Consent to recurring payments (automatic debits)

1. Subject matter, scope and terms

1.1. Subject of the document.
This Consent governs automatic periodic debits (recurring payments, auto-renewal) in favor of the Operator for access to paid features of the TLOA Services. The Consent is provided separately and expressly, in addition to acceptance of the User Agreement and Privacy Policy, and applies to all paid plans purchased by the User specified in clause 1.3.

1.2. Parties and roles.
1.2.1. Operator (merchant): Individual Entrepreneur Vezhina Oksana Vladimirovna (OGRNIP 324470400023858, INN 470516487295).
1.2.2. Payment aggregator: Prodamus, which receives and processes payments on behalf of the Operator, including tokenization of payment instruments and recurring debits.
1.2.3. User’s issuing bank/payment system — the financial institutions servicing the card/account, apply their own authorization, fee and conversion rules.
1.2.4. Role distribution: The Operator manages access to the Subscription (enable/disable auto-renewal, access periods, notifications), while Prodamus is responsible for technical payment processing (payment acceptance, token, repeated debits). The Operator does not receive or store payment card details.

1.3. Subscription plans and frequency.
The User may purchase paid plans with the following frequency:
— 1 month (monthly),
— 3 months (quarterly),
— 12 months (annually).
The Subscription is valid for the paid period and is automatically renewed for the next equivalent period if the User has not disabled auto-renewal in advance (see definitions in clause 1.6 and the procedure in the following sections).

1.4. Territorial applicability and restrictions.
The Consent and recurring debits may be used by Users worldwide, except mainland China (registration and paid features are unavailable). Personal data of Russian citizens is localized in the RU hub, and data of other Users — in the EU hub; payment processing through Prodamus may involve cross-border transfer of necessary payment data within the requirements of applicable law and agreements with payment systems.

1.5. Age and account.
The Services and paid plans are available only to Users 18+. A valid e-mail is required to set up and administer the Subscription (for receipts, confirmations, pre-debit notifications) and access to the Personal Account (section ‘Profile → Subscription’).

1.6. Definitions (for clarity of terminology).
1.6.1. Subscription — paid access to the features of the Services for a term corresponding to the selected plan (1/3/12 months), with auto-renewal until disabled.
1.6.2. Auto-renewal — automatic debiting of the cost of the next period at the end of the current one, without re-entering card details, on the basis of this Consent.
1.6.3. Initial transaction (CIT) — the first payment with entry of details and, if necessary, authentication (including 3-D Secure/SCA).
1.6.4. Subsequent transaction (MIT) — later debits using the token without re-entering the card; initiated by the merchant under the Subscription terms.
1.6.5. Token (payment instrument token) — a unique identifier of a card/wallet created by Prodamus after the first successful payment; stored by the payment aggregator and used for MIT.
1.6.6. Next debit date — the calendar date on which, if auto-renewal is active, Prodamus will attempt to debit the cost of the next period.
1.6.7. Trading descriptor — the text under which the transaction appears in the User’s bank statement (for example, ‘PRODAMUS*TLOA’ or similar).
1.6.8. Pre-debit notification — an e-mail (and/or push) sent before the next debit date, informing the User of the amount, debit date and the way to cancel auto-renewal.
1.6.9. Disabling auto-renewal — the User’s action in the Personal Account that stops future debits (access is retained until the end of the already paid period).
1.6.10. Price change (material) — an increase in price/change in frequency that affects the amount or frequency of debits; requires prior notice within the established period and gives the User the right to disable auto-renewal in advance.
1.6.11. Receipt/online receipt — payment confirmation sent to the User’s e-mail; for Russia, a fiscal receipt is additionally generated in accordance with legal requirements.
1.6.12. Chargeback — a request initiated by the User through the issuing bank to reverse a transaction under the rules of payment systems (Visa/Mastercard, etc.).
1.6.13. Home hub — the data storage infrastructure assigned at registration: the RU hub for Russian citizens; EU hub — for all other Users.

1.7. Relationship with other documents.
This Consent supplements the User Agreement and Privacy Policy. As regards recurring debits specifically, the provisions of this Consent prevail; for other matters, the provisions of the User Agreement and Privacy Policy apply.

1.8. Transparency and language.
The terms of the Consent are shown to the User before Subscription purchase in the interface language they can understand (RU/EN). Key parameters (plan, price, currency, next debit date, auto-renewal and the method of disabling it) are shown directly on the payment screen and duplicated in the e-mail confirmation.

