Terms of Service

For the purposes of these Terms of Service, the following definitions apply:

• "Traqen" or "Platform": the automated security SaaS platform operated by [NOME_EMPRESA], registered under [CNPJ], with its principal office at [ENDERECO].
• "User": any individual or organization that registers for and uses the Platform's services.
• "Service": the full set of features offered by the Platform, including security scans (DAST, SAST, Secrets, SCA), risk scoring, reports, and integrations.
• "Code Data": source code, repositories, and digital assets submitted by the User for analysis.
• "Ephemeral Containers": isolated Docker environments created exclusively for scan execution and automatically destroyed upon completion.
• "Third-Party Tools": open-source software used by the Platform to execute scans, including but not limited to Nuclei, Semgrep, Gitleaks, TruffleHog, and Trivy, whose rules, signatures, and vulnerability databases are maintained by their respective projects and communities.
• "Findings": vulnerability metadata (type, severity, location, remediation guidance) generated by scans.
• "Plan": the subscription tier contracted by the User (Pro or Business), which determines usage limits and available features.

By creating an account, checking the acceptance box, initiating a security scan, or otherwise accessing or using the Service, you represent and warrant that:

• You have read, understood, and agree to be bound by these Terms of Service and the Privacy Policy, forming a binding agreement between you and [NOME_EMPRESA].
• You have full legal capacity (or, if an organization, that the representative has sufficient authority) to enter into this agreement.
• You are at least 18 years of age, or have obtained parental or guardian consent if younger.
• You acknowledge that simply accessing or using the Platform, even without formal registration, constitutes acceptance of these Terms.

If you do not agree with any provision of these Terms, you must immediately stop using the Platform. Continued use after the publication of changes constitutes acceptance of the updated conditions.

Traqen provides an automated security platform that enables Users to:

• Dynamic Analysis (DAST): scan web assets for runtime vulnerabilities.
• Static Analysis (SAST): analyze source code to identify security flaws.
• Secrets Detection: identify credentials, API keys, and tokens exposed in code.
• Software Composition Analysis (SCA): check dependencies for known vulnerabilities (CVEs).
• Risk Scoring: classification from A (best) to F (worst) with a score of 0 to 100.
• Reports: generate technical reports designed to support audits, investor reviews, and governance workflows.

Scans are executed in Ephemeral Containers with read-only access to code, meaning no source code is permanently stored on Traqen's servers. The Service uses open-source Third-Party Tools whose results depend on rules and signatures maintained by their respective communities.

Registration is handled via OAuth authentication through third-party providers (GitHub and/or Google). You are responsible for:

• Maintaining the security of your OAuth credentials.
• Keeping your account information accurate and up to date.
• Notifying Traqen immediately of any unauthorized use of your account.
• All activity conducted through your account, regardless of who performed it.

Traqen does not store User passwords. Authentication is managed exclusively by the selected OAuth providers. Traqen is not responsible for failures, unavailability, or changes in those third-party services.

You agree to use the Platform solely for lawful purposes and in accordance with these Terms. The following activities are expressly prohibited:

• Submitting repositories or assets for which you do not have legitimate authorization to perform security analysis.
• Using the Platform to conduct attacks, exploit vulnerabilities in third-party systems, or engage in any malicious activity.
• Attempting to access other Users' data, circumvent security mechanisms, or reverse-engineer the Platform.
• Exceeding Plan usage limits in an abusive or automated manner.
• Reselling, sublicensing, or redistributing access to the Platform without prior written authorization.
• Automated scraping, crawling, or data mining of the Platform.
• Using scan results for competitive benchmarking without prior written authorization.
• Submitting code containing malware, viruses, trojans, ransomware, or any malicious software that could compromise the Platform's infrastructure.
• Conducting load, stress, or penetration tests against the Platform's infrastructure without prior written authorization.
• Sharing account credentials with third parties or using another User's account.
• Using the Platform in any way that violates applicable laws, regulations, or third-party rights.

