Effective Date: May 21, 2026.

The terms and conditions of use ("Terms and Conditions") agreed upon in this document are applicable to users who use the services offered by ZapSign through the Platform (as defined below). These Terms and Conditions constitute a legal and binding contract between the users ("You" or "User") as current or future clients of ZapSign's services and Truora Group ("ZapSign," "we," or "our"), and outline the guidelines for your use of the services offered through ZapSign's website (the "Platform"). Anyone wishing to access or use the Platform or the services offered therein may do so by complying with these Terms and Conditions, as well as policies and principles incorporated into this document and the applicable laws in the jurisdiction corresponding to each User.

By using this Platform, you accept and agree to comply with the following Terms and Conditions of use. Please review these Terms and Conditions carefully. The services we make available to you through the Platform are subject to these Terms and Conditions. In any case, anyone who does not accept these Terms and Conditions should refrain from using the Platform and/or acquiring the services offered.

EU/EEA Customers. Where the User is established in the European Union or European Economic Area, or where these Terms and Conditions otherwise involve the processing of Personal Data of EU/EEA data subjects subject to Regulation (EU) 2016/679 (the “GDPR”), these Terms and Conditions shall be read together with Section 22 (EU/EEA Customers — GDPR-Specific Terms), which sets out the additional data-protection commitments required by article 28 GDPR. In case of conflict between any other provision of these Terms and Conditions and Section 22 in respect of EU/EEA processing, Section 22 shall prevail.

1. ZapSign Services

1.1. Services: ZapSign is a company focused on providing electronic signature services and document management software (the "Services"). Additionally, each User may acquire complementary services to add layers of security to the electronic signature, such as: (i) facial validation; (ii) document validation; (iii) email validation; (iv) phone number validation, among others. ZapSign offers its Services through various subscription plans (the "ZapSign Plans") obtained via the Platform as indicated in Section 2.

1.2. ZapSign makes the Services available to be purchased by the User through the ZapSign Plans as established in the following link: https://zapsign.co/pricing

1.3. Transactions:  With the exception of Digital Certificates, the Services described in this Clause are metered by Transaction volume. A "Transaction" is defined as the creation of one (1) document within the platform, regardless of the number of signatures collected or not. A 'Transaction' is also defined as the use of each individual (1) authentication method described in section 1.4 of these terms. Therefore, each transaction is accounted for independently at the time of its creation. 

1.4. Signature Authentication Methods: ZapSign provides various authentication methods that Users may employ to enhance the security, integrity, and reliability of electronic signatures performed on the Platform. The choice and use of authentication methods are the User's responsibility, who must evaluate which methods are suitable for their specific case, considering the level of risk and the nature of the document to be signed.

The availability of each method may vary depending on the User's account country of origin and active integrations on the Platform. Available authentication methods include, but are not limited to:

Email, SMS, or WhatsApp Validation (Token): Sending a verification code (token) to the signatory via email, SMS, or WhatsApp, which must be entered during the signing process to confirm access to the respective communication channel.

1. Identity Validation (Document): An automated process to verify the signatory's identity, which may include the analysis of the provided ID document, confirmation of personal data, and authenticity verification. The Platform utilizes specialized providers based on the signatory's country of origin.

2. Facial Recognition: Technology that performs an automated comparison between the signatory's face, captured at the time of signing, and the photo on their ID document to confirm it is the same person.

3. Liveness Detection: Technology that captures the signatory's face and performs an automated analysis to verify it is a real person, physically present at the moment of signing, without requiring additional active movements.

4. ID Document Photo: Capturing a static image of the signatory's ID document, linked to the signature report, without automated authenticity validation.

5. Selfie: Capturing a static image of the signatory's face, associated with the signing process, without any automated identity or biometric verification.

For clarification purposes, a Selfie is distinct from Facial Recognition. A Selfie consists only of a static image capture of the signatory's face without automated identity validation, serving as an additional piece of visual evidence to be analyzed by the parties involved. In contrast, Facial Recognition involves automated identity validation as described above.

2. ZapSign Plans

2.1. ZapSign offers Users various Service plans, which will have variable costs depending on the volume of Transactions they include and the type of Services. The cost derived from the use of the Platform will depend on the type of Plan chosen by the User and any additional services they decide to add. Only the Services expressly mentioned in each Plan will be considered included for the specified price.

2.2. Additional Transactions: In the event that the User consumes all the Transactions of their ZapSign Plan, the price of the additional Transactions will be subject to the conditions of the purchased ZapSign Plan.

2.3. Additional Services: Each User has the option to add additional services to their ZapSign Plan, such as additional users, batch signing, credits for authentication methods, or extra documents, among others. The price of each Additional Service is not included within the ZapSign Plan, and the User acknowledges that if they use the Additional Services, this will result in an additional charge on their invoice.

2.4. Validity of ZapSign Packages: ZapSign Plans will be valid for the period specified in the terms of each ZapSign Plan. The User acknowledges that unused Transactions will expire upon the expiration of their ZapSign Plan. ZapSign Plans will be automatically renewed on the anniversary date.

3. Overage Billing and Default

3.1. The User acknowledges that certain ZapSign Plans have a maximum usage limit for Transactions. If the User exceeds the limit contracted under their Plan, the excess Transactions shall be automatically counted and billed on a monthly basis, according to the rates in effect for the contracted Plan.