1.9. Separate consent and form.
Consent to recurring debits is оформляется with a separate checkbox ‘I agree to recurring debits (auto-renewal)’ and is confirmed by successful initial payment. The fact of consent, date/time, IP, userID, and version of the Consent text are recorded in the Operator’s logs.

1.10. Security of payment data.
Entry, storage and processing of payment card details are carried out exclusively on the Prodamus side. The Operator receives only service data necessary for Subscription accounting (status/transaction ID, masked details) and does not store full card data.

2. Procedure for providing and recording consent

2.1. Form of consent.
2.1.1. Consent to recurring payments is provided by the User separately, by ticking the checkbox ‘I agree to recurring debits (auto-renewal)’ on the Subscription checkout screen.
2.1.2. Consent may not be combined with other checkboxes (for example, with consent to the Privacy Policy or the processing of sensitive data).
2.1.3. Under international standards (GDPR, PSD2, CCPA/CPRA, LGPD), consent must be freely given, informed and unambiguous, and it is this format that ensures compliance with this requirement.

2.2. Display of key terms.
Before payment is confirmed, the User is explicitly shown:
— the selected Subscription plan (1, 3 or 12 months);
— the price and currency of the payment;
— the next debit date;
— the trading descriptor (as it will appear in the bank statement);
— the procedure for disabling auto-renewal (a link to the Personal Account);
— information that card details are stored only with Prodamus and are not processed by the Operator.

2.2.1. Key subscription parameters (selected plan, price, currency, next debit date, trading descriptor, auto-renewal status and the method of disabling it) are always available to the User in their Personal Account.

2.3. Confirmation of consent.
2.3.1. After clicking the ‘Pay’ button, the User goes through the initial payment process via Prodamus (CIT), including, if necessary, 3-D Secure/SCA authentication.
2.3.2. A successful payment together with the checked box is recorded as acceptance of this Consent.
2.3.3. Prodamus returns a unique card token (MIT) to the Operator, which will be used for subsequent debits.

2.4. Logging.
2.4.1. The Operator’s infrastructure (RU/EU hub) records:
— the date and time the consent was given;
— the IP address and userID of the User;
— the version of the Consent text to which consent was given;
— the transaction identifier in Prodamus.
2.4.2. This data is used exclusively for the purpose of confirming the fact of consent in the event of inspections (by a regulator, payment system or court).

2.5. User notifications.
2.5.1. After successful Subscription checkout, the User receives an e-mail with:
— payment confirmation,
— the next debit date,
— a link to disable auto-renewal,
— the text/link to this Consent.
2.5.2. No later than 3 calendar days before the next debit date (or within a longer period if required by local law), the User is sent a pre-debit notification (e-mail and/or push): amount, debit date, cancellation method.

2.6. International requirements.
2.6.1. For users in the EU/UK — compliance with GDPR and the PSD2 Directive: explicit consent, SCA for the initial payment, the right to withdraw consent at any time.
2.6.2. For users in the United States (including California) — compliance with CCPA/CPRA requirements: transparent terms, the ability to disable auto-renewal in one click, prohibition of hidden terms.
2.6.3. For Brazil (LGPD) — a separate consent and the ability to freely withdraw it.
2.6.4. For Russia — compliance with the requirements of Federal Law No. 2300-1 ‘On Protection of Consumer Rights’ (Article 16.1 — prohibition on imposing additional services) and Federal Law No. 161-FZ ‘On the National Payment System’ (informed and voluntary consent).

3. Procedure for auto-renewal, debits and disabling

3.1. Auto-renewal mechanism.
3.1.1. The Subscription is provided for 1, 3 or 12 months depending on the User’s choice.
3.1.2. At the end of the paid period, the Subscription is automatically renewed for the same term (1, 3 or 12 months) provided that a valid payment instrument remains stored in Prodamus.
3.1.3. Auto-renewal is carried out on the basis of the consent given by the User (see section 2).

3.2. Debiting funds.
3.2.1. The first debit occurs at the moment of Subscription payment through Prodamus (CIT transaction).
3.2.2. Subsequent debits are made automatically (MIT transactions) using data encrypted and stored by Prodamus. The Operator does not store or process bank card details.
3.2.3. 3 calendar days before the planned debit (or within a longer period if required by local law), the User receives a pre-debit notification (e-mail and/or push) indicating the amount, date and a link to opt out of auto-renewal.
3.2.4. The debit date may differ from the calendar month in the event:
— the bank declined the transaction and a retry is made;
— the date falls on a non-working day (the debit is postponed to the next working day).

