Terms of Use - TrustThis

By accessing, browsing, or using the TrustThis platform, available at https://trustthis.org, you declare that you have read, understood, and fully agree to these Terms of Use, as well as our Privacy Policy, which is incorporated into this document by reference.

Continued use of our services constitutes express and irrevocable acceptance of these terms, creating a legal binding relationship between you (hereinafter referred to as "User") and TrustThis (hereinafter referred to as "Platform" or "Company").

To use our services, you must:

• Be at least 18 years old or duly represented by a legal guardian
• Have full legal capacity to contract
• Not be prohibited from contracting by judicial or administrative decision

Express Prohibitions:

Use of the platform is prohibited for:

• Illegal activities or violation of third-party rights
• Reverse engineering of systems or hacking attempts
• Unauthorized scraping of private areas of the platform

When access is performed on behalf of a legal entity, the user declares and guarantees they have sufficient authority to bind the organization to these terms, assuming personal and corporate responsibility for any lack of authorization.

The corporate user will be responsible for any misuse of the platform performed through their account or credentials.

TrustThis is a specialized technology platform that offers core services such as compliance audits with the Brazilian General Data Protection Law (LGPD), information security assessments, privacy policy analysis, compliance report generation, compliance scoring system, and certification of performed audits.

The platform provides functionalities such as personalized audit configuration, document upload and analysis, structured compliance questionnaires, monitoring dashboard, detailed and executive reports, and improvement recommendation system.

Audit requesters include companies contracting third-party audits, investors conducting due diligence, consultants acting on behalf of clients, and organizations evaluating suppliers.

Audited companies comprise organizations responding to questionnaires, companies providing documentation, and entities voluntarily participating in the process.

Premium users are paid plan subscribers with access to detailed analyses, comparative market reports, and advanced APIs and integrations.

We publicly make available information such as aggregated company scores (without confidential details), sector rankings, market statistics, compliance trends, and information based on public data.

For confidentiality protection, specific vulnerability details are always private, internal documents are never publicly exposed, sensitive information requires express consent, and personal data is protected according to LGPD.

Mandatory information for registration includes full name, valid email address, secure password, company/organization, position/role, and contact phone number.

Identity verification involves mandatory email confirmation, phone verification when necessary, additional documentation for corporate accounts, and business email domain validation.

Regarding truthfulness of information, the user declares and guarantees that all provided information is true, accurate, current, and complete, committing to keep it updated.

For account security, the user must maintain confidentiality of access credentials, use secure and unique passwords, not share access with unauthorized third parties, immediately communicate any unauthorized use, and implement multi-factor authentication when available.

Appropriate use of the platform requires use only for legitimate purposes, respect for intellectual property rights, refraining from attempts to bypass security measures, not performing reverse engineering or hacking attempts, and cooperation with security investigations when requested.

We reserve the right to suspend or cancel accounts in cases of violation of these Terms of Use, fraudulent or illegal activities, inappropriate use of the platform, payment defaults, or risk to system security or integrity.

Cancellation by the user can be performed through a request in the control panel, email confirmation, with data retention period according to Privacy Policy, and possibility of reactivation within a determined period.

The free plan offers limited access to public information, basic score viewing, and essential functionalities.

Premium plans include Business (detailed analyses and reports), Corporate (multiple audits and basic API), and Enterprise (complete access and advanced integrations).

We also offer on-demand services such as personalized audits, specialized consulting, customized reports, and corporate training.

We accept the following payment methods: credit card, bank slip, bank transfer, and PIX (for specific amounts).

Billing follows these rules: advance billing for subscriptions, monthly or annual billing according to plan, annual adjustments according to official indices, and taxes included according to legislation.

In case of default, services are suspended after 5 days of delay, with interest and fines charged according to Consumer Protection Code, possible negative reporting to credit protection agencies, and cancellation after 30 days of default.

Subscription plans are automatically renewed at the end of each period (monthly or annual), unless cancelled by the user before expiration.

Cancellation can be requested at any time through the control panel, with effects from the next billing cycle. Amounts already paid in the current cycle are not refunded, except in cases provided for in the refund policy.

Trials and pilot programs: Offered without guarantees and may be terminated at any time with prior notice.

The right of withdrawal guarantees 7 days for cancellation without justification (Consumer Protection Code), with proportional refund of paid amounts and data deletion as requested.