3.2. For purposes of assessing and charging the excess amounts, the billing cycle shall be the 30 (thirty)-day period counted from the activation date of the ZapSign Plan, with charges carried out at the end of each successive period, regardless of whether the Plan is monthly, annual, or annual paid in installments.

3.3. Where payment of the ZapSign Plan is made by credit card, the User expressly authorizes ZapSign to automatically charge the amounts corresponding to the excess Transactions to the card registered in the ZapSign Account, at the end of each billing cycle.

3.4. Where payment is made through other means, including but not limited to bank transfer (such as Pix, bank slip / boleto, or any other locally available payment method), ZapSign shall send the User a communication containing the instructions for payment of the amounts corresponding to the overage, and the User shall make the payment within the term indicated therein.

3.5. Failure to pay the amounts due in connection with the excess Transactions shall result in the ZapSign Account status being changed to "payment pending". In such case, the User shall be prevented from creating new documents or carrying out new Transactions until the outstanding amounts are fully settled; access for viewing the documents already existing on the Platform shall, however, remain available.

3.6. ZapSign may, in its sole discretion and upon prior notice, apply additional measures in the event of prolonged default, including the suspension or cancellation of the ZapSign Plan, without prejudice to the collection of the amounts due.

4. Platform Registration

4.1. ZapSign Account: To use the Services, you must create an account on the Platform (the “ZapSign Account”). When registering, the Platform will ask you to enter the email address you wish to use for access, as well as your full name.

4.2. Activation of ZapSign Account: Once you have entered the data, ZapSign will send you an email to confirm your ZapSign Account. After confirming the data, your ZapSign Account will be activated, and you can start enjoying the services available to you.

4.3. The ZapSign Account refers to the credentials that allow the User to access the Platform, and only one ZapSign Account will be enabled per User. Users will have access to the Services when they have an active ZapSign Account. The Services can be accessed on tablets, phones, and computers with Android or iOS operating systems.

4.4. You must select the type of Plan you wish to purchase. To do so, you will need to choose the Plan that best fits the Services you want to obtain. You will then need to fill out a payment form to activate the benefits of your ZapSign Plan. The requested information may include, among other details: full name or company name, identification document number, email address, mobile phone number, billing address, and credit card information.

4.5. Accuracy of Information: The User must provide accurate and complete information in response to the Platform’s questions and keep this information updated. You are fully responsible for all activity that occurs under your ZapSign Account, including any actions taken by individuals to whom you have granted access to the ZapSign Account. We reserve the right to suspend or delete the ZapSign Account and deny you current and/or future use of the Platform if we suspect that the User has provided information that is false, inaccurate, outdated, and/or incomplete (or has become false, inaccurate, outdated, or incomplete).

4.6. Activation of Additional Users: Depending on the specific conditions of the ZapSign Plan, the ZapSign Account may be associated with several Users who have access to the Platform.

4.7. ZapSign reserves the right to reject any registration request or cancel a previously accepted registration without being required to communicate or explain the reasons for its decision, and without it generating any right to compensation or indemnification.

5. Payment for the ZapSign Plan

5.1. Payment Method: ZapSign will invoice the User for the value of the selected ZapSign Plan through one of our allied platforms at the time the User selects their ZapSign Plan. The payment will be made via automatic debit from the credit card that the User has provided in the allied platform. The User expressly authorizes the debit of the credit card for the payment of the ZapSign Plan and agrees to the chosen payment method, which will be processed by the financial entity designated by the User.

5.2. Automatic Renewal: The User acknowledges and agrees that their ZapSign Plan subscription will be automatically renewed for the same period initially selected. Therefore, the User agrees that ZapSign will automatically debit the registered cards for the payment of the ZapSign Plan.

5.3. The User acknowledges, accepts, and authorizes ZapSign to charge all amounts due by the User (including any applicable taxes or subsequent fees) that correspond to or are associated with their ZapSign Account.

5.4. Each User is responsible for ensuring the availability of funds on the designated cards to ensure that payments to ZapSign can be charged, deducted, or debited as applicable. Payments made are non-refundable except as provided by law.

5.5. In the event that, for any reason beyond ZapSign's control, the automatic debit from the User's card cannot be processed, the User agrees to provide an alternative payment method within a maximum of 15 days from the notification of the payment failure. If the error has not been resolved after this time and the User remains in arrears, they will lose access to the benefits of the ZapSign Plan. If the User does not make the payment within two (2) calendar weeks, ZapSign will cancel the ZapSign Plan.

5.6. ZapSign reserves the right to modify, change, add, or remove the price of the offered Plans at any time, which will be notified to the User through the means that ZapSign deems appropriate.

6. Cancellation Policy

The User may request the termination of their ZapSign Plan at any time they wish. However, the Services will remain available until the termination date agreed upon in the Plan, and after this date, the ZapSign Plan subscription will be considered canceled. Therefore, the User acknowledges and agrees that under no circumstances will ZapSign refund the money paid for the Plan.