3.3. Conditions for a successful debit.
3.3.1. Automatic debit is possible only if:
— there are sufficient funds in the account;
— there is a valid card supporting recurring payments;
— there is no ban on automatic debits by the bank.
3.3.2. If the bank declines the payment or there are insufficient funds, Prodamus may make several retry attempts within 3–5 days.

3.3.3. The User has the right to opt out of receiving notifications about upcoming debits through the personal account settings or support service, except in cases where such notifications are mandatory under law or payment system rules (for example, in the EU/UK, the US). In such cases, notifications are sent anyway.

3.4. Disabling auto-renewal.
3.4.1. The User has the right to disable auto-renewal at any time in the Personal Account, or via the link in the pre-debit notification. Cancellation is performed in one click without additional steps or hidden screens. After disabling auto-renewal, the User receives a confirmation e-mail stating the date on which debits will stop. Disabling auto-renewal means that the current paid period remains valid until the end, but no new debit is made. After disabling auto-renewal, the User retains full access to the Services until the end of the paid period.

3.5. Refunds and claims.
3.5.1. Refunds for an unused period of the Subscription are possible only in cases expressly provided for by law (for example, under the Russian Law ‘On Protection of Consumer Rights’ for users in Russia, or similar acts in other jurisdictions).
3.5.2. All claims regarding erroneous or duplicate debits are handled by the payment aggregator Prodamus, through which the transactions are processed. The Operator is not responsible for failures in banks, payment systems or the aggregator.
3.5.3. The User may contact the Operator’s support service to assist in resolving the matter with Prodamus.

3.6. International standards.
3.6.1. EU/UK: the PSD2 requirements are met — the initial debit goes through SCA (3-D Secure), and subsequent debits (MIT) are made without re-authentication.
3.6.2. US: for users in California, CPRA is complied with — transparent information about the price, dates and conditions for opting out of auto-renewal is provided; the right to opt out at any time applies.
3.6.3. Brazil: under LGPD, consent to recurring debits is separate and can be freely withdrawn.
3.6.4. Russia: under Article 16.1 of the Consumer Protection Law, auto-renewal cannot be enabled by default — only after the User’s explicit consent.

4. Rights and obligations of the parties

4.1. Obligations of the Operator.
4.1.1. Provide the User with access to the paid functionality of the Services during the paid period of the Subscription (1, 3 or 12 months) subject to a successful debit.
4.1.2. Provide a clear and accessible mechanism for managing the Subscription and auto-renewal: disabling auto-renewal in the Personal Account and/or via a direct link from the notification.
4.1.3. Inform the User in advance of any planned debit no later than 3 calendar days before the debit date (e-mail and/or push), indicating the amount, date, tariff and a link to opt out of auto-renewal.
4.1.4. Not store or process the Users’ bank card details; processing is carried out exclusively by the payment aggregator Prodamus using secure standards (PCI DSS and other applicable requirements). The Prodamus payment aggregator is certified to the PCI DSS security standard, which ensures compliance with international requirements for the protection of payment data.
4.1.5. Keep records (logging) of the fact that consent to recurring debits was given and of its withdrawal: date/time, IP address, userID, document version, method of confirmation (including the results of 3-D Secure/SCA during the initial payment).
4.1.6. Ensure information security: TLS/HTTPS, encryption of sensitive application data (not payment details), administrative access control, backup in the ‘home’ hub (RU → RU, EU → EU).
4.1.7. Handle Users’ requests regarding debits and auto-renewal, interacting with Prodamus if necessary; provide reference information (transaction identifiers, statuses).
4.1.8. Notify about price changes in advance (see the tariff section): new prices apply only to the next period; before the renewal date the User has the right to disable auto-renewal.
4.1.9. Comply with mandatory legal norms of the Users’ jurisdictions (EU/UK — PSD2, SCA; US/California — transparency and the right to opt out; Brazil — withdrawal of consent; Russia — prohibition of auto-renewal ‘by default’ and consumer information).
4.1.10. Stop further recurring debits immediately after receiving a withdrawal of consent or the User disabling auto-renewal (no further MIT operations are initiated).

