/* Terms of Service content (markdown). Edit this text to update the /terms page.
   Rendering rules (see LegalPages.jsx):
   - "## N. Title" becomes a numbered section heading.
   - "**1.1 Lead.** rest" renders the bold lead inline at the start of the paragraph.
   - Blank lines separate paragraphs; lines starting "(a)" are indented sub-points.
   - Email addresses become mailto links. */

window.TERMS_MD = `Effective date: 5 June 2026

Last updated: 5 June 2026

These Terms of Service (“Terms”) are entered into between Threadmind AI Limited, a company registered in England and Wales with company number, 17218646, and registered office at Xeinadin South East Limited Office 5 Rayleigh Road, Hutton, Brentwood, Essex, England, CM13 1AB (“Threadmind AI”, “we”, “us”, “our”), and the customer that registers for or uses the Service (“Customer”, “you”, “your”). Threadmind AI operates the software-as-a-service platform marketed as “ViZO Studio” (also “ViZO”) at www.vizostudio.ai.

## 1. Introduction, Acceptance and Definitions

**1.1 Acceptance.** By creating an account, clicking “I accept”, accessing or using the Service, or by entering into an Order, you agree to be bound by these Terms. If you do not agree, you must not use the Service. If you are entering into these Terms on behalf of a company or other organisation, you confirm you have authority to bind that organisation, and “you” refers to that organisation.

**1.2 Who may contract.** The Service is intended for businesses (fashion brands, retailers, agencies and similar). It is not directed at consumers acting outside their trade or profession. Where the law treats you as a consumer, your statutory rights are not affected by these Terms (see clause 4.7).

**1.3 Related documents.** These Terms incorporate by reference our Privacy Policy, our Acceptable Use Policy (clause 5), and any Order, plan description or specification published on the website or agreed in writing. Together these form the entire agreement (clause 17.6).

**1.4 Definitions.**

“Account” means your registered account for the Service.

“AI Model(s)” means the wholly AI-generated synthetic human figures, faces, bodies and likenesses depicted in the Output that are not Digital Twins. AI Models are computer-generated and do not depict, and are not intended to depict, any real, living or identifiable person.

“Digital Twin” means a synthetic likeness generated through the Service at your request that is intended to depict a real, identifiable individual, being (a) you, where you are an individual, or (b) a member of your own personnel who has consented in accordance with clause 6A. Digital Twins are the only category of Output intended to depict a real person.

“Credits” means the units of usage that are consumed when you generate Output, as described in clause 3.

“Input Content” means the garment, product and image files (flat-lays, ghost-mannequin and on-model shots), prompts, briefs, accessories, references and other materials you upload to or submit through the Service.

“Output” means the images, 1K, 2K, or 4K imagery, and video and other creative assets generated for you by the Service from your Input Content and instructions.

“Platform” means the ViZO Studio software, websites, APIs, AI Models, machine-learning and foundation models, algorithms, tools, documentation and underlying technology.

“Service” means access to and use of the Platform and any related support.

“Subscription” means a paid plan giving access to the Service for a term.

## 2. Accounts and Registration

**2.1 Eligibility.** You must be at least 18 years old and capable of forming a binding contract to register. The Service is not available to anyone we have previously removed.

**2.2 Accurate information.** You agree to provide true, accurate, current and complete registration and billing information, and to keep it up to date. We may refuse, suspend or reclaim any account or username at our discretion where information is inaccurate or where required to protect the Service.

**2.3 Account security.** You are responsible for safeguarding your login credentials and for all activity that occurs under your Account, whether or not authorised by you. You must notify us without undue delay at support@vizostudio.ai of any suspected unauthorised access or security breach.

**2.4 Users and teams.** If your plan permits multiple users, you are responsible for each authorised user’s compliance with these Terms and remain liable for all use of the Service under your Account.

## 3. Subscriptions, Plans and Credits

**3.1 Plans.** Access to the Service is provided through Subscriptions and/or Credit-based usage as described on our pricing page or in your Order. All features of the Service that are generally available — including batch/bulk processing and, where launched, video generation — are included on every plan. Plans differ only in the number of Credits you may purchase or that are included; they do not differ in feature access.

**3.2 How Credits work.** Generating Output consumes Credits at the rates published for each feature (for example, image generation, batch runs and video generation). All features consume Credits at the same published rates regardless of plan; the only difference between plans is the volume of Credits available to you. Credit costs differ between features, and video generation typically consumes more Credits than image generation. We will display Credit costs before you incur them where reasonably practicable.

**3.3 Credit allocation, roll-over and expiry.** Credit allowances and expiry rules are as stated in your plan. Unless your plan states otherwise: (a) Subscription Credits (Credits included in your Subscription) are made available for each billing cycle. Unused Subscription Credits roll over for up to two (2) months, provided your Subscription remains active; any Subscription Credits not used within that period expire. If your Subscription is cancelled or not renewed, unused and rolled-over Subscription Credits expire on the date your Subscription ends. (b) Top-up Credits (Credits you purchase separately in addition to your Subscription) do not expire and remain available for as long as your Account exists. Top-up Credits are forfeited if your Account is closed or deleted. (c) Credits have no cash value and are not transferable between accounts. Where you hold both types, Subscription Credits are used before Top-up Credits

**3.4 Beta and pre-release features.** Some features may be offered as beta, trial or pre-release. They are provided “as is”, may change or be withdrawn, and may be subject to separate terms.

**3.5 Fair use and limits.** We may apply reasonable technical limits (for example, rate limits, batch-size or concurrency caps) to protect Platform stability, and may adjust them on reasonable notice. Such limits are applied to protect the Service and not as a means of differentiating feature access between plans.

**3.6 Free trial.** We may offer a free trial giving access to the Service for 14 days with 20 free Credits (“Free Trial”). Unless we state otherwise: (a) the Free Trial is for evaluation; trial Credits have no cash value, are non-transferable, and any unused trial Credits expire at the end of the Free Trial period; (b) the Acceptable Use Policy (clause 5) and the ownership terms (clause 6) apply equally to Output generated during the Free Trial; (c) we may change, limit eligibility for (for example, one Free Trial per customer or organisation), or withdraw the Free Trial at any time; and (d) at the end of the 14-day Free Trial, your subscription will automatically convert to a paid Standard plan and your chosen payment method will be charged the then-current fee, on a recurring basis, unless you cancel before the Free Trial ends. You may cancel at any time during the Free Trial through your Account or by contacting support@vizostudio.ai; if you cancel before the Free Trial ends, you will not be charged. Before you begin the Free Trial, we will tell you the price and the date of the first charge that will apply if you do not cancel, and we will provide a straightforward means of cancelling online.