7. Modifications, Suspension, and Notifications

7.1. Modifications: We reserve the right to modify and review the Terms and Conditions at any time and without prior notice. When a modification is implemented, ZapSign will publish the updated Terms and Conditions ("Updated Version") on the Platform so that Users can review the corresponding changes. Additionally, ZapSign may notify its Users via the email address provided or by any other means ZapSign deems appropriate, about the Updated Version. The Updated Version will become effective upon its publication and will not apply retroactively. Users have the option to expressly accept the Updated Version. Notwithstanding the foregoing, the continued use of the Services by the User after the publication of an Updated Version will constitute tacit acceptance of that Updated Version. Likewise, ZapSign reserves the right to modify, without prior notice, the design, presentation, and/or configuration of the Platform, as well as some or all of the Services, and/or to add new services.

7.2. Electronic Consent: You agree that ZapSign may send statements and notices as required by law, send push notifications through the Services, or via WhatsApp to the number registered in your ZapSign Account, or by any other means it deems appropriate. You are responsible for managing your email account and providing ZapSign with your most updated email address. The information and electronic notices have the same meaning and effect as if they had been provided in printed paper copies. For notification purposes, it is considered that you have received this information and notices within 24 hours from the time they were published on our Platform or within 24 hours from the time they were sent by email or WhatsApp. In the event that the last email address you provided to us is invalid, or for any reason, we cannot send you the above notification, our sending of the email containing such notice will nonetheless constitute effective notice of the changes described therein.

8. User Responsibilities and Duties

8.1. Responsibilities and Obligations: The User declares that they will comply with the following duties:

1. You will not use an account that is subject to any right of a person other than yourself without proper authorization.

2. You will not harm the proper functioning of the network, nor will you attempt to damage the Platform in any way.

3. You will not copy or distribute the Platform or any content without written permission.

4. You will comply with all applicable laws of your country of residence and the country, state, or city where you are located when using the Platform or the Service.

5. You will comply with all obligations of these Terms and Conditions.

6. You will include in the purposes of the personal data processing authorization all necessary purposes for the implementation of the Services.

7. You will use the Services only for lawful and legal purposes.

8. You will ensure that the electronic signature service indeed complies with the legal requirements to sign the documents you upload to the Platform.

9. You will be responsible for the use of the Services and compliance with these terms and conditions by the individuals who use them, including end users.

10. You will notify ZapSign immediately, so that it can notify the relevant providers, in the event of any unauthorized access or use of the Platform.

11. You will use the Platform only in accordance with the applicable laws and regulations.

12. You will be responsible for the legality of your customers' data.

13. You must request the clear and explicit consent of the data subjects for the processing of their personal data in order to carry out electronic signatures and/or background checks, as applicable.

14. You will use the Services only in compliance with these Terms and Conditions. Upon request from ZapSign, the User will provide evidence that the required notices and consents referred to in (c) of this document (where applicable) have been provided or collected.

15. You are solely responsible for maintaining the confidentiality of your ZapSign Account, as well as your login information to the Platform, and for restricting access to the Services from your compatible devices. Therefore, you are fully responsible for all activities that occur under your ZapSign Account. You agree to notify ZapSign immediately of any event that suggests the misuse of the information registered in those forms, such as theft, loss, or unauthorized access to accounts and/or passwords, in order to proceed with their immediate cancellation. ZapSign will not be responsible for any loss or damage resulting from your failure to comply with the requirements outlined in this section.

8.2. It is the User's responsibility to use the Platform according to the way it was designed. The User agrees to use the information, content, or services offered through the Platform in a lawful manner, without contravening these Terms and Conditions, morality, and/or public order, and will refrain from taking any action that could affect the rights of third parties or harm the functioning of the Platform in any way.

8.3. In cases where the User is a company, it must be duly incorporated, and the person responsible for the ZapSign Account must have the authority to represent, contract, and bind the User, and within the terms of this contract, declare that they have such capacity. The User has the necessary authorizations to be bound by these Terms and Conditions. No authorization from any authority other than a corporate body is required for the execution and fulfillment of this document.

8.4. In cases where the User is an individual, they must be of legal age as required by applicable law to use the Platform. If residing in a jurisdiction that restricts the use of the Platform for reasons of age or restricts the ability to enter into contracts such as this one due to age, you must respect these age limits and refrain from using the Platform.

8.5. ZapSign reserves the right to immediately terminate the service and use of the Platform if any of the above rules and obligations are violated.

8.6. The User acknowledges and agrees that they will hold ZapSign, as well as its affiliates and the Truora Group, harmless from any damage, harm, claim, fine, or penalty arising from the User's breach of the provisions established herein.