4.2. Rights of the Operator.
4.2.1. Restrict access to the paid features of the Services in the event of an unsuccessful debit (at the end of the paid period and/or after Prodamus has exhausted retry attempts).
4.2.2. Suspend access if the User violates the Agreement/Policy terms, abuses chargebacks, engages in fraud activity or uses invalid/unauthorized payment instruments.
4.2.3. Make changes to the notification procedure and the technical logic of debits, without worsening the User’s rights and while complying with mandatory norms and the terms of this Consent.
4.2.4. Require re-authentication/re-binding of the card if required by the issuing bank, payment system, PSD2/SCA or other rules.

4.3. Obligations of the User.
4.3.1. Provide accurate registration data and keep it up to date; ensure the confidentiality of account credentials.
4.3.2. Ensure the availability of a valid payment instrument, sufficient balance and the absence of restrictions on recurring debits by the bank.
4.3.3. Disable auto-renewal in a timely manner if the User does not plan to renew the Subscription; review the pre-debit notifications and renewal terms.
4.3.4. In the event of a disputed or erroneous transaction, promptly contact the Operator’s support and/or Prodamus to resolve the issue; do not abuse the chargeback procedure.
4.3.5. Comply with the applicable laws of their jurisdiction when using the Services and making payments.

4.4. Rights of the User.
4.4.1. At any time disable auto-renewal in the Personal Account and/or via the link in the notification; access is retained until the end of the current paid period.
4.4.2. Withdraw consent to recurring debits — this immediately stops future debits; however, the terms of the current paid period remain in force until its end (unless otherwise provided by mandatory law/refund policy).
4.4.3. Receive transparent information about the amount, date and basis of debits; request confirmations and transaction statuses.
4.4.4. Demand a refund in cases expressly provided for by the law of their jurisdiction and/or the refund terms (for example, non-performance of services due to the Operator’s fault).
4.4.5. Use consumer rights protection mechanisms provided by mandatory rules (EU/UK — consumer rights, US/CPRA — transparency and the right to opt out, Brazil/LGPD — withdrawal of consent, etc.).

4.5. Limitation and allocation of liability.
4.5.1. Payment processing, storage and protection of payment details are performed by Prodamus. The Operator is not liable for:
— technical failures of the payment infrastructure (banks, payment systems, aggregator);
— issuing bank declines, limits, blocks and anti-fraud checks;
— errors caused by the User (loss of access to e-mail/account, failure to disable auto-renewal in time, provision of an invalid card).
4.5.2. At the same time, the Operator: (i) properly informs about debits; (ii) provides a simple way to opt out; (iii) assists the User in interacting with Prodamus; (iv) complies with mandatory norms and consumer protection obligations.
4.5.3. The Operator is not responsible for the inability to debit for reasons dependent on third parties (bank, payment system) or on the User; in such cases access to paid features may be restricted after the end of the paid period.
4.5.4. Nothing in this Consent limits the User’s mandatory rights provided by the law of their country (including the right to opt out, refund, withdraw consent, access information, etc.).

4.6. Pricing and changes to terms.
4.6.1. The price of the Subscription is indicated before payment and in renewal notifications; if the price changes, the Operator notifies the User in advance, and the new price applies only to the next period.
4.6.2. If the User does not agree with the new price, they may disable auto-renewal before the debit date; failure to disable it is deemed consent to renewal at the new price (unless such a structure is prohibited by mandatory law in a particular jurisdiction).
4.6.3. Promotions/promo codes/preferential periods apply within the announced terms; upon their expiration, the base price for the next period applies, and the User is notified in advance.

4.7. Term of consent and account records.
4.7.1. Consent to recurring debits remains valid until it is withdrawn by the User or until the account is deleted; no further debits are initiated after withdrawal.
4.7.2. The Operator stores evidence of consent and Subscription actions (consent logs, transaction statuses, document versions) to the extent and for the periods required to comply with the law and protect the rights of the parties, in compliance with data localization and regional storage requirements (RU hub/EU hub).

5. Withdrawal of consent, refunds and chargebacks

5.1. Withdrawal of consent to recurring debits.
5.1.1. The User may withdraw consent to recurring debits at any time by disabling auto-renewal in the Personal Account or via the direct link in the renewal notification.
5.1.2. Withdrawal of consent stops future debits; however, access to the paid functionality remains available until the end of the paid period.
5.1.3. The fact of withdrawal of consent is recorded in the logs: date, time, IP address, userID, document version.
5.1.4. No further debits are initiated after withdrawal. Reconnection is possible only by giving consent again during a new purchase.