## 4. Payment, Billing, Renewal, Cancellation and Refunds

**4.1 Fees.** You agree to pay the fees for your Subscription and/or Credits at the prices in effect when you purchase, as set out in your Order or on the website. All fees are stated exclusive of VAT and other applicable taxes, which you must pay in addition at the prevailing rate.

**4.2 Billing and payment method.** We bill through our payment processor. You authorise us (and our processor) to charge your chosen payment method for all fees, including on a recurring basis for Subscriptions and on conversion of a Free Trial under clause 3.6, until you cancel. You agree to keep your payment and billing details current. We are not responsible for the acts or omissions of third-party payment processors.

**4.3 Auto-renewal.** Unless your Order states otherwise, Subscriptions renew automatically at the end of each term (monthly or annual) at the then-current fees, until cancelled in accordance with clause 4.5. We will give advance notice of renewal and of any price change where required by law or your plan.

**4.4 Price changes.** We may change fees for future terms on at least 30 days’ written notice (which may be by email). Changes take effect at your next renewal. If you do not accept a price change, you may cancel before it takes effect.

**4.5 Cancellation.** You may cancel your Subscription at any time through your Account or by contacting support@vizostudio.ai. Cancellation takes effect at the end of the then-current paid term; you retain access until then. Cancellation stops future renewals but does not entitle you to a refund of fees already paid except as set out in clause 4.6 or as required by law.

**4.6 Refunds.** Except as required by law or as expressly stated in your Order, all fees and Credits are non-refundable. This includes Subscription fees, renewal payments, Credits already consumed (each generation incurs computing costs we cannot recover), unused Subscription Credits, and Top-up Credits. If you cancel or downgrade, no refund is issued and you retain access to the Service until the end of your current billing cycle; Credits are treated as set out in clause 3.3. Nothing in this clause affects your statutory rights, including any right to a remedy where the Service is not supplied with reasonable care and skill or is otherwise faulty.

**4.7 Consumer cancellation rights (if applicable).** If, exceptionally, you contract as a consumer, you may have a statutory 14-day right to cancel under the Consumer Contracts (Information, Cancellation and Additional Charges) Regulations 2013. Because the Service supplies digital content and digital services, by purchasing and asking to use the Service immediately you expressly request that we begin supply during the cancellation period and acknowledge that you will lose your right to cancel once digital content has been generated/downloaded (and that you will be charged for digital services already supplied). This consumer cancellation right is separate from, and additional to, the contractual right to cancel a Free Trial before it converts under clause 3.6. Nothing in these Terms excludes your non-excludable rights under the Consumer Rights Act 2015.

**4.8 Late payment and suspension.** If any payment is overdue, we may suspend your access to the Service until payment is made, and interest will accrue on the overdue amount at 8% per annum above the Bank of England base rate, in accordance with the Late Payment of Commercial Debts (Interest) Act 1998, from the due date until payment is made (whether before or after judgment). We may also recover reasonable costs of collection as permitted by that Act.

## 5. Acceptable Use Policy

**5.1 General.** You must use the Service only for lawful purposes, in compliance with these Terms and all applicable laws. You are responsible for all Input Content you upload and all Output you generate, share, download or publish.

**5.2 Prohibited content and conduct.** You must not use the Service to upload, generate, store, distribute or attempt to generate any content that:

(a) You do not have the rights to. Any Input Content (including garments, designs, logos, photographs, artwork or brand assets) that you do not own or have the necessary rights, licences and permissions to use, or that infringes any third party’s intellectual property, design, trademark, database, privacy or other rights.

(b) Depicts real or identifiable people without rights. Content intended to depict, recreate, impersonate or generate the likeness, face, voice or other identifying attributes of any real, living or identifiable person (including celebrities and public figures) without that person’s documented consent and all necessary rights; or that creates a misleading impression that a real person endorses or is associated with your products. This prohibition does not apply to a Digital Twin created strictly in accordance with clause 6A (Digital Twins).

(c) Child sexual abuse or exploitation. Any child sexual abuse material (“CSAM”) or content that sexualises, endangers or exploits minors, in any form (including AI-generated, “synthetic” or altered imagery). We operate a strict zero-tolerance policy. We will remove such content, terminate the Account immediately, preserve relevant data, and report to law enforcement and the relevant authorities (including, as applicable, the National Crime Agency and the Internet Watch Foundation) as required by law.

(d) Non-consensual intimate or sexual imagery. Pornographic, sexually explicit or intimate imagery, including non-consensual intimate images or sexual “deepfakes” of real people. Intentionally creating, or requesting the creation of, a non-consensual “purported intimate image” of an adult is a criminal offence under Section 138 of the Data (Use and Access) Act 2025, which amended the Sexual Offences Act 2003. Platforms can also face Online Safety Act enforcement.

(e) Hateful, violent or harmful content. Content that incites or promotes hatred, discrimination, harassment or violence against individuals or groups based on race, ethnicity, nationality, religion, sex, gender, sexual orientation, disability, age or other protected characteristic; or that promotes terrorism, extremism, self-harm or serious harm to others.

(f) Illegal, deceptive or misleading content. Content that is fraudulent, deceptive, defamatory, or that breaches advertising or consumer-protection laws or the UK CAP Code (for example, imagery that misleads consumers about a product’s true characteristics, fit or efficacy).

(g) Other misuse. Malware or harmful code; spam; content that violates the privacy or data-protection rights of others; or content that we reasonably determine to be otherwise objectionable or to create legal risk to us or others.

**5.3 No misrepresentation of AI Models.** You must not present the AI Models as real people, real models or as your own photography of real individuals where doing so would be deceptive or unlawful, and you must comply with any applicable obligations to make clear that imagery is AI-generated (see clause 7.4). This does not prevent the lawful, consented use of a Digital Twin of yourself or your own personnel under clause 6A.

