Terms of Service

1. Definitions

For purposes of these Terms, the following definitions shall apply:

• Platform: the ChatSense software-as-a-service (SaaS), including all of its features, APIs, widgets, Marketplace applications, and related services, accessible via chatsense.app and associated subdomains.
• Subscriber: the natural person or legal entity that creates an account and uses the Platform, including all members and users associated with its organization.
• Data Processor: the Company, acting as the party that processes Personal Data on behalf of the Subscriber, pursuant to Brazilian Law No. 13,709/2018 (LGPD), Article 5(VII), and Regulation (EU) 2016/679 (GDPR), Article 4(8).
• Data Controller: the Subscriber, which determines the purposes and means of processing the Personal Data of its End Customers, pursuant to the LGPD, Article 5(VI), and the GDPR, Article 4(7).
• Personal Data: any information relating to an identified or identifiable natural person, as defined in the LGPD, Article 5(I), and the GDPR, Article 4(1).
• End Customer Data: any personal or non-personal data relating to the Subscriber's customers, leads, or contacts, entered into or collected through the Platform.
• Artificial Intelligence (AI): the large language models (LLMs) and other AI systems integrated into the Platform for automated responses, sentiment analysis, summarization, and related features.
• AI Agent: a configurable AI instance that autonomously interacts with End Customers through integrated channels, subject to guardrails, system prompts, and configurations defined by the Subscriber.
• RAG (Retrieval-Augmented Generation): an AI technique that combines information retrieval from a knowledge base with text generation by an LLM, used to provide contextually relevant responses.
• Guardrails: configurable safety mechanisms that restrict and delimit the behavior of AI Agents, including content filters, prohibited topics, and scope of operation limits.
• Marketplace: a repository of third-party applications, integrations, and extensions available on the Platform for installation by the Subscriber.
• Widget: an embeddable chat component (JavaScript SDK) that enables the Subscriber to integrate the Platform's customer service into its own websites and applications.
• API: the Application Programming Interface made available by the Platform for programmatic integration with the Subscriber's external systems.

2. Acceptance of Terms

2.1. By creating an account, accessing, or using the Platform by any means, the Subscriber fully accepts these Terms, the Privacy Policy, and any supplementary policies published on the Platform. If the Subscriber does not agree with any provision herein, the Subscriber shall immediately cease use of the Platform.

2.2. A Subscriber accepting these Terms on behalf of an organization represents and warrants that it possesses the authority and legal power to bind such organization to this Agreement, pursuant to Articles 104 and 116 of the Brazilian Civil Code (Law No. 10,406/2002).

2.3. The Company reserves the right to modify these Terms at any time. Material changes shall be notified to the Subscriber by email and/or notice on the Platform with at least fifteen (15) days' prior notice before taking effect. Continued use of the Platform after the expiration of the notice period shall constitute tacit and irrevocable acceptance of the revised Terms.

2.4. Prior versions of these Terms shall be archived and made available upon request. This document constitutes version 2.0, effective as of April 5, 2026.

3. Description of Service

3.1. ChatSense is an omnichannel SaaS customer service and engagement platform that centralizes and manages communications from multiple channels within a single collaborative environment. The Platform offers, without limitation, the following features:

• Omnichannel Support: integration with WhatsApp Business API, Instagram Direct, Facebook Messenger, Telegram Bot API, TikTok, Email (SMTP/IMAP), and an embeddable Chat Widget.
• Artificial Intelligence Agents: autonomous chatbots with RAG (Retrieval-Augmented Generation) support, safety guardrails, tone and personality settings, human escalation, and execution tracing.
• Integrated CRM: contact management with progressive enrichment, companies, deals with Kanban pipeline, activities, and complete history.
• Campaigns: mass message sending with segmentation, HSM templates for WhatsApp, and opt-in/opt-out management.
• Knowledge Base: a repository of articles and documents used to feed the AI Agents' RAG system, with hybrid search (full-text + vector).
• Marketplace: an ecosystem of third-party applications and integrations that extend the Platform's capabilities.
• Chat Widget: an embeddable JavaScript component for integrating live support and AI directly into the Subscriber's websites.
• Reports and Analytics: dashboards for volume, response time, CSAT, agent performance, SLA compliance, and CSV export.
• Automations: automated workflows based on events, conditions, and actions, including intelligent routing, SLA enforcement, automatic responses, and webhooks.
• RESTful API: a comprehensive interface for programmatic integration with external systems.

