Terms of Use for the mobile application „THANK YOU APP“ and the browser-based application

1. Scope, Definitions

1.1 These Terms of Use (hereinafter the “Terms”) govern the use of the mobile application “THANK YOU APP” for iOS and Android as well as the browser-based application (together the “App”) operated by TY APP TECHNOLOGIES LIMITED, Cyprus (hereinafter the “Provider”).

1.2 The App serves the digital processing of voluntary tipping payments (“Tips”) from guests to employees of hotels and other accommodation and hospitality businesses, as well as other partner companies of the Provider.

1.3 These Terms apply to:

• natural persons who use the App as guests to give Tips (“Guests” or “End Users”);
• hotels, hospitality businesses and other partner companies that use the App to receive and administer Tips (“Hotels” or “Partner Companies”);
• employees of such Hotels/Partner Companies who are assigned to the tip recipient group (“Employees”).

1.4 For Hotels/Partner Companies, any separately concluded cooperation or license agreements (e.g., “Cooperation Agreement”) also apply. In the event of conflicts between these Terms and a Cooperation Agreement, the provisions of the Cooperation Agreement shall prevail to the extent they govern the legal relationship between the Provider and the Hotel/Partner Company.

1.5 Any conflicting or deviating general terms and conditions of users shall not become part of the contract unless the Provider expressly agrees to their applicability in writing.

2. Subject Matter and Functional Scope

2.1 The App enables Guests, by scanning a QR code (e.g., on name badges, room cards, information material, displays) or by clicking a link to a browser-based version of the App, to voluntarily give Tips to one or more Employees or to a hotel/team.

2.2 Depending on the implementation at the respective Hotel/Partner Company and on the user role, the functional scope of the App may in particular include:

• display of the Employee’s or team’s name, photo, or other identification;
• selection of a tip amount or entry of an individual amount;
• the possibility to define tip presets (e.g., presets/defaults);
• processing of payments via integrated payment service providers (e.g., card payments, mobile payment solutions);
• technical allocation of incoming Tips to Employees, teams, or organizational units;
• provision of administration and analytics functions (dashboard/backoffice) for Hotels/Partner Companies and, where applicable, Employees (e.g., overview of received Tips, statistics, reports);
• transaction overviews (history) and transaction creation/processing via server-side services;
• (where provided) profile and identity data management (e.g., display name, profile photo, structured identity/address fields) and, where applicable, necessary verification information;
• server-side QR code generation (e.g., user- or employee-specific QR codes) and provision via appropriate storage services;
• notifications (e.g., push notifications) and/or in-app information;
• feature and configuration control (e.g., feature flags) for staged activation, deactivation, or modification of features per Hotel/Partner Company and/or user role.

2.3 The Provider provides only the technical infrastructure (software platform) through which Tips are facilitated and processed. The contractual counterparty of the Guest regarding the Tip is the respective Hotel and/or the respective Employees, not the Provider. Any employment-law or tax-law matters in the relationship between Hotel and Employee are governed exclusively between those parties.

2.4 The Provider reserves the right to adjust, expand, or discontinue individual functions of the App at any time, subject to reasonableness for users, provided that no material contractual obligations towards users are thereby infringed.

2.5 Admin Area / Backoffice (Hotels/Partner Companies). In addition to the App, the Provider may provide Hotels/Partner Companies with a web-based administration environment (“Admin Area”, “Backoffice”) through which, in particular, companies (tenants), hotels (sub-entities), users and roles, payments, billing states, reports, commission/sales functions, configurations, and logs (audit logs) can be managed. The Admin Area is designed on a role- and permission-based basis (e.g., Super Admin, Company Admin, Hotel Admin, Sales Representative) and is subject to strict tenant and/or hotel isolation (tenant/hotel scoping).

3. Technical Availability and Access to the App

3.1 The mobile App can be downloaded to compatible end devices via the respective app stores (Apple App Store, Google Play Store). The browser-based version can be accessed via a suitable internet browser, in particular by opening a URL provided via QR code or link.