Violation of any of these restrictions may result in immediate suspension or termination of your account, without prejudice to any applicable legal remedies or the indemnification obligation in these Terms.

Your Code: Traqen does not acquire any intellectual property rights over source code, repositories, or digital assets submitted by the User. Code is processed in Ephemeral Containers and automatically discarded after scan completion.

Traqen Platform: All intellectual property rights related to the Platform, including software, brand, design, algorithms, models, scoring methodologies, and documentation, are the exclusive property of [NOME_EMPRESA]. Nothing in these Terms grants the User any license or right over Traqen's intellectual property, except the limited, revocable, non-exclusive right to use the Platform under the contracted Plan.

Findings Data: Vulnerability metadata (findings), scores, and reports generated by the Platform are stored in the User's account and can be exported or deleted at any time. Traqen reserves the right to use aggregated and anonymized data (which does not identify the User or their code) for statistical purposes, service improvements, and security research.

THE PLATFORM AND THE SERVICE ARE PROVIDED "AS IS" AND "AS AVAILABLE", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED.

To the maximum extent permitted by applicable law, Traqen expressly disclaims and you waive all warranties, including but not limited to:

• Implied warranties of merchantability, fitness for a particular purpose, and non-infringement.
• Any warranty that the Service will be uninterrupted, error-free, secure, or free of viruses or harmful components.
• Any warranty that scan results will be accurate, complete, reliable, or up to date.
• Any warranty that the Service will meet your specific needs or be compatible with all frameworks, programming languages, infrastructures, or environments.
• Any warranty of detecting all vulnerabilities in a given asset, repository, or system.
• Any warranty regarding the absence of false positives (incorrectly reported vulnerabilities) or false negatives (existing vulnerabilities not detected).

You acknowledge that scans are informational and automated, based on open-source Third-Party Tools whose rules and signatures are maintained by external communities, and that results do not replace manual security audits, specialized penetration tests, human code reviews, or any form of professional information security consulting.

Non-advisory nature: scores, findings, and reports from Traqen are strictly informational and do not constitute technical opinions, certifications, legal advice, or formal recommendations. Such results should not be used as sole evidence in any proceedings. Use for investment decisions, hiring, audits, or due diligence is at your own risk.

Automated scoring: the risk score (0 to 100 and A–F classification) is generated by automated processing. You may request a review of automated decisions that materially affect your interests, and Traqen will provide information about the general criteria used, subject to trade secret and proprietary protections.

Assumption of risk: you assume all risk associated with using scores, findings, and reports for business decisions, governance, audits, due diligence, investment, or third-party contracting.

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL [NOME_EMPRESA], ITS PARTNERS, DIRECTORS, EMPLOYEES, AGENTS, SERVICE PROVIDERS, OR LICENSORS BE LIABLE FOR:

• Indirect, incidental, special, consequential, punitive, or exemplary damages of any kind.
• Lost profits, lost revenue, lost business, lost opportunity, or loss of customers.
• Loss, corruption, or destruction of data, including Code Data.
• Reputational damages or damage to goodwill.
• Costs of procuring substitute products or services.
• Damages arising from undetected vulnerabilities (false negatives), incorrectly reported vulnerabilities (false positives), or any decision made by the User based on scan results.
• Damages arising from interruption, unavailability, slowness, or failure of the Service.
• Damages arising from acts or omissions of third parties, including infrastructure providers, OAuth providers, and Third-Party Tool maintainers.

These limitations apply even if Traqen has been advised of the possibility of such damages and regardless of the theory of liability (contractual, tortious, strict, or otherwise).

Maximum liability cap: If, notwithstanding the above limitations, Traqen is held liable for any damage, Traqen's total cumulative liability shall be limited to the lesser of: (a) the amounts actually paid by the User to Traqen during the 12 months immediately preceding the event giving rise to the claim; or (b) USD 1,000 (one thousand US dollars).