3.2. Available features may vary depending on the subscribed plan. The Company reserves the right to add, modify, or discontinue features, upon prior notice to the Subscriber.

4. Registration and Account

4.1. To use the Platform, the Subscriber must create an account by providing truthful, complete, and up-to-date information. Providing false or fraudulent information constitutes a violation of these Terms and may result in immediate account cancellation, without prejudice to applicable legal remedies.

4.2. The account administrator is responsible for all actions performed by members associated with the organization, including AI Agent configuration, campaign delivery, data management, and interactions with End Customers.

4.3. The Company strongly recommends enabling multi-factor authentication (MFA/TOTP) for all accounts. Failure to enable MFA does not relieve the Subscriber of liability for unauthorized access resulting from compromised credentials.

4.4. Login via social identity providers (Google, Meta) is available as a convenience. The Subscriber acknowledges that the availability of these providers depends on third parties and that the Company is not responsible for changes to or discontinuation of such providers.

4.5. The Subscriber is solely responsible for the security of its access credentials, API keys, and integration tokens. Any activity conducted through valid credentials shall be deemed the Subscriber's responsibility.

5. Plans, Limits, and Billing

5.1. The Platform is offered in different plan tiers, each with specific limits on features, users, channels, AI agents, and conversation volume:

• Starter: ideal for small teams in the early stages.
• Growth: for growing teams with advanced automation and AI needs.
• Scale: for mid-size operations with multiple channels and teams.
• Enterprise: for large organizations with customized requirements, dedicated SLA, and priority support.

5.2. The pricing, limits, and features for each plan are available on the Platform's billing page and may be updated periodically.

5.3. Payments are processed through our payment partners Asaas (PIX, bank slip, and credit card for customers in Brazil) and Stripe (credit card for international customers), on a monthly or annual basis, as applicable to the subscribed plan.

5.4. As a general rule, no refunds are issued for unused periods following voluntary cancellation. However, in compliance with Article 49 of the Brazilian Consumer Defense Code (Law No. 8,078/1990), individual Subscribers who contract remotely may exercise the right of withdrawal within seven (7) days from the date of subscription, with full restitution of any amounts paid.

5.5. The Company may change plan pricing upon at least thirty (30) days' prior notice. Price changes shall not apply to the current billing cycle.

5.6. The Company may, at its sole discretion, grant courtesy plans to partners, resellers, or under special circumstances. Courtesy plans may be revoked at any time without prior notice or compensation.

5.7. Free trial periods, when available, have durations and limits defined by the Company. Upon expiration of the trial period, the Subscriber must subscribe to a paid plan to maintain access. The Company reserves the right to limit the creation of multiple trial accounts by the same Subscriber or organization.

5.8. Failure to fulfill any financial obligation authorizes the Company to suspend access to the Platform until regularization, without prejudice to the collection of amounts due and default charges as provided by law (Article 395 of the Brazilian Civil Code).

6. Acceptable Use

6.1. The Subscriber agrees to use the Platform in compliance with applicable law, these Terms, and the Acceptable Use Policy (AUP) published on the Platform. The Subscriber agrees not to use the Platform to:

• Send spam, unsolicited bulk messages, misleading messages, or fraud of any nature, in violation of the Brazilian Internet Civil Framework (Law No. 12,965/2014, Article 21).
• Violate the usage policies of integrated channel platforms, including WhatsApp Business Policy, Meta Platform Terms, Telegram Terms of Service, and TikTok Platform Terms.
• Transmit illegal, defamatory, discriminatory, threatening, obscene content, content inciting violence, or content that infringes third-party rights.
• Use the Platform for purposes that violate the LGPD, GDPR, or any applicable data protection legislation.
• Attempt to access systems, data, or accounts of other users or organizations without authorization.
• Intentionally overload the Platform's infrastructure (DDoS, abusive scraping, etc.).