9. User Restrictions

9.1. The rights granted to the User in these Terms and Conditions for the use of the Platform are subject to certain restrictions. The right to use granted with the acquisition of the Services is non-transferable, revocable, non-exclusive, and limited to use by the User for purposes defined by the nature of the Services and not for exploitation or commercialization by the User. No User may or should allow any third party to engage in any of the following actions, whether directly or indirectly:

1. Access or monitor any material or information on any ZapSign system using any manual process or means such as robots, spiders, scrapers, integrations, available APIs, or any other automated means;

2. Violate the restrictions of any robot exclusion headers on the Services, use alternative routes, omissions, or bypasses of any technical limitations of the Services, use any tool to activate functions or features that are disabled in the Services, or decompile, disassemble, or reverse-engineer the Services, decompile or use any other means to attempt to discover the source code, object code, or structure of the Platform, except where this restriction is expressly prohibited by applicable law;

3. Perform or attempt to perform actions that interfere with the proper functioning of the Services, or add an unreasonable or disproportionately high load on our infrastructure;

4. Obtain or attempt to obtain access to any confidential information from ZapSign through any means. The use of bots, automation codes, and/or malware aimed at stealing confidential information;

5. Copy, reproduce, alter, modify, create derivative works, publicly display, republish, upload, post, transmit, resell, or distribute in any way material, information, or Services from ZapSign without prior authorization from ZapSign or the Truora Group;

6. Transfer the rights granted to you under these Terms and Conditions;

7. Use the Services for any illegal activities or products, either domestic or international, in any way that exposes you, our partners, or ZapSign to harm;

8. Use the Services in any other way except as expressly permitted under these Terms and Conditions;

9. Use the Platform with the intent to cause moral harm to another by using the Data Subject's information;

10. Use the Platform with the intent to cause financial harm to the owner of personal data;

11. Use the Platform with the intent to impersonate the Data Subject.

9.2. Additionally, the User must not:

1. Make or give any representations, warranties, or similar promises about the Services to any third party, including your end customers, unless otherwise agreed with ZapSign in writing;

2. Make the Services available to, or use the Services for the benefit of, any other person, except with prior authorization from ZapSign;

3. Access, store, distribute, or transmit any Virus through the Services;

4. Access the Services to create a competitive product or service;

5. Authorize or allow your end users or any third party to engage in any of the activities mentioned above.

9.3. If ZapSign reasonably suspects that your ZapSign Account has been used for an unauthorized, illegal, or criminal purpose, we are expressly authorized to share information about you, your ZapSign Account, and any of your Transactions with the relevant authorities.

9.4. ZapSign reserves the right to immediately terminate the Services and the use of the Platform if any of the above rules and obligations are violated.

10. Questions, Complaints, Claims, and Suggestions

If you have feedback about ZapSign, questions, or issues related to these Terms of Use, contact us at support@zapsign.com.br

11. Platform Access

11.1. Operational Requirements: To use the Platform and its Services, the User must have a data network connection. Each User is responsible for acquiring and updating the compatible hardware and software or devices necessary to access and use the website, mobile applications, and any updates thereof.

11.2. ZapSign does not guarantee access to the Platform or its content and will not be liable for any errors, malicious software, or damage that may affect the software or hardware on the device through which the User accesses the Platform. ZapSign is also not responsible for any damage that may result from improper use of the Platform and, in no case, will it be liable for any losses, damages, or harm arising from merely accessing or using the Platform.

11.3. By acquiring the Services, the User agrees that: (i) they are responsible for reading the Terms and Conditions before committing to acquiring the Services; and (ii) they are entering into a legally binding contract to purchase the Services. The prices charged by ZapSign for the use of the Services are listed on the Platform.

12. Third-Party Personal Data

12.1. The User acknowledges and declares that, by providing the Services, the User will act as the Data Controller for the Personal Data of the End Clients or third parties. Therefore, the User will collect, store, use, circulate, or delete the Personal Data in compliance with applicable law. Likewise, the User will transmit the Personal Data to ZapSign, which will process the data as a Data Processor in accordance with applicable law, the present Terms and Conditions, and the Privacy Policy.

12.2. The User agrees to obtain the proper authorization from each Personal Data owner to allow the Data Processor to handle their data.

12.3. The User guarantees that the purposes communicated to the Data Subjects include the processing of their data by ZapSign and each related purpose.

12.4. The User acknowledges that ZapSign does not monitor or assume responsibility for how the User provides third-party Personal Data, how they process this Personal Data, and that any request for information regarding the disclosure of such Personal Data by the User should be directed to the User. The User must inform third parties whose Personal Data is disclosed to ZapSign about the content of ZapSign’s Privacy Policy and indicate where they can consult it.

12.5. The User must obtain and maintain all necessary licenses, notices, consents, and permissions (including, where applicable, notices and consents for the collection and use of biometric data) required for ZapSign to provide the Service to the Client in accordance with the terms of this Agreement.

12.6. Purpose and Scope: The Personal Data of the Data Controller will be processed by the Data Processor exclusively for the fulfillment of the Services described in these Terms and Conditions. Therefore, the Personal Data will be used by the Data Processor solely for the following activities and purposes on behalf of the Data Controller:

1. Validation of judicial records in various public databases;

2. Confirmation of metrics to validate identity;

3. Sending messages via automated bots;

4. Judicial background check of the signer across various public databases.

5. Any other purpose related to fulfilling the contractual relationship between the Data Controller and the Data Processor.