**5.4 Technical restrictions.** You must not: (a) reverse engineer, decompile, disassemble or attempt to derive the source code, models, weights or datasets of the Platform; (b) use the Service to build, train, benchmark or improve any competing product or AI model, or to extract or scrape the Platform; (c) circumvent or interfere with security, safety filters, rate limits or moderation systems; (d) resell, sublicense or provide the Service to third parties except as expressly permitted; or (e) use automated means to access the Service other than via our supported API within its limits.

**5.5 Enforcement and moderation.** We may use automated and human moderation to detect violations. We may remove content, apply filters, suspend or terminate Accounts, and report unlawful activity, in each case as we reasonably consider necessary (see clauses 8 and 13). We are not obliged to monitor content but may do so.

## 6. Intellectual Property

**6.1 Threadmind AI’s IP in the Platform.** As between the parties, Threadmind AI and its licensors own and retain all right, title and interest in and to the Platform, including all software, source code, the AI Models as deployed within the Platform, machine-learning and foundation models, algorithms, training methods, know-how, designs, “look and feel”, trademarks, and all related intellectual property and any improvements or derivatives. Except for the rights expressly granted to you, no rights in the Platform are transferred to you. “ViZO”, “ViZO Studio” and our logos are our trademarks and may not be used without our prior written consent.

**6.2 Customer ownership of Output.**

(a) Assignment. Subject to your payment of applicable fees and your compliance with these Terms, Threadmind AI hereby assigns to you, with full title guarantee and by way of present and (where relevant) future assignment, all intellectual property rights (including copyright and, so far as they subsist, rights in any computer-generated work under section 9(3) of the Copyright, Designs and Patents Act 1988) that Threadmind AI may hold in the Output generated for you. The intent is that you fully own and hold the commercial rights to the Output you generate, free of any usage-rights fees or expiry imposed by us.

(b) Fallback licence. To the extent any such right cannot be assigned to you, Threadmind AI grants you a worldwide, perpetual, irrevocable, royalty-free, fully paid-up, transferable and sublicensable licence to use, reproduce, modify, distribute, publicly display, commercialise and create derivative works from the Output for any lawful purpose, including commercial and advertising use.

(c) AI Model likeness licence. The Output incorporates AI Models that form part of Threadmind AI’s underlying IP (clause 6.1). To remove any doubt and to ensure your ownership of the Output is effective, Threadmind AI grants you a worldwide, perpetual, irrevocable, royalty-free, non-exclusive, transferable and sublicensable licence to use the AI Model likenesses solely as they appear incorporated within your Output, for any lawful purpose. Because the AI Models are wholly AI-generated and do not depict real, living or identifiable people, no personality, publicity, image or “real-person likeness” rights of any individual attach to them, and none are granted or required. This licence is subject to your continued compliance with the Acceptable Use Policy (clause 5); it does not permit you to extract, isolate or reuse an AI Model independently of your Output to create a competing model library or to pass the AI Models off in breach of clause 5.3.

(d) No conflicting reservation. We do not require you to pay ongoing licensing or usage-rights fees to use your Output, and your ownership rights survive termination of these Terms (subject to clause 13.4).

**6.3 Customer responsibility for Input Content.** As between the parties, you retain ownership of your Input Content. You grant Threadmind AI a non-exclusive, worldwide, royalty-free licence to host, store, copy, process, transmit, adapt and display the Input Content solely to operate and provide the Service to you (including generating Output, batch processing and providing support), and as otherwise permitted by clause 6.4 and clause 8 (data protection). You represent and warrant that: (a) you own or have all necessary rights, licences and consents to the Input Content and to its use as contemplated; (b) the Input Content and its processing by us do not and will not infringe or violate any third party’s intellectual property, privacy, data-protection, publicity or other rights, or any law; and (c) where any Input Content contains the image or personal data of a real person, you have all required rights and consents for that processing.

**6.4 Use of data to improve and train the Service.** We do not use your Input Content or Output to train our AI models. We may use aggregated, de-identified and anonymous usage and technical data — which does not identify you, any individual, or your content — to operate, secure, analyse and improve the Service. Our development and training of our AI models do not rely on your Input Content or Output, and our use of anonymous data to improve the Service does not affect your ownership of the Output under clause 6.2.

**6.5 Feedback.** If you give us suggestions or feedback about the Service, you grant us a perpetual, irrevocable, royalty-free right to use it without restriction or obligation to you.

## 6A. Digital Twins

**6A.1 Permitted subjects only.** You may use the Digital Twin feature solely to create a likeness of (a) yourself, where you are an individual, or (b) a member of your own personnel (employee, officer or contractor) who is aged 18 or over. You must not create a Digital Twin of any other person, including any third party, public figure, customer or member of the public.

**6A.2 Consent warranty.** You represent and warrant that, for every Digital Twin you create, you have obtained and retained the explicit, informed, written consent of the individual depicted, covering both the creation of the Digital Twin and the commercial and other uses you intend to make of the resulting Output, and that such consent remains valid and has not been withdrawn.

**6A.3 Proof and withdrawal of consent.** We may require documented evidence of that consent at any time, and may refuse, suspend or remove any Digital Twin where consent is not evidenced or has been withdrawn. If an individual withdraws consent, you must promptly cease using, and where practicable delete, Output depicting that individual.

**6A.4 Data protection.** You acknowledge that creating a Digital Twin involves processing the personal data (which may include biometric data) of a real, identifiable individual. As between the parties, you are the controller in respect of that individual’s personal data, you are responsible for the lawful basis for that processing (including obtaining valid consent under UK GDPR), and clause 8 applies to our processing on your behalf.

**6A.5 No training on Digital Twins.** Consistent with clause 6.4, we do not use Digital Twins — or any other Input Content or Output — to train our AI models.

**6A.6 Indemnity.** You will indemnify us against all losses, damages, liabilities, costs and expenses (including reasonable legal fees) arising from any Digital Twin created or used in breach of this clause 6A, including any claim by an individual that their likeness or personal data was used without valid consent. This is in addition to the indemnity in clause 12.