6.2. For mass messaging campaigns, the Subscriber must ensure that recipients have provided prior, freely given, informed, and unambiguous consent (opt-in), pursuant to the LGPD, Article 7(I), and the GDPR, Article 6(1)(a). The Subscriber shall maintain verifiable records of such consent.

6.3. Violation of this section may result in immediate suspension or cancellation of the account, at the sole discretion of the Company, without right to refund and without prejudice to applicable civil and criminal liability.

7. Third-Party Integrations

7.1. The use of third-party channels and integrations is subject to the terms and policies of the respective platforms. The Subscriber is solely and entirely responsible for ensuring that its use complies with:

• WhatsApp Business Policy and WhatsApp Commerce Policy
• Meta Platform Terms (Facebook, Instagram, Messenger)
• Telegram Terms of Service and Telegram Bot API Terms
• TikTok Terms of Service and TikTok Platform Terms for Developers
• Google API Terms of Service (for social login and integration features)

7.2. ChatSense shall not be held liable for suspensions, blocks, penalties, functionality restrictions, or any losses imposed by third-party platforms as a result of improper, abusive, or non-compliant use by the Subscriber.

7.3. Changes to the APIs, policies, or terms of third-party platforms may impact the availability or functionality of certain integrations. The Company shall use commercially reasonable efforts to maintain functional integrations but does not guarantee continuous or uninterrupted compatibility with third-party platforms.

9. Intellectual Property

9.1. The Platform, including all of its source code, algorithms, interfaces, trademarks, logos, design, documentation, and content produced by the Company, is the exclusive property of Omega Capital Holding Gestao e Participacoes Empresariais Ltda, protected by the Brazilian Copyright Act (Law No. 9,610/1998), the Software Act (Law No. 9,609/1998), and applicable industrial property legislation.

9.2. The Subscriber retains full ownership of all data, content, and materials uploaded to the Platform. By using the Platform, the Subscriber grants the Company a limited, non-exclusive, revocable, and non-transferable license to process, store, and transmit such data solely for the purpose of providing the service.

9.3. The Subscriber is expressly prohibited from reverse-engineering, decompiling, disassembling, modifying, creating derivative works from, copying, distributing, or otherwise exploiting the Platform or its source code, in whole or in part.

9.4. Applications and integrations made available through the Marketplace may have distinct intellectual property rights belonging to their respective developers and are subject to their own terms.

10. Privacy and Data Protection

10.1. The processing of Personal Data by the Platform is governed by the Privacy Policy and the Data Processing Agreement (DPA), which are incorporated herein by reference.

10.2. In the relationship between the parties, the Subscriber acts as the Data Controller and the Company acts as the Data Processor with respect to End Customer Personal Data, pursuant to the LGPD (Articles 5(VI) and (VII), and Article 39) and the GDPR (Articles 4(7), 4(8), and 28).

10.3. The Company implements appropriate technical and organizational measures to protect Personal Data against unauthorized access, destruction, loss, alteration, or disclosure, in compliance with the LGPD, Article 46, and the GDPR, Article 32, including: encryption in transit (TLS 1.3) and at rest (AES-256-GCM), data isolation by organization (Row-Level Security), audit logs, and role-based access control (RBAC).

10.4. For international data transfers, the Company adopts the mechanisms provided for under the LGPD, Article 33, and the GDPR, Chapter V, including Standard Contractual Clauses (SCCs) where applicable.

11. Confidentiality

11.1. The parties mutually agree to maintain in confidence all confidential and proprietary information obtained in connection with the contractual relationship, including, without limitation: business data, commercial strategies, technical information, customer data, commercial terms, and any information designated as confidential.

11.2. The confidentiality obligation shall not apply to information that: (a) is or becomes publicly known without fault of the receiving party; (b) was already in the possession of the receiving party prior to disclosure; (c) is legitimately received from third parties without confidentiality restrictions; or (d) must be disclosed by force of judicial or administrative order.

11.3. The confidentiality obligation shall survive termination or expiration of these Terms for a period of five (5) years, or for the period required by applicable law, whichever is longer.