3.2 Use of the App requires a functioning internet connection and a suitable, compatible end device. The costs of the internet connection and the provision of the end device are borne by the user.

3.3 The Provider endeavors to ensure the App is available with as few interruptions as possible. The user acknowledges that it is technically not possible to guarantee uninterrupted availability at all times. Maintenance work, security or capacity reasons, and events outside the Provider’s sphere of influence may lead to brief disruptions or temporary suspension of services. The Provider will, where possible, schedule maintenance for periods of lower usage.

3.4 Access restrictions (optional). For security or operational reasons, the Provider may provide additional access restrictions for the browser-based application and/or the Admin Area (e.g., HTTP Basic Authentication). In such a case, credentials are checked via request headers; the Provider does not persist such Basic Auth credentials beyond what is technically necessary.

3.5 Technical infrastructure. The App and the Admin Area are operated as cloud services. For this purpose, the Provider may use infrastructure and platform services (e.g., hosting, logging, monitoring, backups).

4. Registration and User Accounts

4.1 Guests may generally use the App without separate registration to the extent this is not required for tipping. However, the Provider reserves the right to require registration for certain additional functions (e.g., loyalty programs, personal history, storage of payment preferences).

4.2 Hotels receive an administration account with access to a dashboard within the scope of the cooperation. The setup and administration of this account is governed by the respective Cooperation Agreement.

4.3 Employees are generally onboarded into the system by the respective Hotel/Partner Company and assigned according to the Hotel’s organizational structure. Separate self-registration by Employees may additionally be provided, in particular for access to individual insights or configuration options.

4.4 Users must keep access data (in particular passwords and, where applicable, two-factor authentication) confidential and protect it from third-party access. The Provider is entitled to block user accounts if there are concrete indications of misuse, security risks, or violations of these Terms.

4.5 Authentication and security. Where provided for certain user roles/functions, authentication is performed in particular via email/password and secure sessions; multi-factor authentication (MFA) may optionally be supported. Passwords are not stored in plain text, but are processed exclusively in accordance with industry-standard security practices. The Provider may use specialized authentication services for authentication and session management.

5. Payment Processing and Tips

5.1 Tips are processed via integrated payment service providers (e.g., credit card acquirers, payment service providers, mobile payment services). Available payment methods may vary depending on country, Hotel, and technical implementation.

5.2 By confirming the payment process, the Guest issues a payment instruction. The chosen payment method is charged by the relevant payment service provider.

5.3 The incoming Tip amount (less any applicable fees, commissions, or other charges) is credited according to the allocation stored in the system to the respective Employee, team, or Hotel, or provided to the Hotel for internal distribution. Details of distribution may be regulated in the Cooperation Agreement with the respective Hotel.

5.4 Any service or transaction charges (e.g., payment service provider fees, Provider system fees) are charged to the Guest, the Hotel, or both as transparently shown in the App and/or the Cooperation Agreement. If charges are billed to the Guest, they are clearly displayed in the App before completion of the payment.

5.5 The Guest acknowledges that the amounts paid are voluntary Tips. There is no entitlement to specific consideration from the Provider or the Hotel; statutory rights of the Guest against the Hotel regarding the underlying accommodation or hospitality service remain unaffected.

5.6 Depending on the specific payment method and contractual arrangement with payment service providers, the Provider may temporarily receive payments as a collection point and subsequently forward them to the Hotel and/or the respective Employees. In such case, the Provider acts as a technical service provider and/or collection agent within the applicable legal framework.

5.7 Refunds of Tips are generally excluded after a transaction has been successfully executed, unless there is a technical error in payment processing or a duplicate charge. In such cases, the Provider will decide—at its reasonable discretion and in coordination with the Hotel and subject to the payment service providers’ rules—on a reversal. Statutory warranty rights of the Guest against the Hotel remain unaffected.

5.8 Payment data / payment providers. To the extent the Provider integrates payment services (e.g., Stripe for payments, subscriptions, and invoices), payment data is generally processed by the respective payment service provider. The Provider typically does not store full payment/card master data, but only the references and transaction metadata required for billing and traceability, insofar as technically and legally required.