Refund for technical problems is granted in cases of unavailability exceeding 24 consecutive hours, failures preventing normal use of the platform, or problems not resolved within a reasonable timeframe.

Specific refund cases are analyzed according to our commercial policy. Contact team@trustthis.org for more information.

All intellectual property rights related to the TrustThis platform belong exclusively to the company, including source code and software architecture, design, layout and user interface, logos, trademarks and visual identity, audit methodologies, scoring algorithms, editorial and educational content, and databases and compilations.

We grant the user a limited, non-exclusive, non-transferable, and revocable license to use the platform according to these terms, prohibiting any form of unauthorized reproduction, distribution or sublicensing, modification or creation of derivative works, unauthorized commercial use, and reverse engineering.

The user retains all rights over content they upload to the platform, including documents submitted for audit, provided corporate information, data entered in forms, and communications and messages.

By submitting content, the user grants TrustThis a limited license to process and analyze documents for audit purposes, store information according to Privacy Policy, use aggregated and anonymized data for improvements, and generate contracted reports and analyses.

The "TrustThis" trademark, logos, and visual elements are exclusive property of the company, prohibiting their unauthorized use for creating similar websites or applications, use in third-party promotional materials, registration of confusingly similar domains, or any form of parasitic exploitation.

TrustThis uses excerpts from third-party public documents (privacy policies, terms of use), properly referenced, for the following purposes:

• Transparency and consumer education
• Comparison and analysis of market practices
• Critical commentary on compliance

This use is based on public domain documentation and the principles of fair use and citation with reference.

We recognize the confidential nature of all information provided by users during the audit process, committing to maintain absolute confidentiality of non-public data, implement adequate technical and organizational measures, limit access only to authorized and trained personnel, not disclose information without express consent, and protect data against unauthorized access, use, or disclosure.

Confidentiality may be broken only when required by law or court order, necessary for protection of TrustThis rights, expressly authorized by the data subject, required by competent authorities, or essential for crime prevention.

Personal data processing strictly follows our Privacy Policy and the Brazilian General Data Protection Law, ensuring transparency about processing purposes, minimization in data collection and use, technical and organizational security, respect for data subjects' rights, and incident communication when necessary.

When the user provides third-party data (employees, customers, etc.), they declare having adequate authorization and commit to obtain necessary consents, inform about processing by TrustThis, guarantee adequate legal basis, respond for any violations, and indemnify TrustThis for resulting damages.

Use of the platform is expressly prohibited for illegal activities, including violation of laws, regulations or third-party rights, fraudulent or deceptive activities, money laundering or financing of illegal activities, intellectual property violation, and unfair competition practices.

Harmful activities are also prohibited such as transmission of viruses, malware or malicious code, hacking attempts or security compromise, intentional system overload (DoS/DDoS), unauthorized data collection from other users, and creation of fake or multiple accounts.

Regarding inappropriate use of content, it is prohibited to send false or misleading information, upload content protected by copyright, disclose third-party confidential information, and use obtained data for unauthorized purposes.

We reserve the right to monitor platform use to ensure compliance with these terms, detect suspicious or illegal activities, protect system security and integrity, improve service quality, and fulfill legal obligations.

In case of violation, we may issue warnings to the user, temporarily suspend access, definitively cancel the account, remove inappropriate content, and take appropriate legal measures.

We establish technical limits to ensure service quality, including maximum number of simultaneous audits, file upload size limit, API request frequency, data storage per user, and processing time per operation.

To ensure platform security and integrity, it is expressly prohibited:

If in doubt about permitted activities, consult our team at security@trustthis.org.

Our uptime target includes minimum availability of 99.5% per month, scheduled maintenance windows with prior notice, redundancy and backup systems, and 24/7 infrastructure monitoring.

Not considered unavailability for SLA purposes: scheduled maintenance communicated 48 hours in advance, user connectivity problems, third-party service failures (internet providers, etc.), force majeure or extraordinary events, and DDoS attacks or other malicious actions.

Scheduled maintenance is performed with prior communication via email and control panel, preferably during off-peak hours, with maximum duration of 4 hours except in exceptional cases, and rollback plan in case of problems.

We implement feature updates continuously, including platform improvements, new features based on user feedback, security fixes applied as priority, and communication of significant changes.

We provide service channels such as online chat during business hours, email suporte@trustthis.org, integrated ticket system, and online knowledge base.