12.7. ZapSign's Specific Obligations: In its role as the Data Processor, ZapSign is obligated to the Personal Data owners and the User to:

1. Process the Personal Data on behalf of the Data Controller in accordance with this Agreement and in compliance with the principles that protect the data;

2. Safeguard the security of databases containing Personal Data;

3. Maintain strict confidentiality regarding the processing of Personal Data;

4. Guarantee that the Data Subjects fully and effectively exercise their rights related to Personal Data protection;

5. Promptly update, correct, or delete the data in compliance with applicable law;

6. Update the information provided by the User within five (5) business days from its receipt;

7. Handle inquiries and claims submitted by the Data Subjects as specified by the User;

8. Process Personal Data in accordance with the User's data processing policy and the purposes established by the User.
   

 

13. Privacy and Data Protection Policy

13.1. ZapSign is committed to ensuring the security of the information of its Users and their End Clients, and has adopted technical and organizational measures aimed at protecting the information against destruction, accidental loss, alteration, and unauthorized access, use, modification, or disclosure.

13.2. ZapSign does not guarantee that unauthorized third parties cannot bypass these measures or misuse the information. Therefore, the User acknowledges that they provide their information and that of their End Clients at their own risk and agrees to take the necessary measures within their control to ensure the privacy of the personal data collected, in order to guarantee its security and prevent its alteration, loss, or unauthorized processing.

13.3. Privacy: All Users must adhere to ZapSign’s Data Processing and Privacy Policy ("Privacy Policy"). By using any of the Services, you agree to our data processing policies that apply to your Personal Data and the personal data of third parties that you provide.

13.4. The Privacy Policy explains how ZapSign collects, uses, and protects the personal information you provide when ZapSign uses personal data to provide you with Services or for its own purposes. Users are encouraged to familiarize themselves with the Privacy Policy before using the Platform and purchasing the Services.

13.5. ZapSign reserves the right to modify its Privacy Policy in accordance with its needs or as required by applicable laws. Access to or use of the Platform by the User after such changes implies acceptance of these changes.

13.6. Limited License for End Clients' Personal Data: The User grants ZapSign and its providers, such as Veriff and Truora, a non-exclusive, limited license to access, copy, execute, distribute, display, download, and use the End Clients’ data. The processing of personal data will be for the following purposes: (a) to exercise rights and obligations under the Agreement, (b) to provide, maintain, and update the Service, (c) to prevent or resolve technical or service issues, or at the Client’s request in connection with a customer support request, and (d) to produce anonymous, aggregated statistical reports and research that cannot identify the Client or their End Users (with such results being part of Veriff's intellectual property).

14. GDPR — User as Controller, ZapSign as Processor (EU/EEA Data Subjects)

14.1. Applicability. Where the User uses the ZapSign Platform to process Personal Data of data subjects located in the European Union or the European Economic Area, the provisions of this Section shall apply, in addition to the other provisions of these Terms and Conditions, and shall be interpreted in light of Regulation (EU) 2016/679 (the "GDPR").

14.2. Roles. In respect of the Personal Data of end signers and other third parties uploaded or submitted by the User in the course of using the Platform, the User acts as the data controller and ZapSign acts as the data processor within the meaning of article 28 of the GDPR. The User determines the purposes and means of the processing carried out through the Platform; ZapSign processes such Personal Data exclusively on documented instructions from the User, including by reference to the configuration and use of the Platform.

14.3. Obligations of the User as controller. The User represents and warrants that: (a) it has a valid legal basis under article 6 GDPR (and, where applicable, article 9 GDPR) for the processing of Personal Data carried out through the Platform; (b) it has provided to the data subjects all information required by articles 13 and 14 GDPR; (c) it has obtained any consents that may be required; and (d) it shall promptly attend to data subject requests received in respect of such processing, with ZapSign's reasonable assistance.

14.4. Obligations of ZapSign as processor. ZapSign undertakes, in respect of the processing of Personal Data on behalf of the User: (a) to process the Personal Data only on the User's documented instructions, including with regard to transfers of Personal Data to a third country, unless required to do so by applicable law; (b) to ensure that persons authorised to process the Personal Data have committed themselves to confidentiality; (c) to implement appropriate technical and organisational measures pursuant to article 32 GDPR; (d) to assist the User, where reasonably possible and taking into account the nature of the processing, in fulfilling its obligations under articles 32 to 36 GDPR (security, breach notification, DPIA, prior consultation) and articles 12 to 22 GDPR (data subject rights); (e) at the User's choice, to delete or return the Personal Data to the User at the end of the provision of the services and delete existing copies, unless retention is required by applicable law; and (f) to make available to the User the information necessary to demonstrate compliance with the obligations laid down in article 28 GDPR.

14.5. Sub-processors. The User authorises ZapSign to engage sub-processors for the processing of Personal Data, subject to the conditions set forth in articles 28(2) and 28(4) GDPR. A list of current sub-processors and the means by which the User may obtain notice of intended changes are available at the channels indicated in the Privacy Policy. The User may object to the engagement of a new sub-processor on reasonable grounds; in such case, the parties shall negotiate in good faith a mutually acceptable solution.

14.6. International transfers. Where Personal Data of EU/EEA data subjects is transferred by ZapSign to a country outside the European Economic Area in the course of providing the services, such transfer shall be carried out in accordance with the safeguards set forth in Chapter V GDPR, including, where applicable, the EU Standard Contractual Clauses approved by Commission Implementing Decision (EU) 2021/914. The User acknowledges that its use of the Platform constitutes a documented instruction to carry out such transfers where necessary to provide the services.