Exclusion for use of results: Traqen is not liable for any actions, omissions, losses, or damages resulting from decisions made based on scores, findings, or reports, including investment decisions, M&A, hiring, certification, audit, and governance activities.

Third-party responsibility: Traqen is not responsible for acts, failures, unavailability, or changes by third-party providers, including OAuth (GitHub/Google), cloud providers, CDN, DNS, and open-source tool community maintainers.

You agree to indemnify, defend, and hold harmless [NOME_EMPRESA], its partners, directors, employees, agents, service providers, and licensors against any and all claims, demands, actions, losses, damages, fines, penalties, costs, and expenses (including reasonable attorney fees and court costs) arising from or related to:

• Misuse of the Platform by you or by third parties using your account.
• Violation of any provision of these Terms of Service.
• Infringement of intellectual property, privacy, or any other third-party rights arising from your use of the Platform.
• Submission of repositories or assets without proper authorization from the owner.
• False, misleading, or inaccurate information provided by you.
• Unlawful content (including malware, malicious code, or material that violates applicable laws) submitted to the Platform.
• Any third-party claim related to scan results performed at your request.

This indemnification obligation survives account termination and the expiration of these Terms.

Traqen offers subscription plans with different feature levels:

• Free: basic scanning for individual developers getting started.
• Starter: daily scans and expanded scanner coverage for solo developers.
• Pro: full scanner coverage, alerts, and reports for active projects.
• Business: team features, custom rules, and API access for small teams.
• Enterprise: SSO, dedicated support, and SLA for organizations at scale.

Subscriptions renew automatically at the end of each billing period (monthly or annual). You may cancel at any time, with cancellation taking effect at the end of the current billing period. No prorated refunds are issued for periods already paid, except where required by applicable law.

Traqen reserves the right to change Plan pricing with 30 days' prior notice, effective at the next renewal cycle. Continued use after renewal at the new price constitutes acceptance of the change.

Traqen will use commercially reasonable efforts to keep the Platform available, but does not guarantee any specific uptime percentage, SLA (Service Level Agreement), or response time, unless expressly agreed in a separate contract (e.g., Business plan with custom SLA).

You acknowledge and agree that:

• The Platform may be temporarily unavailable for scheduled or emergency maintenance, updates, security patches, or improvements, with or without prior notice.
• The Platform's infrastructure depends on third-party service providers (cloud, DNS, CDN, OAuth providers), whose availability is outside Traqen's control.
• Scan execution times may vary depending on the size and complexity of the analyzed asset, infrastructure load, and external factors.
• Service unavailability does not entitle you to credits, compensation, refunds, or subscription reductions, unless specified in a separate agreement (e.g., Enterprise plan with custom SLA).

Traqen shall not be liable for any failure, delay, interruption, or inability to perform its obligations resulting from events beyond its reasonable control, including but not limited to:

• Natural disasters (earthquakes, floods, storms, epidemics, pandemics).
• Government actions, sanctions, embargoes, or regulatory changes.
• War, terrorism, sabotage, riots, or civil unrest.
• Power, telecommunications, internet, or third-party infrastructure failures.
• Failures or unavailability of cloud providers, data centers, DNS, or CDN services.
• Cyberattacks (DDoS, ransomware, intrusions) against Traqen's or its providers' infrastructure.
• Strikes, lockouts, or labor disruptions.
• Failures, discontinuation, or changes in open-source Third-Party Tools used by the Platform.

During a force majeure event, affected obligations are suspended without penalties or indemnification. If the event persists for more than 90 consecutive days, either party may terminate these Terms by written notice.