5.9 Server-side transaction processing. The creation and processing of transactions may—depending on the implementation—be performed via server-side components (e.g., cloud functions). The user acknowledges that certain functions (e.g., transaction history, QR code creation) are available only with functioning server communication.

6. Tax Responsibility

6.1 Proper tax treatment of received Tips is the sole responsibility of the Hotels and/or Employees under the applicable tax law. This includes, in particular, correct declaration of Tips for wage/income tax purposes and any social security reporting obligations.

6.2 The Provider does not provide tax advice and assumes no responsibility for the fulfillment of tax obligations by Hotels, Employees, or Guests. Hotels are obliged to inform their Employees about the tax classification of Tips in the applicable national legal framework.

7. Obligations of Hotels and Employees

7.1 Hotels undertake to use the App solely within the intended purpose (digital receipt and administration of Tips and, where applicable, other functions under the Cooperation Agreement) and not for unlawful or abusive purposes.

7.2 Hotels are in particular obliged to:

• record in the system only those Employees who actually perform a corresponding function and who have consented to the use of their personal data (e.g., name, photo) to the extent legally required;
• keep the Employee data stored in the system current and accurate;
• ensure that access to admin and employee accounts is used only by authorized persons.

7.3 The Provider is not liable for incorrect or incomplete information entered into the system by Hotels or Employees, nor for internal distribution of Tips between Hotels and Employees, insofar as the Provider merely provides the technical processing.

7.4 Employees undertake to keep their individual access data confidential and not to misuse the App (e.g., using own QR codes outside legitimate Hotel contexts without the Hotel’s consent).

7.5 Authorization system / role model. Users within Hotels/Partner Companies may use only those functions corresponding to their role and scope (e.g., hotel assignment). Attempts to circumvent authorization boundaries are prohibited and entitle the Provider to block access pursuant to Clause 12.4.

8. Obligations of Guests

8.1 Guests may use the App exclusively for voluntary tipping and for using the functions provided in this context.

8.2 Guests undertake in particular to:

• not distribute unlawful content via the App;
• not circumvent, test, or attack technical protection measures;
• not perform actions that may impair the functionality of the App or the underlying infrastructure (e.g., automated mass requests, hacking attempts).

8.3 The Guest is responsible for maintaining control over their end device and associated payment methods. The Provider is not liable for damages arising from loss or compromise of the end device or access data, unless the Provider is at fault.

9. Rights of Use in the App, Intellectual Property Rights

9.1 The App and all related content (software, layout, texts, graphics, logos, databases, etc.) are protected by copyright and/or other intellectual property rights (trademarks, designs, know-how) and are owned exclusively by the Provider and/or its licensors.

9.2 For the duration of the user relationship, the Provider grants users a simple, non-exclusive, non-transferable, non-sublicensable right to install the App on compatible end devices and use it within the scope of these Terms.

9.3 Any use beyond this, in particular:

• reproduction, distribution, making publicly available of the App or parts thereof;
• modification, reverse engineering, decompilation, decryption, or other attempts to determine source code;
• circumvention of technical protection measures; is prohibited unless mandatory law permits a broader use.

9.4 Users may not remove, alter, or obscure trademarks, copyright notices, or other rights notices of the Provider.

10. Warranty, Availability, and Liability

10.1 The Provider does not owe any specific success regarding tip amounts or frequency of use. The App is provided on an “as available” basis, subject to any service levels agreed with Hotels in the Cooperation Agreement.

10.2 The Provider is liable without limitation for damages arising from injury to life, body, or health caused by an intentional or grossly negligent breach of duty by the Provider, its legal representatives, or vicarious agents.

10.3 For other damages, the Provider is liable:

• without limitation in cases of intent and gross negligence;
• in cases of slight negligence only in the event of breach of a material contractual obligation (cardinal obligation). In that case, liability is limited to the typically foreseeable damage.

10.4 Material contractual obligations are those whose performance enables proper execution of the contract in the first place and on whose compliance the user may regularly rely (in particular core obligations such as providing the technical infrastructure for tipping payments).