12. SLA and Availability

12.1. The Company commits to maintaining monthly Platform availability at the following levels, depending on the subscribed plan:

• Growth and Scale: 99.5% monthly uptime.
• Enterprise: 99.9% monthly uptime, with a dedicated SLA and specific terms.

12.2. The availability measurement excludes the following periods:

• Scheduled maintenance, communicated with at least 24 hours' prior notice.
• Force majeure events (Article 393 of the Brazilian Civil Code), including natural disasters, pandemics, wars, government acts, and widespread infrastructure failures.
• Failures or unavailability of third-party platforms (Meta, Telegram, TikTok, cloud providers, telecommunications carriers).
• Unavailability caused by acts or omissions of the Subscriber, including API misuse or excessive requests.

12.3. The complete SLA terms, including metrics, service credits, and incident reporting procedures, are available in the specific SLA document for the subscribed plan. In the event of conflict, the specific SLA document shall prevail over this section.

13. Limitation of Liability

13.1. To the maximum extent permitted by applicable law, the Company's total and aggregate liability for any damages arising from these Terms or the use of the Platform shall be limited to the lesser of: (a) the total amount actually paid by the Subscriber in the three (3) months immediately preceding the event giving rise to the damage; or (b) BRL 50,000.00 (fifty thousand Brazilian reais).

13.2. Under no circumstances shall the Company be liable for indirect, incidental, special, consequential, punitive, or exemplary damages, including, without limitation:

• Loss of revenue, lost profits, or business opportunities.
• Loss or corruption of data (except when caused by the Company's willful misconduct or gross negligence).
• Reputational or image damage.
• Costs of procuring substitute services.
• Business interruption.

13.3. The Company shall not be liable for:

• Force majeure or fortuitous events (Brazilian Civil Code, Article 393).
• Failures, unavailability, or changes in third-party platforms.
• Accuracy, fitness, or legality of responses generated by AI Agents (as per Section 8).
• Content generated, transmitted, or stored by the Subscriber or its End Customers.
• Acts or omissions of third-party applications installed through the Marketplace.

13.4. The limitations in this section shall apply regardless of the legal theory invoked (contractual, tort, strict liability, or otherwise) and even if the Company has been advised of the possibility of such damages.

14. Indemnification

14.1. The Subscriber agrees to indemnify, defend, and hold harmless the Company, its directors, employees, agents, and affiliates from and against any and all claims, demands, actions, losses, damages, costs, and expenses (including reasonable attorneys' fees) arising out of or related to:

• Violation of these Terms or any applicable law by the Subscriber.
• Content transmitted, stored, or made available by the Subscriber through the Platform.
• Improper, negligent, or willful use of AI Agents, including failure to configure guardrails, disabling human escalation, or use for prohibited purposes (Section 8.7).
• Violation of integrated channel policies (WhatsApp, Meta, Telegram, TikTok) by the Subscriber.
• Claims, lawsuits, or administrative proceedings initiated by End Customers in connection with the processing of their data or interactions through the Platform.
• Fines, sanctions, or regulatory penalties imposed by data protection authorities (ANPD, European DPAs, or equivalent) as a result of the Subscriber's acts or omissions as Data Controller.
• Use of the Platform in violation of third-party intellectual property rights.

14.2. The Subscriber's indemnification obligation shall survive termination of these Terms.

15. Termination

15.1. Either party may terminate these Terms upon written notice (including by email) with at least thirty (30) days' prior notice.

15.2. The Company may immediately terminate or suspend the Subscriber's access, without prior notice, in the following circumstances:

• Material breach of these Terms, including unacceptable use (Section 6) or prohibited use of AI (Section 8.7).
• Financial default for a period exceeding thirty (30) days.
• Judicial or administrative order.
• Imminent risk to the security of the Platform or other users.

15.3. Following termination or closure of the account, for any reason, the Company shall retain the Subscriber's data for a period of thirty (30) days (the "Retention Period"), during which the Subscriber may request data export.

15.4. After the Retention Period expires, all Subscriber data shall be irreversibly deleted, including backups, in accordance with the LGPD, Article 16, and the GDPR, Article 17. The Company shall not be liable for data recovery after this period.