5.1.5. Deleting card details from the personal account or through Prodamus automatically stops further recurring debits.

5.2. Refunds.
5.2.1. Refunds for digital services (the Subscription, packages and other digital content) are not provided after access has begun, except in cases of: (i) an erroneous or duplicate debit; (ii) a technical failure caused by the Operator, due to which the User did not actually receive the paid access. The User confirms and agrees that at the moment of payment and access activation they lose the right to a refund, including the right provided by consumer protection law (including the right to withdraw within 14 days in the EU/UK and 7 days in Brazil), because the provision of digital content begins immediately.
5.2.2. Refunds are made exclusively through the payment aggregator Prodamus within the time limits established by its rules and the rules of payment systems.
5.2.3. When funds are returned to the User’s card, the crediting time depends on the issuing bank and is not controlled by the Operator.
5.2.4. Special rules apply to digital services: if the User has started using the paid functionality, the refund may be limited by law (for example, under the Russian Law ‘On Protection of Consumer Rights’ and the EU Digital Content Directive).
5.2.5. In any case, the refund may not exceed the amount actually paid and is possible only to the same card/account from which the payment was made.

5.3. Refund procedure.
5.3.1. To obtain a refund, the User must submit a request through the Personal Account or to the support service e-mail.
5.3.2. The request must contain: full name, account e-mail, date and amount of debit, reason for the request.
5.3.3. The Operator reviews the request within 10 business days and makes a decision in accordance with the law and the terms of this Consent.
5.3.4. If approved, the refund is initiated through Prodamus; the User is notified by e-mail.

5.4. Chargeback.
5.4.1. The User has the right to dispute the transaction through the issuing bank by way of chargeback.
5.4.2. In the event of an unjustified chargeback (for example, when the Subscription is active or the service has been used), the Operator has the right to:
— restrict access to the Services,
— block the account,
— recover losses through legal action, if any were incurred.
5.4.3. The Operator undertakes to assist in resolving disputed transactions by providing Prodamus and the bank with evidence of the User’s consent and the fact that the service was provided (logs, transaction identifiers, document versions).
5.4.4. It is recommended that all disputed issues be resolved directly with the Operator before filing a chargeback in order to avoid account blocks and additional costs.

5.5. Transparency and protection of rights.
5.5.1. The Operator ensures transparency of all procedures for the User: information about debits, opt-out methods and refunds is always available in the Personal Account and in the documentation.
5.5.2. This section does not limit the User’s mandatory rights provided by the law of their country (for example, the right to withdraw consent, refund, access information).
5.5.3. In the event of a conflict between this Consent and mandatory legal norms, the norms providing the User with a higher level of protection prevail.

6. Tariffs and payment terms

6.1. Types of paid access.
6.1.1. Paid access is provided by subscription for a fixed term: 1 month, 3 months or 12 months(“Subscription”). The content of the Subscription and the list of included features (neuroprograms, audio practices, checklists, reminders, ‘abundance bank’, progress, etc.) are indicated in the Services interface at the time of purchase.
6.1.2. The Subscription is personal and may not be transferred to third parties.
6.1.3. One-time paid ChatBot packages (10/50/100 requests for 30 days) may also be provided — see clause 6.12.

6.2. Price, currency and price display.
6.2.1. Current prices for each plan (1/3/12 months) are shown in the Services interface immediately before payment.
6.2.2. The currency is displayed according to the User’s region and may differ (for example, RUB/EUR/USD, etc.). The total amount payable and the currency are always indicated on the Prodamus payment page.
6.2.3. When converting currencies, the User’s card issuing bank may charge fees/spreads; such fees are not controlled by the Operator and are not subject to reimbursement.
6.2.4. Taxes and mandatory fees (if applicable) are shown in the receipt/on the payment page. If the User’s country has special tax rules for digital services, the calculation and display of such amounts are carried out at the payment stage.

6.3. Payment methods and security.
6.3.1. Payment is made by bank cards and other supported methods through the payment aggregator Prodamus.
6.3.2. The Operator does not process or store bank card data; processing of card details, 3-D Secure/Strong Customer Authentication (SCA), tokenization and anti-fraud checks are carried out by Prodamus and/or payment systems.
6.3.3. Completing the payment may require additional authentication (3-D Secure/SCA). Failure to complete authentication may result in the transaction being declined.