## 7. AI-Generated Content Disclaimers

**7.1 Nature of Output.** The Output is generated by artificial intelligence. It may contain inaccuracies, artefacts, distortions, unexpected results, biases or features that do not accurately represent your garment, product, colours, fit or intended creative brief.

**7.2 Your duty to review.** You are solely responsible for reviewing, checking and editing all Output before any commercial, advertising or public use, and for ensuring it is accurate, appropriate, non-misleading and compliant with all applicable laws and advertising standards (including the UK CAP Code, which applies regardless of how content is created). A “human in the loop” review is strongly recommended.

**7.3 Non-uniqueness.** Because of the nature of generative AI, Output (including AI Models, poses and backgrounds) may not be unique, and similar Output may be generated for other customers. This does not apply to a Digital Twin, which depicts an individual of your own choosing under clause 6A.

**7.4 Disclosure and responsible use.** You are responsible for any disclosure that imagery is AI-generated where required by law, platform rules or to avoid misleading consumers, and for ensuring AI Models and Digital Twins are not depicted in a socially irresponsible manner. In particular, CAP Code rule 4.9 requires advertisers not to portray particular body types in an irresponsible manner or present an unhealthy body image as aspirational; the ASA has upheld complaints on this basis. You must ensure your use of AI-generated imagery does not breach these rules.

## 8. Data Protection and Privacy

**8.1 Privacy Policy.** Our collection and use of personal data is described in our Privacy Policy, which forms part of these Terms. We process personal data in accordance with the UK GDPR and the Data Protection Act 2018.

**8.2 Roles.** In respect of your Account and billing data, we act as a controller. To the extent we process personal data contained in your Input Content (including any Digital Twin) on your behalf and on your instructions, you are the controller and we are the processor, and the data-processing terms in clause 8.3 apply.

**8.3 Processing terms (UK GDPR Article 28).** Where we act as your processor, we will: (a) process such personal data only on your documented instructions, unless required otherwise by law; (b) ensure persons authorised to process it are under a duty of confidence; (c) implement appropriate technical and organisational security measures; (d) engage sub-processors only under a written contract imposing equivalent obligations, and maintain a list of sub-processors available on request, with notice of intended changes and an opportunity to object; (e) taking into account the nature of processing, assist you with data-subject requests and with your obligations on security, breach notification and data protection impact assessments; (f) notify you without undue delay on becoming aware of a personal data breach; (g) at your choice, delete or return personal data at the end of the Service, save where retention is required by law; and (h) make available information necessary to demonstrate compliance and allow for audits as required by Article 28. The parties intend to enter into a separate Data Processing Agreement which, if executed, prevails over this clause to the extent of any conflict.

**8.4 International transfers.** Where personal data is transferred outside the UK, we will ensure an appropriate safeguard is in place (for example, the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses, or transfer to a jurisdiction covered by UK adequacy regulations).

**8.5 Third-party processors.** The Service relies on third-party infrastructure and sub-processors (for example, cloud hosting and payment processing). These are listed/described in our Privacy Policy.

## 9. Confidentiality

**9.1 “Confidential Information” means non-public information disclosed by one party to the other that is marked or reasonably understood to be confidential, including the Platform’s non-public features, pricing, and your unreleased product images and creative briefs.**

**9.2 Each party will: (a) keep the other’s Confidential Information confidential and use it only to perform or use the Service; and (b) not disclose it except to its personnel and advisers who need to know and are bound by similar obligations.** These obligations do not apply to information that is public through no breach, independently developed, or lawfully obtained from a third party, and do not prevent disclosure required by law or regulator (with notice where lawful).

**9.3 The obligations in this clause survive termination for 3 years, except for trade secrets, which remain protected for as long as they qualify as such.**

## 10. Warranties and Disclaimers

**10.1 Limited mutual warranties.** Each party warrants it has authority to enter into these Terms.

**10.2 Service warranty.** We will provide the Service with reasonable care and skill, as required by the Consumer Rights Act 2015 where it applies and as an express term where it does not.

**10.3 “As is”.** Except as expressly stated in these Terms and to the fullest extent permitted by law, the Service, Platform and Output are provided “as is” and “as available”, and we disclaim all other warranties, conditions and representations, whether express, implied or statutory, including any implied terms as to satisfactory quality, fitness for a particular purpose, accuracy and non-infringement. We do not warrant that the Service will be uninterrupted, error-free, secure, or that it will meet your specific requirements, or that Output will be accurate, unique or fit for any particular use.

**10.4 Availability.** We do not guarantee any particular uptime unless expressly agreed in a separate service-level agreement. We may carry out maintenance and may modify, suspend or discontinue features (see clause 14).

## 11. Limitation of Liability

**11.1 Liabilities not excluded.** Nothing in these Terms limits or excludes either party’s liability for: (a) death or personal injury caused by negligence; (b) fraud or fraudulent misrepresentation; (c) any liability that cannot lawfully be limited or excluded; or (d) your obligation to pay fees due.

**11.2 Excluded losses.** Subject to clause 11.1, neither party is liable, whether in contract, tort (including negligence), breach of statutory duty or otherwise, for any: (a) loss of profits, revenue, anticipated savings, business, goodwill or opportunity; (b) loss or corruption of data (save to the extent caused by our breach of clause 8); or (c) indirect, special or consequential loss.

**11.3 Cap.** Subject to clauses 11.1 and 11.2, each party’s total aggregate liability arising out of or in connection with these Terms in any 12-month period is limited to the greater of (a) the total fees paid or payable by you to us for the Service in the 12 months immediately before the event giving rise to the claim, and (b) £1000.

**11.4 Customer responsibility.** We are not liable for any loss or liability arising from your Input Content, your use of the Output, your failure to review Output before use, your creation or use of a Digital Twin, or your breach of the Acceptable Use Policy or of any law (including advertising, IP, data-protection or consumer-protection law).

**11.5 Time limit.** Subject to clause 11.1, any claim must be brought within 12 months of the date you became, or ought reasonably to have become, aware of the circumstances giving rise to it.

