not use Customer or athlete personal data to train third-party models or general commercial models without consent or sufficient legal basis.
5. AI or automation providers processing Customer Data must be treated as sub-processors where applicable.

14. Limitation of liability

1. To the maximum extent permitted by law, UWOD is provided "as is" and "as available".
2. AppByte will not be liable for commercial, membership, financial, labor, tax, accounting, training or health-related decisions made by the Customer, its coaches or athletes based on the Platform.
3. AppByte will not be liable for errors, omissions, inaccuracies, illegality or insufficiency of the Customer Content.
4. AppByte will not be liable for loss of profit, loss of opportunity, indirect damage, consequential damage, loss of reputation, loss of members or interruptions caused by third parties or force majeure.
5. Except for willful misconduct, gross negligence or liability that cannot be limited by law, AppByte's total aggregate liability will be limited to the amounts actually paid by the Customer during the 12 months prior to the event giving rise to the claim.

15. Indemnity

The Customer undertakes to defend, indemnify and hold harmless AppByte, its shareholders, directors, employees, advisors, providers and sub-processors from claims, sanctions, fines, costs, losses, damages or reasonable fees arising from:

• The Customer's breach of these terms or applicable law.
• Unlawful, insufficient or unauthorized processing of Personal Data by the Customer.
• Commercial, membership, training or health-related activities of the Customer.
• False, incorrect, outdated or unlawful information uploaded to the Platform.
• Claims from Data Subjects, users, staff, members, athletes or third parties related to the Customer when arising from the Customer's own obligations.

16. Term, termination and data return

1. The contractual relationship will remain in force while the Customer maintains an active account, valid subscription and payments up to date.
2. Either party may terminate the relationship with 30 calendar days' notice, except for material breach, non-payment, illegal use or security risk, in which cases AppByte may suspend or terminate immediately.
3. After termination, AppByte will enable for 30 calendar days the export of the Customer's operational data in the formats then available (CSV, Excel or JSON, depending on the module), unless a legal impediment, outstanding debt, security risk or authority requirement applies. Bulk or custom exports may carry a cost depending on complexity.
4. Export does not include source code, database schemas, technical architecture, internal models, software business logic or any structural element of the Platform, which remain the exclusive property of AppByte.
5. Once the export period ends, AppByte may delete the data from production systems. Backup copies will be overwritten under the normal retention cycle, within a maximum of 90 calendar days, subject to legal, accounting, regulatory, technical, security or duly justified defense retention.
6. Technical backups maintained by AppByte do not replace the Customer's accounting, tax or legal obligations to keep its own backups.
7. Termination does not release the Customer from payment of accrued obligations.

17. Confidentiality

1. Each party will keep confidential the other party's technical, commercial, financial, legal, operational, strategic or business information that is identified as confidential or that should reasonably be understood as such.
2. Confidential information may be shared with personnel, advisors, auditors, providers or sub-processors who need to know it to perform the contractual relationship and are subject to confidentiality obligations.
3. The confidentiality obligation will survive for 5 years after termination, except for information that constitutes a trade secret or personal data, which must be protected for as long as it retains such character.

18. Communications, assignment and force majeure

1. Formal communications will be made by registered email, in-Platform notices or addresses reported by the parties.
2. The Customer may not assign its contract, account or rights of use without prior written authorization from AppByte.
3. AppByte may assign these terms to affiliates, successors, acquirers or related entities in the event of reorganization, merger, sale of assets, investment or business transfer.
4. Neither party will be liable for breaches arising from force majeure or events outside its reasonable control, including massive infrastructure failures, acts of authority, natural disasters, generalized cyberattacks, conflicts, pandemics or interruptions of critical third parties.

19. Applicable law, jurisdiction and country annexes

Unless otherwise agreed in the commercial proposal, these terms will be interpreted in accordance with the laws of the Republic of Chile, as AppByte is a Chilean company, without prejudice to mandatory rules that may apply in the Customer's country or that of the Data Subjects. Disputes will be submitted to the competent courts of Santiago de Chile, unless the parties agree on arbitration or another jurisdiction in a separate contract.

When the Customer operates in Brazil, Chile, Colombia or Ecuador, the corresponding country annexes will also apply. In case of conflict between the main document and a country annex, the country annex will prevail only with respect to mandatory local obligations.

20. Contact

• Product owner: AppByte.
• Product: UWOD.
• Legal email: legal@uwod.app
• Support email: contacto@uwod.app
• Registered office: Santa Magdalena 75, Of. 304, Providencia, Santiago, Chile.
• Privacy officer / DPO: dpo@uwod.app.