Support levels establish response times: Critical within 2 hours, High within 8 hours, Medium within 24 hours, and Low within 72 hours.

We commit to providing services according to contracted specifications, maintaining adequate quality and security standards, protecting data according to applicable legislation, providing technical support under established terms, and communicating significant changes in advance.

Our responsibility is limited to the amount paid by the user in the last 12 months, direct damages provably caused by our negligence, and situations not excluded by law.

We are not responsible for decisions made based on audit reports, indirect damages, lost profits or moral damages, problems arising from inappropriate use of the platform, failures in third-party systems, actions by unauthorized users or third parties, and incorrect interpretations of audit results.

The user is responsible for truthfulness and updating of provided information, appropriate use of the platform according to these terms, security of their access credentials, backup of important data, fulfillment of legal obligations related to use, and indemnification for damages caused by inappropriate use.

We do not guarantee:

• That scores or analyses perfectly reflect the legal compliance of the evaluated company
• Complete legal adequacy of third-party company practices
• Absence of errors or inconsistencies in reports
• Uninterrupted service availability (subject to provided SLA)

We are not responsible for:

• Decisions made based on our reports or scores
• Damages arising from incorrect interpretation of results
• Consequences of regulatory changes not reflected in previous analyses

We strongly recommend that critical decisions always be validated by professionals specialized in privacy and data protection.

Exclusions: We are not responsible for:

• Indirect, incidental or consequential damages
• Lost profits or missed opportunities
• Data loss not caused by fraud or gross negligence
• Moral damages not directly proven

Exceptions: This limitation does not apply to cases of fraud, intentional misconduct, intentional violation of law, or situations where limitation is prohibited by law.

We will not be responsible for delays or failures arising from natural disasters (earthquakes, floods, etc.), government actions or regulatory changes, strikes, lockouts or labor disputes, large-scale cyber attacks, widespread internet infrastructure failures, and pandemics or public health emergencies.

We encourage amicable dispute resolution through direct communication between parties, mediation by our relationship department, joint analysis of problems and solutions, and documented agreement when possible.

If direct negotiation is unsuccessful, parties may opt for mediation through a mutually agreed mediation center, mediator specialized in technology and data protection, confidential process without prejudice to rights, and costs shared between parties.

For more complex disputes, we use arbitration according to the regulations of the chosen Arbitration Chamber, with a single arbitrator for amounts up to R$ 100,000, arbitral tribunal for higher amounts, arbitration seat in the city of São Paulo, and application of Brazilian law.

For matters not resolved by alternative means, the jurisdiction of the São Paulo District, State of São Paulo is elected, with the parties waiving any other, however privileged it may be.

As exceptions, consumer actions may be filed in their domicile, urgent matters may be taken directly to the Judiciary, and precautionary measures do not depend on prior mediation attempts.

We reserve the right to modify these terms at any time, with significant changes communicated 30 days in advance, continued use after modifications constitutes acceptance, and the updated version will always be available on the platform.

Official communications are made via email to the address registered in the account, notices in the platform control panel, mail to informed address (when necessary), and publication on the website for general changes.

Notifications are considered received: by email 24 hours after sending, by panel immediately after login, by mail 5 business days after posting, and by publication immediately after availability.

📧 Channels by Purpose:

• General and Commercial Support:
  team@trustthis.org
  Chat online: https://trustthis.org/chat
• Privacy and LGPD Rights:
  privacy@trustthis.org
  Formulário: https://trustthis.org/direitos-lgpd
• Security and Vulnerabilities:
  security@trustthis.org
  VDP: https://trustthis.org/security/vulnerability-disclosure
• Legal Matters:
  juridico@trustthis.org

Business hours: Monday to Friday, 9am to 6pm (Brasília time)
Address: Avenida Paulista, 807 – Suite 2315, Bela Vista, ZIP

These Terms of Use are governed by the following Brazilian laws: Federal Constitution of 1988, Civil Code (Law No. 10,406/2002), Consumer Protection Code (Law No. 8,078/1990), Internet Civil Rights Framework (Law No. 12,965/2014), Brazilian General Data Protection Law (Law No. 13,709/2018), and applicable tax and labor legislation.

Competent authorities for oversight and regulation include ANPD (National Data Protection Authority), ANATEL (National Telecommunications Agency), Ministry of Justice and Public Security, Brazilian Federal Revenue, and consumer protection agencies.