14.7. Personal data breaches. ZapSign shall notify the User without undue delay after becoming aware of a personal data breach affecting Personal Data processed on behalf of the User, providing the information reasonably required to enable the User to comply with its obligations under articles 33 and 34 GDPR.

14.8. Reference to the Privacy Policy. Further information on ZapSign's GDPR-related practices — including data subject rights, contact points, retention and transfers — is set out in the GDPR-specific section of ZapSign's Privacy Policy.

15. Ownership and Copyrights

You acknowledge and agree that all intellectual property rights, including but not limited to copyrights, patents, trademarks, software development, logos, and trade secrets on the Platform, belong exclusively to ZapSign or its providers. The User acknowledges that neither these Terms and Conditions nor access to the Platform grants them rights or titles to any intellectual property. The User also agrees that they are not authorized under any circumstances to reproduce, transfer, sell, rent, or lend ZapSign’s intellectual property. Therefore, the User agrees not to transfer partial or total use in any form and not to disclose, publish, or otherwise make it available to others.

16. Truora Pass — Reusable Digital Identity Wallet.

16.1. Optional service. As part of the Truora Group's offering, the User and/or signatory may voluntarily opt to create a Truora Pass account, a digital identity wallet offered by Truora that allows them to manage and maintain control over their own previously verified identification data during the electronic signature process. The creation of the account is optional and independent of the use of the other ZapSign Services. 

16.2. Specific consent and applicable regulatory framework. The creation of a Truora Pass account is carried out solely on the basis of the signatory's specific, informed and differentiated consent, expressed through a clear affirmative action distinct from the general acceptance of these Terms and Conditions. The acceptance of these Terms and Conditions does not, in itself, imply the creation of a Truora Pass account. The signatory retains, at all times, full control over their account and may withdraw consent or delete it at any time, in accordance with the regulatory frameworks applicable in each jurisdiction, including in particular: Law No. 13,709/2018 (LGPD) in Brazil; Regulation (EU) 2016/679 (GDPR) in the European Economic Area; Law 1581 of 2012 and Decree 1377 of 2013 in Colombia; the Federal Law for the Protection of Personal Data Held by Private Parties (LFPDPPP) and its Regulations in Mexico; and any other concordant regulations in other jurisdictions in which Truora provides the service. 

16.3. Details of processing. The conditions applicable to the processing of Personal Data associated with the creation and maintenance of the Truora Pass account — including purposes, legal bases, categories of data processed, retention, data subject rights and other information required by applicable law — are set out in ZapSign's Privacy Policy, in its specific section on Truora Pass.

17. Limited Service License

ZapSign grants a non-exclusive and non-transferable subscription license to the Platform, allowing access to and use of the Services for purposes that comply with these Terms and Conditions during the term of the ZapSign Plan.

18. Cookies and Other Technological Tools

ZapSign uses cookies and similar technologies to personalize and enhance the User experience, as well as to display relevant online advertising. Cookies are small text files containing a unique identifier that are stored on the computer or mobile device through which you access the website and/or mobile applications, allowing those devices to be recognized each time you use the website and/or mobile applications. Users can choose to disable some or all of the cookies we use at any time. However, this may limit your use of the sites and restrict your experience. The use of cookies does not contain or affect personal data and poses no risk of viruses.

19. Third-Party Links

ZapSign includes third-party links within the Platform, such as payment gateway providers for debiting ZapSign Package fees. Therefore, the Client acknowledges that it is their responsibility to carefully read the terms and conditions of these third-party providers, as well as their privacy policy and any other documents that govern the contractual relationship. ZapSign does not influence the conditions of these third parties and is not responsible for the specific terms of those platforms.

20. Indemnity

20.1. The User releases ZapSign from all liability and agrees to indemnify and hold ZapSign, along with its employees, directors, agents, affiliates, and representatives, harmless from any claim, cost, loss, damage, judgment, tax assessment, fine, interest, injury, harm, liability, and/or contingency (including without limitation reasonable attorney fees) arising from any claim, action, audit, investigation, inquiry, or related proceeding initiated by any person or entity related to: (a) any actual or alleged breach of their representations, warranties, or obligations under these Terms and Conditions; (b) improper or inappropriate use of the Services; (c) violation of any third-party rights, including privacy, publicity, or data protection rights; (d) violation of any law, rule, or regulation in any country; (e) access and/or use of the Services by other parties using their unique username, password, or other security code; (f) any complaint, claim, or harm caused by their End Clients and/or third parties in connection with the User's use of the Services; and (g) failure to comply with any provision regarding the protection of Personal Data holders.

20.2. The User expressly waives the right to file any claim, demand, or legal and/or administrative action against ZapSign, its administrators, representatives, and shareholders, as they understand and accept that ZapSign's work is limited to providing information found in different publicly accessible databases. Therefore, ZapSign will not be liable for any damage or harm that the User or their End Clients may suffer as a result of or in connection with the use of the Services through the Platform.