15.5. Termination shall not relieve the Subscriber of the obligation to pay any amounts due through the effective date of termination.

16. Marketplace and Third-Party Apps

16.1. The Platform's Marketplace offers applications, integrations, and extensions developed by third parties. These applications have their own terms of service and privacy policies, the acceptance of which is the Subscriber's responsibility.

16.2. The Company is not responsible for the operation, security, availability, or legal compliance of third-party applications made available through the Marketplace. Installation is at the Subscriber's sole risk.

16.3. By installing a Marketplace application, the Subscriber authorizes the application to access its organization's data within the scopes and permissions expressly indicated at the time of installation. The Subscriber must carefully review the requested scopes before granting access.

16.4. The Company reserves the right to remove from the Marketplace, at any time and without prior notice, applications that violate these Terms, present security risks, or fail to meet the Platform's technical requirements.

17. White-Label and Reselling

17.1. Use of the Platform in a white-label or resale capacity is conditioned upon the execution of a specific Reseller Agreement, with commercial terms and obligations defined separately.

17.2. Resellers are fully responsible for: (a) the relationship with their own end customers; (b) their customers' compliance with these Terms; (c) first-level support; and (d) the accuracy of information provided to their customers regarding the Platform's capabilities and limitations.

17.3. Unauthorized resale or sublicensing of the Platform constitutes a material breach of these Terms and may result in immediate termination.

18. Communications

18.1. The Company may send communications to the Subscriber via email, Platform notifications, or other electronic means. Communications sent to the email address registered by the Subscriber shall be deemed valid and effective for all legal purposes.

18.2. Service-critical communications — including security notifications, changes to the Terms, maintenance notices, billing communications, and suspension notices — cannot be disabled by the Subscriber and shall be sent regardless of communication preferences.

18.3. Marketing and promotional communications may be disabled by the Subscriber at any time through the Platform's notification settings or via the unsubscribe link included in emails, in compliance with the LGPD, Article 8, Paragraph 5.

19. General Provisions

19.1. Entire Agreement: these Terms, together with the Privacy Policy, the DPA, and any supplementary policies published on the Platform, constitute the entire agreement between the parties and supersede all prior communications, proposals, and understandings, whether oral or written, relating to the subject matter of this Agreement.

19.2. Severability: if any provision of these Terms is held to be invalid, illegal, or unenforceable by a competent authority, the remaining provisions shall remain in full force and effect, and the invalid provision shall be replaced by one that most closely reflects the original intent of the parties.

19.3. No Waiver: the tolerance or non-exercise of any right provided for in these Terms by either party shall not constitute a waiver or novation, nor shall it preclude the future exercise of that or any other right.

19.4. Assignment: the Company may assign or transfer these Terms, in whole or in part, to any affiliate, successor, or acquirer, upon notice to the Subscriber. The Subscriber may not assign its rights or obligations under these Terms without the Company's prior written consent.

19.5. Relationship of the Parties: nothing in these Terms creates or shall be construed as creating an employment, partnership, joint venture, agency, or representation relationship between the parties.

20. Governing Law and Jurisdiction

20.1. These Terms shall be governed by and construed in accordance with the laws of the Federative Republic of Brazil, in particular the Civil Code (Law No. 10,406/2002), the Internet Civil Framework (Law No. 12,965/2014), the LGPD (Law No. 13,709/2018), and the Consumer Defense Code (Law No. 8,078/1990), where applicable.

20.2. The courts of the Judicial District of Sao Paulo, State of Sao Paulo, are hereby elected to resolve any disputes arising from these Terms, to the exclusion of any other, however privileged.

20.3. For Enterprise plan Subscribers, the parties may opt to resolve disputes through arbitration, administered by the Market Arbitration Chamber (CAM) of B3 or the Sao Paulo Mediation and Arbitration Chamber (CMASP), applying the Arbitration Act (Law No. 9,307/1996). The specific arbitration clause shall be defined in the individual Enterprise contract.

21. Multi-Jurisdictional Addendum

The provisions below apply additionally to Subscribers located in the respective jurisdictions, prevailing over conflicting clauses in the main body of these Terms to the extent of the conflict.