Annex A — Brazil

This annex applies when the Customer, the Data Subjects or the relevant operations are subject to Brazilian law, including the Lei Geral de Proteção de Dados Pessoais — LGPD, Lei nº 13.709/2018, the Marco Civil da Internet and consumer protection rules where applicable.

A.1. Roles under LGPD

• The Customer acts as Controller of the personal data uploaded to UWOD.
• AppByte/UWOD acts as Operator, processing data on behalf of the Customer.
• The Customer must define and document the applicable legal basis under LGPD for each relevant purpose.
• Where LGPD requires an Encarregado/DPO, the Customer must appoint one and maintain a contact channel for data subjects.

A.2. Data subject rights and request handling

The Customer is responsible for handling requests for confirmation, access, correction, anonymization, blocking, deletion, portability, information on data sharing, review of automated decisions and other rights provided under LGPD. UWOD will provide reasonable assistance where the information is under its technical control.

A.3. Security incidents

For incidents that may pose a risk or relevant damage to data subjects in Brazil, the Customer is responsible for assessing notification to the ANPD and to data subjects. UWOD will provide reasonable technical information on the confirmed incident, its known scope and mitigation measures.

A.4. International transfers

Where international transfers of LGPD-subject personal data occur, AppByte will endeavor to use contractual mechanisms or safeguards compatible with Brazilian law and will require equivalent obligations from its sub-processors.

A.5. Relationship with consumers

If the Customer's members or athletes qualify as consumers under the Código de Defesa do Consumidor (Lei nº 8.078/1990 — CDC), the Customer is solely responsible for complying with information, transparency, contracting, membership terms, surcharges, communications and consumer service rules. In particular, the Customer shall refrain from abusive or vexatious practices prohibited by the CDC. UWOD does not assume responsibility for the Customer's commercial or membership practices.

A.6. Notification to the ANPD

Where a personal data incident may involve relevant risk or harm to Data Subjects, the Customer, as Controller, is responsible for notifying the Autoridade Nacional de Proteção de Dados (ANPD) and, where applicable, the Data Subjects, within the deadlines and with the content required by the LGPD and ANPD acts in force. UWOD will provide reasonable technical information on confirmed incidents.

Annex B — Chile

This annex applies when the Customer, the Data Subjects or the relevant operations are subject to Chilean law, including Law 19.628 on protection of private life, Law 21.719 regulating the protection and processing of personal data and creating the Personal Data Protection Agency, and other applicable regulations according to their entry into force.

B.1. Controller and processor/agent

• The Customer acts as data bank owner or data controller for the data uploaded to UWOD.
• AppByte/UWOD acts as processor, agent or technology provider processing data on behalf of the Customer.
• The Customer must inform data subjects of the purpose, identity of the controller, rights, exercise channels and other applicable legal requirements.

B.2. Principles and legitimacy

The Customer must comply with principles of lawfulness, purpose, proportionality, quality, security, accountability and transparency, and have consent or another legal basis where applicable, including for health-adjacent or sensitive sport metrics.

B.3. Data subject rights

The Customer is responsible for handling requests for access, rectification, cancellation, opposition, blocking, portability or other rights recognized by Chilean law in force or in the future. UWOD will provide reasonable technical assistance to locate, export or delete information where technically possible.

B.4. Authority and regulatory changes

Considering the evolution of the Chilean personal data regime, the parties must review and update this annex when new obligations, authority criteria, regulations or instructions fully enter into force.

B.5. Base applicable law

Since AppByte is a Chilean company, the main document is governed by Chilean law unless otherwise agreed. For customers outside Chile, mandatory local rules under the corresponding country annex will also apply.

B.6. Consumer protection

If the Customer's members or athletes qualify as consumers under Law 19.496 on Consumer Rights Protection, the Customer is solely responsible for complying with information, contracting, membership terms, communications and complaints handling obligations, as well as any requirements before SERNAC or other competent authority. UWOD does not assume responsibility for such practices.

B.7. International transfer from Chile

The Customer acknowledges that UWOD's productive infrastructure operates primarily in the United States and on Cloudflare's global network, which may involve international transfer of personal data subject to Chilean law, with contractual and technical basis in accordance with Law 19.628 and its regulatory evolution.

Annex C — Colombia

This annex applies when the Customer, the Data Subjects or the relevant operations are subject to Colombian law, including Law 1581 of 2012, Decree 1377 of 2013, regulatory rules, instructions from the Superintendence of Industry and Commerce and the habeas data regime where applicable.