## 12. Indemnification

**12.1 Customer indemnity.** You will indemnify and hold harmless Threadmind AI, its affiliates, officers, employees and agents from and against all losses, damages, liabilities, costs and expenses (including reasonable legal fees) arising out of or in connection with: (a) your Input Content; (b) your use of the Output (including any advertising, IP, publicity, defamation or consumer-protection claim); (c) your breach of these Terms, the Acceptable Use Policy or any applicable law; (d) your breach of the warranties in clause 6.3; or (e) your creation or use of any Digital Twin in breach of clause 6A (which is also addressed in clause 6A.6).

**12.2 Conduct of claims.** We will notify you of any claim subject to indemnity, allow you to control the defence and settlement (provided any settlement that imposes obligations on us requires our prior written consent), and reasonably cooperate at your expense.

## 13. Termination and Suspension

**13.1 By you.** You may terminate by cancelling your Subscription (clause 4.5) and ceasing use of the Service.

**13.2 By us for convenience.** We may terminate or not renew on 30 days’ written notice, in which case we will refund any pre-paid fees for the unused portion of your then-current term.

**13.3 Suspension and termination for cause.** We may suspend or terminate your access immediately, without liability, if: (a) you materially breach these Terms (including the Acceptable Use Policy or clause 6A) and fail to remedy a remediable breach within 14 days of notice; (b) we reasonably believe your use poses a security, legal or safety risk, or involves unlawful content (including CSAM, where suspension/termination and reporting will be immediate and without notice); (c) any payment is overdue; or (d) you become insolvent or unable to pay your debts.

**13.4 Effect of termination.** On termination: (a) your right to access the Service ends; (b) accrued payment obligations remain due; (c) your ownership of and rights in Output already generated and lawfully retained by you before termination are not affected (clause 6.2 survives); (d) you should export your data before termination, as we may delete Input Content, Output stored on the Platform and Account data after a reasonable period in line with our retention and Privacy Policy; and (e) each party will return or delete the other’s Confidential Information on request.

**13.5 Survival.** Clauses that by their nature should survive (including 6, 6A, 9, 10, 11, 12, 13.4, 15 and 17) survive termination.

## 14. Changes to the Terms and the Service

**14.1 Changes to the Terms.** We may update these Terms from time to time. For material changes we will give reasonable notice (for example, by email or in-product notice) before they take effect. Your continued use after the effective date constitutes acceptance. If you do not agree to a material change, you may cancel before it takes effect.

**14.2 Changes to the Service.** We may modify, improve, add or remove features, and may discontinue the Service or any part of it. We will give reasonable notice of any change that materially and adversely affects your use, and where a paid feature is permanently withdrawn, we will act fairly in relation to fees already paid.

## 15. Governing Law and Jurisdiction

**15.1 These Terms and any dispute or claim (including non-contractual disputes) arising out of or in connection with them are governed by the law of England and Wales.**

**15.2 The courts of England and Wales have exclusive jurisdiction, save that we may bring proceedings to protect our intellectual property or to recover sums due in any court of competent jurisdiction.**

## 16. Contact Information

Questions, notices and complaints about these Terms may be sent to:

Threadmind AI Limited

Xeinadin South East Limited Office 5 Rayleigh Road, Hutton, Brentwood, Essex, England, CM13 1AB

Company number: 17218646

Sales: arman.soni@vizostudio.ai

Support: support@vizostudio.ai

## 17. General

**17.1 Force majeure.** Neither party is liable for failure or delay caused by events beyond its reasonable control (including internet or hosting failures, power failures, acts of government, and natural events), provided it takes reasonable steps to mitigate.

**17.2 Assignment.** You may not assign or transfer these Terms without our prior written consent. We may assign or novate these Terms to an affiliate or in connection with a merger, acquisition or sale of assets, on notice to you.

**17.3 Subcontracting.** We may use subcontractors and sub-processors to provide the Service but remain responsible for their performance.

**17.4 Severability.** If any provision is held invalid or unenforceable, it will be modified to the minimum extent necessary or severed, and the remaining provisions continue in force.

**17.5 Waiver.** A failure or delay in exercising any right is not a waiver, and no waiver is effective unless in writing.

**17.6 Entire agreement.** These Terms, the Privacy Policy, the Acceptable Use Policy and any Order form the entire agreement and supersede prior discussions. Each party agrees it has not relied on any statement not set out in these Terms (but this does not exclude liability for fraud).

**17.7 No partnership.** Nothing in these Terms creates a partnership, joint venture, agency or employment relationship.

**17.8 Notices.** Notices must be in writing and sent to the contact details in clause 16 (for us) or your registered Account email (for you).

**17.9 Third-party rights.** Except as expressly stated, a person who is not a party has no rights under the Contracts (Rights of Third Parties) Act 1999 to enforce any term.

**17.10 Electronic communications.** You consent to contracting and receiving notices electronically.`;


window.PRIVACY_MD = `Effective date: 5 June 2026

Last updated: 5 June 2026

## 1. Who we are and how to contact us

This Privacy Policy explains how Threadmind AI Limited (“Threadmind AI”, “we”, “us”, “our”), the operator of the ViZO Studio platform (“ViZO”, the “Service”) at www.vizostudio.ai, collects and uses personal data, and your rights under UK data protection law.

We are the data controller for the personal data described in this policy except where we act as a processor on a customer’s behalf (see clause 6).

Company: Threadmind AI Limited, registered in England and Wales, company number 17218646.

Registered office: Xeinadin South East Limited, Office 5, Rayleigh Road, Hutton, Brentwood, Essex, England, CM13 1AB.

Privacy contact / data protection enquiries: support@vizostudio.ai

General/sales contact: arman.soni@vizostudio.ai; support: support@vizostudio.ai

ICO registration number: [ICO REGISTRATION NUMBER].

We process personal data in accordance with the UK GDPR, the Data Protection Act 2018 (“DPA 2018”), and the Privacy and Electronic Communications Regulations (“PECR”).

## 2. Who this policy applies to

This policy applies to: (a) visitors to our website; (b) customers and their authorised users who register for and use the Service; and (c) individuals depicted in content processed through the Service, including any person who is the subject of a Digital Twin. Where you are our customer and you upload content containing other people’s personal data, please read clause 6, which explains our respective roles.

## 3. The personal data we collect

We collect the following categories of personal data:

(a) Account and contact data — name, business email, employer/brand, job title, username, password (stored in hashed form), and preferences.