21.1. United States of America

• CCPA/CPRA (California): the Company does not sell or share Personal Data of California consumers for purposes of cross-context behavioral advertising, as defined by the California Consumer Privacy Act, as amended by the California Privacy Rights Act (Cal. Civ. Code Sec. 1798.100 et seq.). California consumers may exercise their rights of access, deletion, and opt-out as described in the Privacy Policy.
• Section 230 (CDA): the Company operates as a provider of an interactive computer service and is not the publisher or speaker of content generated by Subscribers or by AI Agents configured by Subscribers (47 U.S.C. Sec. 230).
• TCPA: the Subscriber is solely responsible for ensuring compliance with the Telephone Consumer Protection Act (47 U.S.C. Sec. 227) when using campaign and messaging features. The Subscriber must obtain prior express written consent from recipients.
• CAN-SPAM: the Subscriber must fully comply with the CAN-SPAM Act (15 U.S.C. Sec. 7701 et seq.) when using email marketing features, including clear sender identification, a functional opt-out mechanism, and processing unsubscribe requests within 10 business days.

21.2. European Union / European Economic Area

• GDPR: the Company acts as a Processor within the meaning of Article 28 of the GDPR. The DPA incorporates the obligations of Article 28(3), including sub-processors, incident notification (Article 33), assistance to the Controller, and audit. The legal basis for processing is the performance of a contract (Article 6(1)(b)).
• AI Act (Regulation 2024/1689): the Company complies with the transparency obligations set forth in Article 50 for general-purpose AI systems. The Subscriber, as deployer, must comply with the obligations under Articles 26 and 27, including human oversight and informing end users.
• Right to Explanation: pursuant to the GDPR, Article 22, and the AI Act, Article 86, the Subscriber's End Customers have the right not to be subject to decisions based solely on automated processing that produce legal effects, as well as the right to obtain an explanation of the logic behind automated decisions. The Subscriber is responsible for implementing the necessary mechanisms.
• SCCs: for data transfers from the EEA to countries without an adequacy decision, the Company adopts the Standard Contractual Clauses of the European Commission (Implementing Decision 2021/914), Controller-to-Processor module.

21.3. Mercosur

• Argentina: the processing of personal data shall comply with Law 25,326 on Personal Data Protection (PDPA) and its regulations. Data subjects in Argentina may exercise their rights of access, rectification, and deletion before the National Directorate for Personal Data Protection (DNPDP).
• Uruguay: in compliance with Law 18,331 on Personal Data Protection and Habeas Data Action, personal data processing shall observe the principles of legality, accuracy, purpose, prior consent, and security. Uruguay is recognized by the European Commission as a country with an adequate level of protection (Decision 2012/484/EU).
• Chile: in compliance with Law 19,628 on the Protection of Private Life, the processing of personal data shall respect the rights of information, access, rectification, cancellation, and objection of data subjects.

21.4. Asia

• Japan (APPI): pursuant to the Act on the Protection of Personal Information (Act No. 57 of 2003, as amended), the Company shall be designated as a "handler" (personal information handling business operator) and shall observe the obligations regarding purpose of use, consent for transfer to third parties, and security measures provided for under the law. Japan is recognized by the European Commission with an adequate level of protection (Decision 2019/419).
• Singapore (PDPA): in compliance with the Personal Data Protection Act 2012 (No. 26 of 2012), the Company shall implement data protection policies and practices as required and cooperate with the Personal Data Protection Commission (PDPC) as necessary.
• India (DPDP Act): in compliance with the Digital Personal Data Protection Act, 2023 (Act No. 22 of 2023), the Company, in its capacity as Data Processor, shall process personal data solely as instructed by the Data Fiduciary (Subscriber), observing the rights of data subjects and the security obligations provided for under the law.

22. Contact

For questions related to these Terms, please contact:

Omega Capital Holding Gestao e Participacoes Empresariais Ltda
CNPJ: 58.557.020/0001-48
Sao Paulo, SP, Brazil

General Inquiries: contato@chatsense.app
Data Protection Officer (DPO): privacidade@chatsense.app
Support: available on the Platform via chat or at contato@chatsense.app

Version 2.0 — Effective since April 5, 2026.