Traqen reserves the right, at its sole discretion, to suspend or terminate your account immediately and without prior notice in the following circumstances:

• Violation of any provision of these Terms of Service.
• Abusive use of Platform resources that compromises availability, performance, or security.
• Engagement in unlawful activities or violation of third-party rights.
• Non-payment of the contracted Plan for more than 15 days.
• Reasonable suspicion of fraud, unauthorized access, or account compromise.
• A binding order from a judicial, administrative, or regulatory authority.
• Full or partial discontinuation of the Platform, with 60 days' prior notice.

Upon termination, your data will be retained for 30 days for export, after which it will be permanently and irreversibly deleted. Traqen has no obligation to recover, restore, or provide copies of any data after this period. It is your sole responsibility to back up your data before termination.

Suspension or termination does not relieve you of any outstanding financial obligations or the indemnification obligation in Section 9.

Traqen may modify these Terms of Service at any time. Changes will be communicated by email to the registered address and published on this page with the updated date.

Continued use of the Platform 30 days after notification constitutes full acceptance of the new conditions. If you do not agree with the changes, you may close your account without penalty before the 30-day period ends.

For changes that materially reduce your rights, Traqen will provide prominent notice and, where applicable, an opportunity to reject the changes and terminate without penalty.

These Terms of Service are governed by the laws of the jurisdiction in which [NOME_EMPRESA] is incorporated.

Dispute resolution: Any disputes, controversies, or claims arising out of or relating to these Terms, including their existence, validity, interpretation, performance, or termination, shall be resolved through good-faith negotiation between the parties. If negotiation fails within 30 days, either party may pursue resolution through the appropriate legal channels in the jurisdiction of [NOME_EMPRESA]'s principal office.

Costs: Each party shall bear its own costs, fees, and expenses, unless otherwise determined by the adjudicating body.

Interim relief: Nothing in this section prevents either party from seeking interim or injunctive relief from a court of competent jurisdiction to protect its rights pending final resolution.

Before initiating formal proceedings related to disputes arising from these Terms, the parties agree to attempt good-faith negotiation for a period of 30 days, except where urgent interim relief is required.

Negotiation may be conducted electronically, with minimal documentation of discussions for purposes of good faith and contractual cooperation.

If negotiation concludes without resolution, the parties may proceed with the dispute resolution mechanisms described in Section 15.

Prior notice: Except in cases of urgent relief, any claim arising from these Terms must be preceded by written notice to the other party within 30 days of becoming aware of the underlying facts. Failure to provide timely notice may result in waiver of the claim, to the extent permitted by applicable law.

Limitation period: Any claim related to these Terms must be brought within 1 year of becoming aware of the damage and its cause, unless applicable law provides a longer mandatory period.

Statutory preservation: All mandatory limitation periods provided by applicable law remain fully preserved.

Entire Agreement: These Terms of Service, together with the Privacy Policy, constitute the entire agreement between you and [NOME_EMPRESA] regarding use of the Platform, superseding all prior agreements, understandings, or negotiations, whether oral or written.

Severability: If any provision of these Terms is found invalid, illegal, or unenforceable, the remaining provisions shall remain in full force and effect. The invalid provision shall be replaced by a valid one that most closely reflects the original intent.

No Waiver: Traqen's failure to enforce any provision of these Terms does not constitute a waiver of its right to enforce that provision at any time.

Assignment: You may not assign or transfer your rights and obligations under these Terms to third parties without Traqen's prior written consent. Traqen may freely assign its rights and obligations to affiliates, successors, or acquirers.

Communications: All communications from Traqen to you will be sent to the email address registered on your account or via in-Platform notifications. You are responsible for keeping your email up to date.

Survival: Sections 6, 7, 8, 9, 15, 17, and 18 shall survive suspension, account termination, or expiration of these Terms.

Language: In the event of a discrepancy between translated versions of these Terms, the English version shall prevail.

Cumulative remedies: The rights and remedies in these Terms are cumulative and do not exclude other rights and remedies available by law or contract.

For questions, requests, or communications regarding these Terms of Service, contact us at:

• Email: [DPO_EMAIL]
• Address: [ENDERECO]