(b) Billing and payment data — billing name and address, VAT details, and payment-method details (card details are handled by our payment processor; we do not store full card numbers).

(c) Input Content — the garments, product images, flat-lays, ghost-mannequin and on-model shots, prompts, briefs and references you upload. Input Content may contain images of real people, which is personal data.

(d) Digital Twin data — facial and bodily imagery of a real, identifiable individual (you or a member of your own staff). This may include biometric data, which is special category data under UK GDPR Article 9 (see clause 8).

(e) Output — the images (1K, 2K or 4K imagery) and video and other creative assets generated for you.

(f) Usage, technical and device data — IP address, device and browser type, operating system, pages viewed, actions taken, timestamps, and diagnostic/log data.

(g) Cookies and browser-storage data — see clause 9.

(h) Contact-form and enquiry data — the name, email, company and message you submit through our website contact form (processed via a third-party form provider — see clauses 9 and 10).

(i) Communications and marketing data — your contact details, marketing preferences, and records of your communications with us.

## 4. How we collect personal data

We collect personal data: (a) directly from you when you register, subscribe, upload content, contact us or use the Service; (b) automatically through cookies, browser storage and server logs; and (c) from third parties such as our payment processor.

## 5. Purposes and lawful bases for processing

We process personal data only where we have a lawful basis under UK GDPR Article 6 (and, for special category data, a condition under Article 9 — see clause 8).

| Purpose | Data used | Lawful basis (UK GDPR) |
|---|---|---|
| Create/administer account; provide Service; generate Output | Account, Input Content, Output, usage | Contract (Art. 6(1)(b)) |
| Process payments, billing, collect fees | Billing/payment data | Contract; legal obligation for tax records (Art. 6(1)(c)) |
| Respond to enquiries and support; contact form | Account, contact-form data, communications | Contract and/or legitimate interests (Art. 6(1)(f)) |
| Secure the Service; prevent fraud/abuse; moderation | Account, usage, Input Content/Output | Legitimate interests; legal obligation where reporting required |
| Improve the Service using anonymised data only (we do NOT train AI models on customer content — clause 7) | Aggregated, de-identified data | Legitimate interests (Art. 6(1)(f)) |
| Operate/improve via aggregated, anonymous data | Aggregated/de-identified data | Legitimate interests (Art. 6(1)(f)) |
| Create and process a Digital Twin | Digital Twin / biometric data | Contract + explicit consent of subject (Art. 9(2)(a)) |
| Service messages (billing, security, changes) | Account, contact data | Contract / legitimate interests |
| Marketing (where permitted) | Contact, marketing data | Consent or legitimate interests, subject to PECR and opt-out |
| Comply with law; establish/defend claims | Any relevant data | Legal obligation; legitimate interests |

## 6. Our role: controller and processor

For website data, account, billing, usage and contact-form data, we act as a controller. For personal data contained within your Input Content and any Digital Twin, you (the customer) are the controller, and we act as your processor, processing it on your documented instructions. Our processor obligations (UK GDPR Article 28) are set out in our Terms of Service and any separate Data Processing Agreement. As controller, you are responsible for having a lawful basis and any necessary consents for the people depicted in your uploads and Digital Twins.

## 7. AI model training

We do not use your Input Content or Output to train our AI models. Developing and training our AI models does not rely on your content.

We may use aggregated, de-identified and anonymous data — which does not identify you, any individual, or your content — to operate, secure, analyse and improve the Service. Our use of anonymous data does not affect your ownership of the Output under our Terms of Service.

## 8. Special category and biometric data (Digital Twins)

The Digital Twin feature creates a synthetic likeness of a real, identifiable individual — restricted under our Terms to yourself or a member of your own staff (aged 18+). This processing may involve biometric data, which is special category data under UK GDPR Article 9.

**Conditions for processing.** We rely on an Article 6 basis (performance of our contract with the customer) and, separately, on the explicit consent of the individual depicted under Article 9(2)(a). Explicit consent must be a clear, specific, freely given, opt-in statement that identifies the nature of the special category data and is separate from other consents.

**Customer responsibility.** As controller of the Digital Twin subject’s data, the customer is responsible for obtaining and recording that explicit consent before a Digital Twin is created, and for not using the feature on anyone other than themselves or consenting staff.

**Withdrawal and erasure.** The individual may withdraw consent at any time; on withdrawal, the customer must stop using and, where practicable, delete the relevant Output, and may request erasure of the underlying data.

**DPIA and safeguards.** Because this is potentially high-risk processing of biometric/special category data, we will carry out a Data Protection Impact Assessment (DPIA) and maintain an appropriate policy document where required and apply heightened security to this data.

## 9. Cookies and browser storage

We use only strictly necessary cookies and storage. We do not use analytics, advertising or tracking cookies. Under PECR, strictly necessary cookies and storage do not require consent; we describe what we use below for transparency.

| Type | Purpose | Consent needed? |
|---|---|---|
| Strictly necessary cookies | Login/session, security | No (exempt) |
| Browser storage — IndexedDB | Holds images you upload so the Gallery can work during your use of the Service | Treated as strictly necessary to deliver a feature you request |
| Browser storage — localStorage | Stores interface state (e.g. hidden-item state) locally | As above |
| Contact-form provider | Third-party provider receives your submission (clause 10) | Per provider; disclosed here |

Because we use only strictly necessary cookies and storage, no cookie-consent banner is required. If we later introduce any non-essential cookies (for example, analytics), we will add a compliant consent mechanism first. The classification of the Gallery browser storage as strictly necessary should be confirmed with our adviser.

## 10. Sharing and disclosure

We do not sell personal data. We share it only with:

(a) Service providers / sub-processors, under contract and only as needed, including: Tom & Co. Ltd. (company no. 07557895), a UK-based provider that builds, hosts and operates the ViZO platform (app); Cloudflare, Inc., which hosts the ViZO marketing website (United States); Stripe Payments UK Ltd, which processes subscription payments (United Kingdom); Web3Forms, which receives the name, email, company and message you submit through the website contact form (United States); and Microsoft (Microsoft 365 / Microsoft Ireland Operations Ltd.), which hosts our email (European Union).