20.3. User's Compliance: The User has adopted reasonable, risk-based procedures, which may include implementing compliance detection tools, to ensure that the User will not cause ZapSign to violate applicable economic, commercial, or financial laws, rules, or regulations, including U.S., EU, UN laws, or any other applicable laws or regulations ("Sanctions Laws"). In this regard, absent general or specific authorizations under applicable laws, the User has adopted risk-based procedures to ensure that the User will not cause ZapSign to facilitate, directly or indirectly, transactions involving: (i) any national or resident of or entity formed under the laws of or located in any country or region subject to comprehensive U.S. economic sanctions, suspensions, or embargoes administered by OFAC, including, as of the effective date, Iran, Cuba, North Korea, the Crimea, Donetsk, and Luhansk regions of Ukraine, or Syria; (ii) any person listed on any international sanctions list administered or enforced by OFAC, the United Nations Security Council, the European Union, including but not limited to being designated on the OFAC Specially Designated Nationals and Blocked Persons List or the OFAC Foreign Sanctions Evaders List, or any other applicable list of sanctioned, embargoed, blocked, criminal, or ineligible persons maintained by any government of the U.S. or non-U.S. ("Sanctions Lists"); or (iii) any entity that is 50% or more owned, individually or in aggregate, directly or indirectly, or controlled by (including without limitation due to such person being a director or holding shares or voting interests), or acting, directly or indirectly, on behalf of, any person or entity on a Sanctions List. The User shall notify ZapSign in writing and immediately upon discovering any known or suspected violation of Sanctions Laws related to the Services, including notice (a) regarding any transaction facilitated by or involving ZapSign that is confirmed to have involved an individual or entity subject to the descriptions in sections (i) to (iii) of this section, for which no apparent authorization exists under applicable law; and (b) if the known or suspected violation is committed by the User or any of its officers, directors, investors, employees, contractors, senior managers, partners, owners, directors, or any agent acting on behalf of the User.

21. Enforceability — Extrajudicial Enforcement Instrument

21.1. For all legal purposes, including in particular the purposes of Article 784, items III, XII and §§ 3 and 4, of Federal Law No. 13,105/2015 (Brazilian Code of Civil Procedure), as amended by Law No. 14,382/2022 — and, where applicable, the equivalent provisions of the legislation of the User's jurisdiction (such as Articles 422 to 426 of Colombia's General Code of Procedure, Law 1564/2012, or Article 1391 of Mexico's Commercial Code) — the User acknowledges and declares that these Terms and Conditions, electronically accepted by the User through the Platform and duly recorded by ZapSign through the relevant electronic signature evidence (including, without limitation, the User's identification, IP address, timestamp, document hash and other audit logs), constitute an EXTRAJUDICIAL ENFORCEMENT INSTRUMENT (título executivo extrajudicial / título ejecutivo).

21.2. Consequently, in the event of default of any liquid, certain and enforceable obligation assumed by the User under these Terms and Conditions — including, without limitation, payment of ZapSign Plans, Overage Transactions, Additional Services and any contractual or default charges — ZapSign may directly initiate the corresponding enforcement proceedings, without need for any prior cognition or declaratory phase, to the fullest extent permitted by the law applicable to the User.

22. Limitation of Liability for ZapSign

22.1. Under no circumstances will ZapSign, its personnel, or any party involved in the production of the Services be liable for direct or indirect damages or intangible losses arising in connection with these Terms and Conditions.

22.2. ZapSign will be solely and exclusively liable to third parties and the User in cases where ZapSign is found to have been grossly negligent or willfully engaged in misconduct in the event that caused the damage or event for which it must respond. Likewise, ZapSign will be liable solely and exclusively for up to the total value of the invoice for the User's Package.

23. EU/EEA Customers — GDPR-Specific Terms

23.1. Applicability and scope. This Section applies whenever the User is established in or directs services to the European Union or European Economic Area, or whenever the use of the Platform involves the processing of Personal Data of EU/EEA data subjects subject to the GDPR. To that extent, this Section 22 forms part of these Terms and Conditions and constitutes a data processing addendum within the meaning of article 28 GDPR. In case of conflict between this Section 22 and any other provision of these Terms and Conditions in respect of EU/EEA processing, this Section 22 shall prevail.

23.2. Roles and subject-matter. The User acts as data controller — or, where applicable, as data processor on behalf of its own customers — and ZapSign acts as data processor on behalf of the User in respect of the Personal Data processed through the Platform in the course of providing the Services. The subject-matter of the processing is the provision of the Services described in Section 1; the nature and purpose of the processing are the electronic signature, identity verification, fraud prevention and document management functions described in these Terms; the duration is the term of the ZapSign Plan plus any retention period required by applicable law or these Terms; the types of Personal Data processed include identification, contact, device/technical and, where activated, biometric data and identification document attributes; the categories of data subjects include the User’s end signers and other third parties whose data is uploaded to the Platform.

23.3. Documented instructions. ZapSign shall process Personal Data only on documented instructions from the User, as set out in these Terms and Conditions, the Privacy Policy and the User’s configuration of the Services through the Platform, unless ZapSign is required to process by Union or Member State law, in which case ZapSign shall inform the User of that legal requirement before processing, unless that law prohibits such information on important grounds of public interest.

23.4. Confidentiality. ZapSign shall ensure that persons authorised to process the Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.

23.5. Security (article 32 GDPR). ZapSign shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, in accordance with article 32 GDPR. Such measures are described in ZapSign’s Trust Center and supporting documentation, currently aligned with ISO/IEC 27001, and may be updated by ZapSign from time to time provided that the overall level of protection is not diminished.