6.4. Recurring debits (auto-renewal).
6.4.1. When purchasing a Subscription, the User may explicitly agree to auto-renewal. In this case, at the end of the paid period (1/3/12 months), the next payment is made automatically for the same period and at the current price, unless otherwise stated.
6.4.2. Consent to recurring debits is provided separately on the Prodamus payment page and is recorded in the Operator’s logs (date/time, IP, userID, version of terms).
6.4.3. Auto-renewal can be disabled in the Personal Account at any time; the access remains valid until the end of the already paid period, and no new debits are initiated.
6.4.4. In the event of a price change (see clause 6.6), the Operator notifies the User in advance; if the User disagrees, the User disables auto-renewal before the next debit date.

6.5. Receipts and confirmations.
6.5.1. After successful payment, an electronic receipt/invoice is sent to the e-mail specified in the account, and the status in the Personal Account is updated.
6.5.2. In the bank statement, the payment may appear with a billing descriptor associated with Prodamus and/or the service name.

6.6. Price changes and subscription terms.
6.6.1. The Operator has the right to change prices and Subscription contents. For new purchases, the changes take effect immediately upon publication.
6.6.2. For active auto-renewals, the changes apply only to the next period, and the User is notified in advance in the Services and/or by e-mail. If the User disagrees with the changes, the User disables auto-renewal before the debit date. The paid period continues under the previous terms.
6.6.3. Promotions and promo codes are valid for the stated periods and do not stack unless expressly stated otherwise.

6.7. Term of access and suspension.
6.7.1. Access under the Subscription is granted from the moment payment is confirmed for the entire selected term (1/3/12 months).
6.7.2. In the event of an unsuccessful debit within auto-renewal, Prodamus may perform automatic retries. If the payment does not go through, the Operator has the right to suspend access until the payment succeeds or the User disables auto-renewal.
6.7.3. If access is suspended due to failed debits, access is restored automatically after successful payment.

6.8. Cancellation, refunds and chargebacks.
6.8.1. The rules for canceling auto-renewal and refunds are set out in section 5 of this Consent.
6.8.2. Refunds (if provided for by law and/or service terms) are made exclusively through Prodamus to the same payment instrument. Credit time depends on the User’s bank.
6.8.3. In the event of an unjustified chargeback, the Operator has the right to restrict access to the Services and seek compensation for losses incurred, if any.

6.9. Regional and legal restrictions.
6.9.1. The Services are available worldwide, except mainland China. For users from certain countries, tax rules and consumer rights may differ; such differences are taken into account on the payment page and/or in receipts.
6.9.2. When processing recurring payments, the requirements of payment systems and local regulators apply (including SCA/3-D Secure in the EU/UK).

6.10. Liability and role allocation.
6.10.1. Prodamus acts as the payment provider and is responsible for processing and security of payment data, as well as for carrying out transactions in accordance with the rules of payment systems and applicable law.
6.10.2. The Operator is responsible for providing access to digital services within the paid period, correctly reflecting Subscription status and supporting the User on issues related to use of the Services.
6.10.3. The Operator is not liable for delays/failures of banks and payment systems, bank fees and exchange rate differences, or for the consequences of unsuccessful SCA/3-D Secure authentication.

6.11. Special terms, trial periods and gift codes.
6.11.1. When a trial period is provided, the terms (duration, transition to paid access, need for explicit consent) are displayed directly in the interface before activation.
6.11.2. Gift codes/promo codes (if offered) are not exchangeable for money, do not extend access beyond what was agreed, and are applied according to the promotion rules.

6.12. Paid ChatBot packages.
6.12.1. Packages of 10 / 50 / 100 requests are purchased as a one-time purchase with a validity period of 30 days from the moment of purchase; the balance is not carried over to the next period.
6.12.2. ChatBot packages are not renewed automatically, unless the User separately agreed to auto-renewal specifically for the packages (by default — no).
6.12.3. Refunds for packages are possible only in cases provided for by law and/or where the service was not provided due to the Operator’s fault; if the package has been partially/fully used, the refund may be limited. The other rules of section 5 apply.

6.13. Communications and support.
6.13.1. Information about debits, Subscription status, changes to terms and promotions is sent to the Personal Account and/or the User’s e-mail.
6.13.2. For questions regarding payment, refunds and subscriptions, the User may contact the Operator’s support service; if necessary, the Operator interacts with Prodamus to resolve the issue.