(b) Professional advisers (lawyers, accountants, auditors) under confidentiality.

(c) Authorities, regulators or law enforcement where required by law, or to report unlawful content (for example, CSAM).

(d) A buyer or successor in connection with a merger, acquisition or sale of assets, under appropriate confidentiality.

A current list of sub-processors is available on request.

## 11. International transfers

Some recipients are located outside the UK — in particular Cloudflare, Inc. and Web3Forms (United States), and Microsoft 365 (European Union). Where we transfer personal data outside the UK, we use an appropriate safeguard, such as transfer to a country covered by UK adequacy regulations, the UK International Data Transfer Agreement (IDTA), or the UK Addendum to the EU Standard Contractual Clauses, together with any necessary supplementary measures. You can ask us for details of the safeguard used.

## 12. Data retention

We keep personal data only as long as necessary for the purposes above, then delete or anonymise it.

| Data | Typical retention |
|---|---|
| Account data | Life of the account, then e.g. 12 months after closure unless longer required |
| Billing/tax records | 6 years (UK tax/accounting requirements) |
| Input Content & Output on the Platform | Life of account or per plan; deleted a reasonable period after closure (export first — you own your Output) |
| Digital Twin data | Only while consent is valid and the twin is in use; deleted promptly on withdrawal/erasure |
| Contact-form enquiries | e.g. 24 months from last contact |
| Usage/log data | e.g. 12–24 months |
| Marketing data | Until you opt out, then suppression-list only |

## 13. Security

We implement appropriate technical and organisational measures to protect personal data, including encryption in transit, access controls, and least-privilege access. Special category data (Digital Twins) is subject to heightened safeguards. No system is completely secure; we will notify you and/or the ICO of a personal data breach where required by law.

## 14. Your rights

Under UK GDPR you have the right to: access your data; request rectification; request erasure; restrict processing; data portability; object to processing (including to legitimate-interests processing and to direct marketing); and withdraw consent at any time where we rely on consent (including Digital Twin consent). You also have rights regarding automated decision-making (see clause 15).

To exercise any right, contact support@vizostudio.ai. We will respond within one month (extendable for complex requests). Where the personal data sits inside a customer’s account as Input Content or a Digital Twin (so the customer is controller), we will refer your request to that customer and assist them as their processor.

You have the right to complain to the Information Commissioner’s Office (ICO) — ico.org.uk, helpline 0303 123 1113 — though we ask that you contact us first so we can help.

## 15. Automated decision-making and profiling

We do not make decisions producing legal or similarly significant effects about you based solely on automated processing. The Service generates images from your inputs; this is content generation, not automated decision-making about individuals.

## 16. Children

The Service is intended for businesses and users aged 18 or over. It is not directed at children, and we do not knowingly collect children’s personal data. The Digital Twin feature must not be used to depict anyone under 18.

## 17. Changes to this policy

We may update this policy from time to time. We will post the updated version with a new “Last updated” date and, for material changes, give reasonable notice (for example, by email or in-product notice).

## 18. Contact and complaints

For any privacy question, request or complaint: Threadmind AI Limited — Xeinadin South East Limited, Office 5, Rayleigh Road, Hutton, Brentwood, Essex, England, CM13 1AB. — support@vizostudio.ai. You may also complain to the ICO at ico.org.uk.`;


window.DPA_MD = `This Data Processing Agreement ("DPA") forms part of the Agreement between:

(1) Threadmind AI Limited, a company registered in England and Wales with company number 17218646, registered office at Xeinadin South East Limited, Office 5, Rayleigh Road, Hutton, Brentwood, Essex, England, CM13 1AB ("Threadmind AI", the "Processor"); and

(2) the customer identified in the Agreement (the "Customer", the "Controller").

Background. The Processor provides the ViZO Studio platform (the "Service") to the Controller under the Terms of Service (the "Agreement"). In providing the Service, the Processor processes Personal Data on behalf of the Controller. This DPA sets out the terms on which that processing is carried out, as required by Article 28 of the UK GDPR. If there is any conflict between this DPA and the Agreement in respect of data protection, this DPA prevails.

## 1. Definitions

**1.1 Terms used in this DPA have the meanings given to them in the Agreement.** In addition:

- "UK GDPR" means the United Kingdom General Data Protection Regulation and the Data Protection Act 2018 ("DPA 2018"), and any successor or amending legislation.

- "Data Protection Laws" means the UK GDPR, the DPA 2018, the Privacy and Electronic Communications Regulations 2003 (PECR), and all other applicable laws relating to the processing of Personal Data.

- "Controller", "Processor", "Data Subject", "Personal Data", "Special Category Data", "Processing", "Personal Data Breach" and "Supervisory Authority" have the meanings given in the UK GDPR.

- "Sub-processor" means any third party engaged by the Processor to process Personal Data on behalf of the Controller.

- "Processing Instructions" means the Controller's documented instructions to the Processor regarding the processing of Personal Data, as set out in this DPA, the Agreement and the Controller's use of the Service.

## 2. Roles and scope

**2.1 The parties agree that, in respect of Personal Data contained within the Controller's Input Content, any Digital Twin, and other content the Controller submits to the Service, the Controller is the controller and the Processor is the processor.**

**2.2 In respect of the Processor's own account, billing, website and usage data, the Processor acts as a controller in its own right, as described in its Privacy Policy; that processing is outside the scope of this DPA.**

**2.3 The subject-matter, duration, nature and purpose of the processing, the types of Personal Data and categories of Data Subjects are set out in Annex 1.**

**2.4 The Controller warrants that it has a valid lawful basis (and, for Special Category Data including any biometric data in a Digital Twin, a valid Article 9 condition and any necessary explicit consent) for the processing it instructs the Processor to carry out, and that its instructions comply with Data Protection Laws.**

## 3. Processor obligations (Article 28(3))

The Processor shall:

**3.1 (a) Documented instructions.** Process the Personal Data only on the Controller's documented Processing Instructions, including with regard to international transfers, unless required to do otherwise by applicable law; in which case the Processor will inform the Controller of that legal requirement before processing, unless the law prohibits it on important grounds of public interest. If the Processor believes an instruction infringes Data Protection Laws, it will inform the Controller.