C.1. Controller and processor

• The Customer acts as Controller for the databases it manages through UWOD.
• AppByte/UWOD acts as Processor, carrying out processing on behalf of the Customer.
• The Customer must have the Data Subject's authorization or an applicable legal cause, and keep evidence of such authorization where appropriate.

C.2. Policies and privacy notices

The Customer must maintain an information processing policy and privacy notices that inform purposes, data subject rights, contact channels, controller identification, processing of sensitive data, transfers/transmissions and other applicable obligations.

C.3. Data subject rights

The Customer is responsible for handling data subject queries and complaints according to Colombian deadlines and procedures. UWOD will provide technical assistance where the complaint requires access, correction, export, blocking or deletion of data stored in the Platform.

C.4. International transmission of data

Where AppByte processes data on behalf of a Colombian Customer or through providers outside Colombia, the parties must ensure that an international transmission agreement or equivalent instrument exists, regulating scope, purpose, obligations, security, confidentiality and return or deletion of data.

C.5. Sensitive and health-adjacent data

If the Customer processes health-adjacent, biometric or other sensitive information of members or athletes (for example, certain sport metrics or physical condition data), the Customer is solely responsible for verifying additional obligations, specific authorizations, enhanced security, data quality, retention, update and other Data Subject rights under Colombian law.

C.6. Consumer protection

If the Customer's members or athletes qualify as consumers under the Consumer Statute (Law 1480 of 2011), the Customer is solely responsible for complying with information, contracting, membership terms, surcharges and communications obligations, and for avoiding abusive, intimidating or prohibited practices under applicable Colombian law. UWOD does not assume responsibility for such practices.

Annex D — Ecuador

This annex applies when the Customer, the Data Subjects or the relevant operations are subject to Ecuadorian law, including the Organic Personal Data Protection Law published in Official Registry No. 459, Fifth Supplement, of May 26, 2021, its regulations and criteria from the competent authority.

D.1. Controller and processor

• The Customer acts as Controller for the data uploaded to UWOD.
• AppByte/UWOD acts as Processor and processes data according to the Customer's instructions.
• The Customer must have sufficient legitimacy to process personal data and demonstrate compliance where appropriate.

D.2. Principles and information duty

The Customer must comply with principles of legality, loyalty, transparency, purpose, relevance, minimization, proportionality, confidentiality, quality, limited retention, security and proactive accountability in accordance with applicable Ecuadorian law.

D.3. Data subject rights

The Customer is responsible for handling rights of access, rectification, update, deletion, opposition, suspension, portability, not being subject to automated decisions and other rights recognized by Ecuadorian law. UWOD will provide reasonable assistance where the data is stored in the Platform.

D.4. International transfers

If processing involves international transfers, the Customer and AppByte must assess whether adequate safeguards, authorizations, contractual clauses or equivalent mechanisms required by Ecuadorian regulations are needed.

D.5. Security, incidents and authority

For security incidents involving data subject to Ecuadorian law, the Customer is responsible for assessing notifications to data subjects and to the Superintendence of Personal Data Protection. UWOD will provide reasonable technical information on confirmed incidents and mitigation measures.

D.6. Consumer protection

If the Customer's members or athletes qualify as consumers under the Organic Consumer Defense Law, the Customer is solely responsible for complying with information, contracting, membership terms, surcharges and communications obligations, and for avoiding abusive, intimidating or prohibited practices under applicable Ecuadorian law. UWOD does not assume responsibility for such practices.

Annex E — Recommended complementary documents

For the UWOD contractual framework to be complete before commercial production, the following documents are recommended to be prepared or kept separately:

Regulatory reference sources

• Brazil: Lei nº 13.709/2018 — Lei Geral de Proteção de Dados Pessoais (LGPD), official text from Planalto.
• Chile: Law 19.628 on protection of private life and Law 21.719 regulating the protection and processing of personal data and creating the Personal Data Protection Agency, official texts from the National Congress Library of Chile.
• Colombia: Law 1581 of 2012 and Decree 1377 of 2013, texts from the Función Pública Regulatory Manager.
• Ecuador: Organic Personal Data Protection Law, published in Official Registry No. 459, Fifth Supplement, May 26, 2021, reference from the National Assembly of Ecuador.

Note: these sources are included as working reference and do not replace local legal review or analysis of sector-specific regulations applicable to the Customer's business.