23.6. Sub-processors. The User provides general written authorisation for ZapSign to engage sub-processors for the provision of the Services. ZapSign maintains a current list of sub-processors and the categories of Personal Data they process, available on the ZapSign website. ZapSign shall inform the User of any intended addition or replacement of sub-processors at least thirty (30) days in advance, allowing the User a reasonable opportunity to object on legitimate data-protection grounds. ZapSign shall impose on each sub-processor data-protection obligations equivalent to those set out in this Section 22 and shall remain fully liable to the User for the performance of each sub-processor’s obligations.

23.7. Assistance to the User. Taking into account the nature of the processing and the information available to ZapSign, ZapSign shall assist the User by appropriate technical and organisational measures, insofar as this is possible, in (a) fulfilling the User’s obligation to respond to requests from data subjects exercising their rights under Chapter III of the GDPR; and (b) ensuring compliance with the User’s obligations under articles 32 to 36 of the GDPR (security, breach notification, data protection impact assessment and prior consultation).

23.8. Personal data breach notification. ZapSign shall notify the User of any personal data breach affecting Personal Data processed under these Terms without undue delay after becoming aware of it, and in any event in good time to enable the User to comply with its own notification obligations under articles 33 and 34 of the GDPR. ZapSign shall provide the User with the information then reasonably available to ZapSign regarding the nature of the breach, the categories and approximate number of data subjects and records affected, the likely consequences, and the measures taken or proposed to address it.

23.9. Return or deletion of data. Upon termination or expiration of the ZapSign Plan, ZapSign shall, at the choice of the User, delete or return all Personal Data processed on behalf of the User and delete existing copies, unless retention of the Personal Data is required by Union or Member State law or is indispensable for the integrity and non-repudiation of electronic signature evidence already generated, in which case ZapSign shall retain such data only for the period and purpose strictly necessary.

23.10. Audits and inspections. ZapSign shall make available to the User all information necessary to demonstrate compliance with the obligations laid down in article 28 of the GDPR. ZapSign satisfies this obligation primarily by providing access to its Trust Center, its ISO/IEC 27001 certification and other relevant third-party audit reports. Upon reasonable prior written notice and no more than once per calendar year (except where required by a competent supervisory authority or following a personal data breach), the User may request an audit conducted by a mutually agreed independent third-party auditor, at the User’s cost and subject to reasonable confidentiality undertakings.

23.11. International transfers (Chapter V GDPR). Personal Data processed by ZapSign may be transferred to and stored in countries outside the European Economic Area, including Colombia, Brazil, Mexico, Chile and the United States. Such transfers are carried out on the basis of the EU Standard Contractual Clauses approved by Commission Implementing Decision (EU) 2021/914 (Module 2, controller-to-processor; and, where applicable, Module 3, processor-to-processor), which are hereby incorporated by reference and form an integral part of these Terms and Conditions, supplemented by the Transfer Impact Assessment maintained by ZapSign and made available to the User on reasonable request. Where the User itself is established outside the EEA and the GDPR applies to its processing under article 3(2) GDPR, the relevant Module of the SCCs shall apply accordingly.

23.12. EU Representative and Data Protection Officer. For data-protection inquiries, EU/EEA Users and data subjects may contact ZapSign’s EU Representative designated under article 27 GDPR at the address set out in the Privacy Policy, or ZapSign’s Data Protection Officer at privacy@truora.com.

23.13. Governing law and forum for EU/EEA enterprise customers. Notwithstanding any other clause of these Terms and Conditions concerning governing law or jurisdiction, where the User is an enterprise customer established in the EU/EEA and so requests in writing prior to the commencement of the relevant ZapSign Plan, the parties may agree, by means of an order form or written addendum, that disputes arising in connection with the Services in respect of EU/EEA processing shall be governed by the laws of a Member State of the EU mutually agreed by the parties (and, in the absence of agreement, the laws of Ireland) and submitted to the exclusive jurisdiction of the competent courts of that Member State (or, in the absence of agreement, of Dublin, Ireland). This option is available solely for the purposes of the GDPR-related obligations set out in this Section 22 and does not derogate from the other provisions of these Terms and Conditions.

23.14. Liability under the GDPR. Without prejudice to the limitations of liability set out in Section 21, nothing in these Terms and Conditions shall exclude or limit the liability of a party (a) under article 82 of the GDPR towards data subjects, or (b) for fines imposed by a competent supervisory authority to the extent attributable to that party’s breach of the GDPR. Each party shall indemnify the other for direct losses arising from such party’s material breach of this Section 22, subject to the overall liability cap set out in Section 21.

23.15. Enforceability — clarification for EU/EEA Users. Section 20 (Extrajudicial Enforcement Instrument) is included for the purposes of Brazilian, Colombian, Mexican and other Latin American procedural laws. To the extent the User is established in the EU/EEA, Section 20 shall apply only insofar as it is compatible with the procedural laws of the User’s jurisdiction; otherwise, ZapSign’s right to enforce payment shall be exercised through the ordinary judicial or alternative dispute resolution mechanisms applicable under the law of the User’s jurisdiction.