7. Force majeure, technical and regulatory restrictions, security and incidents

7.1. Force majeure (circumstances beyond reasonable control).
7.1.1. The Parties are released from liability for full or partial non-performance of obligations under this Consent in the event of force majeure arising after its conclusion and beyond the reasonable control of the Parties. Such circumstances include, in particular: natural disasters, epidemics/pandemics, war and conflicts, mass unrest, terrorist acts, acts and prohibitions of authorities, changes in legislation, sanctions and export controls, outages of payment infrastructure and correspondent settlements, data center and communication network failures, large-scale cyberattacks, accidents and power outages, and other events that could not have been foreseen and prevented by reasonable measures.
7.1.2. During the force majeure period, performance of obligations is suspended in the relevant part; a breach during this period does not entail liability. Deadlines are extended proportionally to the duration of such circumstances.
7.1.3. The Party affected by force majeure notifies the other Party within a reasonable time by any available means (posting in the Services, e-mail). Upon request, confirmation of the nature of the circumstances may be provided to the extent that does not compromise security and confidentiality.
7.1.4. If force majeure lasts more than 60 calendar days and materially prevents the provision of paid services, either Party may terminate this Consent as to recurring debits by giving the other Party 7 calendar days’ notice. Termination does not relieve the Parties of obligations that arose before the termination date, unless otherwise required by mandatory law.

7.2. Sanctions, export controls and geo-restrictions.
7.2.1. The Services and recurring debits are unavailable to users in mainland China. The Operator may suspend or terminate the provision of services and/or auto-renewal, and restrict hosting and billing if their provision becomes unlawful or impossible due to sanctions, export controls, currency/payment restrictions, blocking of settlements, requirements of payment systems or providers.
7.2.2. The User confirms that they are not located in, and are not a resident of, jurisdictions subject to applicable sanctions/prohibitions, and does not use the Services in violation of sanctions regimes.
7.2.3. Such measures (suspension/restriction) are not considered a breach of the Consent; the Operator informs the User to the extent possible.

7.3. Technical unavailability, maintenance and beta features.
7.3.1. The Operator strives to ensure round-the-clock availability of the Services and payment logic, but does not guarantee the absence of failures, interruptions and errors. Maintenance work, updates, fixes, as well as the provision of certain functions in ‘beta’/‘early access’ mode may occur.
7.3.2. In the event of a failure or unavailability, the Operator informs Users through the Services and/or by e-mail (if reasonable and possible) and makes efforts to restore service as soon as possible.
7.3.3. During a prolonged unavailability of the main paid functionality for a substantial part of the paid period, the Operator may, at its discretion, offer compensation in the form of an extension of access, a bonus or a discount. A monetary refund is made only in cases expressly provided for by applicable law or refund terms.
7.3.4. During force majeure or technical failures, auto-renewal may be temporarily unavailable; in such case, access ends at the end of the paid period, unless otherwise permitted (or required) by law.

7.4. Payment infrastructure and tokenization.
7.4.1. Payments are accepted and processed by the payment aggregator Prodamus. Entry, storage and processing of payment card details are carried out exclusively on its side in accordance with security standards (including PCI DSS and payment system rules). The Operator does not receive or store full card details.
7.4.2. The initial payment is made as a CIT transaction using Strong Customer Authentication (3-D Secure/SCA, if required). Subsequent debits are made as MIT via the token created by Prodamus.
7.4.3. A token may become invalid in cases of card expiration, reissue/BIN rebranding, issuing bank requirements, anti-fraud checks, withdrawals of consent or payment system rules. In these cases, the User must re-link the payment instrument (re-binding) or make a new initial payment; until then, auto-renewal is not performed.
7.4.4. If necessary, Prodamus and/or the issuing bank may require re-authentication/confirmation (including SCA) to continue debits.

7.5. Data, localization, backups and retention periods.
7.5.1. The Operator keeps records of consents and Subscription actions (consent/withdrawal logs, transaction identifiers, document versions) to the extent and for the periods required to comply with the law, resolve disputes and protect the rights of the parties.
7.5.2. Localization: data of Russian citizens is processed and backed up in the RU hub; data of users from other countries — in the EU hub. Prodamus payment processing may involve cross-border transfer of necessary payment data to the extent provided for by applicable law and payment system rules.
7.5.3. The Operator does not store payment card details; it receives only service information (transaction statuses/ID, masked details) for Subscription accounting and incident resolution.
7.5.4. Backups of logs and service data are made in the ‘home’ hub (RU → RU, EU → EU) as part of regular backup cycles. Retention periods are determined by legal requirements and the need for evidence in disputes (the minimum necessary period).
7.5.5. Processing of sensitive application data (not payment details) is carried out under a separate consent of the User and is not mixed with payment data.