**3.2 (b) Confidentiality.** Ensure that persons authorised to process the Personal Data are bound by an appropriate duty of confidence.

**3.3 (c) Security.** Implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, taking into account the state of the art, the nature of the data and the risks to Data Subjects, as described in Annex 2. These measures include, where appropriate, encryption, pseudonymisation, resilience, and regular testing. Heightened measures apply to any Special Category Data, including biometric data within Digital Twins.

**3.4 (d) Sub-processors.** Not engage a Sub-processor without the Controller's prior general written authorisation. The Controller provides general authorisation for the Sub-processors listed in Annex 3. The Processor will inform the Controller of any intended addition or replacement of a Sub-processor, giving the Controller a reasonable opportunity to object. Where the Processor engages a Sub-processor, it will impose data protection obligations equivalent to those in this DPA by written contract, and remains fully liable to the Controller for the Sub-processor's compliance.

**3.5 (e) Assistance with Data Subject rights.** Taking into account the nature of the processing, assist the Controller by appropriate technical and organisational measures, insofar as possible, to respond to requests from Data Subjects exercising their rights under the UK GDPR (including access, rectification, erasure, restriction, portability and objection). Where a Data Subject contacts the Processor directly regarding data the Processor holds on the Controller's behalf, the Processor will refer the request to the Controller.

**3.6 (f) Assistance with compliance.** Taking into account the nature of processing and the information available to it, assist the Controller in ensuring compliance with its obligations regarding security of processing (Article 32), notification of Personal Data Breaches (Articles 33–34), data protection impact assessments (Article 35) and prior consultation (Article 36). The parties acknowledge that the Digital Twin feature involves Special Category/biometric data and is likely to require a DPIA by the Controller.

**3.7 (g) Breach notification.** Notify the Controller without undue delay after becoming aware of a Personal Data Breach affecting the Controller's Personal Data, and provide information reasonably available to assist the Controller in meeting its breach-notification obligations.

**3.8 (g) End-of-contract.** At the Controller's choice, delete or return all Personal Data to the Controller at the end of the provision of the Service, and delete existing copies unless applicable law requires storage. The Controller is responsible for exporting its data before termination; the Processor's standard retention and deletion practices are described in the Privacy Policy.

**3.9 (h) Audits and information.** Make available to the Controller all information necessary to demonstrate compliance with Article 28, and allow for and contribute to audits, including inspections, conducted by the Controller or an auditor it mandates. Audits will be on reasonable prior notice, no more than once per year (save following a Personal Data Breach or where required by a Supervisory Authority), during business hours, subject to confidentiality, and conducted so as to minimise disruption.

**3.10 No training.** Consistent with the Agreement, the Processor does not use the Controller's Input Content or Output (including Personal Data within them) to train its AI models.

## 4. International transfers

**4.1 The Processor shall not transfer the Controller's Personal Data outside the United Kingdom unless it has taken appropriate safeguards in accordance with Data Protection Laws, such as transfer to a jurisdiction subject to UK adequacy regulations, or the use of the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses, together with any necessary supplementary measures.**

**4.2 Certain Sub-processors are located outside the UK — in particular Cloudflare, Inc.** and Web3Forms (United States), and Microsoft 365 (European Union). For any such transfer, the relevant safeguard (UK adequacy, IDTA, or the UK Addendum to the EU SCCs, with any necessary supplementary measures) is put in place. Details of safeguards are available to the Controller on request.

## 5. Liability and relationship to the Agreement

**5.1 Each party's liability under or in connection with this DPA is subject to the limitations and exclusions of liability set out in the Agreement.**

**5.2 This DPA does not relieve the Processor of any obligations or liabilities imposed on it directly as a processor under the UK GDPR.**

## 6. Duration and termination

**6.1 This DPA takes effect on the same date as the Agreement and continues for as long as the Processor processes Personal Data on the Controller's behalf.** The obligations that by their nature should survive (including confidentiality, deletion/return, and audit) survive termination.

## 7. General

**7.1 In the event of conflict between this DPA and the Agreement on data protection matters, this DPA prevails.** In all other respects the Agreement continues in full force.

**7.2 This DPA is governed by the law of England and Wales and is subject to the jurisdiction provisions of the Agreement.**

## Annex 1 — Details of processing

- Subject-matter: processing of Personal Data to provide the ViZO Studio Service (AI fashion image generation, batch processing, and where available video generation).

- Duration: for the term of the Agreement and until deletion/return of Personal Data.

- Nature and purpose: hosting, storage, generation, processing and delivery of imagery and related Output from the Controller's Input Content, and provision of support.

- Types of Personal Data: images that may contain identifiable individuals (e.g. on-model photographs); Digital Twin data, which may include biometric/Special Category Data of the Controller or its consenting personnel; names and contact details where included in submitted content.

- Categories of Data Subjects: the Controller's personnel; models or individuals depicted in the Controller's Input Content; subjects of Digital Twins (the Controller itself or its consenting staff).

- Special Category Data: potentially biometric data within Digital Twins (Article 9), processed on the basis of the Controller's lawful basis and the explicit consent it has obtained.

## Annex 2 — Technical and organisational security measures

Encryption of data in transit (and at rest where appropriate); access controls and least-privilege access; authentication controls; network and application security; logical separation of customer data; secure development practices; staff confidentiality and training; logging and monitoring; backup and resilience; vendor/sub-processor due diligence; incident-response and breach-notification procedures; and heightened controls for Special Category/biometric data (Digital Twins).

## Annex 3 — Authorised Sub-processors

*The Processor’s current Sub-processors are listed below. The Controller is notified of intended changes under clause 3.4.*

| Sub-processor | Purpose | Location |
|---|---|---|
| Tom & Co. Ltd. (company no. 07557895), 38 Shad Thames, London, SE1 2YD | Builds, hosts and operates the ViZO platform (app) | United Kingdom |
| Cloudflare, Inc. | Hosts the ViZO marketing website | United States |
| Stripe Payments UK Ltd | Subscription payment processing | United Kingdom |
| Web3Forms | Website contact-form submissions | United States |
| Microsoft (Microsoft 365 / Microsoft Ireland Operations Ltd.) | Email hosting | European Union |`;