10.5 Liability for indirect damages, consequential damages, and lost profit is excluded—except in cases of intent—to the extent legally permissible.

10.6 Mandatory statutory liability provisions, in particular under product liability law, remain unaffected.

10.7 The Provider is not liable for disruptions, delays, or failures due to circumstances outside its control (e.g., disruptions at telecommunications providers, payment service providers, hosting providers, force majeure).

11. Data Protection

11.1 Information on the collection, processing, and use of personal data in connection with the App is set out in the Provider’s privacy policy, which is available via the Provider’s website and within the App.

11.2 Use of the App requires the processing of certain personal data (e.g., payment references, transaction data, and for Hotels/Employees, where applicable, personal identification data). Details, including legal bases, retention periods, and data subject rights, are set out in the privacy policy.

11.3 Where legally required, the Provider obtains separate consents within the App or as part of onboarding (e.g., for certain tracking or analytics functions). Users may withdraw given consents at any time with effect for the future.

11.4 Systems used / data categories (technical overview). For operating the App and the Admin Area, the Provider may—depending on the function—use in particular the following systems/services:

• storage of master data, role/scope data, billing states, reports, and logs (audit logs) in a primary database (e.g., MySQL);
• real-time and/or mirroring/synchronization data (non-authoritative mirrors) and user-scoped documents in real-time data stores (e.g., Firestore);
• authentication (e.g., Firebase Authentication: UID, session tokens, authentication metadata);
• file storage for media (e.g., profile images, QR codes) (e.g., Firebase Storage);
• notifications via device tokens (e.g., FCM);
• feature flags / configuration metadata (e.g., Remote Config);
• payment processing via payment service providers (e.g., Stripe: payments, subscriptions, invoices).

The user acknowledges that, depending on usage, this may involve data categories such as user profiles, role/scope data, configuration metadata, billing references, sales/commission data, device tokens, and audit logs.

11.5 Local storage on the end device. The App may store local settings/preferences and cached UI values on the end device (e.g., to improve usability). Where preferences are synchronized, this is done within the designated data areas.

11.6 Cookies and technical storage mechanisms (browser). Where the browser-based application or the Admin Area uses cookies, session identifiers, or comparable technical storage mechanisms (e.g., for secure sessions), this occurs exclusively for the provision, security, and stability of the application. For purely static marketing/policy pages, the technical documentation indicates that the application code does not set cookies and does not write local-storage data; this does not affect technically necessary processes at the browser or infrastructure level (e.g., transport/security mechanisms), where applicable.

11.7 Push notifications. Where push notifications are enabled, the App may process device tokens to deliver notifications to the end device. Users may disable notifications in the system settings of the end device; the Provider provides technical information in the App and/or in the privacy policy.

11.8 Contact / lead capture (website). If the Provider provides a contact or “Get Started” form on the website, the data entered there (in particular name, email, company details, and consent declarations; optionally further information) is processed for the purpose of handling the inquiry and stored in suitable systems. Details are set out in the privacy policy.

12. Term, Termination, Blocking

12.1 The user relationship with Guests is formed upon installation or access of the App and acceptance of these Terms and is concluded for an indefinite period.

12.2 Guests may end use of the App at any time by:

• deleting the App from their end devices, and
• ceasing further use of the browser-based App.

12.3 Hotels and Employees use the App based on the underlying Cooperation Agreement and/or the Hotel’s linkage. The term results from that agreement. If the Cooperation Agreement ends, the Provider is entitled to block or delete Hotel and Employee accounts; Guests may continue to use any installed Apps, but without reference to the formerly connected Hotel.

12.4 The Provider is entitled to terminate the user relationship for cause without notice and/or to block user accounts, in particular in cases of:

• serious or repeated violations of these Terms;
• abusive use of the App;
• unlawful interference with the technical infrastructure.

13. Changes to the App and the Terms

13.1 The Provider is entitled to amend these Terms with effect for the future if:

• a change in the legal situation or case law,
• a change in technical conditions, or
• further development of the App makes this necessary or appropriate and the changes do not unreasonably disadvantage the user.