7.6. Information security and incident response.
7.6.1. The Operator applies organizational and technical security measures: TLS/HTTPS, administrative access control, logging, incident monitoring, backups in the ‘home’ hub, access restriction, and standard secure development and operations practices.
7.6.2. Prodamus provides protection of payment data and compliance with payment system requirements, including PCI DSS, SCA and anti-fraud controls.
7.6.3. In the event of a security breach affecting the User, the Operator and/or Prodamus notify the User and, if necessary, the competent authorities within the time and scope established by mandatory rules of the relevant jurisdiction (EU/UK, US, Brazil, Canada, India, Russia, etc.).
7.6.4. The User undertakes to: (i) keep account credentials confidential; (ii) update the contact e-mail in a timely manner to receive receipts/notifications; (iii) immediately report a security incident (suspicious debits, account compromise).

7.7. Communications and notifications.
7.7.1. The User is notified of upcoming debits no later than 3 calendar days in advance (or longer if required by local law) via e-mail and/or push notifications, indicating the amount, debit date and the method for disabling auto-renewal.
7.7.2. The Operator notifies the User in advance of material changes in Subscription prices/terms; if the User disagrees, the User has the right to disable auto-renewal before the debit date. The already paid period continues under the previous terms.
7.7.3. In the event of security incidents, prolonged unavailability or regulatory restrictions, the Operator notifies the User as reasonably possible.

7.8. Priority of mandatory norms and consumer protection.
7.8.1. Nothing in this section limits the User’s mandatory rights provided by the law of their country (including rights to information, opt out, refund, withdrawal of consent, обращения to regulators and other guarantees).
7.8.2. In the event of a conflict, the rule providing a higher level of protection for the User applies, provided that this does not contradict the mandatory requirements of the legislation of the Russian Federation and the rules of payment systems.
7.8.3. For the EU/UK, the requirements of PSD2/SCA, GDPR/UK GDPR and the Digital Content Directive apply; for the US (including California) — CPRA/FTC requirements on transparency and simple opt-out; for Brazil — LGPD; for Canada — PIPEDA; for India — DPDPA; for Russia — the Consumer Protection Law, Federal Law No. 161-FZ and other mandatory norms.

7.9. Consequences of withdrawal of consent and termination of auto-renewal.
7.9.1. After withdrawal of consent and/or disabling auto-renewal, no further MIT operations are initiated; access remains until the end of the paid period, unless otherwise provided by mandatory law or refund terms.
7.9.2. To resume auto-renewal, new explicit consent and a successful initial payment (CIT) with issuance of a new token are required.

7.10. Changes to this section.
7.10.1. The Operator may update this section within the limits permitted by law and payment system rules. The new version takes effect from the moment it is published in the Services, unless otherwise stated; in the event of material changes, the Operator notifies the User and, if necessary, requests renewed consent.

8. Final provisions

8.1. This Consent enters into force from the moment it is accepted by the User (the checkbox is ticked and the initial payment is made) and remains valid until it is withdrawn or replaced by a new version.
8.2. The Operator has the right to make changes to this Consent within the limits permitted by law and payment system rules. The new version is published in the Services and applies to new consents. In the event of material changes, the Operator notifies the User and, if required, requests renewed consent.
8.3. The invalidity or unenforceability of a separate provision of this Consent does not affect the validity of the remaining provisions. Such a provision shall be deemed replaced by a provision as close as possible in meaning and permitted by applicable law.
8.4. Language versions. The Consent is made in Russian and English. For Users in the territory of the Russian Federation, the Russian version prevails. For Users outside the Russian Federation, the English version prevails. In the event of a discrepancy, the version providing a higher level of protection of the User’s rights applies, unless otherwise provided by mandatory norms.
8.5. This Consent does not limit the User’s mandatory rights provided by the law of their country (the right to information, refund, withdrawal of consent, обращения to regulators, etc.).

               9.       Contacts

9.1. For matters related to recurring debits, refunds and use of the paid functionality of the Services, the User may contact:
— the Operator: Individual Entrepreneur Vezhina Oksana Vladimirovna
OGRNIP: 324470400023858, INN: 470516487295
Legal address: in accordance with the EGRIP data
E-mail: info@tloa.app
— the payment aggregator Prodamus (contacts are indicated in the electronic receipt/on the payment page).

9.2. Official notices and messages from the Operator are sent to the User at the e-mail specified during registration, or through the Services interface. Messages are deemed received:
— when sent by e-mail — 24 hours after sending;
— when published in the interface — from the moment they are displayed to the User.