13.2 Changes will be communicated to users in an appropriate manner (e.g., within the App, by notice upon the next start of the App, or via the website). Where legally required, the Provider will obtain the user’s consent. If the user objects to the amended Terms, the Provider may terminate the user relationship or prevent further use of the App.

14. Governing Law and Jurisdiction

14.1 These Terms are governed by the laws of the Republic of Cyprus, excluding conflict-of-law rules and the UN Convention on Contracts for the International Sale of Goods (CISG).

14.2 If the user is a merchant and/or entrepreneur, a legal entity under public law, or a special fund under public law, the exclusive place of jurisdiction for all disputes arising out of or in connection with these Terms shall be the Provider’s registered office.

14.3 If the user is a consumer domiciled in a Member State of the European Union, mandatory consumer protection provisions of the consumer’s state of residence remain unaffected. Any mandatory consumer jurisdiction provisions are not excluded by this clause.

15. Special Provisions for the iOS Version (Apple App Store)

For users who install the App via the Apple App Store on an Apple device, the following provisions apply in addition to the above clauses and are intended to comply with Apple’s requirements for a separate end user license agreement:

15.1 Contracting party, no responsibility of Apple. The user acknowledges that this contract is concluded exclusively between the user and the Provider, not with Apple. The Provider, not Apple, is solely responsible for the App and its content.

15.2 Scope of license. The license granted is limited to use of the App on Apple products that the user owns or controls and in accordance with the usage rules set out in the applicable Apple Media Services terms. Use via Family Sharing or volume purchasing is permitted within the scope of these usage rules.

15.3 Maintenance and support. Maintenance and support services for the App are provided exclusively by the Provider. The user acknowledges that Apple has no obligation whatsoever to furnish any maintenance or support services for the App.

15.4 Warranty. The Provider is responsible for any statutory or contractual warranties to the extent they are not validly excluded or limited. In the event of a defect of the App, the user may notify Apple; Apple may refund the purchase price of the App (if the App was not provided free of charge). To the extent permitted by law, Apple has no further warranty obligation with respect to the App; any other claims must be asserted exclusively against the Provider.

15.5 Product-related claims. The user acknowledges that the Provider, not Apple, is solely responsible for addressing any claims by the user or third parties relating to the App or the user’s possession and/or use of the App. This includes, in particular, product liability claims, claims regarding compliance with legal or regulatory requirements, and claims under consumer protection laws.

15.6 Intellectual property rights. In the event of any claim that the App or the user’s use of the App infringes a third party’s intellectual property rights, the Provider, not Apple, is solely responsible for investigation, defense, settlement, and discharge of any such claim.

15.7 Export and sanctions law. The user represents and warrants that (i) they are not located in a country subject to a U.S. government embargo or designated by the U.S. government as a “terrorist supporting” country, and (ii) they are not listed on any U.S. government list of prohibited or restricted parties.

15.8 Provider contact details. Questions, complaints, or claims relating to the App must be directed exclusively to the Provider. The Provider’s contact details are set out at the top of these Terms and are also provided in the App and in the App Store listing.

15.9 Third-party terms. When using the App, the user must ensure compliance with any applicable third-party agreements (e.g., mobile carrier terms, data plan terms).

15.10 Third-party beneficiary rights of Apple. The user and the Provider acknowledge that Apple and its subsidiaries are third-party beneficiaries of these provisions. Upon the user’s acceptance of these Terms, Apple shall have the right to enforce these provisions against the user as a third-party beneficiary.

16. Final Provisions

16.1 If any provision of these Terms is or becomes wholly or partially invalid or unenforceable, the validity of the remaining provisions shall not be affected. In place of the invalid or unenforceable provision, a valid provision shall be deemed agreed that comes closest to the economic purpose of the invalid provision. The same applies to any gaps in these Terms.

16.2 There are no oral or written side agreements in addition to these Terms unless expressly agreed otherwise. Amendments and supplements must be in text form to the extent legally permissible.